Ok, I changed to $config['managesieve_host'] = 'tls://10.116.0.2?;
and the below is the log from /var/www/roundcube/logs/sieve.log during a
connection attempt. Does this log give you any clues?
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "IMPLEMENTATION"
"Dovecot (Ubuntu) Pigeonhole"
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SIEVE"
"fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include variables
body enotify environment mailbox date index ihave duplicate mime foreverypart
extracttext"
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "NOTIFY"
"mailto"
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SASL" ""
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "STARTTLS"
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "VERSION"
"1.0"
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Dovecot (Ubuntu)
ready."
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> C: STARTTLS
[10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Begin TLS negotiation
now."
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> C: LOGOUT
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?=?C-?H????(????.?2
[`S?w??K???:?&Bn3v?*?z[??'K?x?@??W??T-?q?\?o?Tub.Nr?)*??j????
?P^??.mr???+?5e.??q?.$????/????u??B~?f+>?????.??.?=??
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?A?\???F???X?
c+????!???{?-??\?]?????7H1+v?y?5?G-6c0????av?_1?5n??i7?U??L@?AH??O?N???Ie?r?F??weqfR???Y???b?????
??kT?+?.??S?u???????c?Z'??nT???m???????(6?~&WC??B?m???Z?1?????R?3??i@??R???=VHf?5??1??}????u9m
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?
??*}??OG?C??,????.??Cg??R????M??
?Kiq?
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S:
W?qWN?]??8??d??=?&?H8????y??"?6?D?!*???K??????$eV??.O????n???M???h??C???A????U?G2?O,????E?C\*?~,???$?{????W0w??B?E??X`?!VH???k+??????e???Ero?0????&????2?&????I?^D?;??f?4????Zn%Y_??/s1hj??;???ujt?d?H?v?t3"?Wm0`????
z???AU?QRE??\Bz-V??W???,?bp???e?D???0m?-?
?8?%???4??V?\?'MR[?O1??4 ?
4Z?X
[10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S:
And here is the log from the mail server during the same connection attempt.
Jul 10 20:59:48 mail dovecot: managesieve-login: Disconnected (no auth attempts
in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS,
session=<d9tCt3njVuEKdAAD>
And here is the output of doveconf -n
austin at mail:~$ doveconf -n
# 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.7.2 ()
# OS: Linux 5.4.0-121-generic x86_64 Ubuntu 20.04.4 LTS
# Hostname: mail.mydomain.com
listen = *
mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Spam {
auto = subscribe
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
driver = pam
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
sieve = /mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve
sieve_global_dir = /var/lib/dovecot/sieve/
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
sieve_user_log =
file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log
}
protocols = imap lmtp pop3 imap lmtp sieve pop3
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0660
user = postfix
}
}
service imap-login {
inet_listener imap {
port = 0
}
inet_listener imaps {
port = 993
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
ssl_cipher_list = AES128+EECDH:AES128+EDH
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
userdb {
driver = passwd
}
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
userdb {
driver = prefetch
}
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol lmtp {
hostname = mail.mydomain.com
mail_plugins = " sieve"
postmaster_address = postmaster at mydomain.com
}
protocol lda {
mail_plugins = " sieve"
}
What am I missing???? Thanks so much to all of you for helping me along! This is
why I like the Open-source community!
Austin Witmer
> On Jul 10, 2022, at 9:49 AM, Christian Kivalo <ml+dovecot at valo.at>
wrote:
>
>
> On July 10, 2022 5:01:02 PM GMT+02:00, Austin Witmer <austin96 at
emypeople.net> wrote:
>> When I enable ssl = yes in my /etc/dovecot/conf.d/20-managesieve.conf
file, I get the log line below from mail.log on my mail server.
>> Jul 10 14:57:18 mail dovecot: managesieve-login: Disconnected (no auth
attempts in 62 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS
handshaking: SSL_accept() failed: error:1408F10B:SSL
routines:ssl3_get_record:wrong version number, session=<PoXYpnTjLN0KdAAD>
>> I?m not smart enough with ssl stuff to know what the root cause of that
error is. Can somebody help me out?
