So, I changed the $config['managesieve_host'] = 'tls://mail.mydomain.com’; to the fqdn of my mail server instead of the internal IP address and now it works!

Why would using the fqdn work, but not the internal LAN IP address?

As a side note, I am now remembering that in my main Roundcube config, I had to use the fqdn for the imap and smtp server instead of the internal LAN IP address. Is it because it needs to connect to a host with the same hostname that the certificate returns? Would it work to add an entry in my hosts file that says "10.116.0.2  mail.mydomain.com”? I should be able to use the internal IP addresses, right? Are there downsides to using the fqdn?

I may have some questions about configuring sieve rules later, but I can start a new thread for that.

Austin Witmer

On Jul 11, 2022, at 1:06 PM, Christian Kivalo <ml+dovecot@valo.at> wrote:

I added “login” to my auth_mechanisms line in
/etc/dovecot/conf.d/10-auth.conf. That line already looked like
auth_mechanisms = plain
This is what the line looks like now: auth_mechanisms = plain login
I restarted dovecot and it still is not advertising anything after
“SASL” in the sieve log file. See below:
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto"
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" ""
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS"
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0"
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) ready."
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS
[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation now."
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
????Y8h#u??Lu?u?V2??N[?˴?+)u?????F?'{ֺ?G?r?iS??pݥ??D}?????
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?>??0??SxfXC%]c?|?y?"w???K_ޕ???N
?.?c? ??_D?r???ǿ?r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
?.e???i8p?{Ur"???3GZ?Cž??7??U)s?;,c?6????HY??B?ڑB.g=TtAk?dq???nV?i
                  ?BG2D???7?hܖQTl?)G??9??W?????M›^??
??D&?䢀rQ???2E?pn?Ez?????䉉i?                       @1??փiC???=???W?M\
`?]?}?D$`?:???^?/K???5?aB?c??ar)?l@C??X?ٹ?!J???k??"/1?r???w?_??@?p??w
)R?d??o????k*?*?????
                            i?O?i%S?l^?o2?H
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
5?7?x??w?z"??hu4?E??:?/?F(d?;?򵂒?i??"??5??G,5????E?C?MS????
L???*??*???LO?D?? J?l???ځ?
??IN??v?fR?5t?:???SG?>{mY??D?˱????t?Rj?w?#
         ??n??[?S?
                  V4O?z?=.ܰې??uA?ھ????9?τ???c??oE?;LBOg??Ql'w?=
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~?
??5?"????縉??
?r??0~?+~????B
            ??5)]cZ?Z?򔠛t??D??????-?dZ??M?z??2TɉOp?q?o?T?3?`'????g??6
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5???
[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:
And once again the line from my mail.log file.
Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS,
session=<7VswBnvjXuIKdAAD>
Any further suggestions? Why do you suppose that the auth mechanisms
are not being advertised?
The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS.
This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting



One more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot?

One more thing you could try, in your managesieve plugin config.inc.php

remove this section:
$config['managesieve_conn_options'] = array(
       'ssl' => array(
           'verify_peer'       => false,
           'allow_self_signed' => true,
       ),
   );

add this section:
$config['managesieve_conn_options'] = [
   'ssl'         => [
   'verify_peer'  => false,
   'peer_name' => 'change to the hostname from dovecots ssl certificate',
   ],
];

add in there, when using self-signed cert
'allow_self_signed' => true,

--
Christian Kivalo