Ok, I changed to $config['managesieve_host'] = 'tls://10.116.0.2?; and the below is the log from /var/www/roundcube/logs/sieve.log during a connection attempt. Does this log give you any clues? [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "IMPLEMENTATION" "Dovecot (Ubuntu) Pigeonhole" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "NOTIFY" "mailto" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SASL" "" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "STARTTLS" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "VERSION" "1.0" [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Dovecot (Ubuntu) ready." [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> C: STARTTLS [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Begin TLS negotiation now." [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> C: LOGOUT [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?=?C-?H????(????.?2 [`S?w??K???:?&Bn3v?*?z[??'K?x?@??W??T-?q?\?o?Tub.Nr?)*??j???? ?P^??.mr???+?5e.??q?.$????/????u??B~?f+>?????.??.?=?? [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?A?\???F???X? c+????!???{?-??\?]?????7H1+v?y?5?G-6c0????av?_1?5n??i7?U??L@?AH??O?N???Ie?r?F??weqfR???Y???b????? ??kT?+?.??S?u???????c?Z'??nT???m???????(6?~&WC??B?m???Z?1?????R?3??i@??R???=VHf?5??1??}????u9m [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ? ??*}??OG?C??,????.??Cg??R????M?? ?Kiq? [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: W?qWN?]??8??d??=?&?H8????y??"?6?D?!*???K??????$eV??.O????n???M???h??C???A????U?G2?O,????E?C\*?~,???$?{????W0w??B?E??X`?!VH???k+??????e???Ero?0????&????2?&????I?^D?;??f?4????Zn%Y_??/s1hj??;???ujt?d?H?v?t3"?Wm0`???? z???AU?QRE??\Bz-V??W???,?bp???e?D???0m?-? ?8?%???4??V?\?'MR[?O1??4 ? 4Z?X [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: And here is the log from the mail server during the same connection attempt. Jul 10 20:59:48 mail dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, session=<d9tCt3njVuEKdAAD> And here is the output of doveconf -n austin at mail:~$ doveconf -n # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf # Pigeonhole version 0.5.7.2 () # OS: Linux 5.4.0-121-generic x86_64 Ubuntu 20.04.4 LTS # Hostname: mail.mydomain.com listen = * mail_location = mbox:~/mail:INBOX=/var/mail/%u mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { auto = subscribe special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Spam { auto = subscribe } mailbox Trash { auto = subscribe special_use = \Trash } prefix = } passdb { driver = pam } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { sieve = /mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve sieve_global_dir = /var/lib/dovecot/sieve/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve sieve_user_log = file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log } protocols = imap lmtp pop3 imap lmtp sieve pop3 service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } } service imap-login { inet_listener imap { port = 0 } inet_listener imaps { port = 993 } } service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } service managesieve-login { inet_listener sieve { port = 4190 } service_count = 1 } ssl = required ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem ssl_cipher_list = AES128+EECDH:AES128+EDH ssl_client_ca_dir = /etc/ssl/certs ssl_dh = # hidden, use -P to show it ssl_key = # hidden, use -P to show it ssl_prefer_server_ciphers = yes userdb { driver = passwd } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } userdb { driver = prefetch } userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol lmtp { hostname = mail.mydomain.com mail_plugins = " sieve" postmaster_address = postmaster at mydomain.com } protocol lda { mail_plugins = " sieve" } What am I missing???? Thanks so much to all of you for helping me along! This is why I like the Open-source community! Austin Witmer> On Jul 10, 2022, at 9:49 AM, Christian Kivalo <ml+dovecot at valo.at> wrote: > > > On July 10, 2022 5:01:02 PM GMT+02:00, Austin Witmer <austin96 at emypeople.net> wrote: >> When I enable ssl = yes in my /etc/dovecot/conf.d/20-managesieve.conf file, I get the log line below from mail.log on my mail server. >> Jul 10 14:57:18 mail dovecot: managesieve-login: