Op 11/01/2019 om 16:05 schreef Dominik Menke:> Hello Gerald,
>
> that did the trick, thank you very much!
>
> --Dominik
>
>
> On 1/11/19 10:54 AM, Gerald Galster wrote:
>> Hi Dominik,
>>
>> I have set ssl = required in 10-ssl.conf globally but no ssl here:
>>
>> service managesieve-login {
>> ?? inet_listener sieve {
>> ???? port = 4190
>> ?? }
>> ?? ...
>> }
>>
For reference: if you put ssl=yes there, the TLS layer is established
immediately. However, the standard ManageSieve protocol does not support
that (not currently anyway): only the establishment of the TLS layer
using the STARTTLS command is part of the standard. That is why your
clients fail to connect: they're speaking plaintext while the server is
speaking TLS. Still, Dovecot supports configuring it that way, which is
what you did.
Regards,
Stephan.
>>
>> Nevertheless, STARTTLS is offered
>>
>> "IMPLEMENTATION" "Dovecot Pigeonhole"
>> "SIEVE" "fileinto reject envelope encoded-character
vacation
>> subaddress comparator-i;ascii-numeric relational regex imap4flags
>> copy include variables body enotify environment mailbox date index
>> ihave duplicate mime foreverypart extracttext"
>> "NOTIFY" "mailto"
>> "SASL" ""
>> "STARTTLS"
>> "VERSION" "1.0"
>> OK "service active"
>>
>>
>> and the connection will be encrypted (tested with roudcube webmail)
>>
>>
>>> STARTTLS
>> < OK "Begin TLS negotiation now."
>>
>> ...
>>
>>
>> You can check if it works with tcpdump:
>>
>> tcpdump -nn -l -A -i eth0 port 4190
>>
>>
>> Best regards
>> Gerald
>>
>>
>>> Am 11.01.2019 um 09:59 schrieb Dominik Menke <dom at
digineo.de>:
>>>
>>> Sure, here you go (I've masked a few unimportant fields,
though):
>>>
>>>
>>> ??? # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
>>> ??? # Pigeonhole version 0.4.21 (92477967)
>>> ??? # OS: Linux 4.15.0-42-generic x86_64 Ubuntu 18.04.1 LTS
>>> ??? auth_default_realm = masked
>>> ??? auth_master_user_separator = *
>>> ??? auth_mechanisms = plain login scram-sha-1
>>> ??? default_vsz_limit = 4 G
>>> ??? doveadm_worker_count = 8
>>> ??? log_path = /dev/stderr
>>> ??? mail_attachment_dir = /var/mail/sis
>>> ??? mail_attachment_hash = %{sha256}
>>> ??? mail_location = mdbox:~/mdbox
>>> ??? managesieve_notify_capability = mailto
>>> ??? managesieve_sieve_capability = fileinto reject envelope
>>> encoded-character vacation subaddress comparator-i;ascii-numeric
>>> relational regex imap4flags copy include variables body enotify
>>> environment mailbox date index ihave duplicate mime foreverypart
>>> extracttext vacation-seconds imapsieve vnd.dovecot.imapsieve
>>> ??? mdbox_rotate_size = 128 M
>>> ??? namespace inbox {
>>> ????? inbox = yes
>>> ????? location >>> ????? mailbox Drafts {
>>> ??????? auto = subscribe
>>> ??????? special_use = \Drafts
>>> ????? }
>>> ????? mailbox Junk {
>>> ??????? auto = subscribe
>>> ??????? special_use = \Junk
>>> ????? }
>>> ????? mailbox Sent {
>>> ??????? auto = subscribe
>>> ??????? special_use = \Sent
>>> ????? }
>>> ????? mailbox Trash {
>>> ??????? auto = subscribe
>>> ??????? special_use = \Trash
>>> ????? }
