Author Topic: Postfix Dovecot Mysql Roundcube and ... managesieve  (Read 4567 times)

Offline the_extremist

  • Newbie
  • *
  • Posts: 9
Postfix Dovecot Mysql Roundcube and ... managesieve
« on: July 29, 2020, 05:32:31 PM »
Hello, I trying to configure managesieve on rc with dovecot but I can't.  Tryed mutliple conf but without any good results. Now IMAP,SMTP works with SSL fine, Password works too.
Postfix, Dovecot = 192.168.41.2
Roundcube on 192.168.42.2
Mysql = 192.168.45.2


On roundcube i get error "unable connect to server" on filters tab. Trying with ssl and without. No chance. Help me please

Dovecot
Code: [Select]
[root@Centos-MAIL log]# doveconf -n
# 2.3.8 (9df20d2db): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.8 (b7b03ba2)
# OS: Linux 4.18.0-193.6.3.el8_2.x86_64 x86_64 CentOS Linux release 8.2.2004 (Core)  xfs
# Hostname: Centos-MAIL
auth_debug = yes
auth_debug_passwords = yes
auth_mechanisms = plain login
auth_username_format = %u
auth_verbose = yes
auth_verbose_passwords = yes
debug_log_path = mail_messanges
disable_plaintext_auth = no
first_valid_uid = 1000
lda_mailbox_autocreate = yes
lda_mailbox_autosubscribe = yes
mail_debug = yes
mail_gid = vmail
mail_location = maildir:/var/mail/vhosts/%d/%n/mail
mail_privileged_group = mail
mail_uid = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
    special_use = \Drafts
  }
  mailbox Junk {
    special_use = \Junk
  }
  mailbox Sent {
    special_use = \Sent
  }
  mailbox "Sent Messages" {
    special_use = \Sent
  }
  mailbox Trash {
    special_use = \Trash
  }
  prefix =
}
passdb {
  args = /etc/dovecot/dovecot-sql.conf.ext
  driver = sql
}
plugin {
  sieve = file~/mail/%d/%n/dovecot.sieve
  sieve_dir = ~/mail/%d/%n/sieve
  sieve_global_dir = /etc/dovecot/sieve/global/
  sieve_global_path = /etc/dovecot/sieve/default.sieve
}
protocols = imap lmtp pop3 sieve
service auth-worker {
  user = vmail
}
service auth {
  unix_listener /var/spool/postfix/private/auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-client {
    group = mail
    mode = 0660
    user = dovecot
  }
  unix_listener auth-master {
    group = mail
    mode = 0660
    user = dovecot
  }
  unix_listener auth-userdb {
    mode = 0600
    user = vmail
  }
  user = dovecot
}
service imap-login {
  inet_listener imap {
    port = 143
  }
  inet_listener imaps {
    port = 993
    ssl = yes
  }
}
service lmtp {
  unix_listener /var/spool/postfix/private/dovecot-lmtp {
    group = postfix
    mode = 0600
    user = postfix
  }
}
service managesieve-login {
  inet_listener sieve {
    port = 4190
  }
  inet_listener sieve_deprecated {
    port = 2000
  }
}
ssl_ca = </etc/dovecot/ssl/ca.pem
ssl_cert = </etc/dovecot/ssl/cert.pem
ssl_cipher_list = PROFILE=SYSTEM
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_verify_client_cert = yes
userdb {
  args = uid=vmail gid=vmail home=/var/mail/vhosts/%d/%n
  driver = static
}
verbose_ssl = yes
protocol lmtp {
  info_log_path = /var/log/dovecot-lmtp.log
  log_path = /var/log/dovecot-lmtp-errors.log
  mail_plugins = sieve
}
protocol sieve {
  info_log_path = /var/log/dovecot-sieve.log
  log_path = /var/log/dovecot-sieve-errors.log
  managesieve_implementation_string = dovecot
  managesieve_max_line_length = 65536
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  hostname = mail.replikacja.eu
  info_log_path = /var/log/dovecot-lda.log
  log_path = /var/log/dovecot-lda-errors.log
  mail_plugins = sieve
  postmaster_address = postmaster@replikacja.eu
}


