thsmi
commented
3 years ago This looks to me like a badly broken server configuration.
ManageSieve requires the client to do an explicit starttls call. This means you always start with an unsecured connection then the client upgrades it via the starttls command to a secure channel. This is earliest point to do such an upgrade is after the server published his capabilities.
But your server seems to configured to expect an implicit starttls upon connection. Which violates the manage sieve specification and thus breaks the communication.
You can easily verify this. Just connect to your managesieve via telnet. You should always get as initial message the server's capabilities. Only then it is configured correctly.
In contrast a gnutls-cli --starttls, which does an implicit upgrade, has to fail on a correctly configured server.
It is very easy to mess up the security settings with Dovecot servers to be sure to stick to the manual when configuring it.
There are a many mail thread on this topic on the dovecot mailing list. The following describes the problem and contains the instructions how you can fix you configuration.
http://dovecot.2317879.n4.nabble.com/managesieve-configuration-td66094.html#a66132
Cyberknight234
Prerequisites
What happened?
The description of the problem concerns the Thunderbird but also the stand alone version. I would like to edit Sieve via the plugin/program. My mail account works without problems and can also send/receive. Creating a new account is possible without any problems. As soon as I click on "Connect", the loading bar is permanently there and nothing happens. I have activated debugging in the settings, but I don't know where it is saved. if someone tells me, I can submit the log later. I had already mentioned the problem in mailcow's github, but everything seems to be working on the server side.
I hope that someone can help me:(
What did you expect to happen?
that I can connect to the servers.
Settings
Settings from Sieve:
Server imap.xxxxxx.eu: 4190 (Secured connection) Username my@fancydomain.euLogs and Traces
Error message in logs from my server:
dovecot-mailcow_1 | May 9 02:47:16 04888203e1b5 dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=92.123.123.123, lip=123.123.123.123, TLS handshaking: SSL_accept() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42What i tried?
gnutls-cli --starttls -p 4190 imap.xxxxxx.euOutput: `Processed 129 CA certificate(s). Resolving 'imap.xxxxxxxxx.eu:4190'... Connecting to '2a03:4000:34:522:981b:xxxx:xxxx:xxxx:4190'...Simple Client Mode: "IMPLEMENTATION" "Dovecot Pigeonhole" "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext vacation-seconds editheader imapflags notify imapsieve vnd.dovecot.imapsieve" "NOTIFY" "mailto" "SASL" "" "STARTTLS" "VERSION" "1.0" OK "Dovecot ready."`
Which Version
Client Thunderbird:
Client Standalone:
Mailcow: OS: Ubuntu 20.04 Mailcow Versions: acme-mailcow (mailcow/acme:1.78) clamd-mailcow (mailcow/clamd:1.39) dockerapi-mailcow (mailcow/dockerapi:1.38) dovecot-mailcow (mailcow/dovecot:1.145) ejabberd-mailcow (mailcow/ejabberd:1.5) ipv6nat-mailcow (robbertkl/ipv6nat) memcached-mailcow (memcached:alpine) mysql-mailcow (mariadb:10.5) netfilter-mailcow (mailcow/netfilter:1.41) nginx-mailcow (nginx:mainline-alpine) olefy-mailcow (mailcow/olefy:1.7) php-fpm-mailcow (mailcow/phpfpm:1.74) postfix-mailcow (mailcow/postfix:1.61) redis-mailcow (redis:5-alpine) rspamd-mailcow (mailcow/rspamd:1.76) sogo-mailcow (mailcow/sogo:1.98) solr-mailcow (mailcow/solr:1.7) unbound-mailcow (mailcow/unbound:1.13) watchdog-mailcow (mailcow/watchdog:1.91)