Hi,
i'm installing a new mail server for our faculty and want to use
the squirrelmail plugin 'avelsieve' (1.9.7). As documented on the
dovecot wiki there is a problem in the STARTTLS code and i
found a solution (that works for my installation):
i've traced the server output in 'get_response' and instead of
a script list i saw "IMPLEMENTATION". So i took a look at
the file 'managesieve.lib.php' and the STARTTLS code:
/* If we allow STARTTLS, use it */
if($this->capabilities['starttls'] === true &&
function_exists('stream_socket_enable_crypto') === true) {
fputs($this->fp,"STARTTLS\r\n");
$starttls_response = $this->line=fgets($this->fp,1024);
if(stream_socket_enable_crypto($this->fp, true,
STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) {
$this->error=EC_UNKNOWN;
$this->error_raw = "Failed to establish TLS connection.";
return false;
} else {
$this->loggedin = true;
// RFC says that we need to ask for the capabilities again
$this->sieve_get_capability();
$this->loggedin = false;
}
}
With my limited time and debugging possibilities i've found that the
dovecot managesieve server seems to send capability lines 'automagically'.
I've added a few "debugging" lines
/* If we allow STARTTLS, use it */
if($this->capabilities['starttls'] === true &&
function_exists('stream_socket_enable_crypto') === true) {
fputs($this->fp,"STARTTLS\r\n");
$starttls_response = $this->line=fgets($this->fp,1024);
if(stream_socket_enable_crypto($this->fp, true,
STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) {
$this->error=EC_UNKNOWN;
$this->error_raw = "Failed to establish TLS connection.";
return false;
} else {
$this->loggedin = true;
$starttls_response = $this->line=fgets($this->fp,1024);
$errormsg .= _("MFI fgets ") . $starttls_response . '<br>';
print_errormsg($errormsg);
// RFC says that we need to ask for the capabilities again
$this->sieve_get_capability();
$this->loggedin = false;
}
}
and could read
MFI fgets "IMPLEMENTATION" "dovecot"
what will throw the following 'sieve_get_capability' out of sync.
Then i've added a second 'fgets' and received:
MFI fgets "SASL" "PLAIN"
Then i've added a third 'fgets' and received:
MFI fgets "SIEVE" "fileinto reject envelope vacation imapflags notify
subaddress relational comparator-i;ascii-numeric regex"
Then i've added a fourth 'fgets' and received:
MFI fgets OK "TLS negotiation successful."
Now the protocol should be in sync again and after removing the lines
$errormsg .= _("MFI 1 fgets ") . $starttls_response . '<br>';
print_errormsg($errormsg);
i could load my scripts back. So, adding four lines reading
$starttls_response = $this->line=fgets($this->fp,1024);
$starttls_response = $this->line=fgets($this->fp,1024);
$starttls_response = $this->line=fgets($this->fp,1024);
$starttls_response = $this->line=fgets($this->fp,1024);
solved the problem. I know this is not a sound "fix", but i hope to
help you with this.
One addendum: a "debugging" using my errormsg-printout of the output from
/* If we allow STARTTLS, use it */
if($this->capabilities['starttls'] === true &&
function_exists('stream_socket_enable_crypto') === true) {
fputs($this->fp,"STARTTLS\r\n");
$starttls_response = $this->line=fgets($this->fp,1024);
resulted in the response:
MFI fgets OK "Begin TLS negotiation now."
what looks proper to me, but the negotiation makes the server send the four
lines mentioned above.
Cheers
