编辑我与筛网连接使用 PLAIN 和身份验证方法,登录顺利进行。所以我认为 Roundcube 的配置存在问题。
$ ./sieve-connect.pl --debug -s mail.morpheu5.net -u [email protected]
setup: Need to find SSL_ca_path, trying to ask openssl
setup: found no files named for cert-hashes, rejecting dir [/usr/local/etc/openssl@3/certs]
setup: found OPENSSLDIR but certs/ invalid
setup: No OpenSSL, check some common locations
setup: Have set SSL_ca_file to /etc/ssl/cert.pem
connection: trying <mail.morpheu5.net:sieve(4190)> (try 'sieve' in /etc/services, fallback 4190)
connection: remote host address is [51.38.179.129] port [4190]
<<< "IMPLEMENTATION" "Dovecot Pigeonhole"\r\n
<<< "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"\r\n
<<< "NOTIFY" "mailto"\r\n
<<< "SASL" ""\r\n
<<< "STARTTLS"\r\n
<<< "VERSION" "1.0"\r\n
<<< OK "Dovecot ready."
-T- will use TLS certs from file "/etc/ssl/cert.pem"
-T- using hostname 'mail.morpheu5.net', verification verify-peer cert-required
>>> STARTTLS\r\n
<<< OK "Begin TLS negotiation now."\r\n
-T- TLS activated here [256 bits]
>>> NOOP "STARTTLS-RESYNC-CAPA"\r\n
<<< "IMPLEMENTATION" "Dovecot Pigeonhole"\r\n
<<< "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"\r\n
<<< "NOTIFY" "mailto"\r\n
<<< "SASL" "PLAIN LOGIN"\r\n
<<< "VERSION" "1.0"\r\n
<<< OK "TLS negotiation successful."
<<< OK (TAG "STARTTLS-RESYNC-CAPA") "Done"
Sieve/IMAP Password:
我有一个 Dovecot 服务器,运行 Pigeonhole。在过去几周里,我做了一些看似微不足道的升级(据我所知,是补丁级别),现在 Roundcube 的管理筛突然无法连接到 Dovecot。就配置而言,没有任何变化,Roundcube 确实可以连接到 Dovecot,只是似乎无法登录。
errors: <24d281f2> PHP Error: This server doesn't support any authentication methods. (GET /?_task=settings&_action=plugin.managesieve)
errors: <24d281f2> PHP Error: Unable to connect to managesieve on mopsmailer_dovecot:4190 in /var/www/html/plugins/managesieve/lib/Roundcube/rcube_sieve_engine.php on line 227 (GET /?_task=settings&_action=plugin.managesieve)
errors: <24d281f2> PHP Error: Not currently in AUTHORISATION state (GET /?_task=settings&_action=plugin.managesieve)
172.18.0.32 - - [22/Nov/2023:14:28:32 +0000] "GET /?_task=settings&_action=plugin.managesieve HTTP/1.0" 200 4630 "https://mail.morpheu5.net/?_task=settings" "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:109.0) Gecko/20100101 Firefox/119.0"
Dovecot 的观点如下
managesieve-login: Info: Disconnected: Aborted login by logging out (no auth attempts in 0 secs): user=<>, rip=172.18.0.25, lip=172.18.0.23, session=<P5Ryir4KhsesEgAZ>
如果我通过 telnet 进入 Dovecot 的 managesieve,这就是我得到的结果,而且它没有报告身份验证方法("SASL" "")这一事实对我来说听起来有点可疑。
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve"
"NOTIFY" "mailto"
"SASL" ""
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."
这是相关配置,如有需要,请随时询问。
$ dovecot -n
# 2.3.21 (47349e2482): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.21 (f6cd4b8e)
# OS: Linux 4.18.0-477.27.2.el8_8.x86_64 x86_64 CentOS Linux release 7.9.2009 (Core)
# Hostname: 1d411336c124
auth_mechanisms = plain login
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_+@
disable_plaintext_auth = no
log_path = /dev/stdout
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext imapsieve vnd.dovecot.imapsieve
mbox_write_locks = fcntl
namespace inbox {
inbox = yes
location =
mailbox Archive {
special_use = \Archive
}
mailbox Drafts {
special_use = \Drafts
}
mailbox Junk {
special_use = \Junk
}
mailbox Sent {
special_use = \Sent
}
mailbox "Sent Messages" {
special_use = \Sent
}
mailbox Trash {
special_use = \Trash
}
mailbox virtual/All {
comment = All my messages
special_use = \All
}
mailbox virtual/Flagged {
comment = All my flagged messages
special_use = \Flagged
}
prefix =
}
passdb {
args = /etc/dovecot/deny-users
deny = yes
driver = passwd-file
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
imapsieve_mailbox1_before = /var/mail/sieve/report-spam.sieve
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = /var/mail/sieve/report-ham.sieve
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
mail_log_events = flag_change append delete undelete expunge copy mailbox_delete mailbox_rename
mail_log_fields = uid box msgid flags
sieve = /var/mailboxes/%d/home/%n/.dovecot.sieve
sieve_after = /var/mail/sieve/default.sieve
sieve_before = /var/mail/sieve/SpamToJunk.sieve
sieve_default = /var/mail/sieve/default.sieve
sieve_dir = /var/mailboxes/%d/home/%n/sieve
sieve_global = /var/mail/sieve
sieve_global_extensions = +vnd.dovecot.debug +vnd.dovecot.pipe +vnd.dovecot.environment +vnd.dovecot.execute
sieve_pipe_bin_dir = /var/mail/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
protocols = imap lmtp sieve
service auth {
inet_listener {
port = 12345
}
}
service lmtp {
inet_listener lmtp {
address = mopsmailer_dovecot
port = 24
}
user = vmail
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
}
ssl = required
ssl_cert = </etc/letsencrypt/live/mail.morpheu5.net/fullchain.pem
ssl_cipher_list = ECDHE-RSA-CHACHA20-POLY1305:ALL:!LOW:!SSLv2:!EXP:!aNULL
ssl_dh = # hidden, use -P to show it
ssl_key = # hidden, use -P to show it
ssl_min_protocol = TLSv1
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol lda {
mail_plugins = " sieve imap_sieve"
}
protocol imap {
mail_plugins = " imap_sieve"
}
protocol lmtp {
mail_plugins = " sieve"
postmaster_address = [email protected]
}
$ cat roundcube/plugins/managesieve/config.inc.php
<?php
// managesieve server port. When empty the port will be determined automatically
// using getservbyname() function, with 4190 as a fallback.
