[solved] managesieve configuration
Dominik Menke
dom at digineo.de
Sun Jan 13 01:22:41 EET 2019
> For reference: if you put ssl=yes there, the TLS layer is established
> immediately. However, the standard ManageSieve protocol does not support
> that (not currently anyway): only the establishment of the TLS layer
> using the STARTTLS command is part of the standard. That is why your
> clients fail to connect: they're speaking plaintext while the server is
> speaking TLS. Still, Dovecot supports configuring it that way, which is
> what you did.
>
> Regards,
>
> Stephan.
>
>
I'm just surprised that ssl=yes leads to STARTTLS being disabled, as per
the wiki [1]:
> ssl=yes and disable_plaintext_auth=no: SSL/TLS is offered to the
> client, but the client isn't required to use it. [...]
>
> ssl=yes and disable_plaintext_auth=yes: SSL/TLS is offered to the
> client, but the client isn't required to use it. [...]
>
> ssl=required: SSL/TLS is always required [...]. Any attempt to
> authenticate before SSL/TLS is enabled will cause an authentication
> failure.
Maybe this bit needs to be clarified a bit? I think I've read that page
a few times and it still didn't occur to me that this could be a problem.
Best regards,
--Dominik
[1]: https://wiki.dovecot.org/SSL/DovecotConfiguration
More information about the dovecot
mailing list