thank you again. it seems you have seen my paste of config.inc.php. I do not have a config.php:
my_user@some_host:/usr/local/www/roundcube/config # ls -l total 67 -rw-r--r-- 1 root wheel 164 Jul 23 15:17 .htaccess -rw-r--r-- 1 root wheel 1867 Nov 22 15:12 config.inc.php -rw-r--r-- 1 root wheel 2943 Jul 23 15:17 config.inc.php.sample -rw-r--r-- 1 root wheel 63790 Oct 29 20:24 defaults.inc.php -rw-r--r-- 1 root wheel 2806 Jul 23 15:17 mimetypes.php my_user@some_host:/usr/local/www/roundcube/config #
I have tried changing tls:// to ssl:// and back again (in the line $config['managesieve_host'] = 'tls://obfuscated.domain';) but the error remains the same:
roundcube: PHP Error: Connection refused (GET /index.php?_task=settings&_action=plugin.managesieve) roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve) roundcube: PHP Error: Not currently in AUTHORISATION state (GET /index.php?_task=settings&_action=plugin.managesieve) php: PHP Error: Not currently connected (GET /index.php?_task=settings&_action=plugin.managesieve) roundcube: PHP Error: Connection refused (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide) roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide) php: PHP Error: Not currently connected (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide) roundcube: PHP Error: Connection refused (POST /?_task=settings&_action=plugin.managesieve-save) roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (POST /?_task=settings&_action=plugin.managesieve-save)
i don't understand why it can't connect, this seems to work fine:
# gnutls-cli --tofu --starttls -p 4190 10.0.0.91 Processed 142 CA certificate(s). Resolving '10.0.0.91:4190'... Connecting to '10.0.0.91:4190'...
- Simple Client Mode:
"IMPLEMENTATION" "dovecot" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext" "NOTIFY" "mailto" "SASL" "CRAM-MD5" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready." STARTTLS OK "Begin TLS negotiation now." *** Starting TLS handshake pin-sha256="xxxxxxxxxxxxxxxxxxxxxx"
Certificate type: X.509
Got a certificate list of 3 certificates.
Certificate[0] info:
- subject
CN=obfuscated.domain.com', issuerCN=R3,O=Let's Encrypt,C=US', serial xxxxxxxxxxxxxxxxxxxxxx, RSA key 2048 bits, signed using RSA-SHA256, activatedyyyy-mm-dd 17:48:15 UTC', expiresyyyy-mm-dd 17:48:14 UTC', pin-sha256="xxxxxxxxxxxxxxxxxxxxxx" Public Key ID: sha1:xxxxxxxxxxxxxxxxxxxxxx sha256:xxxxxxxxxxxxxxxxxxxxxx Public Key PIN: pin-sha256:xxxxxxxxxxxxxxxxxxxxxx
- subject
Certificate[1] info:
- subject
CN=R3,O=Let's Encrypt,C=US', issuerCN=ISRG Root X1,O=Internet Security Research Group,C=US', serial xxxxxxxxxxxxxxxxxxxxxx, RSA key 2048 bits, signed using RSA-SHA256, activatedyyyy-mm-dd 00:00:00 UTC', expiresyyyy-mm-dd 16:00:00 UTC',
- subject
- Certificate[2] info:
pin-sha256="xxxxxxxxxxxxxxxxxxxxxx"
- subject
CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuerCN=DST Root CA X3,O=Digital Signature Trust Co.', serial yyyy-mm-dd, RSA key 4096 bits, signed using RSA-SHA256, activatedyyyy-mm-dd 19:14:03 UTC', expiresyyyy-mm-dd 18:14:03 UTC',
- subject
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected. *** PKI verification of server certificate failed... Host 10.0.0.91 (sieve) has never been contacted before. Its certificate is valid for 10.0.0.91. Are you sure you want to trust it? (y/N): y
- Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Session ID: xx:yy:xx:yy:xx:yy...
- Options: "IMPLEMENTATION" "dovecot" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext" "NOTIFY" "mailto" "SASL" "CRAM-MD5" "VERSION" "1.0" OK "TLS negotiation successful."
On 2022-11-23 13:35, Yassine Chaouche wrote:
also make sure your are editing config.php and not config.inc.php (which you pasted)
Yassine.
Le 23 novembre 2022 8:30:36 PM GMT+01:00, Yassine Chaouche <a.chaouche@algerian-radio.dz> a écrit :
good. we have established that the problem shouldn't be on dovecot's side. i suspect roundcube is misconfigured or can't connect for some reason. I believe someone mentioned SSL and TLS support problem in RC for a specific version? can you try without? also can you paste RC config?
Yassine.