Disconnected (no auth attempts in 62 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS handshaking: SSL_accept() failed: error:1408F10B:SSL routines:ssl3_get_record:wrong version number, session=<PoXYpnTjLN0KdAAD> >> I?m not smart enough with ssl stuff to know what the root cause of that error is. Can somebody help me out? > > You current dovecot config as below requires you to use tls:// prefix in the managesieve configuration. I just tried it with my server and it worked. Use: > $config['managesieve_host'] = 'tls://10.116.0.2'; > > You have debug logging enabled in your roundcube managesieve config, the output should be in your roundcube logging. Look at that logging during a connection attempt, this helped me allot identifying a certificate name mismatch. > > >> Thanks! >> Austin Witmer >>> On Jul 10, 2022, at 8:52 AM, Austin Witmer <austin96 at emypeople.net> wrote: >>> So, here is my dovecot configuration. /etc/dovecot/dovecot.conf >>> ## Dovecot configuration file >>> # Enable installed protocols >>> !include_try /usr/share/dovecot/protocols.d/*.protocol >>> dict { >>> #quota = mysql:/etc/dovecot/dovecot-dict-sql.conf.ext >>> #expire = sqlite:/etc/dovecot/dovecot-dict-sql.conf.ext >>> } >>> !include conf.d/*.conf >>> !include_try local.conf >>> !include_try /usr/share/dovecot/protocols.d/*.protocol >>> listen = * >>> disable_plaintext_auth = yes >>> mail_privileged_group = mail >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> protocols = imap lmtp pop3 >>> namespace inbox { >>> inbox = yes >>> mailbox Trash { >>> auto = subscribe # autocreate and autosubscribe the Trash mailbox >>> special_use = \Trash >>> } >>> mailbox Sent { >>> auto = subscribe # autocreate and autosubscribe the Sent mailbox >>> special_use = \Sent >>> } >>> mailbox Spam { >>> auto = subscribe # autocreate and autosubscribe the Spam mailbox >>> } >>> } >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> } >>> service imap-login { >>> inet_listener imap { >>> port = 0 >>> } >>> inet_listener imaps { >>> port = 993 >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> protocol lmtp { >>> postmaster_address=postmaster at mydomain.com >>> hostname=mail.mydomain.com >>> } >>> ssl = required # Enable installed protocols >>> !include_try /usr/share/dovecot/protocols.d/*.protocol >>> listen = * >>> disable_plaintext_auth = yes >>> mail_privileged_group = mail >>> passdb { >>> args = /etc/dovecot/dovecot-sql.conf >>> driver = sql >>> } >>> namespace inbox { >>> inbox = yes >>> mailbox Trash { >>> auto = subscribe # autocreate and autosubscribe the Trash mailbox >>> special_use = \Trash >>> } >>> mailbox Sent { >>> auto = subscribe # autocreate and autosubscribe the Sent mailbox >>> special_use = \Sent >>> } >>> } >>> service auth { >>> unix_listener /var/spool/postfix/private/auth { >>> group = postfix >>> mode = 0660 >>> user = postfix >>> } >>> } >>> service imap-login { >>> inet_listener imap { >>> port = 0 >>> } >>> inet_listener imaps { >>> port = 993 >>> } >>> } >>> service lmtp { >>> unix_listener /var/spool/postfix/private/dovecot-lmtp { >>> group = postfix >>> mode = 0600 >>> user = postfix >>> } >>> } >>> protocol lmtp { >>> postmaster_address=postmaster at mydomain.com >>> hostname=mail.mydomain.com >>> } >>> ssl = required >>> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem >>> ssl_prefer_server_ciphers = yes >>> userdb { >>> driver = prefetch >>> } >>> userdb { >>> driver = sql >>> args = /etc/dovecot/dovecot-sql.conf >>> } >>> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem >>> ssl_cipher_list = AES128+EECDH:AES128+EDH >>> #ssl_dh_parameters_length = 4096 >>> ssl_key = </etc/letsencrypt/live/mail.mydomain.com/privkey.pem >>> ssl_prefer_server_ciphers = yes >>> #ssl_protocols = !SSLv3 >>> userdb { >>> driver = prefetch >>> } >>> userdb { >>> driver = sql >>> args = /etc/dovecot/dovecot-sql.conf >>> } >>> And here is the /etc/dovecot/conf.d/20-managesieve.conf file. I tried enabling ssl = yes in the config below but it still didn?t work. >>> ## >>> ## ManageSieve specific settings >>> ## >>> # Uncomment to enable managesieve protocol: >>> protocols = $protocols sieve >>> # Service definitions >>> service managesieve-login { >>> inet_listener sieve { >>> port = 4190 >>> # ssl = yes >>> } >>> #inet_listener sieve_deprecated { >>> # port = 2000 >>> #} >>> # Number of connections to handle before starting a new process. Typically >>> # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 >>> # is faster. <doc/wiki/LoginProcess.txt> >>> #service_count = 1 >>> # Number of processes to always keep waiting for more connections. >>> #process_min_avail = 0 >>> # If you set service_count=0, you probably need to grow this. >>> #vsz_limit = 64M >>> } >>> #service managesieve { >>> # Max. number of ManageSieve processes (connections) >>> #process_limit = 1024 >>> #} >>> # Service configuration >>> protocol sieve { >>> # Maximum ManageSieve command line length in bytes. ManageSieve usually does >>> # not involve overly long command lines, so this setting will not normally >>> # need adjustment >>> #managesieve_max_line_length = 65536 >>> # Maximum number of ManageSieve connections allowed for a user from each IP >>> # address. >>> # NOTE: The username is compared case-sensitively. >>> #mail_max_userip_connections = 10 >>> # Space separated list of plugins to load (none known to be useful so far). >>> # Do NOT try to load IMAP plugins here. >>> #mail_plugins >>> # MANAGESIEVE logout format string: >>> # %i - total number of bytes read from client >>> # %o - total number of bytes sent to client >>> # %{put_bytes} - Number of bytes saved using PUTSCRIPT command >>> # %{put_count} - Number of scripts saved using PUTSCRIPT command >>> # %{get_bytes} - Number of bytes read using GETCRIPT command >>> # %{get_count} - Number of scripts read using GETSCRIPT command >>> # %{get_bytes} - Number of bytes processed using CHECKSCRIPT command >>> # %{get_count} - Number of scripts checked using CHECKSCRIPT command >>> # %{deleted_count} - Number of scripts deleted using DELETESCRIPT command >>> # %{renamed_count} - Number of scripts renamed using RENAMESCRIPT command >>> #managesieve_logout_format = bytes=%i/%o >>> # To fool ManageSieve clients that are focused on CMU's timesieved you can >>> # specify the IMPLEMENTATION capability that Dovecot reports to clients. >>> # For example: 'Cyrus timsieved v2.2.13' >>> #managesieve_implementation_string = Dovecot Pigeonhole >>> # Explicitly specify the SIEVE and NOTIFY capability reported by the server >>> # before login. If left unassigned these will be reported dynamically >>> # according to what the Sieve interpreter supports by default (after login >>> # this may differ depending on the user). >>> #managesieve_sieve_capability >>> #managesieve_notify_capability >>> # The maximum number of compile errors that are returned to the client upon >>> # script upload or script verification. >>> #managesieve_max_compile_errors = 5 >>> # Refer to 90-sieve.conf for script quota configuration and configuration of >>> # Sieve execution limits. >>> } >>> Here is the output of testing with openssl from the roundcube server. >>> I ran this: openssl s_client -connect 10.116.0.2:4190 </dev/null >>> And got this: >>> CONNECTED(00000003) >>> 139804327073088:error:1408F10B:SSL routines:ssl3_get_record:wrong version number:../ssl/record/ssl3_record.c:331: >>> --- >>> no peer certificate available >>> --- >>> No client certificate CA names sent >>> --- >>> SSL handshake has read 5 bytes and written 283 bytes >>> Verification: OK >>> --- >>> New, (NONE), Cipher is (NONE) >>> Secure Renegotiation IS NOT supported >>> Compression: NONE >>> Expansion: NONE >>> No ALPN negotiated >>> Early data was not sent >>> Verify return code: 0 (ok) >>> ? >>> Is the second line in the output above the problem? >>> Thanks to all of you for your help so far! >>> Austin Witmer >>>> On Jul 10, 2022, at 2:17 AM, Tomas Habarta <lists+dovecot at tocc.cz> wrote: >>>> I can't see your dovecot conf, but anyway -- roundcube side has to be aligned with dovecot's, i.e. if you use ssl on roundcube side, make sure you have it enabled on dovecot side too, something like: >>>> service managesieve-login { >>>> inet_listener sieve { >>>> port = 4190 >>>> ssl = yes >>>> } >>>> or just use tls, i.e. no "ssl=yes" in dovecot conf, but tls://10.116.0.2 in roundcube conf >>>> This seems to be the same case: https://github.com/roundcube/roundcubemail/issues/7127 >>>> Tomas >>>> On Sat, Jul 09, 2022 at 10:31:04PM -0600, Austin Witmer wrote: >>>>> Hello all! >>>>> I?ve got a bit of a problem that I would like some help with. So, I have >>>>> two servers, one is my mail server running postfix, dovecot etc. I have a >>>>> second server setup as my roundcube server. Both servers are running on >>>>> the same LAN network. >>>>> I have sieve scripts setup in dovecot in my mail server and they are >>>>> working great! My trouble is that I can?t seem to make my roundcube talk >>>>> correctly to managesieve on my mail server. >>>>> Here is the mail.log file from the mail server when I try to create a >>>>> sievescript from roundcube webmail: >>>>> Jul 10 04:11:45 mail dovecot: managesieve-login: Disconnected: Too many >>>>> invalid commands. (no auth attempts in 0 secs): user=<>, rip=10.116.0.3, >>>>> lip=10.116.0.2, session=<cZMzomvjyNgKdAAD> >>>>> And here is my managesieve configuration from my roundcube server. >>>>> /var/www/roundcube/plugins/managesieve/config.inc.php >>>>> <?php >>>>> $config['managesieve_port'] = 4190; >>>>> $config['managesieve_host'] = '[1]ssl://10.116.0.2'; >>>>> $config['managesieve_auth_type'] = null; >>>>> $config['managesieve_auth_cid'] = null; >>>>> $config['managesieve_auth_pw'] = null; >>>>> $config['managesieve_usetls'] = false; >>>>> $config['managesieve_conn_options'] = array( >>>>> 'ssl' => array( >>>>> 'verify_peer' => false, >>>>> 'allow_self_signed' => true, >>>>> ), >>>>> ); >>>>> $config['managesieve_default'] = 'var/lib/dovecot/sieve/default.sieve'; >>>>> $config['managesieve_script_name'] = 'default.sieve'; >>>>> $config['managesieve_mbox_encoding'] = 'UTF-8'; >>>>> $config['managesieve_replace_delimiter'] = ''; >>>>> $config['managesieve_disabled_extensions'] = []; >>>>> $config['managesieve_debug'] = true; >>>>> $config['managesieve_kolab_master'] = false; >>>>> $config['managesieve_filename_extension'] = '.sieve'; >>>>> $config['managesieve_filename_exceptions'] = []; >>>>> $config['managesieve_domains'] = []; >>>>> $config['managesieve_default_headers'] = ['Subject', 'From', 'To']; >>>>> $config['managesieve_vacation'] = 0; >>>>> $config['managesieve_forward'] = 0; >>>>> $config['managesieve_vacation_interval'] = 0; >>>>> $config['managesieve_vacation_addresses_init'] = false; >>>>> $config['managesieve_vacation_from_init'] = false; >>>>> $config['managesieve_notify_methods'] = ['mailto']; >>>>> $config['managesieve_raw_editor'] = true; >>>>> $config['managesieve_disabled_actions'] = []; >>>>> $config['managesieve_allowed_hosts'] = null; >>>>> Does anybody have any clue why roundcube isn?t able to login in to >>>>> managesieve on my mail server? >>>>> Are there more logs/configs you would like to see? >>>>> Thanks in advance for your help and suggestions! >>>>> Austin Witmer >>>>> References >>>>> Visible links >>>>> 1. file:///tmp/ssl:/10.116.0.2 > > -- > Christian Kivalo
Christian Kivalo
2022-Jul-10 22:03 UTC
Trouble configuring managesive plugin for roundcube
On 2022-07-10 23:10, Austin Witmer wrote:> Ok, I changed to $config['managesieve_host'] = 'tls://10.116.0.2?; and > the below is the log from /var/www/roundcube/logs/sieve.log during a > connection attempt. Does this log give you any clues? > > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "IMPLEMENTATION" "Dovecot > (Ubuntu) Pigeonhole" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SIEVE" "fileinto reject > envelope encoded-character vacation subaddress > comparator-i;ascii-numeric relational regex imap4flags copy include > variables body enotify environment mailbox date index ihave duplicate > mime foreverypart extracttext" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "NOTIFY" "mailto" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SASL" ""No auth mechanisms are advertised.> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "STARTTLS" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "VERSION" "1.0" > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Dovecot (Ubuntu) > ready." > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> C: STARTTLS > [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Begin TLS negotiation > now." > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> C: LOGOUTClient disconnect immediately after starttls.> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?=?C-?H????(????.?2 > > [`S?w??K???:?&Bn3v?*?z[??'K?x?@??W??T-?q?\?o?Tub.Nr?)*??j????> > ?P^??.mr???+?5e.??q?.$????/????u??B~?f+>?????.??.?=?? > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?A?\???F???X? > c+????!???{?-??\?]?????7H1+v?y?5?G-6c0????av?_1?5n??i7?U??L@?AH??O?N???Ie?r?F??weqfR???Y???b????? > ??kT?+?.??S?u???????c?Z'??nT???m???????(6?~&WC??B?m???Z?1?????R?3??i@??R???=VHf?5??1??}????u9m > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ? > > ??*}??OG?C??,????.??Cg??R????M?? ?Kiq? > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: > W?qWN?]??8??d??=?&?H8????y??"?6?D?!*???K??????$eV??.O????n???M???h??C???A????U?G2?O,????E?C\*?~,???$?{????W0w??B?E??X`?!VH???k+??????e???Ero?0????&????2?&????I?^D?;??f?4????Zn%Y_??/s1hj??;???ujt?d?H?v?t3"?Wm0`???? z???AU?QRE??\Bz-V??W???,?bp???e?D???0m?-? > ?8?%???4??V?\?'MR[?O1??4 ? > 4Z?X > [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: > > And here is the log from the mail server during the same connection > attempt. > > Jul 10 20:59:48 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, > session=<d9tCt3njVuEKdAAD> > > And here is the output of doveconf -n> austin at mail:~$ doveconf -n > # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf > # Pigeonhole version 0.5.7.2 () > # OS: Linux 5.4.0-121-generic x86_64 Ubuntu 20.04.4 LTS > # Hostname: mail.mydomain.com > listen = * > mail_location = mbox:~/mail:INBOX=/var/mail/%u > mail_privileged_group = mail > managesieve_notify_capability = mailto > managesieve_sieve_capability = fileinto reject envelope > encoded-character vacation subaddress comparator-i;ascii-numeric > relational regex imap4flags copy include variables body enotify > environment mailbox date index ihave duplicate mime foreverypart > extracttext > namespace inbox { > inbox = yes > location > mailbox Drafts { > special_use = \Drafts > } > mailbox Junk { > special_use = \Junk > } > mailbox Sent { > auto = subscribe > special_use = \Sent > } > mailbox "Sent Messages" { > special_use = \Sent > } > mailbox Spam { > auto = subscribe > } > mailbox Trash { > auto = subscribe > special_use = \Trash > } > prefix > } > passdb { > driver = pam > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > passdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > plugin { > sieve = /mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve > sieve_global_dir = /var/lib/dovecot/sieve/ > sieve_global_path = /var/lib/dovecot/sieve/default.sieve > sieve_user_log > file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log > } > protocols = imap lmtp pop3 imap lmtp sieve pop3 > service auth { > unix_listener /var/spool/postfix/private/auth { > group = postfix > mode = 0660 > user = postfix > } > } > service imap-login { > inet_listener imap { > port = 0 > } > inet_listener imaps { > port = 993 > } > } > service lmtp { > unix_listener /var/spool/postfix/private/dovecot-lmtp { > group = postfix > mode = 0600 > user = postfix > } > } > service managesieve-login { > inet_listener sieve { > port = 4190 > } > service_count = 1 > } > ssl = required > ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem > ssl_cipher_list = AES128+EECDH:AES128+EDHdrop this setting, the default is good.> ssl_client_ca_dir = /etc/ssl/certsdrop this one too> ssl_dh = # hidden, use -P to show it > ssl_key = # hidden, use -P to show it > ssl_prefer_server_ciphers = yes > userdb { > driver = passwd > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > userdb { > driver = prefetch > } > userdb { > args = /etc/dovecot/dovecot-sql.conf > driver = sql > } > protocol lmtp { > hostname = mail.mydomain.com > mail_plugins = " sieve" > postmaster_address = postmaster at mydomain.com > } > protocol lda { > mail_plugins = " sieve" > } > > What am I missing???? Thanks so much to all of you for helping me > along! This is why I like the Open-source community!I have set in /etc/dovecot/conf.d/10-auth.conf auth_mechanisms = plain login and at connection attempt before starttls shows Escape character is '^]'. "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "PLAIN LOGIN" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready." -- Christian Kivalo