>>> ????? prefix >>> ??? }
>>> ??? passdb {
>>> ????? args = username_format=%n /etc/dovecot/passwd.masterusers
>>> ????? driver = passwd-file
>>> ????? master = yes
>>> ????? pass = yes
>>> ??? }
>>> ??? passdb {
>>> ????? args = username_format=%n /etc/dovecot/passwd
>>> ????? driver = passwd-file
>>> ??? }
>>> ??? plugin {
>>> ????? imapsieve_mailbox1_before =
>>> file:/etc/dovecot/sieve/learn-spam.sieve
>>> ????? imapsieve_mailbox1_cause = COPY FLAG
>>> ????? imapsieve_mailbox1_name = Junk
>>> ????? imapsieve_mailbox2_before =
>>> file:/etc/dovecot/sieve/learn-ham.sieve
>>> ????? imapsieve_mailbox2_causes = COPY
>>> ????? imapsieve_mailbox2_from = Junk
>>> ????? imapsieve_mailbox2_name = *
>>> ????? sieve = ~/dovecot.sieve
>>> ????? sieve_after = /etc/dovecot/sieve/after
>>> ????? sieve_dir = ~/sieve
>>> ????? sieve_extensions = +vacation-seconds
>>> ????? sieve_global_extensions = +vnd.dovecot.pipe
>>> ????? sieve_pipe_bin_dir = /etc/dovecot/sieve
>>> ????? sieve_plugins = sieve_imapsieve sieve_extprograms
>>> ????? sieve_vacation_default_period = 1d
>>> ????? sieve_vacation_max_period = 30d
>>> ????? sieve_vacation_min_period = 1d
>>> ??? }
>>> ??? protocols = imap lmtp sieve
>>> ??? service auth {
>>> ????? unix_listener /var/spool/postfix/private/dovecot-auth {
>>> ??????? group = postfix
>>> ??????? mode = 0600
>>> ??????? user = postfix
>>> ????? }
>>> ??? }
>>> ??? service imap-login {
>>> ????? inet_listener imap {
>>> ??????? port = 143
>>> ????? }
>>> ????? inet_listener imaps {
>>> ??????? port = 993
>>> ??????? ssl = yes
>>> ????? }
>>> ????? process_limit = 128
>>> ??? }
>>> ??? service lmtp {
>>> ????? unix_listener /var/spool/postfix/private/dovecot-lmtp {
>>> ??????? group = postfix
>>> ??????? mode = 0600
>>> ??????? user = postfix
>>> ????? }
>>> ??? }
>>> ??? service managesieve-login {
>>> ????? inet_listener sieve {
>>> ??????? port = 4190
>>> ??????? ssl = yes
>>> ????? }
>>> ????? service_count = 1
>>> ??? }
>>> ??? service managesieve {
>>> ????? process_limit = 256
>>> ??? }
>>> ??? ssl_cert = </masked/path/to/server.crt
>>> ??? ssl_key =? # hidden, use -P to show it
>>> ??? userdb {
>>> ????? args = uid=vmail gid=vmail home=/var/mail/users/%n
>>> ????? driver = static
>>> ??? }
>>> ??? verbose_proctitle = yes
>>> ??? protocol lmtp {
>>> ????? mail_plugins = " sieve notify push_notification"
>>> ????? ssl = no
>>> ??? }
>>> ??? protocol imap {
>>> ????? mail_plugins = " imap_sieve"
>>> ??? }
>>> ??? protocol sieve {
>>> ????? mail_debug = yes
>>> ????? managesieve_max_line_length = 65536
>>> ??? }
>>>
>>>
>>> --Dominik
>>>
>>>
>>> On 1/11/19 9:44 AM, Aki Tuomi wrote:
>>>> On 10.1.2019 18.28, Dominik Menke wrote:
>>>>> I've missed a part at the end:
>>>>>
>>>>>> This leads me to my question: How do I force Dovecot to
print at
>>>>>> least a STARTTLS line after a client connects to port
4190? Looking
>>>>>
>>>>> ... at the default configuration files in
/etc/dovecot/conf.d/ I
>>>>> don't
>>>>> see an obvious difference.
>>>>>
>>>>>
>>>>> --Dominik
>>>> Can you provide output of `doveconf -n`
>>>> Aki
>>>