managesieve

classic Classic list List threaded Threaded
7 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

managesieve

David Gessel
I have sieve working fine with dovecot.

I can edit the filters via ssh and they do the right thing.

My mail server is on a different IP than the Dovecot install, which makes login a bit more complicated, but login works properly for roundcube's mail access, but the same config options do not seem to work with the managesieve plugin.  I've tried a few options, googled about, and figured I'd ask:

IMAP config, which works, looks like:

$config['default_host'] = 'ssl://mail.domain.tld';
$config['default_port'] = 993;
$config['imap_conn_options'] = array(
  'ssl'         => array(
         'verify_peer'  => false,
         'verfify_peer_name' => false,
   ),
);



this connects generating log entries like:

Jul 13 10:56:36 imap-login: Info: Login: user=<[hidden email]>, method=PLAIN, rip=10.3.69.139, lip=10.3.69.135, mpid=21055, TLS, session=<1nRXpzZUIVUKA0WL>

(all good).

Configuring the manage sieve plugin as:

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'ssl://mail.domain.tld';
$config['managesieve_auth_type'] = plain;
$config['managesieve_auth_cid'] = '%u';
$config['managesieve_auth_pw'] = '%p';
$config['imap_conn_options'] = array(
  'ssl'         => array(
         'verify_peer'  => false,                          
         'verfify_peer_name' => false,
   ),
);
$config['managesieve_conn_options'] = null;


when I select the filters icon, the logs show:

Jul 13 10:59:47 managesieve-login: Info: Disconnected: Too many invalid commands. (no auth attempts in 0 secs): user=<>, rip=10.3.69.139, lip=10.3.69.135, session=<7gnCsjZUkpoKA0WL>

Seems to be opening a connection, but not speaking the right connection languge....  

Also, alas, $config['managesieve_debug'] = true;

does not result in /var/log/sieve being generated (or after being created, being populated)

Any hints very much appreciated.
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

Benny Pedersen-4
David Gessel skrev den 2017-07-13 20:07:

> does not result in /var/log/sieve being generated (or after being
> created, being populated)

roundcube does not use syslog, in the chroot roundcube dir you have a
subdir logs/

no logs there ?

> Any hints very much appreciated.

tirred now to read my config

using only 127.0.0.1 for server hosts, maybe some php class keep rfc1918
ssl/tls secure still, dont know or ever needed to try
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

Noel Butler
In reply to this post by David Gessel

On 14/07/2017 04:07, David Gessel wrote:


Configuring the manage sieve plugin as:

$config['managesieve_port'] = 4190;
$config['managesieve_host'] = 'ssl://mail.domain.tld';

remove ssl://

and set:

$rcmail_config['managesieve_usetls'] = true;


--

Kind Regards,

Noel Butler

This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF and ODF documents accepted, please do not send proprietary formatted documents

_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

David Gessel
In reply to this post by Benny Pedersen-4
Thanks Benny!


Good hint to the logs dir, no "sieve" file was created but

/usr/local/www/roundcube/logs

exists and has an .htaccess file.  There is nothing else.

# touch sieve
# chmod 777 sieve

not logging, alas... but Noel's advice has moved me forward and dovecot has logged a handshake failure (due to expired cert).  That's easy to fix...

-David



-------- Original Message --------
Subject: Re: [RCU] managesieve
From: Benny Pedersen <[hidden email]>
To: [hidden email]
Date: Fri Jul 14 2017 00:22:56 GMT+0300 (AST)

> David Gessel skrev den 2017-07-13 20:07:
>
>> does not result in /var/log/sieve being generated (or after being
>> created, being populated)
>
> roundcube does not use syslog, in the chroot roundcube dir you have a subdir logs/
>
> no logs there ?
>
>> Any hints very much appreciated.
>
> tirred now to read my config
>
> using only 127.0.0.1 for server hosts, maybe some php class keep rfc1918 ssl/tls secure still, dont know or ever needed to try
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

David Gessel
In reply to this post by Noel Butler
Thanks!  A step closer.  It seems the roundcube logins can be set to ignore certificate errors, but managesieve isn't:

Jul 14 04:34:49 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.3.69.139, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45, session=<d7vVb0VUNlsKA0WL>

This isn't accurate: it is a self-signed cert good until 2025.