>
> You current dovecot config as below requires you to use tls:// prefix in
the managesieve configuration. I just tried it with my server and it worked.
Use:
> $config['managesieve_host'] = 'tls://10.116.0.2';
>
> You have debug logging enabled in your roundcube managesieve config, the
output should be in your roundcube logging. Look at that logging during a
connection attempt, this helped me allot identifying a certificate name
mismatch.
>
>
>> Thanks!
>> Austin Witmer
>>> On Jul 10, 2022, at 8:52 AM, Austin Witmer <austin96 at
emypeople.net> wrote:
>>> So, here is my dovecot configuration. /etc/dovecot/dovecot.conf
>>> ## Dovecot configuration file
>>> # Enable installed protocols
>>> !include_try /usr/share/dovecot/protocols.d/*.protocol
>>> dict {
>>> #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext
>>> #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext
>>> }
>>> !include conf.d/*.conf
>>> !include_try local.conf
>>> !include_try /usr/share/dovecot/protocols.d/*.protocol
>>> listen = *
>>> disable_plaintext_auth = yes
>>> mail_privileged_group = mail
>>> passdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> }
>>> protocols = imap lmtp pop3
>>> namespace inbox {
>>> inbox = yes
>>> mailbox Trash {
>>> auto = subscribe # autocreate and autosubscribe the Trash mailbox
>>> special_use = \Trash
>>> }
>>> mailbox Sent {
>>> auto = subscribe # autocreate and autosubscribe the Sent mailbox
>>> special_use = \Sent
>>> }
>>> mailbox Spam {
>>> auto = subscribe # autocreate and autosubscribe the Spam mailbox
>>> }
>>> }
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>> group = postfix
>>> mode = 0660
>>> user = postfix
>>> }
>>> }
>>> service imap-login {
>>> inet_listener imap {
>>> port = 0
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> }
>>> }
>>> service lmtp {
>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>> group = postfix
>>> mode = 0600
>>> user = postfix
>>> }
>>> }
>>> protocol lmtp {
>>> postmaster_address=postmaster at mydomain.com
>>> hostname=mail.mydomain.com
>>> }
>>> ssl = required # Enable installed protocols
>>> !include_try /usr/share/dovecot/protocols.d/*.protocol
>>> listen = *
>>> disable_plaintext_auth = yes
>>> mail_privileged_group = mail
>>> passdb {
>>> args = /etc/dovecot/dovecot-sql.conf
>>> driver = sql
>>> }
>>> namespace inbox {
>>> inbox = yes
>>> mailbox Trash {
>>> auto = subscribe # autocreate and autosubscribe the Trash mailbox
>>> special_use = \Trash
>>> }
>>> mailbox Sent {
>>> auto = subscribe # autocreate and autosubscribe the Sent mailbox
>>> special_use = \Sent
>>> }
>>> }
>>> service auth {
>>> unix_listener /var/spool/postfix/private/auth {
>>> group = postfix
>>> mode = 0660
>>> user = postfix
>>> }
>>> }
>>> service imap-login {
>>> inet_listener imap {
>>> port = 0
>>> }
>>> inet_listener imaps {
>>> port = 993
>>> }
>>> }
>>> service lmtp {
>>> unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>> group = postfix
>>> mode = 0600
>>> user = postfix
>>> }
>>> }
>>> protocol lmtp {
>>> postmaster_address=postmaster at mydomain.com
>>> hostname=mail.mydomain.com
>>> }
>>> ssl = required
>>> ssl_cert =
</etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
>>> ssl_cipher_list = AES128+EECDH:AES128+EDH
>>> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
>>> ssl_prefer_server_ciphers = yes
>>> userdb {
>>> driver = prefetch
>>> }
>>> userdb {
>>> driver = sql
>>> args = /etc/dovecot/dovecot-sql.conf
>>> }
>>> ssl_cert =
</etc/letsencrypt/live/mail.mydomain.com/fullchain.pem
>>> ssl_cipher_list = AES128+EECDH:AES128+EDH
>>> #ssl_dh_parameters_length = 4096
>>> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem
>>> ssl_prefer_server_ciphers = yes
>>> #ssl_protocols = !SSLv3
>>> userdb {
>>> driver = prefetch
>>> }
>>> userdb {
>>> driver = sql
>>> args = /etc/dovecot/dovecot-sql.conf
>>> }
>>> And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I
tried enabling ssl = yes in the config below but it still didn?t work.