Roundcube
It's mounted by smb from 42.2
Added at conf
Code: [Select]
$config['managesieve_default'] = '/mnt/dovecot/default.sieve';

Managesieve
Code: [Select]
<?php

// managesieve server port. When empty the port will be determined automatically
// using getservbyname() function, with 4190 as a fallback.
$config['managesieve_port'] = 4190;

// managesieve server address, default is localhost.
// Replacement variables supported in host name:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$config['managesieve_host'] = '192.168.42.2';

// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
$config['managesieve_auth_type'] = PLAIN;

// Optional managesieve authentication identifier to be used as authorization proxy.
// Authenticate as a different user but act on behalf of the logged in user.
// Works with PLAIN and DIGEST-MD5 auth.
$config['managesieve_auth_cid'] = 'null';

// Optional managesieve authentication password to be used for imap_auth_cid
$config['managesieve_auth_pw'] = 'null';

// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
$config['managesieve_usetls'] = false;

// Connection scket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
$config['managesieve_conn_options'] = array(
  
'ssl'         => array(
      
'verify_peer'  => false,
      
'verify_peer_name'  => false,
     
'cafile'       => '/etc/ssl/private/ca.pem',
        ),
 );
// Note: These can be also specified as an array of options indexed by hostname
$config['managesieve_conn_options'] = null;

// A file with default script content (eg. spam filter)
$config['managesieve_default'] = '/mnt/dovecot/sieve/global';

// The name of the script which will be used when there's no user script
$config['managesieve_script_name'] = 'managesieve';

// Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
// but some implementations does not covert UTF-8 to modified UTF-7.
// Defaults to UTF7-IMAP
$config['managesieve_mbox_encoding'] = 'UTF-8';

// I need this because my dovecot (with listescape plugin) uses
// ':' delimiter, but creates folders with dot delimiter
$config['managesieve_replace_delimiter'] = '';

// disabled sieve extensions (body, copy, date, editheader, encoded-character,
// envelope, environment, ereject, fileinto, ihave, imap4flags, index,
// mailbox, mboxmetadata, regex, reject, relational, servermetadata,
// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
// Note: not all extensions are implemented
$config['managesieve_disabled_extensions'] = array();

// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$config['managesieve_debug'] = true;

// Enables features described in http://wiki.kolab.org/KEP:14
$config['managesieve_kolab_master'] = false;

// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$config['managesieve_filename_extension'] = '.sieve';

// List of reserved script names (without extension).
// Scripts listed here will be not presented to the user.
$config['managesieve_filename_exceptions'] = array();

// List of domains limiting destination emails in redirect action
// If not empty, user will need to select domain from a list
$config['managesieve_domains'] = array();

// Default list of entries in header selector
$config['managesieve_default_headers'] = array('Subject''From''To');

// Enables separate management interface for vacation responses (out-of-office)
// 0 - no separate section (default),
// 1 - add Vacation section,
// 2 - add Vacation section, but hide Filters section
$config['managesieve_vacation'] = 1;

// Enables separate management interface for setting forwards (redirect to and copy to)
// 0 - no separate section (default),
// 1 - add Forward section,
// 2 - add Forward section, but hide Filters section
$config['managesieve_forward'] = 0;

// Default vacation interval (in days).
// Note: If server supports vacation-seconds extension it is possible
// to define interval in seconds here (as a string), e.g. "3600s".
$config['managesieve_vacation_interval'] = 0;

// Some servers require vacation :addresses to be filled with all
// user addresses (aliases). This option enables automatic filling
// of these on initial vacation form creation.
$config['managesieve_vacation_addresses_init'] = false;

