Re: [Dovecot] MANAGESIEVE patch v5 for dovecot 1.0.2

1 Aug 2007 · _remote_

      Hi Andreas,
On Wed, 2007-08-01 at 16:45 +0200, Stephan Bosch wrote:
...
Most likely the problem relates to the fact that, unless configured
otherwise, dovecot will refuse to use plain text SASL mechanisms if the
connection is not encrypted. I haven't re-tested the STARTTLS command in
the last versions... I will give it a go.
I gave it a go and STARTTLS still seems to work fine at my end. This
test was performed using 'disable_plaintext_auth = yes' in the config
file, forcing a _remote_ host to use TLS/SSL for all protocols.
The gnutls-cli tool is very useful to test the STARTTLS command in
various protocols. Using the --starttls switch the client starts in
plaintext mode and starts the TLS negotiation when Ctrl-D is pressed.
With the information you provide I could test it with your setup, but of
course you can test it yourself as well.
Oh, the end of this transcript might be interesting for Timo. The
reported fatal error also occurs on IMAP (dovecot-1.0.2). I don't know
whether gnutls-cli is just moaning or whether dovecot is not closing the
tls connection very nicely...
Regards,
Stephan.
host:/#  gnutls-cli -p 2000 --starttls host.example.com
Resolving 'host.example.com'...
Connecting to '10.0.0.1:2000'...

Simple Client Mode:

"IMPLEMENTATION" "dovecot"
"SASL" ""
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric"
"STARTTLS"
OK "Dovecot ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake

Certificate type: X.509

Got a certificate list of 1 certificates.

Certificate[0] info:

The hostname in the certificate matches 'host.example.com'.
# valid since: *******************************
# expires at: *******************************
# fingerprint: *******************************
# Subject's DN: O=Dovecot mail
server,OU=host.,CN=host.example.com,EMAIL=root@host.example.com
# Issuer's DN: O=Dovecot mail
server,OU=host.,CN=host.example.com,EMAIL=root@host.example.com

Peer's certificate issuer is unknown
Peer's certificate is NOT trusted
Version: TLS 1.0
Key Exchange: DHE RSA
Cipher: AES 256 CBC
MAC: SHA
Compression: DEFLATE
"IMPLEMENTATION" "dovecot"
"SASL" "PLAIN"
"SIEVE" "fileinto reject envelope vacation imapflags notify subaddress
relational comparator-i;ascii-numeric"
OK "TLS negotiation successful."
AUTHENTICATE "PLAIN" "**********"
OK "Logged in."
logout
OK "Logout completed."
*** Fatal error: A TLS packet with unexpected length was received.
*** Server has terminated the connection abnormally.