1

Topic: Unable to connect to managesieve server

==== Required information ====
- iRedMail version: 0.8.4
- Store mail accounts in which backend (LDAP/MySQL/PGSQL): LDAP
- Linux/BSD distribution name and version: CentOS
- Related log if you're reporting an issue:
====

I had to restart our mail server the other day, and after reboot all webmail users are getting this error when trying to manage their roundcube filters:

Unable to connect to managesieve server

As far as I'm aware no config files have changed... however I'm pasting them below just in case.

Output from /var/log/sieve.log:

May 15 09:40:16 lda(root): Fatal: setgid(501(vmail) from mail_gid setting) failed with euid=99(nobody), gid=99(nobody), egid=99(nobody): Operation not permitted (This binary should probably be called with process group set to 501(vmail) instead of 99(nobody))

Roundcube managesieve conf:

<?php

// managesieve server port
$rcmail_config['managesieve_port'] = 4190;

// managesieve server address, default is localhost.
// Replacement variables supported in host name:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$rcmail_config['managesieve_host'] = "127.0.0.1";

// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
$rcmail_config['managesieve_auth_type'] = null;

// Optional managesieve authentication identifier to be used as authorization proxy.
// Authenticate as a different user but act on behalf of the logged in user.
// Works with PLAIN and DIGEST-MD5 auth.
$rcmail_config['managesieve_auth_cid'] = null;

// Optional managesieve authentication password to be used for imap_auth_cid
$rcmail_config['managesieve_auth_pw'] = null;

// use or not TLS for managesieve server connection
// it's because I've problems with TLS and dovecot's managesieve plugin
// and it's not needed on localhost
$rcmail_config['managesieve_usetls'] = false;

// default contents of filters script (eg. default spam filter)
$rcmail_config['managesieve_default'] = "/var/www/roundcubemail/config/dovecot.sieve";

// The name of the script which will be used when there's no user script
$rcmail_config['managesieve_script_name'] = 'managesieve';

// Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
// but some implementations does not covert UTF-8 to modified UTF-7.
// Defaults to UTF7-IMAP
$rcmail_config['managesieve_mbox_encoding'] = 'UTF-8';

// I need this because my dovecot (with listescape plugin) uses
// ':' delimiter, but creates folders with dot delimiter
$rcmail_config['managesieve_replace_delimiter'] = '';

// disabled sieve extensions (body, copy, date, editheader, encoded-character,
// envelope, environment, ereject, fileinto, ihave, imap4flags, index,
// mailbox, mboxmetadata, regex, reject, relational, servermetadata,
// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
// Note: not all extensions are implemented
$rcmail_config['managesieve_disabled_extensions'] = array();

// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$rcmail_config['managesieve_debug'] = false;

// Enables features described in http://wiki.kolab.org/KEP:14
$rcmail_config['managesieve_kolab_master'] = false;

// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$rcmail_config['managesieve_filename_extension'] = '.sieve';

// List of reserved script names (without extension).
// Scripts listed here will be not presented to the user.
$rcmail_config['managesieve_filename_exceptions'] = array();

?>

My dovecot conf:

# 2.0.18: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-279.14.1.el6.x86_64 x86_64 CentOS release 6.3 (Final)
auth_mechanisms = plain PLAIN LOGIN
auth_worker_max_count = 512
default_process_limit = 1024
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  expire = db:/var/lib/dovecot/expire/expire.db
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
disable_plaintext_auth = no
dotlock_use_excl = no
first_valid_uid = 501
last_valid_uid = 501
listen = *
lock_method = dotlock
log_path = /var/log/dovecot.log
mail_fsync = always
mail_gid = 501
mail_location = maildir:/%Lh/Maildir/:INDEX=/var/indexes/%Ld/%Lu/
mail_max_userip_connections = 1024
mail_nfs_index = yes
mail_nfs_storage = yes
mail_plugins = stats
mail_uid = 501
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
mmap_disable = yes
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  expire = Trash 7 Trash/* 7 Junk 30
  expire_dict = proxy::expire
  quota = dict:user::proxy::quotadict
  quota_rule = *:storage=1G
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = /%Lh/sieve/dovecot.sieve
  sieve_dir = /%Lh/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_path = /var/vmail/sieve/dovecot.sieve
}
protocols = imap pop3 sieve
service anvil {
  client_limit = 8192
}
service auth {
  client_limit = 8192
  unix_listener /var/spool/postfix/dovecot-auth {
    group = postfix
    mode = 0666
    user = postfix
  }
  unix_listener auth-master {
    group = vmail
    mode = 0666
    user = vmail
  }
  unix_listener auth-userdb {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service dict {
  unix_listener dict {
    group = vmail
    mode = 0660
    user = vmail
  }
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
    group = vmail
    mode = 0660
    user = vmail
  }
}
ssl_ca = </root/certs/ssl247/intermediate_certificate.crt
ssl_cert = </root/certs/ssl247/mail.orphans.co.uk.crt
ssl_key = </root/certs/mail.orphans.co.uk.key
userdb {
  args = /etc/dovecot/dovecot-ldap.conf
  driver = ldap
}
protocol lda {
  auth_socket_path = /var/run/dovecot/auth-master
  info_log_path = /var/log/dovecot-deliver.log
  lda_mailbox_autocreate = yes
  log_path = /var/log/dovecot-lda-errors.log
  mail_plugins = quota sieve autocreate
}
protocol imap {
  imap_client_workarounds = tb-extra-mailbox-sep
  mail_max_userip_connections = 1024
  mail_plugins = quota imap_quota autocreate
}
protocol pop3 {
  mail_plugins = quota
  pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
  pop3_uidl_format = %08Xu%08Xv
}

Check to see managesieve is listening:

root@tay ~ # netstat -alnp | grep 4190
tcp        0      0 0.0.0.0:4190                0.0.0.0:*                   LISTEN      14222/dovecot

Any ideas?

