<html><head><meta http-equiv="Content-Type" content="text/html; charset=utf-8"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div class="">
<meta charset="UTF-8" class=""><div dir="auto" style="font-family: Helvetica; font-size: 12px; font-style: normal; font-variant-caps: normal; font-weight: 400; letter-spacing: normal; orphans: auto; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; widows: auto; word-spacing: 0px; -webkit-text-size-adjust: auto; -webkit-text-stroke-width: 0px; text-decoration: none; caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div dir="auto" style="caret-color: rgb(0, 0, 0); color: rgb(0, 0, 0); letter-spacing: normal; text-align: start; text-indent: 0px; text-transform: none; white-space: normal; word-spacing: 0px; -webkit-text-stroke-width: 0px; text-decoration: none; word-wrap: break-word; -webkit-nbsp-mode: space; line-break: after-white-space;" class=""><div>Thanks so much Christian Kivalo!</div></div></div></div><div><br class=""></div><div>See below.</div><div><br class=""><blockquote type="cite" class=""><div class="">On Jul 12, 2022, at 9:13 AM, Christian Kivalo <<a href="mailto:ml+dovecot@valo.at" class="">ml+dovecot@valo.at</a>> wrote:</div><br class="Apple-interchange-newline"><div class=""><div class="">On 2022-07-12 16:19, Austin Witmer wrote:<br class=""><blockquote type="cite" class="">So, I changed the $config['managesieve_host'] =<br class="">'<a href="tls://mail.mydomain.com’" class="">tls://mail.mydomain.com’</a>; to the fqdn of my mail server instead of<br class="">the internal IP address and now it works!<br class=""></blockquote>Good to hear it works now :)<br class=""><br class=""><blockquote type="cite" class="">Why would using the fqdn work, but not the internal LAN IP address?<br class=""></blockquote>The client, here php / roundcube checks if the presented certificate contains the address it connected to and ip addresses are very seldomly added as hosts to certificates.<br class=""><br class=""><blockquote type="cite" class="">As a side note, I am now remembering that in my main Roundcube config,<br class="">I had to use the fqdn for the imap and smtp server instead of the<br class="">internal LAN IP address. Is it because it needs to connect to a host<br class="">with the same hostname that the certificate returns? Would it work to<br class="">add an entry in my hosts file that says "10.116.0.2 <a href="http://mail.mydomain.com" class="">mail.mydomain.com</a><br class="">[1]”? I should be able to use the internal IP addresses, right? Are<br class="">there downsides to using the fqdn?<br class=""></blockquote><br class="">The hosts file entry would help with name resolution but not with certificate verification.<br class=""><br class="">But you can make php think it connects to the correct hostname with the ssl connection options<br class=""><br class="">$config['managesieve_conn_options'] = [<br class=""> 'ssl' => [<br class=""> 'verify_peer' => false,<br class=""> 'peer_name' => 'FQDN of mailserver',<br class=""> ],<br class="">];<br class=""><br class="">This probably even works without the "verify_peer" line, haven't tested.<br class=""><br class=""></div></div></blockquote><div><br class=""></div><div>I added the block above to my managesieve configuration in Roundcube and now connected to an internal IP address works beautifully!</div><div><br class=""></div><div>Now I just need to figure out how to accomplish the same thing for the imap and smtp server that Roundcube is using. Is there a block similar to the one above that I could add to my Roundcube config.inc.php file to enable me to use internal addresses for my imap and smtp servers?</div><br class=""><blockquote type="cite" class=""><div class=""><div class=""><br class=""><blockquote type="cite" class="">I may have some questions about configuring sieve rules later, but I<br class="">can start a new thread for that.<br class="">Austin Witmer<br class=""><blockquote type="cite" class="">On Jul 11, 2022, at 1:06 PM, Christian Kivalo <<a href="mailto:ml+dovecot@valo.at" class="">ml+dovecot@valo.at</a>><br class="">wrote:<br class=""><blockquote type="cite" class="">I added “login” to my auth_mechanisms line in<br class="">/etc/dovecot/conf.d/10-auth.conf. That line already looked like<br class="">auth_mechanisms = plain<br class="">This is what the line looks like now: auth_mechanisms = plain<br class="">login<br class="">I restarted dovecot and it still is not advertising anything after<br class="">“SASL” in the sieve log file. See below:<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto"<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" ""<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS"<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0"<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu)<br class="">ready."<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS<br class="">[10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS<br class="">negotiation now."<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class="">????Y8h#u??Lu?u?V2??N[?˴?+)u?????F?'{ֺ?G?r?iS??pݥ??D}?????<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class="">?>??0??SxfXC%]c?|?y?"w???K_ޕ???N<br class="">?.?c?<br class="">??_D?r???ǿ?r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class=""></blockquote>?.e???i8p?{Ur"???3GZ?C??7??U)s?;,c?6????HY??B?ڑB.g=TtAk?dq???nV?i<br class=""><blockquote type="cite" class="">?BG2D???7?hܖQTl?)G??9??W?????M^??<br class="">??D&?䢀rQ???2E?pn?Ez?????䉉i?<br class="">@1??փiC???=???W?M\<br class=""></blockquote></blockquote>`?]?}?D$`?:???^?/K???5?aB?c??ar)?l@C??X?ٹ?!J???k??"/1?r???w?_??@?p??w<br class=""><blockquote type="cite" class=""><blockquote type="cite" class="">)R?d??o????k*?*?????<br class="">i?O?i%S?l^?o2?H<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class="">5?7?x??w?z"??hu4?E??:?/?F(d?;??i??"??5??G,5????E?C?MS????<br class="">L???*??*???LO?D?? J?l???ځ?<br class="">??IN??v?fR?5t?:???SG?>{mY??D?˱????t?Rj?w?#<br class="">??n??[?S?<br class="">V4O?z?=.ܰې??uA?ھ????9?τ???c??oE?;LBOg??Ql'w?=<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class="">?&???C/_??*??????|.??$O?~?<br class="">??5?"????縉??<br class="">?r??0~?+~????B<br class="">??5)]cZ?Z?t??D??????-?dZ??M?z??2TɉOp?q?o?T?3?`'????g??6<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5???<br class="">[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S:<br class="">And once again the line from my mail.log file.<br class="">Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no<br class="">auth<br class="">attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS,<br class="">session=<7VswBnvjXuIKdAAD><br class="">Any further suggestions? Why do you suppose that the auth<br class="">mechanisms<br class="">are not being advertised?<br class=""></blockquote>The auth mechanisms are not shown because you access from a remote<br class="">host, have STARTTLS available and "disable_plaintext_auth = yes"<br class="">set. The auth mechanisms will be shown after STARTTLS.<br class="">This is described here<br class=""><a href="https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting" class="">https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting</a><br class="">One more thing comes to mind regarding the ssl options in the<br class="">managesieve plugin config. Do you use a self signed cert in dovecot?<br class="">One more thing you could try, in your managesieve plugin<br class="">config.inc.php<br class="">remove this section:<br class="">$config['managesieve_conn_options'] = array(<br class="">'ssl' => array(<br class="">'verify_peer' => false,<br class="">'allow_self_signed' => true,<br class="">),<br class="">);<br class="">add this section:<br class="">$config['managesieve_conn_options'] = [<br class="">'ssl' => [<br class="">'verify_peer' => false,<br class="">'peer_name' => 'change to the hostname from dovecots ssl<br class="">certificate',<br class="">],<br class="">];<br class="">add in there, when using self-signed cert<br class="">'allow_self_signed' => true,<br class="">--<br class="">Christian Kivalo<br class=""></blockquote>Links:<br class="">------<br class="">[1] <a href="http://mail.mydomain.com" class="">http://mail.mydomain.com</a><br class=""></blockquote><br class="">-- <br class=""> Christian Kivalo</div></div></blockquote><br class=""></div><div>Thanks again for everyone’s help! Much appreciated!</div><div><br class=""></div><div>Austin Witmer</div><br class=""></body></html>