Hi,
I do have an running dovecot-sieve installation. There is no problem to
use it with rainloop or Thunderbird. But I can't get roundcube to work
with sieve.
Dovecot forces to initiate TLS before auth. SSL is disabled, only TLS
1.2+ is enabled.
sieve-log of roundcube:
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "IMPLEMENTATION" "Dovecot
Pigeonhole"
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SIEVE" "fileinto reject
envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "NOTIFY" "mailto"
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SASL" ""
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "STARTTLS"
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "VERSION" "1.0"
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Doctor, your Tardis is
ready."
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: STARTTLS
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: NO "Error in MANAGESIEVE
command received by server."
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: LOGOUT
[31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Begin TLS negotiation
now."
maillog (dovecot errors):
Jul 31 16:24:29 mail dovecot: managesieve-login: Disconnected (no auth
attempts in 0 secs): user=<>, rip=10.23.102.80, lip=10.23.102.251, TLS
handshaking: SSL_accept() failed: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number,
session=<rbUW4vqOC+MKF2ZQ>
managesieve config.inc.php:
$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'mail.domain.tld';
$config['managesieve_auth_type'] = 'PLAIN';
$config['managesieve_auth_cid'] = null;
$config['managesieve_auth_pw'] = null;
$config['managesieve_usetls'] = true;
//$config['managesieve_conn_options'] = null;
$config['managesieve_conn_options'] = array(
'ssl' => array(
'verify_peer' => true,
'verify_peer_name' => true,
'allow_self_signed' => false,
),
);
$config['managesieve_default'] = '/etc/dovecot/sieve/global';
$config['managesieve_script_name'] = 'managesieve';
$config['managesieve_mbox_encoding'] = 'UTF-8';
$config['managesieve_replace_delimiter'] = '';
$config['managesieve_disabled_extensions'] = array();
$config['managesieve_debug'] = true;
$config['managesieve_kolab_master'] = false;
$config['managesieve_filename_extension'] = '.sieve';
$config['managesieve_filename_exceptions'] = array();
$config['managesieve_domains'] = array();
$config['managesieve_vacation'] = 1;
$config['managesieve_vacation_interval'] = 0;
$config['managesieve_vacation_addresses_init'] = false;
$config['managesieve_vacation_from_init'] = false;
$config['managesieve_notify_methods'] = array('mailto');
$config['managesieve_raw_editor'] = true;
The dovecot-log looks like roundcube is trying to initiate SSL3 but this
is disabled. I think "Error in MANAGESIEVE command received by server."
has to do with the deactivated SSL.
Connecting to dovecot manually with gnutls-cli --starttls -p 4190
mail.domain.tld:
Processed 306 CA certificate(s).
Resolving 'mail.domain.tld:4190'...
Connecting to '<IP>:4190'...
- Simple Client Mode:
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate m
ime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Doctor, your Tardis is ready."
NO "Error in MANAGESIEVE command received by server."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=mail.domain.tld', issuer `CN=Let's Encrypt Authority
X3,O=Let's Encrypt,C=US', serial 0x03c0d3d322307e5a997f654b435b56480773,
RSA key 4096 bits, signed using RSA-SHA256, activated `2019-06-06
09:18:10 UTC', expires `2019-09-04 09:18:10 UTC',
pin-sha256="8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4="
Public Key ID:
sha1:62b08cf75ae6c45915db8d8c7bff6947788ac3b2
sha256:f12975ee55b1598489713729a501b80cb4818443ffb91919e4d4d07dd924a12e
Public Key PIN:
pin-sha256:8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4=
- Certificate[1] info:
- subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer
`CN=DST Root CA X3,O=Digital Signature Trust Co.', serial
0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using
RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17
16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
- Status: The certificate is trusted.
- Description:
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Options:
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
"NOTIFY" "mailto"
"SASL" "PLAIN LOGIN"
"VERSION" "1.0"
OK "TLS negotiation successful."
LOGOUT
OK "Logout completed."
- Peer has closed the GnuTLS connection
So, what do I have to do to get roundcube to talk to sieve?