Hi, i'm installing a new mail server for our faculty and want to use the squirrelmail plugin 'avelsieve' (1.9.7). As documented on the dovecot wiki there is a problem in the STARTTLS code and i found a solution (that works for my installation):
i've traced the server output in 'get_response' and instead of a script list i saw "IMPLEMENTATION". So i took a look at the file 'managesieve.lib.php' and the STARTTLS code: /* If we allow STARTTLS, use it */ if($this->capabilities['starttls'] === true && function_exists('stream_socket_enable_crypto') === true) { fputs($this->fp,"STARTTLS\r\n"); $starttls_response = $this->line=fgets($this->fp,1024); if(stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) { $this->error=EC_UNKNOWN; $this->error_raw = "Failed to establish TLS connection."; return false; } else { $this->loggedin = true; // RFC says that we need to ask for the capabilities again $this->sieve_get_capability(); $this->loggedin = false; } } With my limited time and debugging possibilities i've found that the dovecot managesieve server seems to send capability lines 'automagically'. I've added a few "debugging" lines /* If we allow STARTTLS, use it */ if($this->capabilities['starttls'] === true && function_exists('stream_socket_enable_crypto') === true) { fputs($this->fp,"STARTTLS\r\n"); $starttls_response = $this->line=fgets($this->fp,1024); if(stream_socket_enable_crypto($this->fp, true, STREAM_CRYPTO_METHOD_TLS_CLIENT) == false) { $this->error=EC_UNKNOWN; $this->error_raw = "Failed to establish TLS connection."; return false; } else { $this->loggedin = true; $starttls_response = $this->line=fgets($this->fp,1024); $errormsg .= _("MFI fgets ") . $starttls_response . '<br>'; print_errormsg($errormsg); // RFC says that we need to ask for the capabilities again $this->sieve_get_capability(); $this->loggedin = false; } } and could read MFI fgets "IMPLEMENTATION" "dovecot" what will throw the following 'sieve_get_capability' out of sync. Then i've added a second 'fgets' and received: MFI fgets "SASL" "PLAIN" Then i've added a third 'fgets' and received: MFI fgets "SIEVE" "fileinto reject envelope vacation imapflags notify subaddress relational comparator-i;ascii-numeric regex" Then i've added a fourth 'fgets' and received: MFI fgets OK "TLS negotiation successful." Now the protocol should be in sync again and after removing the lines $errormsg .= _("MFI 1 fgets ") . $starttls_response . '<br>'; print_errormsg($errormsg); i could load my scripts back. So, adding four lines reading $starttls_response = $this->line=fgets($this->fp,1024); $starttls_response = $this->line=fgets($this->fp,1024); $starttls_response = $this->line=fgets($this->fp,1024); $starttls_response = $this->line=fgets($this->fp,1024); solved the problem. I know this is not a sound "fix", but i hope to help you with this. One addendum: a "debugging" using my errormsg-printout of the output from /* If we allow STARTTLS, use it */ if($this->capabilities['starttls'] === true && function_exists('stream_socket_enable_crypto') === true) { fputs($this->fp,"STARTTLS\r\n"); $starttls_response = $this->line=fgets($this->fp,1024); resulted in the response: MFI fgets OK "Begin TLS negotiation now." what looks proper to me, but the negotiation makes the server send the four lines mentioned above. Cheers