A couple of users tried to activate the autoresponder from Thunderbird as usual when holidays comes …
It had worked fine until this summer. Now it seems not to works.
I suppose this is a TB problem (plug-in ManageSieve), but tried with the TB independent version (not very different from the plug-in),
It can’t authenticate.
Anyone have already seen this problem and found some workaround?
In the maillog I have:
Dec 23 18:28:01 posta dovecot: managesieve-login: Aborted login (auth failed, 1 attempts in 85 secs): user=, method=PLAIN, rip=192.168.2.135, lip=192.168.2.250, TLS, session=<MBZP/iS308PAqAKH>
Dec 23 18:28:12 posta rspamd[1332]: ; lua; bayes_expiry.lua:440: finished expiry step 14: 989 items checked, 241 significant (0 made persistent), 0 insignificant (0 ttls set), 0 common (0 discriminated), 748 infrequent (0 ttls set), 64 mean, 210 std
Dec 23 18:28:25 posta dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.2.135, lip=192.168.2.250, TLS: SSL_read() failed: error:14094412:SSL routines:ssl3_read_bytes
:sslv3 alert bad certificate: SSL alert number 42, session=
Dec 23 18:28:34 posta dovecot: managesieve-login: Disconnected (no auth attempts in 0 secs): user=<>, rip=192.168.2.135, lip=192.168.2.250, TLS: SSL_read() failed: error:14094412:SSL routines:ssl3_read_bytes:sslv3 alert bad certificate: SSL alert number 42, session=
As a workaround, you can use Roundcube to activate / create / manage Sieve Mail rules.
Roundcube can read all sieve mail rules (on the server!) and use them.
Roundcube can be installed independently from Webtop / Sogo / Nextcloud.
Use Stephdl’s module from here to get the newer GUI:
Yes. This solves the problem.
Not a end-user solution, but clearly demontrates that recent TB updates broken the plug-in and probably the author haven’t yet fixed it (or found a more elegant workaroud).
I can confirm the issue and the working workaround posted by @dnutan
You may use a letsencrypt cert. It’s possible for internal servers too with acme-dns.
This way you get a valid cert so there’s no work with the client TB profiles.
After the “emergency solution” used in the holidays period I am now reconsidering the problem attempting to solve it with a “more practical” solution.
I am trying to implement the acme-dns trick, but I noticied a firts problem: if my internal server doesn’t have a RED Public IP and the capability to give a public access to any service, this way can’t be a valid solution.
Am I missing something?
Is there a solution that doesn’t require a public accessible service from the LAN?
I think it’s not necessary to open the services to the public:
Note that, in this configuration, anyone on the Internet can access the API of your acme-dns instance. If the other hosts that might be using it are on your LAN, you might want to change the access property above to just green rather than red,green.
This box specific configuration is already configured as GREEN only interface.
It doesn’t use a DNS provider supported by certbot so still I can’t see a simple way to obtain an LE certificate.
I had read the wiki/docs, but haven’t found useful hints