// Sometimes you want to always reply with mail email address
// This option enables automatic filling of :from field on initial vacation form creation.
$config['managesieve_vacation_from_init'] = false;

// Supported methods of notify extension. Default: 'mailto'
$config['managesieve_notify_methods'] = array('mailto');

// Enables scripts RAW editor feature
$config['managesieve_raw_editor'] = true;

// Disabled actions
// Prevent user from performing specific actions:
// list_sets, enable_disable_set, delete_set, new_set, download_set, new_rule, delete_rule
// Note: disabling list_sets removes the Filter sets widget from the UI and means
//       the set defined in managesieve_script_name will always be used (and activated)
$config['managesieve_disabled_actions'] = array();

// List of hosts that support managesieve.
// Activate managesieve for selected hosts only. If this is not set all hosts are allowed.
// Example: $config['managesieve_allowed_hosts'] = array('host1.mydomain.com','host2.mydomain.com');
$config['managesieve_allowed_hosts'] = null;

Telnet from Roundcube (192.168.41.2) to Dovecot (192.168.42.2)
Code: [Select]
[root@Centos-WWW managesieve]# telnet 192.168.42.2 4190
Trying 192.168.42.2...
Connected to 192.168.42.2.
Escape character is '^]'.
"IMPLEMENTATION" "dovecot"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

Maillog
Code: [Select]
Jul 29 23:17:50 Centos-MAIL dovecot[31252]: auth: plain(null,192.168.41.2,<nhKSFpursqfAqCkC>): login user: Master user login attempted without master passdbs
Jul 29 23:17:52 Centos-MAIL dovecot[31252]: managesieve-login: Aborted login (auth failed, 1 attempts in 2 secs): user=<null>, method=PLAIN, rip=192.168.41.2, lip=192.168.42.2, session=<nhKSFpursqfAqCkC>

Dovecot-sieve
Code: [Select]
Jul 29 17:34:14 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.41.2, lip=192.168.42.2, TLS, session=<UxHBSZarPp/AqCkC>
Jul 29 17:34:16 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.41.2, lip=192.168.42.2, TLS, session=<bFrnSZarQp/AqCkC>
Jul 29 17:34:19 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.41.2, lip=192.168.42.2, TLS, session=<sZANSparRp/AqCkC>
Jul 29 17:34:20 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.41.2, lip=192.168.42.2, TLS, session=<tn4bSparSp/AqCkC>
Jul 29 17:34:32 managesieve-login: Info: Disconnected: Too many invalid commands. (no auth attempts in 127 secs): user=<>, rip=192.168.41.2, lip=192.168.42.2, session=<VqbWSparJp/AqCkC>

Sieve.log
Code: [Select]
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "IMPLEMENTATION" "dovecot"
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "NOTIFY" "mailto"
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "SASL" "PLAIN LOGIN"
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "STARTTLS"
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: "VERSION" "1.0"
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> S: OK "Dovecot ready."
[29-Jul-2020 23:14:08 +0200]: <8o4ptils> C: AUTHENTICATE "PLAIN" "YWRtaW5AcmVwbGlrYWNqYS5ldQBudWxsAG51bGw="
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> S: NO "Authentication failed."
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> C: LOGOUT
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> S: OK "Logout completed."

error.log
Code: [Select]
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> PHP Error: "Authentication failed." (GET /?_task=settings&_action=plugin.managesieve)
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> PHP Error: Unable to connect to managesieve on 192.168.42.2:4190 in /var/www/mail.replikacja.eu/html/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 223 (GET /?_task=setting
[29-Jul-2020 23:14:10 +0200]: <8o4ptils> PHP Error: Not currently in AUTHORISATION state (GET /?_task=settings&_action=plugin.managesieve)


