Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Hello Simon, Thank you for your explanation about Horde and Ingo. I will certainly try to install it and see if it satisfies my needs. And as you said, installation is done by pear, so a Debian package is not needed. I only wondered why the Horde software is not included anymore in Wheezy, as it was in Squeeze. Not that it probably would be of much worth, I have another machine running Ubuntu 12.04.3 LTS and the version in the repo is a bit outdated (3.3). Regards, Wouter On 10/08/2013 08:13 AM, Simon B wrote: On 8 Oct 2013 07:50, Wouter Berkepeis wou...@private-lotus.org mailto:wou...@private-lotus.org wrote: Hello Benny, Thanks for your response. Ingo looks promising to me as a sufficient solution, but on the Ingo site one of the stated prerequisites is : (start quote) To function properly, Ingo *requires* the following: A working Horde installation Ingo runs within the Horde Application Framework http://www.horde.org/apps/horde, a set of common tools for web applications written in PHP. You must install Horde before installing Ingo. (end quote) So, if I can install Ingo without Horde as you say, I would be more then happy. Btw, my remark about the LDAP authentication with Squirrelmail being too tricky to implement maybe wasn't described right. What I meant was it's not worth the efforts installing all this, just to be able to manage sieve filters from inside another program. I have installed Squirrelmail for just being able to look now and then at my e-mail at public places, I don't use it frequently. Anyway, thanks for your little help. :-) A working horde installation is in this case the horde package. If you don't need to install webmail, address book, calendar, tasks, you don't have to. Let alone the wiki, photo gallery, bookmark manager or ticket interface. Just install horde and Ingo and be done. You may find it useful to install imp too -to take care of the authentication, but you don't have to show it to the user. And installing by pear couldn't be easier. Why do you need a debian package? Simon
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
On 8 Oct 2013 07:50, Wouter Berkepeis wou...@private-lotus.org wrote: Hello Benny, Thanks for your response. Ingo looks promising to me as a sufficient solution, but on the Ingo site one of the stated prerequisites is : (start quote) To function properly, Ingo *requires* the following: A working Horde installation Ingo runs within the Horde Application Framework http://www.horde.org/apps/horde, a set of common tools for web applications written in PHP. You must install Horde before installing Ingo. (end quote) So, if I can install Ingo without Horde as you say, I would be more then happy. Btw, my remark about the LDAP authentication with Squirrelmail being too tricky to implement maybe wasn't described right. What I meant was it's not worth the efforts installing all this, just to be able to manage sieve filters from inside another program. I have installed Squirrelmail for just being able to look now and then at my e-mail at public places, I don't use it frequently. Anyway, thanks for your little help. :-) A working horde installation is in this case the horde package. If you don't need to install webmail, address book, calendar, tasks, you don't have to. Let alone the wiki, photo gallery, bookmark manager or ticket interface. Just install horde and Ingo and be done. You may find it useful to install imp too -to take care of the authentication, but you don't have to show it to the user. And installing by pear couldn't be easier. Why do you need a debian package? Simon
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Wouter Berkepeis skrev den 2013-10-08 07:49: So, if I can install Ingo without Horde as you say, I would be more then happy. yes ingo needs horde framework, but not the full horde problem to run Btw, my remark about the LDAP authentication with Squirrelmail being too tricky to implement maybe wasn't described right. you dont need auth in squirrelmail, its imap auth in the first place What I meant was it's not worth the efforts installing all this, just to be able to manage sieve filters from inside another program. I have installed Squirrelmail for just being able to look now and then at my e-mail at public places, I don't use it frequently. if all needed tools is missing in debian why use it ? create a launchpad bug of have ingo installed via apt-get will be next step Anyway, thanks for your little help. :-) no problem
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
On 10/7/2013 1:01 AM, Wouter Berkepeis wrote: Everything OK I guess. Especially the first part of the output is interesting: IMPLEMENTATION Dovecot Pigeonhole This is what Smartsieve is looking at. With the former version the string was 'dovecot', so I changed this in the 'Managesieve.php' file. This file was already patched as stated on the site. Furthermore I changed everything referring to port 2000 to port 4190. That should work. I used the patch mentioned here: http://www.mail-archive.com/dovecot@dovecot.org/msg21862.html And modified it for the new situation. I'm assuming this is very similar to what you're doing and here it works. You could try to obtain more information by logging the protocol exchange: http://wiki2.dovecot.org/Debugging/Rawlog Alternatively you can debug Smartsieve by adding more logging into the source code. And yes, SmartSieve is unmaintained, so I would not recommend using it anymore. Regards, Stephan.
