From reinhard.proessler at uni-hamburg.de Mon Mar 14 07:49:23 2022 From: reinhard.proessler at uni-hamburg.de (=?iso-8859-1?Q?Pr=F6=DFler=2C_Reinhard?=) Date: Mon, 14 Mar 2022 07:49:23 +0000 Subject: [ingo] Was: TLS & Managesieve & dovecot Now: Solved Message-ID: Dear colleagues My problem was solved: The INGO configuration was set to "localhost", which has no certificate. After setting it to "hostname -f" the correct certificate was found and the managesieve part works fine. Mit freundlichem Gruß Reinhard Prößler Universitaet Hamburg Regionales Rechenzentrum Basis Infrastruktur (BIN) Schlueterstrasse 70 D-20146 Hamburg Tel: +4940 42838 7121 -----Ursprüngliche Nachricht----- Von: ingo Im Auftrag von Prößler, Reinhard Gesendet: Donnerstag, 10. März 2022 10:09 An: ingo at lists.horde.org Betreff: **SPAM** [ingo] TLS & Managesieve & dovecot Dear colleagues Currently I setup a Horde Groupware system on SuSE SLES 15.3 and OpenSuse 15.3, Horde Groupware is installed via PEAR. All works fine, Mail goes in and out, TLS Imap is ok. Even Horde Ingo with connection to Dovecot managesieve works fine. With Plain authentication and without TLS. If I enable TLS in ingo/config/backend.local.php: // Hostname of the timsieved server 'hostspec' => 'localhost', // Login type of the server 'logintype' => 'PLAIN', // Enable/disable TLS encryption 'usetls' => true, // Port number of the timsieved server 'port' => 4190, // Name of the sieve script 'scriptname' => 'ingo', // Enable debugging. The sieve protocol communication is // logged with the DEBUG level. 'debug' => true, Then it fails and I get an error: ### ar 10 10:03:52 s0 HORDE[14191]: [ingo] PHP ERROR: stream_socket_enable_crypto(): SSL operation failed with code 1. OpenSSL Error messages: Mar 10 10:03:52 s0 HORDE[14191]: error:1416F086:SSL routines:tls_process_server_certificate:certificate verify failed [pid 14191 on line 1404 of "/usr/share/php7/PEAR/Net/Sieve.php"] Mar 10 10:03:52 s0 dovecot[15382]: managesieve-login: Disconnected: Connection closed: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48 (no auth attempts in 0 secs): user=<>, rip=::1, lip=::1, TLS handshaking: SSL_accept() failed: error:14094418:SSL routines:ssl3_read_bytes:tlsv1 alert unknown ca: SSL alert number 48, session=<2pFBftnZ1OAAAAAAAAAAAAAAAAAAAAAB> Mar 10 10:03:52 s0 dovecot[15382]: imap-login: Login: user=dbhorde at uni-hamburg.de , method=PLAIN, rip=::1, lip=::1, mpid=17068, TLS, session= ### Just for information: Thunderbird (latest) maintains the Sieve scripts with TLS, no problems. I thing the problem must be on Horde/Ingo/Managesieve/Net_Sieve side? Suggestions and help is Welcome Mit freundlichem Gruß Reinhard Prößler Universitaet Hamburg Regionales Rechenzentrum Basis Infrastruktur (BIN) Schlueterstrasse 70 D-20146 Hamburg Tel: +4940 42838 7121 -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 6917 bytes Desc: not available URL: