Christian Kivalo
2022-Jul-11 19:06 UTC
Trouble configuring managesive plugin for roundcube
> I added ?login? to my auth_mechanisms line in > /etc/dovecot/conf.d/10-auth.conf. That line already looked like > auth_mechanisms = plain > > This is what the line looks like now: auth_mechanisms = plain login > > I restarted dovecot and it still is not advertising anything after > ?SASL? in the sieve log file. See below: > > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" "" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0" > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) > ready." > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS > [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation > now." > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ????Y8h#u??Lu?u?V2??N[???+)u?????F?'{??G??r?iS??p???D}????? > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ?>??0??SxfXC%]c?|?y?"w???K_????N > ?.?c? ??_D?r?????r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > ?.e???i8p?{Ur"???3GZ?C???7??U)s?;,c?6????HY??B??B.g=TtAk?dq???nV?i > ?BG2D???7?h?QTl?)G??9??W?????M?^?? > ??D&??rQ???2E?pn?Ez???????i? @1???iC???=???W?M\ > > `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X???!J???k??"/1?r???w?_??@?p??w > )R?d??o????k*?*????? > i?O?i%S?l^?o2?H > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > 5?7?x??w?z"??hu4?E??:?/?F(d?;???i??"??5??G,5????E?C?MS???? > L???*??*???LO?D?? J?l????? > > ??IN??v?fR?5t?:???SG?>{mY??D??????t?Rj?w?# > > ??n??[?S? > > V4O?z?=.????uA??????9?????c??oE?;LBOg??Ql'w?> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~? > ??5?"??????? > ?r??0~?+~????B > ??5)]cZ?Z??t??D??????-?dZ??M?z??2T?Op?q?o?T?3?`'????g??6 > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5??? > [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: > > And once again the line from my mail.log file. > > Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth > attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, > session=<7VswBnvjXuIKdAAD> > > Any further suggestions? Why do you suppose that the auth mechanisms > are not being advertised?The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS. This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting One more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot? One more thing you could try, in your managesieve plugin config.inc.php remove this section: $config['managesieve_conn_options'] = array( 'ssl' => array( 'verify_peer' => false, 'allow_self_signed' => true, ), ); add this section: $config['managesieve_conn_options'] = [ 'ssl' => [ 'verify_peer' => false, 'peer_name' => 'change to the hostname from dovecots ssl certificate', ], ]; add in there, when using self-signed cert 'allow_self_signed' => true, -- Christian Kivalo
So, I changed the $config['managesieve_host'] = 'tls://mail.mydomain.com?; to the fqdn of my mail server instead of the internal IP address and now it works! Why would using the fqdn work, but not the internal LAN IP address? As a side note, I am now remembering that in my main Roundcube config, I had to use the fqdn for the imap and smtp server instead of the internal LAN IP address. Is it because it needs to connect to a host with the same hostname that the certificate returns? Would it work to add an entry in my hosts file that says "10.116.0.2 mail.mydomain.com <http://mail.mydomain.com/>?? I should be able to use the internal IP addresses, right? Are there downsides to using the fqdn? I may have some questions about configuring sieve rules later, but I can start a new thread for that. Austin Witmer> On Jul 11, 2022, at 1:06 PM, Christian Kivalo <ml+dovecot at valo.at> wrote: > >> I added ?login? to my auth_mechanisms line in >> /etc/dovecot/conf.d/10-auth.conf. That line already looked like >> auth_mechanisms = plain >> This is what the line looks like now: auth_mechanisms = plain login >> I restarted dovecot and it still is not advertising anything after >> ?SASL? in the sieve log file. See below: >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "NOTIFY" "mailto" >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "SASL" "" >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "STARTTLS" >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: "VERSION" "1.0" >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Dovecot (Ubuntu) ready." >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> C: STARTTLS >> [10-Jul-2022 16:33:27 -0600]: <4d9b66la> S: OK "Begin TLS negotiation now." >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> C: LOGOUT >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: >> ????Y8h#u??Lu?u?V2??N[???+)u?????F?'{??G??r?iS??p???D}????? >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?>??0??SxfXC%]c?|?y?"w???K_????N >> ?.?c? ??_D?r?????r??w??#?/j?l/Wu?=.I^????~??y??(-n?6]!a??;?E?l??qn?j >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: >> ?.e???i8p?{Ur"???3GZ?C???7??U)s?;,c?6????HY??B??B.g=TtAk?dq???nV?i >> ?BG2D???7?h?QTl?)G??9??W?????M?^?? >> ??D&??rQ???2E?pn?Ez???????i? @1???iC???=???W?M\ >> `?]?}?D$`?:???^?/K???5?aB?c??ar)?l at C??X???!J???k??"/1?r???w?_??@?p??w >> )R?d??o????k*?*????? >> i?O?i%S?l^?o2?H >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: >> 5?7?x??w?z"??hu4?E??:?/?F(d?;???i??"??5??G,5????E?C?MS???? >> L???*??*???LO?D?? J?l????? >> ??IN??v?fR?5t?:???SG?>{mY??D??????t?Rj?w?# >> ??n??[?S? >> V4O?z?=.????uA??????9?????c??oE?;LBOg??Ql'w?>> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: ?&???C/_??*??????|.??$O?~? >> ??5?"??????? >> ?r??0~?+~????B >> ??5)]cZ?Z??t??D??????-?dZ??M?z??2T?Op?q?o?T?3?`'????g??6 >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: m??]~5??? >> [10-Jul-2022 16:33:30 -0600]: <4d9b66la> S: >> And once again the line from my mail.log file. >> Jul 10 22:33:27 mail dovecot: managesieve-login: Disconnected (no auth >> attempts in 0 secs): user=<>, rip=10.116.0.3, lip=10.116.0.2, TLS, >> session=<7VswBnvjXuIKdAAD> >> Any further suggestions? Why do you suppose that the auth mechanisms >> are not being advertised? > The auth mechanisms are not shown because you access from a remote host, have STARTTLS available and "disable_plaintext_auth = yes" set. The auth mechanisms will be shown after STARTTLS. > This is described here https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting > > > > One more thing comes to mind regarding the ssl options in the managesieve plugin config. Do you use a self signed cert in dovecot? > > One more thing you could try, in your managesieve plugin config.inc.php > > remove this section: > $config['managesieve_conn_options'] = array( > 'ssl' => array( > 'verify_peer' => false, > 'allow_self_signed' => true, > ), > ); > > add this section: > $config['managesieve_conn_options'] = [ > 'ssl' => [ > 'verify_peer' => false, > 'peer_name' => 'change to the hostname from dovecots ssl certificate', > ], > ]; > > add in there, when using self-signed cert > 'allow_self_signed' => true, > > -- > Christian Kivalo-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20220712/f9affdf1/attachment.htm>