thank you again. it seems you have seen my paste of config.inc.php.  I do not have a config.php:

my_user@some_host:/usr/local/www/roundcube/config # ls -l
total 67
-rw-r--r--  1 root  wheel    164 Jul 23 15:17 .htaccess
-rw-r--r--  1 root  wheel   1867 Nov 22 15:12 config.inc.php
-rw-r--r--  1 root  wheel   2943 Jul 23 15:17 config.inc.php.sample
-rw-r--r--  1 root  wheel  63790 Oct 29 20:24 defaults.inc.php
-rw-r--r--  1 root  wheel   2806 Jul 23 15:17 mimetypes.php
my_user@some_host:/usr/local/www/roundcube/config #


I have tried changing tls:// to ssl:// and back again (in the line $config['managesieve_host'] = 'tls://obfuscated.domain';) but the error remains the same:

roundcube: PHP Error: Connection refused (GET /index.php?_task=settings&_action=plugin.managesieve)
roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve)
roundcube: PHP Error: Not currently in AUTHORISATION state (GET /index.php?_task=settings&_action=plugin.managesieve)
php: PHP Error: Not currently connected (GET /index.php?_task=settings&_action=plugin.managesieve)
roundcube: PHP Error: Connection refused (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
php: PHP Error: Not currently connected (GET /index.php?_task=settings&_action=plugin.managesieve-action&_framed=1&_nav=hide)
roundcube: PHP Error: Connection refused (POST /?_task=settings&_action=plugin.managesieve-save)
roundcube: PHP Error: Unable to connect to managesieve on obfuscated.domain:4190 in /usr/local/www/roundcube/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 221 (POST /?_task=settings&_action=plugin.managesieve-save)


i don't understand why it can't connect, this seems to work fine:

# gnutls-cli --tofu --starttls -p 4190 10.0.0.91
Processed 142 CA certificate(s).
Resolving '10.0.0.91:4190'...
Connecting to '10.0.0.91:4190'...

- Simple Client Mode:

"IMPLEMENTATION" "dovecot"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" "CRAM-MD5"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 3 certificates.
- Certificate[0] info:
 - subject `CN=obfuscated.domain.com', issuer `CN=R3,O=Let's Encrypt,C=US', serial xxxxxxxxxxxxxxxxxxxxxx, RSA key 2048 bits, signed using RSA-SHA256, activated `yyyy-mm-dd 17:48:15 UTC', expires `yyyy-mm-dd 17:48:14 UTC', pin-sha256="xxxxxxxxxxxxxxxxxxxxxx"
        Public Key ID:
                sha1:xxxxxxxxxxxxxxxxxxxxxx
                sha256:xxxxxxxxxxxxxxxxxxxxxx
        Public Key PIN:
                pin-sha256:xxxxxxxxxxxxxxxxxxxxxx

- Certificate[1] info:
 - subject `CN=R3,O=Let's Encrypt,C=US', issuer `CN=ISRG Root X1,O=Internet Security Research Group,C=US', serial xxxxxxxxxxxxxxxxxxxxxx, RSA key 2048 bits, signed using RSA-SHA256, activated `yyyy-mm-dd 00:00:00 UTC', expires `yyyy-mm-dd 16:00:00 UTC', pin-sha256="xxxxxxxxxxxxxxxxxxxxxx"
- Certificate[2] info:
 - subject `CN=ISRG Root X1,O=Internet Security Research Group,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial yyyy-mm-dd, RSA key 4096 bits, signed using RSA-SHA256, activated `yyyy-mm-dd 19:14:03 UTC', expires `yyyy-mm-dd 18:14:03 UTC', pin-sha256="xxxxxxxxxxxxxxxxxxxxxx"
- Status: The certificate is NOT trusted. The name in the certificate does not match the expected.
*** PKI verification of server certificate failed...
Host 10.0.0.91 (sieve) has never been contacted before.
Its certificate is valid for 10.0.0.91.
Are you sure you want to trust it? (y/N): y
- Description: (TLS1.3-X.509)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Session ID: xx:yy:xx:yy:xx:yy...
- Options:
"IMPLEMENTATION" "dovecot"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" "CRAM-MD5"
"VERSION" "1.0"
OK "TLS negotiation successful."



On 2022-11-23 13:35, Yassine Chaouche wrote:

also make sure your are editing config.php and not config.inc.php (which you pasted)

Yassine.

Le 23 novembre 2022 8:30:36 PM GMT+01:00, Yassine Chaouche <a.chaouche@algerian-radio.dz> a écrit :
good. we have established that the problem shouldn't be on dovecot's side. i suspect roundcube is misconfigured or can't connect for some reason. I believe someone mentioned SSL and TLS support problem in RC for a specific version? can you try without? also can you paste RC config?

Yassine.