$config['managesieve_port'] = 4190;
// managesieve server address, default is localhost.
// Replacement variables supported in host name:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$config['managesieve_host'] = 'mopsmailer_dovecot';
// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
$config['managesieve_auth_type'] = null;
// Optional managesieve authentication identifier to be used as authorization proxy.
// Authenticate as a different user but act on behalf of the logged in user.
// Works with PLAIN and DIGEST-MD5 auth.
$config['managesieve_auth_cid'] = null;
// Optional managesieve authentication password to be used for imap_auth_cid
$config['managesieve_auth_pw'] = null;
// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
$config['managesieve_usetls'] = true;
// Connection scket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
// $config['managesieve_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// //'verify_depth' => 3,
// 'allow_self_signed' => true,
// 'capath' => '/etc/letsencrypt/live/mail.morpheu5.net',
// ),
// );
// Note: These can be also specified as an array of options indexed by hostname
$config['managesieve_conn_options'] = null;
// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '/etc/dovecot/sieve/global';
// The name of the script which will be used when there's no user script
$config['managesieve_script_name'] = 'managesieve';
// Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
// but some implementations does not covert UTF-8 to modified UTF-7.
// Defaults to UTF7-IMAP
$config['managesieve_mbox_encoding'] = 'UTF-8';
// I need this because my dovecot (with listescape plugin) uses
// ':' delimiter, but creates folders with dot delimiter
$config['managesieve_replace_delimiter'] = '';
// disabled sieve extensions (body, copy, date, editheader, encoded-character,
// envelope, environment, ereject, fileinto, ihave, imap4flags, index,
// mailbox, mboxmetadata, regex, reject, relational, servermetadata,
// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
// Note: not all extensions are implemented
$config['managesieve_disabled_extensions'] = array();
// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$config['managesieve_debug'] = false;
// Enables features described in http://wiki.kolab.org/KEP:14
$config['managesieve_kolab_master'] = false;
// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$config['managesieve_filename_extension'] = '.sieve';
// List of reserved script names (without extension).
// Scripts listed here will be not presented to the user.
$config['managesieve_filename_exceptions'] = array();
// List of domains limiting destination emails in redirect action
// If not empty, user will need to select domain from a list
$config['managesieve_domains'] = array();
// Default list of entries in header selector
$config['managesieve_default_headers'] = array('Subject', 'From', 'To');
// Enables separate management interface for vacation responses (out-of-office)
// 0 - no separate section (default),
// 1 - add Vacation section,
// 2 - add Vacation section, but hide Filters section
$config['managesieve_vacation'] = 0;
// Enables separate management interface for setting forwards (redirect to and copy to)
// 0 - no separate section (default),
// 1 - add Forward section,
// 2 - add Forward section, but hide Filters section
$config['managesieve_forward'] = 0;
// Default vacation interval (in days).
// Note: If server supports vacation-seconds extension it is possible
// to define interval in seconds here (as a string), e.g. "3600s".
$config['managesieve_vacation_interval'] = 0;
// Some servers require vacation :addresses to be filled with all
// user addresses (aliases). This option enables automatic filling
// of these on initial vacation form creation.
$config['managesieve_vacation_addresses_init'] = false;
// Sometimes you want to always reply with mail email address
// This option enables automatic filling of :from field on initial vacation form creation.
$config['managesieve_vacation_from_init'] = false;
// Supported methods of notify extension. Default: 'mailto'
$config['managesieve_notify_methods'] = array('mailto');
// Enables scripts RAW editor feature
$config['managesieve_raw_editor'] = true;
// Disabled actions
// Prevent user from performing specific actions:
// list_sets, enable_disable_set, delete_set, new_set, download_set, new_rule, delete_rule
// Note: disabling list_sets removes the Filter sets widget from the UI and means
// the set defined in managesieve_script_name will always be used (and activated)
$config['managesieve_disabled_actions'] = array();
// List of hosts that support managesieve.
// Activate managesieve for selected hosts only. If this is not set all hosts are allowed.
// Example: $config['managesieve_allowed_hosts'] = array('host1.mydomain.com','host2.mydomain.com');
$config['managesieve_allowed_hosts'] = null;
有人有什么想法吗?
答案1
显然,设置 是不够的$config['managesieve_usetls'] = true;,还必须将其添加tls://到主机名前面。我现在要讨论身份验证的另一个问题,因此我认为这个问题已经解决了。