>>> ##
>>> ## ManageSieve specific settings
>>> ##
>>> # Uncomment to enable managesieve protocol:
>>> protocols = $protocols sieve
>>> # Service definitions
>>> service managesieve-login {
>>> inet_listener sieve {
>>> port = 4190
>>> # ssl = yes
>>> }
>>> #inet_listener sieve_deprecated {
>>> # port = 2000
>>> #}
>>> # Number of connections to handle before starting a new process.
Typically
>>> # the only useful values are 0 (unlimited) or 1. 1 is more secure,
but 0
>>> # is faster. <doc/wiki/LoginProcess.txt>
>>> #service_count = 1
>>> # Number of processes to always keep waiting for more connections.
>>> #process_min_avail = 0
>>> # If you set service_count=0, you probably need to grow this.
>>> #vsz_limit = 64M
>>> }
>>> #service managesieve {
>>> # Max. number of ManageSieve processes (connections)
>>> #process_limit = 1024
>>> #}
>>> # Service configuration
>>> protocol sieve {
>>> # Maximum ManageSieve command line length in bytes. ManageSieve
usually does
>>> # not involve overly long command lines, so this setting will not
normally
>>> # need adjustment
>>> #managesieve_max_line_length = 65536
>>> # Maximum number of ManageSieve connections allowed for a user from
each IP
>>> # address.
>>> # NOTE: The username is compared case-sensitively.
>>> #mail_max_userip_connections = 10
>>> # Space separated list of plugins to load (none known to be useful
so far).
>>> # Do NOT try to load IMAP plugins here.
>>> #mail_plugins >>> # MANAGESIEVE logout format string:
>>> # %i - total number of bytes read from client
>>> # %o - total number of bytes sent to client
>>> # %{put_bytes} - Number of bytes saved using PUTSCRIPT command
>>> # %{put_count} - Number of scripts saved using PUTSCRIPT command
>>> # %{get_bytes} - Number of bytes read using GETCRIPT command
>>> # %{get_count} - Number of scripts read using GETSCRIPT command
>>> # %{get_bytes} - Number of bytes processed using CHECKSCRIPT
command
>>> # %{get_count} - Number of scripts checked using CHECKSCRIPT
command
>>> # %{deleted_count} - Number of scripts deleted using DELETESCRIPT
command
>>> # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT
command
>>> #managesieve_logout_format = bytes=%i/%o
>>> # To fool ManageSieve clients that are focused on CMU's
timesieved you can
>>> # specify the IMPLEMENTATION capability that Dovecot reports to
clients.
>>> # For example: 'Cyrus timsieved v2.2.13'
>>> #managesieve_implementation_string = Dovecot Pigeonhole
>>> # Explicitly specify the SIEVE and NOTIFY capability reported by
the server
>>> # before login. If left unassigned these will be reported
dynamically
>>> # according to what the Sieve interpreter supports by default
(after login
>>> # this may differ depending on the user).
>>> #managesieve_sieve_capability >>>
#managesieve_notify_capability >>> # The maximum number of compile
errors that are returned to the client upon
>>> # script upload or script verification.
>>> #managesieve_max_compile_errors = 5
>>> # Refer to 90-sieve.conf for script quota configuration and
configuration of
>>> # Sieve execution limits.
>>> }
>>> Here is the output of testing with openssl from the roundcube
server.
>>> I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null
>>> And got this:
>>> CONNECTED(00000003)
>>> 139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong
version number:../ssl/record/ssl3_record.c:331:
>>> ---
>>> no peer certificate available
>>> ---
>>> No client certificate CA names sent
>>> ---
>>> SSL handshake has read 5 bytes and written 283 bytes
>>> Verification: OK
>>> ---
>>> New, (NONE), Cipher is (NONE)
>>> Secure Renegotiation IS NOT supported
>>> Compression: NONE
>>> Expansion: NONE
>>> No ALPN negotiated
>>> Early data was not sent
>>> Verify return code: 0 (ok)
>>> ?
