Trouble configuring managesive plugin for roundcube

Tue Jul 12 14:19:11 UTC 2022

So, I changed the $config['managesieve_host'] = 'tls://mail.mydomain.com’; to the fqdn of my mail server instead of the internal IP address and now it works!

Why would using the fqdn work, but not the internal LAN IP address?

As a side note, I am now remembering that in my main Roundcube config, I had to use the fqdn for the imap and smtp server instead of the internal LAN IP address. Is it because it needs to connect to a host with the same hostname that the certificate returns? Would it work to add an entry in my hosts file that says "10.116.0.2  mail.mydomain.com <http://mail.mydomain.com/>”? I should be able to use the internal IP addresses, right? Are there downsides to using the fqdn?

I may have some questions about configuring sieve rules later, but I can start a new thread for that.

Austin Witmer

> On Jul 11, 2022, at 1:06 PM, Christian Kivalo <ml+dovecot at valo.at> wrote:
> 
>> I added “login” to my auth_mechanisms line in
>> /etc/dovecot/conf.d/10-auth.conf. That line already looked like
>> auth_mechanisms = plain
>> This is what the line looks like now: auth_mechanisms = plain login
>> I restarted dovecot and it still is not advertising anything after
>> “SASL” in the sieve log file. See below:
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto"
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" ""
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS"
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0"
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) ready."
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS
>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation now."
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>> ????Y8h#u??Lu?u?V2??N[?˴?+)u?????F?'{ֺ?G?r?iS??pݥ??D}?????
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?>??0??SxfXC%]c?|?y?"w???K_ޕ???N
>> ?.?c? ??_D?r???ǿ?r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>> ?.e???i8p?{Ur"???3GZ?Cž??7??U)s?;,c?6????HY??B?ڑB.g=TtAk?dq???nV?i
>>                   ?BG2D???7?hܖQTl?)G??9??W?????M›^??
>> ??D&?䢀rQ???2E?pn?Ez?????䉉i?                       @1??փiC???=???W?M\
>> `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X?ٹ?!J???k??"/1?r???w?_??@?p??w
>> )R?d??o????k*?*?????
>>                             i?O?i%S?l^?o2?H
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>> 5?7?x??w?z"??hu4?E??:?/?F(d?;?򵂒?i??"??5??G,5????E?C?MS????
>> L???*??*???LO?D?? J?l???ځ?
>> ??IN??v?fR?5t?:???SG?>{mY??D?˱????t?Rj?w?#
>>          ??n??[?S?
>>                   V4O?z?=.ܰې??uA?ھ????9?τ???c??oE?;LBOg??Ql'w?=
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~?
>> ??5?"????縉??
>> ?r??0~?+~????B
>>             ??5)]cZ?Z?򔠛t??D??????-?dZ??M?z??2TɉOp?q?o?T?3?`'????g??6
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5???
>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>> And once again the line from my mail.log file.
>> Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth
>> attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS,
>> session=<7VswBnvjXuIKdAAD>
>> Any further suggestions? Why do you suppose that the auth mechanisms
>> are not being advertised?
> The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS.
> This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
> 
> 
> 
> One more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot?
> 
> One more thing you could try, in your managesieve plugin config.inc.php
> 
> remove this section:
> $config['managesieve_conn_options'] = array(
>        'ssl' => array(
>            'verify_peer'       => false,
>            'allow_self_signed' => true,
>        ),
>    );
> 
> add this section:
> $config['managesieve_conn_options'] = [
>    'ssl'         => [
>    'verify_peer'  => false,
>    'peer_name' => 'change to the hostname from dovecots ssl certificate',
>    ],
> ];
> 
> add in there, when using self-signed cert
> 'allow_self_signed' => true,
> 
> -- 
> Christian Kivalo

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220712/f9affdf1/attachment.htm>