Trouble configuring managesive plugin for roundcube
Austin Witmer
austin96 at emypeople.net
Wed Jul 13 14:01:26 UTC 2022
Thanks so much Christian Kivalo!
See below.
> On Jul 12, 2022, at 9:13 AM, Christian Kivalo <ml+dovecot at valo.at> wrote:
>
> On 2022-07-12 16:19, Austin Witmer wrote:
>> So, I changed the $config['managesieve_host'] =
>> 'tls://mail.mydomain.com’; to the fqdn of my mail server instead of
>> the internal IP address and now it works!
> Good to hear it works now :)
>
>> Why would using the fqdn work, but not the internal LAN IP address?
> The client, here php / roundcube checks if the presented certificate contains the address it connected to and ip addresses are very seldomly added as hosts to certificates.
>
>> As a side note, I am now remembering that in my main Roundcube config,
>> I had to use the fqdn for the imap and smtp server instead of the
>> internal LAN IP address. Is it because it needs to connect to a host
>> with the same hostname that the certificate returns? Would it work to
>> add an entry in my hosts file that says "10.116.0.2 mail.mydomain.com
>> [1]”? I should be able to use the internal IP addresses, right? Are
>> there downsides to using the fqdn?
>
> The hosts file entry would help with name resolution but not with certificate verification.
>
> But you can make php think it connects to the correct hostname with the ssl connection options
>
> $config['managesieve_conn_options'] = [
> 'ssl' => [
> 'verify_peer' => false,
> 'peer_name' => 'FQDN of mailserver',
> ],
> ];
>
> This probably even works without the "verify_peer" line, haven't tested.
>
I added the block above to my managesieve configuration in Roundcube and now connected to an internal IP address works beautifully!
Now I just need to figure out how to accomplish the same thing for the imap and smtp server that Roundcube is using. Is there a block similar to the one above that I could add to my Roundcube config.inc.php file to enable me to use internal addresses for my imap and smtp servers?
>
>> I may have some questions about configuring sieve rules later, but I
>> can start a new thread for that.
>> Austin Witmer
>>> On Jul 11, 2022, at 1:06 PM, Christian Kivalo <ml+dovecot at valo.at>
>>> wrote:
>>>> I added “login” to my auth_mechanisms line in
>>>> /etc/dovecot/conf.d/10-auth.conf. That line already looked like
>>>> auth_mechanisms = plain
>>>> This is what the line looks like now: auth_mechanisms = plain
>>>> login
>>>> I restarted dovecot and it still is not advertising anything after
>>>> “SASL” in the sieve log file. See below:
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto"
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" ""
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS"
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0"
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu)
>>>> ready."
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS
>>>> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS
>>>> negotiation now."
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>>> ????Y8h#u??Lu?u?V2??N[?˴?+)u?????F?'{ֺ?G?r?iS??pݥ??D}?????
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>>> ?>??0??SxfXC%]c?|?y?"w???K_ޕ???N
>>>> ?.?c?
>>>> ??_D?r???ǿ?r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>> ?.e???i8p?{Ur"???3GZ?Cž??7??U)s?;,c?6????HY??B?ڑB.g=TtAk?dq???nV?i
>>>> ?BG2D???7?hܖQTl?)G??9??W?????M›^??
>>>> ??D&?䢀rQ???2E?pn?Ez?????䉉i?
>>>> @1??փiC???=???W?M\
>> `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X?ٹ?!J???k??"/1?r???w?_??@?p??w
>>>> )R?d??o????k*?*?????
>>>> i?O?i%S?l^?o2?H
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>>> 5?7?x??w?z"??hu4?E??:?/?F(d?;??i??"??5??G,5????E?C?MS????
>>>> L???*??*???LO?D?? J?l???ځ?
>>>> ??IN??v?fR?5t?:???SG?>{mY??D?˱????t?Rj?w?#
>>>> ??n??[?S?
>>>> V4O?z?=.ܰې??uA?ھ????9?τ???c??oE?;LBOg??Ql'w?=
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>>> ?&???C/_??*??????|.??$O?~?
>>>> ??5?"????縉??
>>>> ?r??0~?+~????B
>>>> ??5)]cZ?Z?t??D??????-?dZ??M?z??2TɉOp?q?o?T?3?`'????g??6
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5???
>>>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
>>>> And once again the line from my mail.log file.
>>>> Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no
>>>> auth
>>>> attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS,
>>>> session=<7VswBnvjXuIKdAAD>
>>>> Any further suggestions? Why do you suppose that the auth
>>>> mechanisms
>>>> are not being advertised?
>>> The auth mechanisms are not shown because you access from a remote
>>> host, have STARTTLS available and "disable_plaintext_auth = yes"
>>> set. The auth mechanisms will be shown after STARTTLS.
>>> This is described here
>>> https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
>>> One more thing comes to mind regarding the ssl options in the
>>> managesieve plugin config. Do you use a self signed cert in dovecot?
>>> One more thing you could try, in your managesieve plugin
>>> config.inc.php
>>> remove this section:
>>> $config['managesieve_conn_options'] = array(
>>> 'ssl' => array(
>>> 'verify_peer' => false,
>>> 'allow_self_signed' => true,
>>> ),
>>> );
>>> add this section:
>>> $config['managesieve_conn_options'] = [
>>> 'ssl' => [
>>> 'verify_peer' => false,
>>> 'peer_name' => 'change to the hostname from dovecots ssl
>>> certificate',
>>> ],
>>> ];
>>> add in there, when using self-signed cert
>>> 'allow_self_signed' => true,
>>> --
>>> Christian Kivalo
>> Links:
>> ------
>> [1] http://mail.mydomain.com
>
> --
> Christian Kivalo
Thanks again for everyone’s help! Much appreciated!
Austin Witmer
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://dovecot.org/pipermail/dovecot/attachments/20220713/c880d116/attachment.htm>
More information about the dovecot
mailing list