Roundcube Community Forum

 

Managesieve-Server

Started by bhw, May 23, 2019, 05:01:41 PM

Previous topic - Next topic

bhw

Hallo in das Forum,

nach langem recherchieren habe nun meine Suche aufgegeben und möchte an dieser Stelle fragen, ob mir jemand einen Rat geben kann.

Habe mir auf meinem Webspace ein aktuelles Roundcube installiert und möchte nun einen Spamfilter einrichten. Dabei wird angezeigt, dass eine Verbindung zum Managesieve-Server nicht hergestellt werden kann.

Gibt es Softwarepakete die man via FTP hochladen kann und über eine Weboberfläche auf dem Webserver installieren kann?

Vielem Dank im Voraus!

Grüße
bhw

ol2tmx

#1
Ich bin auch gerade dabei per Roundcube auf den Managesieve Service von Dovecot zuzugreifen. Dabei ist die Herausforderung, dass ich beim Authentication Protokoll nur das wählen kann, was der Server mir anbietet. Um herauszubekommen was Dovecot für Managesieve anbietet liefert der folgende Befehl Auskunft:


       
  • gnutls-cli --starttls -p 4190 <host>
  • STARTTLS eingeben
  • Ergebnis:
    OK "Begin TLS negotiation now.
  • STRG-D drücken
  • vollständiges Ergebnis wird angezeigt
  • Damit wird dann erst einmal angezeigt, was der Dovecot Server für Managesieve anbietet und ob er mit TLS zusammen arbeitet.


gnutls-cli --starttls -p 4190 <your_mail_server>
Processed 133 CA certificate(s).
Resolving 'your_mail_server>:4190'...
Connecting to <your_ip>:4190'...

- Simple Client Mode:

"IMPLEMENTATION" "Dovecot (Ubuntu) Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" "GSSAPI"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot (Ubuntu) ready."
STARTTLS
OK "Begin TLS negotiation now."
*** Starting TLS handshake
- Certificate type: X.509
- Got a certificate list of 2 certificates.
- Certificate[0] info:
- subject `CN=<Your_CN>', issuer `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', serial 0x04c5b05d021240be34b2cc0fa13608dc21ba, RSA key 2048 bits, signed using RSA-SHA256, activated `2019-05-28 11:31:34 UTC', expires `2019-08-26 11:31:34 UTC', pin-sha256="h7EwfKvMyEa+EwAykayXCXhIQ66RUKO3Nm8q9/KplKI="
    Public Key ID:
        sha1:4775828754ace80ba6c514f6567531f6d7d23e1c
        sha256:87b1307cabccc846be13003291ac9709784843ae9150a3b7366f2af7f2a994a2
    Public Key PIN:
        pin-sha256:h7EwfKvMyEa+EwAykayXCXhIQ66RUKO3Nm8q9/KplKI=
    Public key's random art:
        +--[ RSA 2048]----+
        |         ..*= *. |
        |      o   +.o= +.|
        |     . o o.o  .E=|
        |      . +..   .oo|
        |     o oS .    o.|
        |      = ..      .|
        |     + . .       |
        |    .   .        |
        |                 |
        +-----------------+

- Certificate[1] info:
- subject `CN=Let's Encrypt Authority X3,O=Let's Encrypt,C=US', issuer `CN=DST Root CA X3,O=Digital Signature Trust Co.', serial 0x0a0141420000015385736a0b85eca708, RSA key 2048 bits, signed using RSA-SHA256, activated `2016-03-17 16:40:46 UTC', expires `2021-03-17 16:40:46 UTC', pin-sha256="YLh1dUR9y6Kja30RrAn7JKnbQG/uEtLMkBgFF2Fuihg="
- Status: The certificate is trusted.
- Description: (TLS1.2)-(ECDHE-RSA-SECP384R1)-(AES-256-GCM)
- Session ID: 26:6D:75:B2:AA:6C:52:E9:45:F0:09:A3:CB:9D:FE:E1:4D:67:3A:44:9D:8A:8A:8B:65:61:A5:45:8A:45:1F:FE
- Ephemeral EC Diffie-Hellman parameters
- Using curve: SECP384R1
- Curve size: 384 bits
- Version: TLS1.2
- Key Exchange: ECDHE-RSA
- Server Signature: RSA-SHA256
- Cipher: AES-256-GCM
- MAC: AEAD
- Compression: NULL
- Options: extended master secret, safe renegotiation,
"IMPLEMENTATION" "Dovecot (Ubuntu) Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" "GSSAPI PLAIN"
"VERSION" "1.0"
OK "TLS negotiation successful."


https://wiki.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
Nun kommt die Anpassung in Mangesieve Plugin von Roundcube:

- cd /var/www/html/roundcube/plugins/managesieve/- cp config.inc.php.dist  config.inc.php  --> das erstellt dann die aktuelle Konfiguation für Managesieve in Roundcube
config.inc.php

Quote
// Manage Sieve Plugin Configuration
// wesentliche Funktionen

$config['managesieve_port'] = 4190;

$config['managesieve_host'] = '<your_mail_server>';

$config['managesieve_auth_type'] = 'PLAIN';

$config['managesieve_auth_cid'] = null;

$config['managesieve_auth_pw'] = null;


// Manage Sieve TLS Verbindung zum Dovecot Server
$config['managesieve_usetls'] = 'TRUE';

// Connection to the managesieve server
$config['managesieve_conn_options'] = array(
  'ssl'         => array(
  'verify_peer'  => true,
  'verify_peer_name'  => true,
  'allow_self_signed' => false,
  ),
);

// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '<your_default_sieve_directory>';

Sonstige Optionale Einstellungen:

Quote
// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '/var/vmail/default.sieve';

// The name of the script which will be used when there's no user script
$config['managesieve_script_name'] = 'managesieve';

$config['managesieve_mbox_encoding'] = 'UTF-8';

$config['managesieve_replace_delimiter'] = '';

// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$config['managesieve_debug'] = false;

// Enables features described in http://wiki.kolab.org/KEP:14
$config['managesieve_kolab_master'] = false;

// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$config['managesieve_filename_extension'] = '.sieve';

$config['managesieve_filename_exceptions'] = array();

$config['managesieve_domains'] = array();

// Default list of entries in header selector
$config['managesieve_default_headers'] = array('Subject', 'From', 'To');

// Enables separate management interface for vacation responses (out-of-office)
// 0 - no separate section (default),
// 1 - add Vacation section,
// 2 - add Vacation section, but hide Filters section
$config['managesieve_vacation'] = 1;

// Enables separate management interface for setting forwards (redirect to and copy to)
// 0 - no separate section (default),
// 1 - add Forward section,
// 2 - add Forward section, but hide Filters section
$config['managesieve_forward'] = 1;

// Default vacation interval (in days).
// Note: If server supports vacation-seconds extension it is possible
// to define interval in seconds here (as a string), e.g. "3600s".
$config['managesieve_vacation_interval'] = 0;

// Some servers require vacation :addresses to be filled with all
// user addresses (aliases). This option enables automatic filling
// of these on initial vacation form creation.
$config['managesieve_vacation_addresses_init'] = false;

// Sometimes you want to always reply with mail email address
// This option enables automatic filling of :from field on initial vacation form creation.
$config['managesieve_vacation_from_init'] = false;

// Supported methods of notify extension. Default: 'mailto'
$config['managesieve_notify_methods'] = array('mailto');

// Enables scripts RAW editor feature
$config['managesieve_raw_editor'] = true;

$config['managesieve_allowed_hosts'] = array('<your_manage_sieve_server>');