See below.> On Jul 10, 2022, at 4:03 PM, Christian Kivalo <ml+dovecot at valo.at> wrote: > > > > On 2022-07-10 23:10, Austin Witmer wrote: >> Ok, I changed to $config['managesieve_host'] = 'tls://10.116.0.2?; and >> the below is the log from /var/www/roundcube/logs/sieve.log during a >> connection attempt. Does this log give you any clues? >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "IMPLEMENTATION" "Dovecot >> (Ubuntu) Pigeonhole" >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SIEVE" "fileinto reject >> envelope encoded-character vacation subaddress >> comparator-i;ascii-numeric relational regex imap4flags copy include >> variables body enotify environment mailbox date index ihave duplicate >> mime foreverypart extracttext" >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "NOTIFY" "mailto" >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "SASL" "" > > No auth mechanisms are advertised. > >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "STARTTLS" >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: "VERSION" "1.0" >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Dovecot (Ubuntu) ready." >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> C: STARTTLS >> [10-Jul-2022 14:59:48 -0600]: <mhtmgoqb> S: OK "Begin TLS negotiation now." >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> C: LOGOUT > > Client disconnect immediately after starttls. > >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?=?C-?H????(????.?2 >> [`S?w??K???:?&Bn3v?*?z[??'K?x?@??W??T-?q?\?o?Tub.Nr?)*??j????>> ?P^??.mr???+?5e.??q?.$????/????u??B~?f+>?????.??.?=?? >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ?A?\???F???X? >> c+????!???{?-??\?]?????7H1+v?y?5?G-6c0????av?_1?5n??i7?U??L@?AH??O?N???Ie?r?F??weqfR???Y???b????? >> ??kT?+?.??S?u???????c?Z'??nT???m???????(6?~&WC??B?m???Z?1?????R?3??i@??R???=VHf?5??1??}????u9m >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: ? >> ??*}??OG?C??,????.??Cg??R????M?? ?Kiq? >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: >> W?qWN?]??8??d??=?&?H8????y??"?6?D?!*???K??????$eV??.O????n???M???h??C???A????U?G2?O,????E?C\*?~,???$?{????W0w??B?E??X`?!VH???k+??????e???Ero?0????&????2?&????I?^D?;??f?4????Zn%Y_??/s1hj??;???ujt?d?H?v?t3"?Wm0`???? z???AU?QRE??\Bz-V??W???,?bp???e?D???0m?-? >> ?8?%???4??V?\?'MR[?O1??4 ? >> 4Z?X >> [10-Jul-2022 14:59:50 -0600]: <mhtmgoqb> S: >> And here is the log from the mail server during the same connection attempt. >> Jul 10 20:59:48 mail dovecot: managesieve-login: Disconnected (no auth >> attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, >> session=<d9tCt3njVuEKdAAD> >> And here is the output of doveconf -n > >> austin at mail:~$ doveconf -n >> # 2.3.7.2 (3c910f64b): /etc/dovecot/dovecot.conf >> # Pigeonhole version 0.5.7.2 () >> # OS: Linux 5.4.0-121-generic x86_64 Ubuntu 20.04.4 LTS >> # Hostname: mail.mydomain.com >> listen = * >> mail_location = mbox:~/mail:INBOX=/var/mail/%u >> mail_privileged_group = mail >> managesieve_notify_capability = mailto >> managesieve_sieve_capability = fileinto reject envelope >> encoded-character vacation subaddress comparator-i;ascii-numeric >> relational regex imap4flags copy include variables body enotify >> environment mailbox date index ihave duplicate mime foreverypart >> extracttext >> namespace inbox { >> inbox = yes >> location >> mailbox Drafts { >> special_use = \Drafts >> } >> mailbox Junk { >> special_use = \Junk >> } >> mailbox Sent { >> auto = subscribe >> special_use = \Sent >> } >> mailbox "Sent Messages" { >> special_use = \Sent >> } >> mailbox Spam { >> auto = subscribe >> } >> mailbox Trash { >> auto = subscribe >> special_use = \Trash >> } >> prefix >> } >> passdb { >> driver = pam >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> passdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> plugin { >> sieve = /mnt/volume1/mailserver/plain/sieve/%d/%n/%n.sieve >> sieve_global_dir = /var/lib/dovecot/sieve/ >> sieve_global_path = /var/lib/dovecot/sieve/default.sieve >> sieve_user_log >> file:/mnt/volume1/mailserver/plain/sieve/%d/%n/sieve_error.log >> } >> protocols = imap lmtp pop3 imap lmtp sieve pop3 >> service auth { >> unix_listener /var/spool/postfix/private/auth { >> group = postfix >> mode = 0660 >> user = postfix >> } >> } >> service imap-login { >> inet_listener imap { >> port = 0 >> } >> inet_listener imaps { >> port = 993 >> } >> } >> service lmtp { >> unix_listener /var/spool/postfix/private/dovecot-lmtp { >> group = postfix >> mode = 0600 >> user = postfix >> } >> } >> service managesieve-login { >> inet_listener sieve { >> port = 4190 >> } >> service_count = 1 >> } >> ssl = required >> ssl_cert = </etc/letsencrypt/live/mail.mydomain.com/fullchain.pem >> ssl_cipher_list = AES128+EECDH:AES128+EDH > drop this setting, the default is good. > >> ssl_client_ca_dir = /etc/ssl/certs > drop this one too > >> ssl_dh = # hidden, use -P to show it >> ssl_key = # hidden, use -P to show it >> ssl_prefer_server_ciphers = yes >> userdb { >> driver = passwd >> } >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> userdb { >> driver = prefetch >> } >> userdb { >> args = /etc/dovecot/dovecot-sql.conf >> driver = sql >> } >> protocol lmtp { >> hostname = mail.mydomain.com >> mail_plugins = " sieve" >> postmaster_address = postmaster at mydomain.com >> } >> protocol lda { >> mail_plugins = " sieve" >> } >> What am I missing???? Thanks so much to all of you for helping me >> along! This is why I like the Open-source community! > > I have set in /etc/dovecot/conf.d/10-auth.conf > auth_mechanisms = plain loginI added ?login? to my auth_mechanisms line in /etc/dovecot/conf.d/10-auth.conf. That line already looked like auth_mechanisms = plain This is what the line looks like now: auth_mechanisms = plain login I restarted dovecot and it still is not advertising anything after ?SASL? in the sieve log file. See below: [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" "" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0" [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) ready." [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation now." [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ????Y8h#u??Lu?u?V2??N[???+)u?????F?'{??G??r?iS??p???D}????? [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?>??0??SxfXC%]c?|?y?"w???K_????N ?.?c? ??_D?r?????r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?.e???i8p?{Ur"???3GZ?C???7??U)s?;,c?6????HY??B??B.g=TtAk?dq???nV?i ?BG2D???7?h?QTl?)G??9??W?????M?^?? ??D&??rQ???2E?pn?Ez???????i? @1???iC???=???W?M\ `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X???!J???k??"/1?r???w?_??@?p??w )R?d??o????k*?*????? i?O?i%S?l^?o2?H [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: 5?7?x??w?z"??hu4?E??:?/?F(d?;???i??"??5??G,5????E?C?MS???? L???*??*???LO?D?? J?l????? ??IN??v?fR?5t?:???SG?>{mY??D??????t?Rj?w?# ??n??[?S? V4O?z?=.????uA??????9?????c??oE?;LBOg??Ql'w?[10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~? ??5?"??????? ?r??0~?+~????B ??5)]cZ?Z??t??D??????-?dZ??M?z??2T?Op?q?o?T?3?`'????g??6 [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5??? [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: And once again the line from my mail.log file. Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, session=<7VswBnvjXuIKdAAD> Any further suggestions? Why do you suppose that the auth mechanisms are not being advertised? Austin Witmer> > and at connection attempt before starttls shows > > Escape character is '^]'. > "IMPLEMENTATION" "Dovecot Pigeonhole" > "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve" > "NOTIFY" "mailto" > "SASL" "PLAIN LOGIN" > "STARTTLS" > "VERSION" "1.0" > OK "Dovecot ready." > > -- > Christian Kivalo
On 2022-07-11 00:38, Austin Witmer wrote:> Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, > session=<7VswBnvjXuIKdAAD>roundcube send no user login to dovecot managesived, thats why it fails now imho what are the managesieve config in roundcube, try disable tls, tls is overkill for rfc1918 ips, why not 127.0.0.1 ? chrooted something ? i am not an expert, but it works for me on gentoo :)
Christian Kivalo
2022-Jul-11 19:06 UTC
Trouble configuring managesive plugin for roundcube
> I added ?login? to my auth_mechanisms line in > /etc/dovecot/conf.d/10-auth.conf. That line already looked like > auth_mechanisms = plain > > This is what the line looks like now: auth_mechanisms = plain login > > I restarted dovecot and it still is not advertising anything after > ?SASL? in the sieve log file. See below: > > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" "" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) > ready." > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation > now." > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ????Y8h#u??Lu?u?V2??N[???+)u?????F?'{??G??r?iS??p???D}????? > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ?>??0??SxfXC%]c?|?y?"w???K_????N > ?.?c? ??_D?r?????r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ?.e???i8p?{Ur"???3GZ?C???7??U)s?;,c?6????HY??B??B.g=TtAk?dq???nV?i > ?BG2D???7?h?QTl?)G??9??W?????M?^?? > ??D&??rQ???2E?pn?Ez???????i? @1???iC???=???W?M\ > > `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X???!J???k??"/1?r???w?_??@?p??w > )R?d??o????k*?*????? > i?O?i%S?l^?o2?H > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > 5?7?x??w?z"??hu4?E??:?/?F(d?;???i??"??5??G,5????E?C?MS???? > L???*??*???LO?D?? J?l????? > > ??IN??v?fR?5t?:???SG?>{mY??D??????t?Rj?w?# > > ??n??[?S? > > V4O?z?=.????uA??????9?????c??oE?;LBOg??Ql'w?> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~? > ??5?"??????? > ?r??0~?+~????B > ??5)]cZ?Z??t??D??????-?dZ??M?z??2T?Op?q?o?T?3?`'????g??6 > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5??? > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > > And once again the line from my mail.log file. > > Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, > session=<7VswBnvjXuIKdAAD> > > Any further suggestions? Why do you suppose that the auth mechanisms > are not being advertised?The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS. This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting One more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot? One more thing you could try, in your managesieve plugin config.inc.php remove this section: $config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'allow_self_signed' => true, ), ); add this section: $config['managesieve_conn_options'] = [ 'ssl' => [ 'verify_peer' => false, 'peer_name' => 'change to the hostname from dovecots ssl certificate', ], ]; add in there, when using self-signed cert 'allow_self_signed' => true, -- Christian Kivalo