Offline alec

  • Hero Member
  • *****
  • Posts: 1,363
Re: Postfix Dovecot Mysql Roundcube and ... managesieve
« Reply #1 on: July 30, 2020, 02:46:04 AM »
$config['managesieve_usetls'] = true;

 also

$config['managesieve_auth_type'] = 'PLAIN'; // needs quotes, you should try also with NULL (no quotes in this case)

Offline the_extremist

  • Newbie
  • *
  • Posts: 9
Re: Postfix Dovecot Mysql Roundcube and ... managesieve
« Reply #2 on: July 30, 2020, 05:25:44 AM »
Quote
$config['managesieve_auth_type'] = 'PLAIN'; // needs quotes, you should try also with NULL (no quotes in this case)

Without SSL :
Quote
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "IMPLEMENTATION" "dovecot"
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "NOTIFY" "mailto"
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "SASL" "PLAIN LOGIN"
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "STARTTLS"
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: "VERSION" "1.0"
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> S: OK "Dovecot ready."
[30-Jul-2020 11:31:39 +0200]: <1aamtfli> C: AUTHENTICATE "PLAIN" "YWRtaW5AcmVwbGlrYWNqYS5ldQBudWxsAG51bGw="
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> S: NO "Authentication failed."
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> C: LOGOUT
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> S: OK "Logout completed."

With SSL
Quote
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "IMPLEMENTATION" "dovecot"
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "NOTIFY" "mailto"
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "SASL" "PLAIN LOGIN"
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "STARTTLS"
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: "VERSION" "1.0"
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: OK "Dovecot ready."
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> C: STARTTLS
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: OK "Begin TLS negotiation now."
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> C: LOGOUT
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: ^W^C^C^@.,..^M/b.1..:p3x..2..H=@.'...-..^R..
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: 3..^G....D.l..c1....a^?=^R.Gh...^@2.@1t...@.^0.!Y6.,8{..^O.:Cn..^N.^Z.m=._T-..^Q.re^L.4...
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S: ..xGLL"q.|.^S.9Rz.Z.z.^\5...5.C..^M9.,JηG<8.....^F5 ..Ϛ.^W.^R..gd..^.^L.'../...H.}^Pk~U^E.
[30-Jul-2020 11:31:10 +0200]: <1aamtfli> S:.

Code: [Select]
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> PHP Error: "Authentication failed." (GET /?_task=settings&_action=plugin.managesieve)
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> PHP Error: Unable to connect to managesieve on 192.168.42.2:4190 in /var/www/mail.replikacja.eu/html/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on li
[30-Jul-2020 11:31:45 +0200]: <1aamtfli> PHP Error: Not currently in AUTHORISATION state (GET /?_task=settings&_action=plugin.managesieve)


With null at auth and without SLL  :
Quote
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "IMPLEMENTATION" "dovecot"
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enoti
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "NOTIFY" "mailto"
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "SASL" "PLAIN LOGIN"
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "STARTTLS"
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: "VERSION" "1.0"
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: OK "Dovecot ready."
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> C: LOGOUT
[30-Jul-2020 11:36:33 +0200]: <1aamtfli> S: OK "Logout completed."

With null at auth and SLL  :
Quote
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "IMPLEMENTATION" "dovecot"
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enoti
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "NOTIFY" "mailto"
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "SASL" "PLAIN LOGIN"
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "STARTTLS"
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: "VERSION" "1.0"
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: OK "Dovecot ready."
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> C: STARTTLS
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: OK "Begin TLS negotiation now."
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> C: LOGOUT
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S: ^W^C^C^@.7;.O....b.....^N..!..7.F..@.3.Uޏ.l...._..^P^\^Pk^Y...^H..6^V:(..骵..W1H..+^R.R.^Q..w4W...$nq/^D^W..-1..^P60...No^[)/I_.U..^^..^V^V^M...o5^^C0^_!\..v.X.
[30-Jul-2020 11:38:50 +0200]: <1aamtfli> S:.
« Last Edit: July 30, 2020, 05:40:01 AM by the_extremist »