[solved] managesieve configuration

Stephan Bosch stephan at rename-it.nl
Sat Jan 12 21:39:39 EET 2019


Op 11/01/2019 om 16:05 schreef Dominik Menke:
> Hello Gerald,
>
> that did the trick, thank you very much!
>
> --Dominik
>
>
> On 1/11/19 10:54 AM, Gerald Galster wrote:
>> Hi Dominik,
>>
>> I have set ssl = required in 10-ssl.conf globally but no ssl here:
>>
>> service managesieve-login {
>>    inet_listener sieve {
>>      port = 4190
>>    }
>>    ...
>> }
>>
For reference: if you put ssl=yes there, the TLS layer is established 
immediately. However, the standard ManageSieve protocol does not support 
that (not currently anyway): only the establishment of the TLS layer 
using the STARTTLS command is part of the standard. That is why your 
clients fail to connect: they're speaking plaintext while the server is 
speaking TLS. Still, Dovecot supports configuring it that way, which is 
what you did.

Regards,

Stephan.


>>
>> Nevertheless, STARTTLS is offered
>>
>> "IMPLEMENTATION" "Dovecot Pigeonhole"
>> "SIEVE" "fileinto reject envelope encoded-character vacation 
>> subaddress comparator-i;ascii-numeric relational regex imap4flags 
>> copy include variables body enotify environment mailbox date index 
>> ihave duplicate mime foreverypart extracttext"
>> "NOTIFY" "mailto"
>> "SASL" ""
>> "STARTTLS"
>> "VERSION" "1.0"
>> OK "service active"
>>
>>
>> and the connection will be encrypted (tested with roudcube webmail)
>>
>>
>>> STARTTLS
>> < OK "Begin TLS negotiation now."
>>
>> ...
>>
>>
>> You can check if it works with tcpdump:
>>
>> tcpdump -nn -l -A -i eth0 port 4190
>>
>>
>> Best regards
>> Gerald
>>
>>
>>> Am 11.01.2019 um 09:59 schrieb Dominik Menke <dom at digineo.de>:
>>>
>>> Sure, here you go (I've masked a few unimportant fields, though):
>>>
>>>
>>>     # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
>>>     # Pigeonhole version 0.4.21 (92477967)
>>>     # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS
>>>     auth_default_realm = masked
>>>     auth_master_user_separator = *
>>>     auth_mechanisms = plain login scram-sha-1
>>>     default_vsz_limit = 4 G
>>>     doveadm_worker_count = 8
>>>     log_path = /dev/stderr
>>>     mail_attachment_dir = /var/mail/sis
>>>     mail_attachment_hash = %{sha256}
>>>     mail_location = mdbox:~/mdbox
>>>     managesieve_notify_capability = mailto
>>>     managesieve_sieve_capability = fileinto reject envelope 
>>> encoded-character vacation subaddress comparator-i;ascii-numeric 
>>> relational regex imap4flags copy include variables body enotify 
>>> environment mailbox date index ihave duplicate mime foreverypart 
>>> extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
>>>     mdbox_rotate_size = 128 M
>>>     namespace inbox {
>>>       inbox = yes
>>>       location =
>>>       mailbox Drafts {
>>>         auto = subscribe
>>>         special_use = \Drafts
>>>       }
>>>       mailbox Junk {
>>>         auto = subscribe
>>>         special_use = \Junk
>>>       }
>>>       mailbox Sent {
>>>         auto = subscribe
>>>         special_use = \Sent
>>>       }
>>>       mailbox Trash {
>>>         auto = subscribe
>>>         special_use = \Trash
>>>       }
>>>       prefix =
>>>     }
>>>     passdb {
>>>       args = username_format=%n /etc/dovecot/passwd.masterusers
>>>       driver = passwd-file
>>>       master = yes
>>>       pass = yes
>>>     }
>>>     passdb {
>>>       args = username_format=%n /etc/dovecot/passwd
>>>       driver = passwd-file
>>>     }
>>>     plugin {
>>>       imapsieve_mailbox1_before = 
>>> file:/etc/dovecot/sieve/learn-spam.sieve
>>>       imapsieve_mailbox1_cause = COPY FLAG
>>>       imapsieve_mailbox1_name = Junk
>>>       imapsieve_mailbox2_before = 
>>> file:/etc/dovecot/sieve/learn-ham.sieve
>>>       imapsieve_mailbox2_causes = COPY
>>>       imapsieve_mailbox2_from = Junk
>>>       imapsieve_mailbox2_name = *
>>>       sieve = ~/dovecot.sieve
>>>       sieve_after = /etc/dovecot/sieve/after
>>>       sieve_dir = ~/sieve
>>>       sieve_extensions = +vacation-seconds
>>>       sieve_global_extensions = +vnd.dovecot.pipe
>>>       sieve_pipe_bin_dir = /etc/dovecot/sieve
>>>       sieve_plugins = sieve_imapsieve sieve_extprograms
>>>       sieve_vacation_default_period = 1d
>>>       sieve_vacation_max_period = 30d
>>>       sieve_vacation_min_period = 1d
>>>     }
>>>     protocols = imap lmtp sieve
>>>     service auth {
>>>       unix_listener /var/spool/postfix/private/dovecot-auth {
>>>         group = postfix
>>>         mode = 0600
>>>         user = postfix
>>>       }
>>>     }
>>>     service imap-login {
>>>       inet_listener imap {
>>>         port = 143
>>>       }
>>>       inet_listener imaps {
>>>         port = 993
>>>         ssl = yes
>>>       }
>>>       process_limit = 128
>>>     }
>>>     service lmtp {
>>>       unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>>         group = postfix
>>>         mode = 0600
>>>         user = postfix
>>>       }
>>>     }
>>>     service managesieve-login {
>>>       inet_listener sieve {
>>>         port = 4190
>>>         ssl = yes
>>>       }
>>>       service_count = 1
>>>     }
>>>     service managesieve {
>>>       process_limit = 256
>>>     }
>>>     ssl_cert = </masked/path/to/server.crt
>>>     ssl_key =  # hidden, use -P to show it
>>>     userdb {
>>>       args = uid=vmail gid=vmail home=/var/mail/users/%n
>>>       driver = static
>>>     }
>>>     verbose_proctitle = yes
>>>     protocol lmtp {
>>>       mail_plugins = " sieve notify push_notification"
>>>       ssl = no
>>>     }
>>>     protocol imap {
>>>       mail_plugins = " imap_sieve"
>>>     }
>>>     protocol sieve {
>>>       mail_debug = yes
>>>       managesieve_max_line_length = 65536
>>>     }
>>>
>>>
>>> --Dominik
>>>
>>>
>>> On 1/11/19 9:44 AM, Aki Tuomi wrote:
>>>> On 10.1.2019 18.28, Dominik Menke wrote:
>>>>> I've missed a part at the end:
>>>>>
>>>>>> This leads me to my question: How do I force Dovecot to print at
>>>>>> least a STARTTLS line after a client connects to port 4190? Looking
>>>>>
>>>>> ... at the default configuration files in /etc/dovecot/conf.d/ I 
>>>>> don't
>>>>> see an obvious difference.
>>>>>
>>>>>
>>>>> --Dominik
>>>> Can you provide output of `doveconf -n`
>>>> Aki
>>>


More information about the dovecot mailing list