Hi,
I've got it to work.
The sieve-setup in roundcube was correct but I missed some little thing
in the dovecot-config. I missed to tell dovecot-sieve that the
mailserver resides behind a proxy. dovecot itself knows about that but
the sieve-plugin not. So I added "haproxy = yes" to 20-managesieve.conf,
reload and roundcube is working well with sieve (including
authentication)
inet_listener sieve {
port = 4190
haproxy = yes
}
I'm on FreeBSD-12.0 and using roundcube from binary packages, so my
roundcube is on 1.3.9,1
Greets
Florian
Am 2019-08-04 09:49, schrieb Vincent Van Houtte:
> Hi FLorian,
>
> Interested in this as well.
>
> Looking through my config, I remember I did not find a working config to set
> up authentication, so I just set it to 'none' and blocked the 4190 port in my
> firewall (Dovecot and Apache/Roundcube are on the same box). This of course
> blocks other MUA's as well.
>
> My roundcube configuration is at version 1.4b - yours?
>
> Kr,
>
> Vincent
>
> On 2019-07-31 17:14, Florian Ruhnke (OiledAmoeba) wrote:
>
>> Hi,
>>
>> I do have an running dovecot-sieve installation. There is no problem to use
>> it with rainloop or Thunderbird. But I can't get roundcube to work with
>> sieve.
>> Dovecot forces to initiate TLS before auth. SSL is disabled, only TLS 1.2+
>> is enabled.
>>
>> sieve-log of roundcube:
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "IMPLEMENTATION" "Dovecot
>> Pigeonhole"
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SIEVE" "fileinto reject
>> envelope encoded-character vacation subaddress comparator-i;ascii-numeric
>> relational regex imap4flags copy include variables body enotify environment
>> mailbox date index ihave duplicate mime foreverypart extracttext imapsieve
>> vnd.dovecot.imapsieve"
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "NOTIFY" "mailto"
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "SASL" ""
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "STARTTLS"
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: "VERSION" "1.0"
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Doctor, your Tardis is
>> ready."
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: STARTTLS
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: NO "Error in MANAGESIEVE command
>> received by server."
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> C: LOGOUT
>> [31-Jul-2019 16:24:29 +0200]: <fqn6h82s> S: OK "Begin TLS negotiation now."
>>
>> maillog (dovecot errors):
>> Jul 31 16:24:29 mail dovecot: managesieve-login: Disconnected (no auth
>> attempts in 0 secs): user=<>, rip=10.23.102.80, lip=10.23.102.251, TLS
>> handshaking: SSL_accept() failed: error:1408F10B:SSL
>> routines:ssl3_get_record:wrong version number, session=<rbUW4vqOC+MKF2ZQ>
>>
>> managesieve config.inc.php:
>> $config['managesieve_port'] = 4190;
>> $config['managesieve_host'] = 'mail.domain.tld';
>> $config['managesieve_auth_type'] = 'PLAIN';
>> $config['managesieve_auth_cid'] = null;
>> $config['managesieve_auth_pw'] = null;
>> $config['managesieve_usetls'] = true;
>> //$config['managesieve_conn_options'] = null;
>> $config['managesieve_conn_options'] = array(
>> 'ssl' => array(
>> 'verify_peer' => true,
>> 'verify_peer_name' => true,
>> 'allow_self_signed' => false,
>> ),
>> );
>> $config['managesieve_default'] = '/etc/dovecot/sieve/global';
>> $config['managesieve_script_name'] = 'managesieve';
>> $config['managesieve_mbox_encoding'] = 'UTF-8';
>> $config['managesieve_replace_delimiter'] = '';
>> $config['managesieve_disabled_extensions'] = array();
>> $config['managesieve_debug'] = true;
>> $config['managesieve_kolab_master'] = false;
>> $config['managesieve_filename_extension'] = '.sieve';
>> $config['managesieve_filename_exceptions'] = array();
>> $config['managesieve_domains'] = array();
>> $config['managesieve_vacation'] = 1;
>> $config['managesieve_vacation_interval'] = 0;
>> $config['managesieve_vacation_addresses_init'] = false;
>> $config['managesieve_vacation_from_init'] = false;
>> $config['managesieve_notify_methods'] = array('mailto');
>> $config['managesieve_raw_editor'] = true;
>>
>> The dovecot-log looks like roundcube is trying to initiate SSL3 but this is
>> disabled. I think "Error in MANAGESIEVE command received by server." has to
>> do with the deactivated SSL.
>>
>> Connecting to dovecot manually with gnutls-cli --starttls -p 4190
>> mail.domain.tld:
>> Processed 306 CA certificate(s).
>> Resolving 'mail.domain.tld:4190'...
>> Connecting to '<IP>:4190'...
>>
>> - Simple Client Mode:
>>
>> "IMPLEMENTATION" "Dovecot Pigeonhole"
>> "SIEVE" "fileinto reject envelope encoded-character vacation subaddress
>> comparator-i;ascii-numeric relational regex imap4flags copy include
>> variables body enotify environment mailbox date index ihave duplicate m
>> ime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
>> "NOTIFY" "mailto"
>> "SASL" ""
>> "STARTTLS"
>> "VERSION" "1.0"
>> OK "Doctor, your Tardis is ready."
>> NO "Error in MANAGESIEVE command received by server."
>> STARTTLS
>> OK "Begin TLS negotiation now."
>> *** Starting TLS handshake
>> - Certificate type: X.509
>> - Got a certificate list of 2 certificates.
>> - Certificate[0] info:
>> - subject `CN=mail.domain.tld', issuer `CN=Let's Encrypt Authority
>> X3,O=Let's Encrypt,C=US', serial 0x03c0d3d322307e5a997f654b435b56480773, RSA
>> key 4096 bits, signed using RSA-SHA256, activated `2019-06-06 09:18:10 UTC',
>> expires `2019-09-04 09:18:10 UTC',
>> pin-sha256="8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4="
>> Public Key ID:
>> sha1:62b08cf75ae6c45915db8d8c7bff6947788ac3b2
>> sha256:f12975ee55b1598489713729a501b80cb4818443ffb91919e4d4d07dd924a12e
>> Public Key PIN:
>> pin-sha256:8Sl17lWxWYSJcTcppQG4DLSBhEP/uRkZ5NTQfdkkoS4=
>>
>> - Certificate[1] info:
>> - subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer
>> `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial
>> 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using
>> RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17
>> 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
>> - Status: The certificate is trusted.
>> - Description: (TLS1.3)-(ECDHE-SECP256R1)-(RSA-PSS-RSAE-SHA256)-(AES-256-GCM)
>> - Options:
>> "IMPLEMENTATION" "Dovecot Pigeonhole"
>> "SIEVE" "fileinto reject envelope encoded-character vacation subaddress
>> comparator-i;ascii-numeric relational regex imap4flags copy include
>> variables body enotify environment mailbox date index ihave duplicate mime
>> foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
>> "NOTIFY" "mailto"
>> "SASL" "PLAIN LOGIN"
>> "VERSION" "1.0"
>> OK "TLS negotiation successful."
>> LOGOUT
>> OK "Logout completed."
>> - Peer has closed the GnuTLS connection
>>
>> So, what do I have to do to get roundcube to talk to sieve?
>> _______________________________________________
>> Roundcube Users mailing list
>> [email protected]
>> http://lists.roundcube.net/mailman/listinfo/users
>
> --
> Vincent Van Houtte_______________________________________________
Roundcube Users mailing list
[email protected]
http://lists.roundcube.net/mailman/listinfo/users
