managesieve configuration

Dominik Menke dom at digineo.de
Thu Jan 10 18:24:35 EET 2019


Hello list,

I'm trying to get pidgeonhole/managesieve running, and I'm stuck 
connecting clients to the server (Dovecot 2.2.33.2-1ubuntu4.1 on an 
Ubnutu 18.04 machine). So far, my config looks like this:


     protocols = imap lmtp sieve
     disable_plaintext_auth = yes
     auth_mechanisms = plain login scram-sha-1

     service managesieve-login {
         inet_listener sieve {
             port = 4190
             ssl = yes
         }
         service_count = 1
     }

     service managesieve {
         process_limit = 256
     }

     protocol sieve {
         managesieve_max_line_length = 65536
     }


(please let me know if you need more details).

When I connect via


     openssl s_client -connect $myserver:4190


I get the following prompt (after the usual certificate prompt):


     "IMPLEMENTATION" "Dovecot (Ubuntu) Pigeonhole"
     "SIEVE" "fileinto reject envelope encoded-character vacation 
subaddress comparator-i;ascii-numeric relational regex imap4flags copy 
include variables body enotify environment mailbox date index ihave 
duplicate mime foreverypart extracttext vacation-seconds imapsieve 
vnd.dovecot.imapsieve"
     "NOTIFY" "mailto"
     "SASL" "PLAIN LOGIN SCRAM-SHA-1"
     "VERSION" "1.0"
     OK "Dovecot (Ubuntu) ready."


and I can login successfully:


     AUTHENTICATE "PLAIN" "base64(0x00 $user 0x00 $password)"
     OK "Logged In."


Note how this is different from the troubleshooting guide [1], which 
suggests gnutls-bin and waiting for the STARTTLS capability before 
hitting Ctrl-D. This is what I get with gnutls-bin:


     $ gnutls-cli --starttls --insecure -p 4190 $myserver
     Processed 0 CA certificate(s).
     Resolving '$myserver:4190'...
     Connecting to '$myserverip:4190'...

     - Simple Client Mode:

     _


where "_" denotes the waiting prompt. When I hit Ctrl-D here, I get an 
output similar that of s_client.

Now, my problem are the clients: neither Thunderbird's sieve extenstion 
[2], nor the Ruby ManageSieve class [3], nor Roundcube's managesieve 
plugin [4] (via Net_Sieve module [5]) are able to communicate with my 
server. They all wait for a "STARTTLS" line, before they attempt to 
perform a TLS handshake.

This leads me to my question: How do I force Dovecot to print at least a 
STARTTLS line after a client connects to port 4190? Looking


Kind regards,
Dominik


[1]: 
https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting#Manual_TLS_Login
[2]: https://github.com/thsmi/sieve
[3]: https://www.rubydoc.info/gems/ruby-managesieve/0.4.3/ManageSieve
[4]: 
https://github.com/roundcube/roundcubemail/tree/1.3.8/plugins/managesieve
[5]: 
http://pear.php.net/package/Net_Sieve/docs/1.3.4/Net_Sieve/Net_Sieve.html



More information about the dovecot mailing list