[Dovecot] proxy, managesieve and ssl?

Stephan Bosch stephan at rename-it.nl
Wed Jan 11 23:06:51 EET 2012


On 1/11/2012 8:01 PM, Nicolas KOWALSKI wrote:
> Hello,
>
> On a dovecot 2.0.14 proxy, I found that proxying managesieve works well
> when using 'starttls' option in pass_attrs, but does not work when using
> 'ssl' option. The backend server is also dovecot 2.0.14; when using the
> ssl option, it reports "no auth attempts" in the logs about
> managesieve-login, and meanwhile the MUA, Thunderbird with sieve plugin,
> reports [TRYLATER] account is temporary disabled; no problem when using
> starttls option on the proxy, all works well.
>
> I would like to use IMAPs, instead of IMAP+STARTTLS, from proxy to
> backend, and have Managesieve still working. Is this supported?

Although there is no such thing as a standard sieveS protocol, you can 
make Dovecot v2.x talk SSL from the start at a ManageSieve socket. Since 
normally people will not use something like this, it is not available by 
default.

In conf.d/20-managesieve.conf you can adjust the service definition of 
ManageSieve as follows:

service managesieve-login {
   inet_listener sieve {
     port = 4190
   }

   inet_listener sieves {
     port = 5190
     ssl = yes
   }
}

This starts the normal protocol on port 4190 and the direct-SSL version 
on an alternative port.  You can also put the ssl=yes directly in the 
port 4190 listener, as long as no client will have to connect to this 
server directly (no client will support it).

Regards,

Stephan.



More information about the dovecot mailing list