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Wouter Berkepeis skrev den 2013-10-07 01:01: dovecot-info.log: 2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40, session=NkXdXhfodwB/AAAB syslog: setup smartsieve to disable tls, then it works edit in servers.php
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Stephan Bosch skrev den 2013-10-07 08:54: And yes, SmartSieve is unmaintained, so I would not recommend using it anymore. just sad it is not, its imho still the best standalone webui for sieve
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Hello Stephan, Thanks for the answer. I also thought it should work this way. Thank you for the suggestion using rawlog, hopefully I can find out why it does not work (yet). Complicating factor is that I run 2 versions of SmartSieve on two different machines, the old one for everyday use, and the new one for testing inside my lan. Always a bit tricky these do not interfere. For testing managesieve(-login) I also used the Thunderbird sieve plugin. This is working ok for the new setup, I can actually log in and send and save sieve settings on the server (a lot of s's...:-) ). So Dovecot is working ok, it's the client side causing the problem. Regards, Wouter On 10/07/2013 08:54 AM, Stephan Bosch wrote: On 10/7/2013 1:01 AM, Wouter Berkepeis wrote: Everything OK I guess. Especially the first part of the output is interesting: IMPLEMENTATION Dovecot Pigeonhole This is what Smartsieve is looking at. With the former version the string was 'dovecot', so I changed this in the 'Managesieve.php' file. This file was already patched as stated on the site. Furthermore I changed everything referring to port 2000 to port 4190. That should work. I used the patch mentioned here: http://www.mail-archive.com/dovecot@dovecot.org/msg21862.html And modified it for the new situation. I'm assuming this is very similar to what you're doing and here it works. You could try to obtain more information by logging the protocol exchange: http://wiki2.dovecot.org/Debugging/Rawlog Alternatively you can debug Smartsieve by adding more logging into the source code. And yes, SmartSieve is unmaintained, so I would not recommend using it anymore. Regards, Stephan.
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Thanks for the reply. I already tried all possible options in server.php : from 993/imap/ssl/novalidate-certs to 143/imap/notls with setting use_starttls to false. It seems that smartsieve/managesieve-login is always trying to setup a secure connection. Looking at my log files TLS handshaking is always been done. I don't know what is causing this behaviour. On 10/07/2013 12:06 PM, Benny Pedersen wrote: Wouter Berkepeis skrev den 2013-10-07 01:01: dovecot-info.log: 2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth attempts in 0 secs): user=, rip=127.0.0.1, lip=127.0.0.1, TLS handshaking: SSL_accept() failed: error:14094410:SSL routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number 40, session=NkXdXhfodwB/AAAB syslog: setup smartsieve to disable tls, then it works edit in servers.php
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Wouter Berkepeis skrev den 2013-10-07 18:04: Thanks for the reply. I already tried all possible options in server.php : from 993/imap/ssl/novalidate-certs to 143/imap/notls with setting use_starttls to false. It seems that smartsieve/managesieve-login is always trying to setup a secure connection. Looking at my log files TLS handshaking is always been done. I don't know what is causing this behaviour. well then change to http://www.horde.org/apps/ingo with is still maintained i have lost how to solve it in smartsieve, if you only want to have webui with smartsieve it possible to disable tls for the dovecot part on port 2000 / 4190, this is fine for connection as long is just loopback interface, its still possible to have smartsieve on a https webpage
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
inline: fdfdeege.png
