Hi,
I do have an running dovecot-sieve installation. There is no problem to use it with rainloop or Thunderbird. But I can't get roundcube to work with sieve. Dovecot forces to initiate TLS before auth. SSL is disabled, only TLS 1.2+ is enabled.
sieve-log of roundcube: [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "IMPLEMENTATION" "Dovecot Pigeonhole" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "NOTIFY" "mailto" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SASL" "" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "STARTTLS" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "VERSION" "1.0" [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Doctor, your Tardis is ready." [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: STARTTLS [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: NO "Error in MANAGESIEVE command received by server." [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: LOGOUT [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Begin TLS negotiation now."
maillog (dovecot errors): Jul 31 16:24:29 mail dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.23.102.80, lip=10.23.102.251, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<rbUW4vqOC+MKF2ZQ>
managesieve config.inc.php: $config['managesieve_port'] = 4190; $config['managesieve_host'] = 'mail.domain.tld'; $config['managesieve_auth_type'] = 'PLAIN'; $config['managesieve_auth_cid'] = null; $config['managesieve_auth_pw'] = null; $config['managesieve_usetls'] = true; //$config['managesieve_conn_options'] = null; $config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => true, 'verify_peer_name' => true, 'allow_self_signed' => false, ), ); $config['managesieve_default'] = '/etc/dovecot/sieve/global'; $config['managesieve_script_name'] = 'managesieve'; $config['managesieve_mbox_encoding'] = 'UTF-8'; $config['managesieve_replace_delimiter'] = ''; $config['managesieve_disabled_extensions'] = array(); $config['managesieve_debug'] = true; $config['managesieve_kolab_master'] = false; $config['managesieve_filename_extension'] = '.sieve'; $config['managesieve_filename_exceptions'] = array(); $config['managesieve_domains'] = array(); $config['managesieve_vacation'] = 1; $config['managesieve_vacation_interval'] = 0; $config['managesieve_vacation_addresses_init'] = false; $config['managesieve_vacation_from_init'] = false; $config['managesieve_notify_methods'] = array('mailto'); $config['managesieve_raw_editor'] = true;
The dovecot-log looks like roundcube is trying to initiate SSL3 but this is disabled. I think "Error in MANAGESIEVE command received by server." has to do with the deactivated SSL.
Connecting to dovecot manually with gnutls-cli --starttls -p 4190 mail.domain.tld: Processed 306 CA certificate(s). Resolving 'mail.domain.tld:4190'... Connecting to '<IP>:4190'...
- Simple Client Mode:
"IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate m ime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "" "STARTTLS" "VERSION" "1.0" OK "Doctor, your Tardis is ready." NO "Error in MANAGESIEVE command received by server." STARTTLS OK "Begin TLS negotiation now." *** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject
CN=mail.domain.tld', issuerCN=Let's Encrypt Authority
- subject
X3,O=Let's Encrypt,C=US', serial 0x03c0d3d322307e5a997f654b435b56480773,
RSA key 4096 bits, signed using RSA-SHA256, activated 2019-06-06 09:18:10 UTC', expires2019-09-04 09:18:10 UTC',
pin-sha256="8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4="
Public Key ID:
sha1:62b08cf75ae6c45915db8d8c7bff6947788ac3b2
sha256:f12975ee55b1598489713729a501b80cb4818443ffb91919e4d4d07dd924a12e Public Key PIN: pin-sha256:8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4=
- Certificate[1] info:
- subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer
CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated2016-03-17 16:40:46 UTC', expires `2021-03-17
16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
- Status: The certificate is trusted.
- Description:
(TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
- Options:
"IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN" "VERSION" "1.0" OK "TLS negotiation successful." LOGOUT OK "Logout completed."
- Peer has closed the GnuTLS connection
So, what do I have to do to get roundcube to talk to sieve?