>>> Is the second line in the output above the problem?
>>> Thanks to all of you for your help so far!
>>> Austin Witmer
>>>> On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dovecot at
tocc.cz> wrote:
>>>> I can't see your dovecot conf, but anyway -- roundcube side
has to be aligned with dovecot's, i.e. if you use ssl on roundcube side,
make sure you have it enabled on dovecot side too, something like:
>>>> service managesieve-login {
>>>> inet_listener sieve {
>>>> port = 4190
>>>> ssl = yes
>>>> }
>>>> or just use tls, i.e. no "ssl=yes" in dovecot conf,
but tls://10.116.0.2 in roundcube conf
>>>> This seems to be the same case:
https://github.com/roundcube/roundcubemail/issues/7127
>>>> Tomas
>>>> On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote:
>>>>> Hello all!
>>>>> I?ve got a bit of a problem that I would like some help
with. So, I have
>>>>> two servers, one is my mail server running postfix, dovecot
etc. I have a
>>>>> second server setup as my roundcube server. Both servers
are running on
>>>>> the same LAN network.
>>>>> I have sieve scripts setup in dovecot in my mail server and
they are
>>>>> working great! My trouble is that I can?t seem to make my
roundcube talk
>>>>> correctly to managesieve on my mail server.
>>>>> Here is the mail.log file from the mail server when I try
to create a
>>>>> sievescript from roundcube webmail:
>>>>> Jul 10 04:11:45 mail dovecot: managesieve-login:
Disconnected: Too many
>>>>> invalid commands. (no auth attempts in 0 secs):
user=<>, rip=10.116.0.3,
>>>>> lip=10.116.0.2, session=<cZMzomvjyNgKdAAD>
>>>>> And here is my managesieve configuration from my roundcube
server.
>>>>> /var/www/roundcube/plugins/managesieve/config.inc.php
>>>>> <?php
>>>>> $config['managesieve_port'] = 4190;
>>>>> $config['managesieve_host'] =
'[1]ssl://10.116.0.2';
>>>>> $config['managesieve_auth_type'] = null;
>>>>> $config['managesieve_auth_cid'] = null;
>>>>> $config['managesieve_auth_pw'] = null;
>>>>> $config['managesieve_usetls'] = false;
>>>>> $config['managesieve_conn_options'] = array(
>>>>> 'ssl' => array(
>>>>> 'verify_peer' => false,
>>>>> 'allow_self_signed' => true,
>>>>> ),
>>>>> );
>>>>> $config['managesieve_default'] =
'var/lib/dovecot/sieve/default.sieve';
>>>>> $config['managesieve_script_name'] =
'default.sieve';
>>>>> $config['managesieve_mbox_encoding'] =
'UTF-8';
>>>>> $config['managesieve_replace_delimiter'] =
'';
>>>>> $config['managesieve_disabled_extensions'] = [];
>>>>> $config['managesieve_debug'] = true;
>>>>> $config['managesieve_kolab_master'] = false;
>>>>> $config['managesieve_filename_extension'] =
'.sieve';
>>>>> $config['managesieve_filename_exceptions'] = [];
>>>>> $config['managesieve_domains'] = [];
>>>>> $config['managesieve_default_headers'] =
['Subject', 'From', 'To'];
>>>>> $config['managesieve_vacation'] = 0;
>>>>> $config['managesieve_forward'] = 0;
>>>>> $config['managesieve_vacation_interval'] = 0;
>>>>> $config['managesieve_vacation_addresses_init'] =
false;
>>>>> $config['managesieve_vacation_from_init'] = false;
>>>>> $config['managesieve_notify_methods'] =
['mailto'];
>>>>> $config['managesieve_raw_editor'] = true;
>>>>> $config['managesieve_disabled_actions'] = [];
>>>>> $config['managesieve_allowed_hosts'] = null;
>>>>> Does anybody have any clue why roundcube isn?t able to
login in to
>>>>> managesieve on my mail server?