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Wouter Berkepeis skrev den 2013-10-07 20:37: Thanks for the tip. I had to disable ssl completely to finally login to SmartSieve. But then I saw that the interface is 'crippled', it's missing some parts. I don't know what is causing that, but I've had it with SmartSieve for now. Which is a pity because it's the only stand-alone (web)gui, as far as I know. ingo does not need full horde install, wake up :) Looking for alternatives I already came across Ingo. But this is part of the Horde suite and Horde is not part of Debian Wheezy. make a virtualbox with gentoo then where its supported :) And I don't like that I have to use a whole suite just for managing my sieve filter settings. who sayed that ? Another alternative maybe could be the Avelsieve plugin for Squirrelmail. or roundcube ? But with LDAP authentication I am using I also have to install the LDAP backend plugin. nope, if you use webmail its done It's becoming a bit too tricky for me, come on, you manage debian ? and again, I have to use another program just to manage sieve. upto you, i just show you little help in solve it So, I guess, maybe it's time to pick up my rusty programming skills and create a gui myself its opensource
Re: [Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
Hello Benny, Thanks for your response. Ingo looks promising to me as a sufficient solution, but on the Ingo site one of the stated prerequisites is : (start quote) To function properly, Ingo *requires* the following: A working Horde installation Ingo runs within the Horde Application Framework http://www.horde.org/apps/horde, a set of common tools for web applications written in PHP. You must install Horde before installing Ingo. (end quote) So, if I can install Ingo without Horde as you say, I would be more then happy. Btw, my remark about the LDAP authentication with Squirrelmail being too tricky to implement maybe wasn't described right. What I meant was it's not worth the efforts installing all this, just to be able to manage sieve filters from inside another program. I have installed Squirrelmail for just being able to look now and then at my e-mail at public places, I don't use it frequently. Anyway, thanks for your little help. :-) Regards, Wouter On 10/08/2013 07:24 AM, Benny Pedersen wrote: Wouter Berkepeis skrev den 2013-10-07 20:37: Thanks for the tip. I had to disable ssl completely to finally login to SmartSieve. But then I saw that the interface is 'crippled', it's missing some parts. I don't know what is causing that, but I've had it with SmartSieve for now. Which is a pity because it's the only stand-alone (web)gui, as far as I know. ingo does not need full horde install, wake up :) Looking for alternatives I already came across Ingo. But this is part of the Horde suite and Horde is not part of Debian Wheezy. make a virtualbox with gentoo then where its supported :) And I don't like that I have to use a whole suite just for managing my sieve filter settings. who sayed that ? Another alternative maybe could be the Avelsieve plugin for Squirrelmail. or roundcube ? But with LDAP authentication I am using I also have to install the LDAP backend plugin. nope, if you use webmail its done It's becoming a bit too tricky for me, come on, you manage debian ? and again, I have to use another program just to manage sieve. upto you, i just show you little help in solve it So, I guess, maybe it's time to pick up my rusty programming skills and create a gui myself its opensource
[Dovecot] smartsieve managesieve-login failure with dovecot 2.1.7
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
I just subscribed to the mailing list because I am stuck trying to solve
a problem getting smartsieve to work with a new version of dovecot.
But let me first explain the situation shortly. I am running a mail
server at home for personal use, and for fun. At this moment this is an
old, slow machine running Debian Squeeze, Dovecot 1.2.15 and Exim 4.72.
Authentication is done with LDAP, running OpenLDAP 2.4.23. For managing
mail filtering I use Smartsieve 1.0.0-RC2 in conjunction with Dovecot's
Managesieve plugin. It's all working properly. But because this machine
is slow, I'm now busy upgrading building a new machine running Debian
Wheezy, Dovecot 2.1.7 and Exim 4.80. I've got it all running and working
now (that is: locally in my lan): imap with dovecot, smtp with exim,
Dovecot's sieve plugin working properly, authentication done through
LDAP backend.
But what I can't get to work is Smartsieve. Looking at the logs on my
server I can tell managesieve-login is not working well with Smartsieve.
As far as I understand authentication is always done over a secure
connection using TLS. Here is some logged output, Dovecot as well as
Smartsieve.
