So, I changed the $config['managesieve_host'] = 'tls://mail.mydomain.com’; to the fqdn of my mail server instead of the internal IP address and now it works!
Why would using the fqdn work, but not the internal LAN IP address?
As a side note, I am now remembering that in my main Roundcube config, I had to use the fqdn for the imap and smtp server instead of the internal LAN IP address. Is it because it needs to connect to a host with the same hostname that the certificate returns? Would it work to add an entry in my hosts file that says "10.116.0.2 mail.mydomain.com http://mail.mydomain.com/”? I should be able to use the internal IP addresses, right? Are there downsides to using the fqdn?
I may have some questions about configuring sieve rules later, but I can start a new thread for that.
Austin Witmer
On Jul 11, 2022, at 1:06 PM, Christian Kivalo ml+dovecot@valo.at wrote:
I added “login” to my auth_mechanisms line in /etc/dovecot/conf.d/10-auth.conf. That line already looked like auth_mechanisms = plain This is what the line looks like now: auth_mechanisms = plain login I restarted dovecot and it still is not advertising anything after “SASL” in the sieve log file. See below: [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" "" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) ready." [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation now." [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ????Y8h#u??Lu?u?V2??N[?˴?+)u?????F?'{ֺ?G?r?iS??pݥ??D}????? [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?>??0??SxfXC%]c?|?y?"w???K_ޕ???N ?.?c? ??_D?r???ǿ?r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?.e???i8p?{Ur"???3GZ?C??7??U)s?;,c?6????HY??B?ڑB.g=TtAk?dq???nV?i ?BG2D???7?hܖQTl?)G??9??W?????M^?? ??D&?䢀rQ???2E?pn?Ez?????䉉i? @1??փiC???=???W?M
?]?}?D$?:???^?/K???5?aB?c??ar)?l@C??X?ٹ?!J???k??"/1?r???w?_??@?p??w )R?d??o????k*?*????? i?O?i%S?l^?o2?H [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: 5?7?x??w?z"??hu4?E??:?/?F(d?;??i??"??5??G,5????E?C?MS???? L???*??*???LO?D?? J?l???ځ? ??IN??v?fR?5t?:???SG?>{mY??D?˱????t?Rj?w?# ??n??[?S? V4O?z?=.ܰې??uA?ھ????9?τ???c??oE?;LBOg??Ql'w?= [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~? ??5?"????縉?? ?r??0~?+~????B ??5)]cZ?Z?t??D??????-?dZ??M?z??2TɉOp?q?o?T?3?`'????g??6 [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5??? [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: And once again the line from my mail.log file. Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, session=<7VswBnvjXuIKdAAD> Any further suggestions? Why do you suppose that the auth mechanisms are not being advertised? The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS. This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/TroubleshootingOne more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot?
One more thing you could try, in your managesieve plugin config.inc.php
remove this section: $config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'allow_self_signed' => true, ), );
add this section: $config['managesieve_conn_options'] = [ 'ssl' => [ 'verify_peer' => false, 'peer_name' => 'change to the hostname from dovecots ssl certificate', ], ];
add in there, when using self-signed cert 'allow_self_signed' => true,
-- Christian Kivalo