[Dovecot] About ManageSieve and TLS
Stephan Bosch
stephan at rename-it.nl
Tue Oct 2 22:31:05 EEST 2012
On 10/2/2012 8:45 PM, 3.listas at adminlinux.com.br wrote:
> Hi,
>
> I have a "ubuntu10.04 + dovecot-2.0.13" configuration in my server. It
> works fine with ~50k accounts.
>
> Recently I enabled TLS:
> $ cat /etc/dovecot/dovecot.conf
> ...
> # Use SSL ?
> ssl = yes
> ...
>
> The goal was to provide only IMAPS and POP3S. But Managesieve says
> "STARTTLS":
> $ telnet _MY_IP_ 2000
> Trying _MY_IP_...
> Connected to _MY_IP_.
> Escape character is '^]'.
> "IMPLEMENTATION" "K8 ManageSieve"
> "SIEVE" "comparator-i;ascii-numeric copy envelope fileinto imapflags
> include notify regex reject relational subaddress vacation"
> "SASL" "PLAIN LOGIN"
> "STARTTLS"
> "VERSION" "1.0"
> OK "K8 IMAP/POP3 server"
>
> I think there is something wrong there but I don't know. I think
> Managesieve should not say "STARTTLS".
> Can someone help me?
The STARTTLS capability means that ManageSieve is prepared to accept a
STARTTLS command that invokes the TLS handshake. Basically, the protocol
starts in plaintext and switches to a TLS/SSL secured channel once the
STARTTLS command is issued. However, the client can also choose not to
use it. Therefore, it really shouldn't influence whether ManageSieve
works properly (unless the client messes up TLS somehow).
If you really want to, you can disable TLS for ManageSieve specifically
by putting a ssl=no inside the protocol sieve {} section.
Regards,
Stephan.
More information about the dovecot
mailing list