dovecot-info.log:
2013-10-06 21:16:20 managesieve-login: Info: Disconnected (no auth
attempts in 0 secs): user=, rip=127.0.0.1, lip=127.0.0.1, TLS
handshaking: SSL_accept() failed: error:14094410:SSL
routines:SSL3_READ_BYTES:sslv3 alert handshake failure: SSL alert number
40, session=NkXdXhfodwB/AAAB
syslog:
Oct 6 21:51:40 jingo smartsieve[12168]: getCryptLib: using rc4
Oct 6 21:51:40 jingo smartsieve[12168]: getCryptLib: using rc4
Oct 6 21:51:40 jingo smartsieve[12168]: FAILED LOGIN: jingo
[192.168.2.12] {Private Lotus}: starttls: TLS initialization failed:
socket timed out while reading server response: #002
Oct 6 21:51:40 jingo smartsieve[12168]:
2Z#027#015141003200542Z0??1#0130#011#006#003U#004#006#023#002NL1#0230#021#006#003U#004#010#014#012Overijssel1#0200#016#006#003U#004#007#014#007Hengelo1#0!#006#003U#004#012#014#032Private
Lotus Organization1#0230#021#006#003U#004#013#014#012Jingo
Mail10$#006#003U#004#003#014#035jingo.private-lotus.no-ip.net10$#006#011*?H?÷#015#001#011#001#026#027amigo@private-lotus.org0?#0010#015#006#011*?H?÷#015#001#001#001#005
Oct 6 21:51:40 jingo smartsieve[12168]: #003#001
Oct 6 21:51:40 jingo smartsieve[12168]:
èm¬NþgHÁßt#021×?Ð#011$?f+»#013?#021?ø#013yùZd#032Òí}Ì#012ù?#003xPË
What is clear is that somehow no user information is being negotiated.
Issuing a manual TLS login give the following results:
root@amigos:~# gnutls-cli --starttls -p 4190 jingo.private-lotus.no-ip.net
Resolving 'jingo.private-lotus.no-ip.net'...
Connecting to '82.161.181.183:4190'...
- - Simple Client Mode:
IMPLEMENTATION Dovecot Pigeonhole
SIEVE fileinto reject envelope encoded-character vacation subaddress
comparator-i;ascii-numeric relational regex imap4flags copy include
variables body enotify environment mailbox date ihave
NOTIFY mailto
SASL
STARTTLS
VERSION 1.0
OK Dovecot ready.
STARTTLS
OK Begin TLS negotiation now.
*** Starting TLS handshake
- - Ephemeral Diffie-Hellman parameters
- Using prime: 1024 bits
- Secret key: 1022 bits
- Peer's public key: 1024 bits
- - Certificate type: X.509
- Got a certificate list of 1 certificates.
- Certificate[0] info:
- subject `C=NL,ST=Overijssel,L=Hengelo,O=Private Lotus
Organization,OU=Jingo
Mail,CN=jingo.private-lotus.no-ip.net,EMAIL=am...@private-lotus.org',
issuer `C=NL,ST=Overijssel,L=Hengelo,O=Private Lotus
Organization,OU=Private Lotus Certificate
Authority,CN=private-lotus.no-ip.net,EMAIL=am...@private-lotus.org', RSA
key 2048 bits, signed using RSA-SHA, activated `2013-10-03 20:05:42
UTC', expires `2014-10-03 20:05:42 UTC', SHA-1 fingerprint
`85ff6b5846a53e7eb5d46c3c4ebfd7beb253ba15'
- - The hostname in the certificate matches 'jingo.private-lotus.no-ip.net'.
- - Peer's certificate issuer is unknown
- - Peer's certificate is NOT trusted
- - Version: TLS1.1
- - Key Exchange: DHE-RSA
- - Cipher: AES-128-CBC
- - MAC: SHA1
- - Compression: NULL
Everything OK I guess. Especially the first part of the output is
interesting: IMPLEMENTATION Dovecot Pigeonhole
This is what Smartsieve is looking at. With the former version the
string was 'dovecot', so I changed this in the 'Managesieve.php' file.
This file was already patched as stated on the site. Furthermore I
changed everything referring to port 2000 to port 4190.
But it still ain't working. Am I doing something wrong? Or is Smartsieve
just becoming too outdated to work with newer versions of Dovecot?
To get the picture complete, hereby my used config of Dovecot, generated
with 'dovecot -n' :
root@jingo:~# dovecot -n
# 2.1.7: /etc/dovecot/dovecot.conf
# OS: Linux 3.2.0-4-686-pae i686 Debian 7.1
info_log_path = /var/log/dovecot/dovecot-info.log
log_path = /var/log/dovecot/dovecot.log
log_timestamp = %Y-%m-%d %H:%M:%S
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
