[solved] managesieve configuration
Stephan Bosch
stephan at rename-it.nl
Sat Jan 12 21:39:39 EET 2019
Op 11/01/2019 om 16:05 schreef Dominik Menke:
> Hello Gerald,
>
> that did the trick, thank you very much!
>
> --Dominik
>
>
> On 1/11/19 10:54 AM, Gerald Galster wrote:
>> Hi Dominik,
>>
>> I have set ssl = required in 10-ssl.conf globally but no ssl here:
>>
>> service managesieve-login {
>> inet_listener sieve {
>> port = 4190
>> }
>> ...
>> }
>>
For reference: if you put ssl=yes there, the TLS layer is established
immediately. However, the standard ManageSieve protocol does not support
that (not currently anyway): only the establishment of the TLS layer
using the STARTTLS command is part of the standard. That is why your
clients fail to connect: they're speaking plaintext while the server is
speaking TLS. Still, Dovecot supports configuring it that way, which is
what you did.
Regards,
Stephan.
>>
>> Nevertheless, STARTTLS is offered
>>
>> "IMPLEMENTATION" "Dovecot Pigeonhole"
>> "SIEVE" "fileinto reject envelope encoded-character vacation
>> subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date index
>> ihave duplicate mime foreverypart extracttext"
>> "NOTIFY" "mailto"
>> "SASL" ""
>> "STARTTLS"
>> "VERSION" "1.0"
>> OK "service active"
>>
>>
>> and the connection will be encrypted (tested with roudcube webmail)
>>
>>
>>> STARTTLS
>> < OK "Begin TLS negotiation now."
>>
>> ...
>>
>>
>> You can check if it works with tcpdump:
>>
>> tcpdump -nn -l -A -i eth0 port 4190
>>
>>
>> Best regards
>> Gerald
>>
>>
>>> Am 11.01.2019 um 09:59 schrieb Dominik Menke <dom at digineo.de>:
>>>
>>> Sure, here you go (I've masked a few unimportant fields, though):
>>>
>>>
>>> # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
>>> # Pigeonhole version 0.4.21 (92477967)
>>> # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS
>>> auth_default_realm = masked
>>> auth_master_user_separator = *
>>> auth_mechanisms = plain login scram-sha-1
>>> default_vsz_limit = 4 G
>>> doveadm_worker_count = 8
>>> log_path = /dev/stderr
>>> mail_attachment_dir = /var/mail/sis
>>> mail_attachment_hash = %{sha256}
>>> mail_location = mdbox:~/mdbox
>>> managesieve_notify_capability = mailto
>>> managesieve_sieve_capability = fileinto reject envelope
>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>> relational regex imap4flags copy include variables body enotify
>>> environment mailbox date index ihave duplicate mime foreverypart
>>> extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
>>> mdbox_rotate_size = 128 M
>>> namespace inbox {
>>> inbox = yes
>>> location =
>>> mailbox Drafts {
>>> auto = subscribe
>>> special_use = \Drafts
>>> }
>>> mailbox Junk {
>>> auto = subscribe
>>> special_use = \Junk
>>> }
>>> mailbox Sent {
>>> auto = subscribe
>>> special_use = \Sent
>>> }
>>> mailbox Trash {
>>> auto = subscribe
>>> special_use = \Trash
>>> }
>>> prefix =
>>> }
>>> passdb {
>>> args = username_format=%n /etc/dovecot/passwd.masterusers
>>> driver = passwd-file
>>> master = yes
>>> pass = yes
>>> }
>>> passdb {
>>> args = username_format=%n /etc/dovecot/passwd
>>> driver = passwd-file
>>> }
>>> plugin {
>>> imapsieve_mailbox1_before =
>>> file:/etc/dovecot/sieve/learn-spam.sieve
>>> imapsieve_mailbox1_cause = COPY FLAG
>>> imapsieve_mailbox1_name = Junk
>>> imapsieve_mailbox2_before =
>>> file:/etc/dovecot/sieve/learn-ham.sieve
>>> imapsieve_mailbox2_causes = COPY
>>> imapsieve_mailbox2_from = Junk
>>> imapsieve_mailbox2_name = *
>>> sieve = ~/dovecot.sieve
>>> sieve_after = /etc/dovecot/sieve/after
>>> sieve_dir = ~/sieve
>>> sieve_extensions = +vacation-seconds
>>> sieve_global_extensions = +vnd.dovecot.pipe
>>> sieve_pipe_bin_dir = /etc/dovecot/sieve
>>> sieve_plugins = sieve_imapsieve sieve_extprograms
>>> sieve_vacation_default_period = 1d
>>> sieve_vacation_max_period = 30d
>>> sieve_vacation_min_period = 1d
>>> }
>>> protocols = imap lmtp sieve
>>> service auth {
>>> unix_listener /var/spool/postfix/private/dovecot-auth {
>>> group = postfix
>>> mode = 0600
>>> user = postfix
>>> }
>>> }
>>> service imap-login {
>>> inet_listener imap {
>>> port = 143
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> ssl = yes
>>> }
>>> process_limit = 128
>>> }
>>> service lmtp {
>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>> group = postfix
>>> mode = 0600
>>> user = postfix
>>> }
>>> }
>>> service managesieve-login {
>>> inet_listener sieve {
>>> port = 4190
>>> ssl = yes
>>> }
>>> service_count = 1
>>> }
>>> service managesieve {
>>> process_limit = 256
>>> }
>>> ssl_cert = </masked/path/to/server.crt
>>> ssl_key = # hidden, use -P to show it
>>> userdb {
>>> args = uid=vmail gid=vmail home=/var/mail/users/%n
>>> driver = static
>>> }
>>> verbose_proctitle = yes
>>> protocol lmtp {
>>> mail_plugins = " sieve notify push_notification"
>>> ssl = no
>>> }
>>> protocol imap {
>>> mail_plugins = " imap_sieve"
>>> }
>>> protocol sieve {
>>> mail_debug = yes
>>> managesieve_max_line_length = 65536
>>> }
>>>
>>>
>>> --Dominik
>>>
>>>
>>> On 1/11/19 9:44 AM, Aki Tuomi wrote:
>>>> On 10.1.2019 18.28, Dominik Menke wrote:
>>>>> I've missed a part at the end:
>>>>>
>>>>>> This leads me to my question: How do I force Dovecot to print at
>>>>>> least a STARTTLS line after a client connects to port 4190? Looking
>>>>>
>>>>> ... at the default configuration files in /etc/dovecot/conf.d/ I
>>>>> don't
>>>>> see an obvious difference.
>>>>>
>>>>>
>>>>> --Dominik
>>>> Can you provide output of `doveconf -n`
>>>> Aki
>>>
More information about the dovecot
mailing list