>>>>> Are there more logs/configs you would like to see?
>>>>> Thanks in advance for your help and suggestions!
>>>>> Austin Witmer
>>>>> References
>>>>> Visible links
>>>>> 1. file:///tmp/ssl:/10.116.0.2
>
> --
> Christian Kivalo
Christian Kivalo
2022-Jul-10 22:03 UTC
Trouble configuring managesive plugin for roundcube
On 2022-07-10 23:10, Austin Witmer wrote:> Ok, I changed to $config['managesieve_host'] = 'tls://10.116.0.2?; and > the below is the log from /var/www/roundcube/logs/sieve.log during a > connection attempt. Does this log give you any clues? > > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "IMPLEMENTATION" "Dovecot > (Ubuntu) Pigeonhole" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SIEVE" "fileinto reject > envelope encoded-character vacation subaddress > comparator-i;ascii-numeric relational regex imap4flags copy include > variables body enotify environment mailbox date index ihave duplicate > mime foreverypart extracttext" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "NOTIFY" "mailto" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SASL" ""No auth mechanisms are advertised.> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "STARTTLS" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "VERSION" "1.0" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Dovecot (Ubuntu) > ready." > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> C: STARTTLS > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Begin TLS negotiation > now." > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> C: LOGOUTClient disconnect immediately after starttls.> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?=?C-?H????(????.?2 > > [`S?w??K???:?&Bn3v?*?z[??'K?x?@??W??T-?q?\?o?Tub.Nr?)*??j????> > ?P^??.mr???+?5e.??q?.$????/????u??B~?f+>?????.??.?=?? > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?A?\???F???X? > c+????!???{?-??\?]?????7H1+v?y?5?G-6c0????av?_1?5n??i7?U??L@?AH??O?N???Ie?r?F??weqfR???Y???b????? > ??kT?+?.??S?u???????c?Z'??nT???m???????(6?~&WC??B?m???Z?1?????R?3??i@??R???=VHf?5??1??}????u9m > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ? > > ??*}??OG?C??,????.??Cg??R????M?? ?Kiq? > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: > W?qWN?]??8??d??=?&?H8????y??"?6?D?!*???K??????$eV??.O????n???M???h??C???A????U?G2?O,????E?C\*?~,???$?{????W0w??B?E??X`?!VH???k+??????e???Ero?0????&????2?&????I?^D?;??f?4????Zn%Y_??/s1hj??;???ujt?d?H?v?t3"?Wm0`???? z???AU?QRE??\Bz-V??W???,?bp???e?D???0m?-? > ?8?%???4??V?\?'MR[?O1??4 ? > 4Z?X > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: > > And here is the log from the mail server during the same connection > attempt. > > Jul 10 20:59:48 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, > session=<d9tCt3njVuEKdAAD> > > And here is the output of doveconf -n> austin at mail:~$ doveconf -n > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.7.2 () > # OS: Linux 5.4.0-121-generic x86_64 Ubuntu 20.04.4 LTS > # Hostname: mail.mydomain.com > listen = * > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > sieve = /mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve > sieve_global_dir = /var/lib/dovecot/sieve/ > sieve_global_path = /var/lib/dovecot/sieve/default.sieve > sieve_user_log > file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log > } > protocols = imap lmtp pop3 imap lmtp sieve pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > } > ssl = required > ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem > ssl_cipher_list = AES128+EECDH:AES128+EDHdrop this setting, the default is good.> ssl_client_ca_dir = /etc/ssl/certsdrop this one too> ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > driver = passwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol lmtp { > hostname = mail.mydomain.com > mail_plugins = " sieve" > postmaster_address = postmaster at mydomain.com > } > protocol lda { > mail_plugins = " sieve" > } > > What am I missing???? Thanks so much to all of you for helping me > along! This is why I like the Open-source community!I have set in /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain login and at connection attempt before starttls shows Escape character is '^]'. "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready." -- Christian Kivalo