Hi Dominik,
I have set ssl = required in 10-ssl.conf globally but no ssl here:
service managesieve-login {
inet_listener sieve {
port = 4190
}
...
}
Nevertheless, STARTTLS is offered
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation
subaddress comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date index ihave duplicate mime
foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "service active"
and the connection will be encrypted (tested with roudcube webmail)
> STARTTLS
< OK "Begin TLS negotiation now."
...
You can check if it works with tcpdump:
tcpdump -nn -l -A -i eth0 port 4190
Best regards
Gerald
> Am 11.01.2019 um 09:59 schrieb Dominik Menke <dom at digineo.de>:
>
> Sure, here you go (I've masked a few unimportant fields, though):
>
>
> # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.21 (92477967)
> # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS
> auth_default_realm = masked
> auth_master_user_separator = *
> auth_mechanisms = plain login scram-sha-1
> default_vsz_limit = 4 G
> doveadm_worker_count = 8
> log_path = /dev/stderr
> mail_attachment_dir = /var/mail/sis
> mail_attachment_hash = %{sha256}
> mail_location = mdbox:~/mdbox
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric relational
regex imap4flags copy include variables body enotify environment mailbox date
index ihave duplicate mime foreverypart extracttext vacation-seconds imapsieve
vnd.dovecot.imapsieve
> mdbox_rotate_size = 128 M
> namespace inbox {
> inbox = yes
> location > mailbox Drafts {
> auto = subscribe
> special_use = \Drafts
> }
> mailbox Junk {
> auto = subscribe
> special_use = \Junk
> }
> mailbox Sent {
> auto = subscribe
> special_use = \Sent
> }
> mailbox Trash {
> auto = subscribe
> special_use = \Trash
> }
> prefix > }
> passdb {
> args = username_format=%n /etc/dovecot/passwd.masterusers
> driver = passwd-file
> master = yes
> pass = yes
> }
> passdb {
> args = username_format=%n /etc/dovecot/passwd
> driver = passwd-file
> }
> plugin {
> imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
> imapsieve_mailbox1_cause = COPY FLAG
> imapsieve_mailbox1_name = Junk
> imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
> imapsieve_mailbox2_causes = COPY
> imapsieve_mailbox2_from = Junk
> imapsieve_mailbox2_name = *
> sieve = ~/dovecot.sieve
> sieve_after = /etc/dovecot/sieve/after
> sieve_dir = ~/sieve
> sieve_extensions = +vacation-seconds
> sieve_global_extensions = +vnd.dovecot.pipe
> sieve_pipe_bin_dir = /etc/dovecot/sieve
> sieve_plugins = sieve_imapsieve sieve_extprograms
> sieve_vacation_default_period = 1d
> sieve_vacation_max_period = 30d
> sieve_vacation_min_period = 1d
> }
> protocols = imap lmtp sieve
> service auth {
> unix_listener /var/spool/postfix/private/dovecot-auth {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service imap-login {
> inet_listener imap {
> port = 143
> }
> inet_listener imaps {
> port = 993
> ssl = yes
> }
> process_limit = 128
> }
> service lmtp {
> unix_listener /var/spool/postfix/private/dovecot-lmtp {
> group = postfix
> mode = 0600
> user = postfix
> }
> }
> service managesieve-login {
> inet_listener sieve {
> port = 4190
> ssl = yes
> }
> service_count = 1
> }
> service managesieve {
> process_limit = 256
> }
> ssl_cert = </masked/path/to/server.crt
> ssl_key = # hidden, use -P to show it
> userdb {
> args = uid=vmail gid=vmail home=/var/mail/users/%n
> driver = static
> }
> verbose_proctitle = yes
> protocol lmtp {
> mail_plugins = " sieve notify push_notification"
> ssl = no
> }
> protocol imap {
> mail_plugins = " imap_sieve"
> }
> protocol sieve {
> mail_debug = yes
> managesieve_max_line_length = 65536
> }
>
>
> --Dominik
>
>
> On 1/11/19 9:44 AM, Aki Tuomi wrote:
>> On 10.1.2019 18.28, Dominik Menke wrote:
>>> I've missed a part at the end:
>>>
>>>> This leads me to my question: How do I force Dovecot to print
at
>>>> least a STARTTLS line after a client connects to port 4190?
Looking
>>>
>>> ... at the default configuration files in /etc/dovecot/conf.d/ I
don't
>>> see an obvious difference.
>>>
>>>
>>> --Dominik
>> Can you provide output of `doveconf -n`
>> Aki
>
> --
> Digineo GmbH
> Fahrenheitstra?e 15
> 28359 Bremen
>
> Telefon: +49 421 167 66 090
> Telefax: +49 421 167 66 099
>
> E-Mail: dom at digineo.de
> Internet: www.digineo.de
>
> Gesch?ftsf?hrer: Dipl.-Inf. Julian Kornberger
> Amtsgericht Bremen HRB 25061
> USt-ID: DE 815023724