Hello Gerald,
that did the trick, thank you very much!
--Dominik
On 1/11/19 10:54 AM, Gerald Galster wrote:
Hi Dominik,
I have set ssl = required in 10-ssl.conf globally but no ssl here:
service managesieve-login { inet_listener sieve { port = 4190 } ... }
Nevertheless, STARTTLS is offered
"IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext" "NOTIFY" "mailto" "SASL" "" "STARTTLS" "VERSION" "1.0" OK "service active"
and the connection will be encrypted (tested with roudcube webmail)
STARTTLS < OK "Begin TLS negotiation now."
...
You can check if it works with tcpdump:
tcpdump -nn -l -A -i eth0 port 4190
Best regards Gerald
Am 11.01.2019 um 09:59 schrieb Dominik Menke dom@digineo.de:
Sure, here you go (I've masked a few unimportant fields, though):
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS auth_default_realm = masked auth_master_user_separator = * auth_mechanisms = plain login scram-sha-1 default_vsz_limit = 4 G doveadm_worker_count = 8 log_path = /dev/stderr mail_attachment_dir = /var/mail/sis mail_attachment_hash = %{sha256} mail_location = mdbox:~/mdbox managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve mdbox_rotate_size = 128 M namespace inbox { inbox = yes location = mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Junk { auto = subscribe special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { args = username_format=%n /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = username_format=%n /etc/dovecot/passwd driver = passwd-file } plugin { imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve imapsieve_mailbox1_cause = COPY FLAG imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve imapsieve_mailbox2_causes = COPY imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * sieve = ~/dovecot.sieve sieve_after = /etc/dovecot/sieve/after sieve_dir = ~/sieve sieve_extensions = +vacation-seconds sieve_global_extensions = +vnd.dovecot.pipe sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_plugins = sieve_imapsieve sieve_extprograms sieve_vacation_default_period = 1d sieve_vacation_max_period = 30d sieve_vacation_min_period = 1d } protocols = imap lmtp sieve service auth { unix_listener /var/spool/postfix/private/dovecot-auth { group = postfix mode = 0600 user = postfix } } service imap-login { inet_listener imap { port = 143 } inet_listener imaps { port = 993 ssl = yes } process_limit = 128 } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 ssl = yes } service_count = 1 } service managesieve { process_limit = 256 } ssl_cert = </masked/path/to/server.crt ssl_key = # hidden, use -P to show it userdb { args = uid=vmail gid=vmail home=/var/mail/users/%n driver = static } verbose_proctitle = yes protocol lmtp { mail_plugins = " sieve notify push_notification" ssl = no } protocol imap { mail_plugins = " imap_sieve" } protocol sieve { mail_debug = yes managesieve_max_line_length = 65536 }--Dominik
On 1/11/19 9:44 AM, Aki Tuomi wrote:
On 10.1.2019 18.28, Dominik Menke wrote:
I've missed a part at the end:
This leads me to my question: How do I force Dovecot to print at least a STARTTLS line after a client connects to port 4190? Looking
... at the default configuration files in /etc/dovecot/conf.d/ I don't see an obvious difference.
--Dominik Can you provide output of
doveconf -nAki