Hello list,
I'm trying to get pidgeonhole/managesieve running, and I'm stuck connecting clients to the server (Dovecot 2.2.33.2-1ubuntu4.1 on an Ubnutu 18.04 machine). So far, my config looks like this:
protocols = imap lmtp sieve
disable_plaintext_auth = yes
auth_mechanisms = plain login scram-sha-1
service managesieve-login {
inet_listener sieve {
port = 4190
ssl = yes
}
service_count = 1
}
service managesieve {
process_limit = 256
}
protocol sieve {
managesieve_max_line_length = 65536
}(please let me know if you need more details).
When I connect via
openssl s_client -connect $myserver:4190I get the following prompt (after the usual certificate prompt):
"IMPLEMENTATION" "Dovecot (Ubuntu) Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN SCRAM-SHA-1" "VERSION" "1.0" OK "Dovecot (Ubuntu) ready."
and I can login successfully:
AUTHENTICATE "PLAIN" "base64(0x00 $user 0x00 $password)"
OK "Logged In."Note how this is different from the troubleshooting guide 1, which suggests gnutls-bin and waiting for the STARTTLS capability before hitting Ctrl-D. This is what I get with gnutls-bin:
$ gnutls-cli --starttls --insecure -p 4190 $myserver
Processed 0 CA certificate(s).
Resolving '$myserver:4190'...
Connecting to '$myserverip:4190'...
- Simple Client Mode:
_where "_" denotes the waiting prompt. When I hit Ctrl-D here, I get an output similar that of s_client.
Now, my problem are the clients: neither Thunderbird's sieve extenstion 2, nor the Ruby ManageSieve class 3, nor Roundcube's managesieve plugin 4 (via Net_Sieve module 5) are able to communicate with my server. They all wait for a "STARTTLS" line, before they attempt to perform a TLS handshake.
This leads me to my question: How do I force Dovecot to print at least a STARTTLS line after a client connects to port 4190? Looking
Kind regards, Dominik