2

Re: Unable to connect to managesieve server

*) Any related log in /var/log/dovecot.log?
*) Does directory /var/vmail/ and its sub-folders has correct file permission and owner? It should be owned by user/group: vmail:vmail, permission 0700.

3 (edited by orphans 2013-05-15 22:16:54)

Re: Unable to connect to managesieve server

dovecot.log is not showing anything unusual, just normal POP and IMAP login/logout messages without any errors.

root@tay /var/vmail # ls -al
total 32
drwxr-xr-x    6 vmail vmail 4096 Dec 11 10:36 .
drwxr-xr-x.  24 root  root  4096 Nov 29 09:36 ..
drwxr-xr-x    4 root  root  4096 Dec 11 10:36 backup
-rw-------    1 vmail vmail 1069 Dec  6 16:50 .dovecot.lda-dupes
drwx------  123 vmail vmail 4096 May 13 09:38 vmail1
root@tay /var/vmail/vmail1/[domain]/m/a/t/matt-2011.07.06.09.41.05/sieve # ls -al
total 28
drwx------ 3 vmail vmail 4096 Apr  3 10:29 .
drwx------ 4 vmail vmail 4096 Dec  7 09:12 ..
lrwxrwxrwx 1 vmail vmail   15 Apr  1 16:32 dovecot.sieve -> roundcube.sieve
-rw------- 1 vmail vmail  503 Apr  3 10:29 dovecot.svbin
-rw------- 1 vmail vmail  283 Dec  7 09:12 managesieve.sieve
-rw------- 1 vmail vmail  848 Apr  3 10:13 roundcube.sieve
drwx------ 2 vmail vmail 4096 Apr  3 10:13 tmp

EDIT: just tried telnetting port 4190, output looks normal as below

root@tay ~ # telnet localhost 4190
Trying ::1...
telnet: connect to address ::1: Connection refused
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "Dovecot Pigeonhole"
"SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
"NOTIFY" "mailto"
"SASL" "PLAIN PLAIN LOGIN"
"STARTTLS"
"VERSION" "1.0"
OK "Dovecot ready."

4

Re: Unable to connect to managesieve server

Also, from the roundcube sieve log:

[15-May-2013 16:30:36 +0100]: S: "IMPLEMENTATION" "Dovecot Pigeonhole"
[15-May-2013 16:30:36 +0100]: S: "SIEVE" "fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave"
[15-May-2013 16:30:36 +0100]: S: "NOTIFY" "mailto"
[15-May-2013 16:30:36 +0100]: S: "SASL" "PLAIN PLAIN LOGIN"
[15-May-2013 16:30:36 +0100]: S: "STARTTLS"
[15-May-2013 16:30:36 +0100]: S: "VERSION" "1.0"
[15-May-2013 16:30:36 +0100]: S: OK "Dovecot ready."
[15-May-2013 16:31:49 +0100]: S:
[15-May-2013 16:31:49 +0100]: C: LOGOUT
[15-May-2013 16:31:49 +0100]: S:

To me this looks like the plugin is not even attempting to auth?

5

Re: Unable to connect to managesieve server

For any others that might have this issue in the future...

The problem seems to be that Dovecot Pigeonhole is sending the blank line after OK "Dovecot ready."

I edited the roundcube managesieve code as follows and the problem went away:

--- a/plugins/managesieve/lib/Net/Sieve.php
+++ b/plugins/managesieve/lib/Net/Sieve.php
@@ -997,9 +997,9 @@ class Net_Sieve
         $lastline = rtrim($lastline);
         $this->_debug("S: $lastline");

-        if ($lastline === '') {
-            return PEAR::raiseError('Failed to read from socket');
-        }
+        //if ($lastline === '') {
+        //    return PEAR::raiseError('Failed to read from socket');
+        //}

         return $lastline;
     }

Obviously this isn't an ideal solution but it works.

6

Re: Unable to connect to managesieve server

But there's no difference in your code, did you paste the modified one?

7

Re: Unable to connect to managesieve server

ZhangHuangbin wrote:

But there's no difference in your code, did you paste the modified one?

Yeah I've just commented out those three lines which check for an empty string  sent by the manage sieve server.

8

Re: Unable to connect to managesieve server

Oh, sorry about my mistake. sad

9 (edited by n3ph 2013-09-11 01:14:56)

Re: Unable to connect to managesieve server

Sorry for hijacking this thread - But is anyone able to connect to the managesieve service from public side?

I have running iRedMail 0.8.4 and telnet on localhost 4190 works properly.. But if i try to connect from client-side the service is simply not answering the requests.. I don't find anything which could potentially restrict the connections to localhost - except the listen-options of managesieve - but its already listening on 0.0.0.0:4190..


Does anyone successfully connect to the managesieve service to use sieve-plugins for various mailclients?

10

Re: Unable to connect to managesieve server

sorry for the noise...

http://www.iredmail.org/forum/topic5404 … erver.html