While I'm OK with lets encrypt certificates, self-signed certificates should be supported.  As I remember, I ran into this problem with roundcube's checks, which is why the ssl://.... and

$config['imap_conn_options'] = array(
  'ssl'         => array(
         'verify_peer'  => false,
         'verfify_peer_name' => false,
   ),
);


which "managesieve_usetls" seems to ignore.  

Any way to get managesieve to function the same way or is this a "pay the cert mafia or else..." situation?

-David



-------- Original Message --------
Subject: Re: [RCU] managesieve
From: Noel Butler <[hidden email]>
To: [hidden email]
Date: Fri Jul 14 2017 04:56:31 GMT+0300 (AST)

> On 14/07/2017 04:07, David Gessel wrote:
>
>>
>> Configuring the manage sieve plugin as:
>>
>> $config['managesieve_port'] = 4190;
>> $config['managesieve_host'] = 'ssl://mail.domain.tld';
>
> remove ssl://
>
> and set:
>
> $rcmail_config['managesieve_usetls'] = true;
>
>
> --
>
> Kind Regards,
>
> Noel Butler
>
> This Email, including any attachments, may contain legally privileged information, therefore remains confidential and subject to copyright protected under international law. You may not disseminate, discuss, or reveal, any part, to anyone, without the authors express written authority to do so. If you are not the intended recipient, please notify the sender then delete all copies of this message including attachments, immediately. Confidentiality, copyright, and legal privilege are not waived or lost by reason of the mistaken delivery of this message. Only PDF <http://www.adobe.com/> and ODF <http://en.wikipedia.org/wiki/OpenDocument> documents accepted, please do not send proprietary formatted documents
>
>
>
> _______________________________________________
> Roundcube Users mailing list
> [hidden email]
> http://lists.roundcube.net/mailman/listinfo/users
>
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

roundcube--lists
Hi David,

is clock in sync on the machine (just to eliminate this as possible error)?

Regarding your self-signed issues I'd suggest to let your system trust
the certificate which you use. Either by putting the CA cert or the
server cert in your trust store (depends on your system). There is a big
difference between using a certificate which can be validated (even when
self signed) and trusting any presented certificate (even if there are
config switches to disable checking).

hth+regards,
Thomas

On 14.07.2017 13:44, David Gessel wrote:

> Thanks!  A step closer.  It seems the roundcube logins can be set to ignore certificate errors, but managesieve isn't:
>
> Jul 14 04:34:49 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=10.3.69.139, lip=10.3.69.135, TLS handshaking: SSL_accept() failed: error:14094415:SSL routines:ssl3_read_bytes:sslv3 alert certificate expired: SSL alert number 45, session=<d7vVb0VUNlsKA0WL>
>
> This isn't accurate: it is a self-signed cert good until 2025.
>
> While I'm OK with lets encrypt certificates, self-signed certificates should be supported.  As I remember, I ran into this problem with roundcube's checks, which is why the ssl://.... and
>
> $config['imap_conn_options'] = array(
>   'ssl'         => array(
>          'verify_peer'  => false,
>          'verfify_peer_name' => false,
>    ),
> );
>
>
> which "managesieve_usetls" seems to ignore.  
>
> Any way to get managesieve to function the same way or is this a "pay the cert mafia or else..." situation?
>
> -David
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: managesieve

David Gessel
Thomas,

They share a clock, so yes (jails, freebsd).

Adding the cert to the store seems painfully obvious.  I'll give that a try, though I think it may be time to embrace Lets Encrypt.

-David

-------- Original Message --------
Subject: Re: [RCU] managesieve
From: [hidden email]
To: [hidden email]
Date: Fri Jul 14 2017 22:11:59 GMT+0300 (AST)

> Hi David,
>
> is clock in sync on the machine (just to eliminate this as possible error)?
>
> Regarding your self-signed issues I'd suggest to let your system trust
> the certificate which you use. Either by putting the CA cert or the
> server cert in your trust store (depends on your system). There is a big
> difference between using a certificate which can be validated (even when
> self signed) and trusting any presented certificate (even if there are
> config switches to disable checking).
>
> hth+regards,
> Thomas
_______________________________________________
Roundcube Users mailing list
[hidden email]
http://lists.roundcube.net/mailman/listinfo/users
Loading...