managesieve configuration

Gerald Galster list+dovecot at gcore.biz
Fri Jan 11 11:54:52 EET 2019


Hi Dominik,

I have set ssl = required in 10-ssl.conf globally but no ssl here:

service managesieve-login {
  inet_listener sieve {
    port = 4190
  }  
  ...
}


Nevertheless, STARTTLS is offered 

"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "service active"


and the connection will be encrypted (tested with roudcube webmail)


> STARTTLS
< OK "Begin TLS negotiation now."

...


You can check if it works with tcpdump:

tcpdump -nn -l -A -i eth0 port 4190


Best regards
Gerald


> Am 11.01.2019 um 09:59 schrieb Dominik Menke <dom at digineo.de>:
> 
> Sure, here you go (I've masked a few unimportant fields, though):
> 
> 
>    # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
>    # Pigeonhole version 0.4.21 (92477967)
>    # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS
>    auth_default_realm = masked
>    auth_master_user_separator = *
>    auth_mechanisms = plain login scram-sha-1
>    default_vsz_limit = 4 G
>    doveadm_worker_count = 8
>    log_path = /dev/stderr
>    mail_attachment_dir = /var/mail/sis
>    mail_attachment_hash = %{sha256}
>    mail_location = mdbox:~/mdbox
>    managesieve_notify_capability = mailto
>    managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
>    mdbox_rotate_size = 128 M
>    namespace inbox {
>      inbox = yes
>      location =
>      mailbox Drafts {
>        auto = subscribe
>        special_use = \Drafts
>      }
>      mailbox Junk {
>        auto = subscribe
>        special_use = \Junk
>      }
>      mailbox Sent {
>        auto = subscribe
>        special_use = \Sent
>      }
>      mailbox Trash {
>        auto = subscribe
>        special_use = \Trash
>      }
>      prefix =
>    }
>    passdb {
>      args = username_format=%n /etc/dovecot/passwd.masterusers
>      driver = passwd-file
>      master = yes
>      pass = yes
>    }
>    passdb {
>      args = username_format=%n /etc/dovecot/passwd
>      driver = passwd-file
>    }
>    plugin {
>      imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
>      imapsieve_mailbox1_cause = COPY FLAG
>      imapsieve_mailbox1_name = Junk
>      imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
>      imapsieve_mailbox2_causes = COPY
>      imapsieve_mailbox2_from = Junk
>      imapsieve_mailbox2_name = *
>      sieve = ~/dovecot.sieve
>      sieve_after = /etc/dovecot/sieve/after
>      sieve_dir = ~/sieve
>      sieve_extensions = +vacation-seconds
>      sieve_global_extensions = +vnd.dovecot.pipe
>      sieve_pipe_bin_dir = /etc/dovecot/sieve
>      sieve_plugins = sieve_imapsieve sieve_extprograms
>      sieve_vacation_default_period = 1d
>      sieve_vacation_max_period = 30d
>      sieve_vacation_min_period = 1d
>    }
>    protocols = imap lmtp sieve
>    service auth {
>      unix_listener /var/spool/postfix/private/dovecot-auth {
>        group = postfix
>        mode = 0600
>        user = postfix
>      }
>    }
>    service imap-login {
>      inet_listener imap {
>        port = 143
>      }
>      inet_listener imaps {
>        port = 993
>        ssl = yes
>      }
>      process_limit = 128
>    }
>    service lmtp {
>      unix_listener /var/spool/postfix/private/dovecot-lmtp {
>        group = postfix
>        mode = 0600
>        user = postfix
>      }
>    }
>    service managesieve-login {
>      inet_listener sieve {
>        port = 4190
>        ssl = yes
>      }
>      service_count = 1
>    }
>    service managesieve {
>      process_limit = 256
>    }
>    ssl_cert = </masked/path/to/server.crt
>    ssl_key =  # hidden, use -P to show it
>    userdb {
>      args = uid=vmail gid=vmail home=/var/mail/users/%n
>      driver = static
>    }
>    verbose_proctitle = yes
>    protocol lmtp {
>      mail_plugins = " sieve notify push_notification"
>      ssl = no
>    }
>    protocol imap {
>      mail_plugins = " imap_sieve"
>    }
>    protocol sieve {
>      mail_debug = yes
>      managesieve_max_line_length = 65536
>    }
> 
> 
> --Dominik
> 
> 
> On 1/11/19 9:44 AM, Aki Tuomi wrote:
>> On 10.1.2019 18.28, Dominik Menke wrote:
>>> I've missed a part at the end:
>>> 
>>>> This leads me to my question: How do I force Dovecot to print at
>>>> least a STARTTLS line after a client connects to port 4190? Looking
>>> 
>>> ... at the default configuration files in /etc/dovecot/conf.d/ I don't
>>> see an obvious difference.
>>> 
>>> 
>>> --Dominik
>> Can you provide output of `doveconf -n`
>> Aki
> 
> -- 
> Digineo GmbH
> Fahrenheitstraße 15
> 28359 Bremen
> 
> Telefon: +49 421 167 66 090
> Telefax: +49 421 167 66 099
> 
> E-Mail: dom at digineo.de
> Internet: www.digineo.de
> 
> Geschäftsführer: Dipl.-Inf. Julian Kornberger
> Amtsgericht Bremen HRB 25061
> USt-ID: DE 815023724



More information about the dovecot mailing list