Description: ------------ I forward a problem found in Horde Ingo, which is caused by Net_Sieve: http://bugs.horde.org/ticket/6338 In comment #4 is a patch that solved the problem for me.

Does this patch work for you? diff -u -3 -p -u -r1.16 Sieve.php --- Sieve.php 22 Dec 2006 20:40:15 -0000 1.16 +++ Sieve.php 26 Jun 2008 03:39:22 -0000 @@ -373,6 +373,13 @@ class Net_Sieve if (PEAR::isError($res = $this->_startTLS())) { return $res; } + // The RFC Section 2.2 says we need to request the capabilities again + if(PEAR::isError($res = $this->_cmdCapability() )) { + $msg='Failed to connect, server said: ' . $res->getMessage(); + $code=2; + return $this->_raiseError($msg,$code); + } + $this->_parseCapability($res); } }

No

I've attached another patch to the bug report. Try it out. I actually tested this against my Cyrus Sieve server and it works with that.

Still no :-( I have Cyrus 2.3.12pre2 running and found the following in the Changelogs Changes to the Cyrus IMAP Server since 2.3.10 * timsieved now automatically sends CAPABILITY response after STARTTLS. This code was reintroduced after being mistakenly removed as part of bug #1338.

The link to the Bug was added by the system and is missleading the correct link to the bug is https://bugzilla.andrew.cmu.edu/show_bug.cgi?id=1338

Run a session with debugging enabled using the "Capability-Fix" patch. I need to see what is going on.

I would like to help debugging the problem. Where do I enable debugging, and where do i find the output?

It's the last argument to connect() it will just dump to the screen.

Following are the Debug Outputs from the Original Net_Sieve 1.1.6, the Capability-Fix and the patch from the Horde Bugtracker. PS.: What is wrong with the patch from the Horde Bugtracker? It is working for me. Net_Sieve 1.1.6 Orig ------------------------------ S:"IMPLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "c omparator-i;ascii-numeric fileinto reject vacation imapflags notify include enve lope body relational regex subaddress copy" S:"STARTTLS" S:OK C:CAPABILITY S:"IM PLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "compar ator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S:"STARTTLS" S:OK C:STARTTLS S:OK "Begin TLS negotiation now" STARTTLS Negotiation Successful C:CAPABILITY S:"IMPLEMENTAT ION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "comparator-i;as cii-numeric fileinto reject vacation imapflags notify include envelope body rela tional regex subaddress copy" S:OK C:AUTHENTICATE "LOGIN" C:"enJzdGVzNA==" S:"IM PLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "compar ator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S:OK C:"Z2FiaV80" S:{12} S:VXNlcm5hbWU6 S :{12} S:UGFzc3dvcmQ6 C:LISTSCRIPTS S:OK Net_Sieve 1.1.6 with Capability-Fix patch -------------------------- S:"IMPLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "c omparator-i;ascii-numeric fileinto reject vacation imapflags notify include enve lope body relational regex subaddress copy" S:"STARTTLS" S:OK C:CAPABILITY S:"IM PLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "compar ator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S:"STARTTLS" S:OK C:STARTTLS S:OK "Begin TLS negotiation now" STARTTLS Negotiation Successful C:CAPABILITY S:"IMPLEMENTAT ION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "comparator-i;as cii-numeric fileinto reject vacation imapflags notify include envelope body rela tional regex subaddress copy" S:OK C:AUTHENTICATE "LOGIN" C:"enJzdGVzNA==" S:"IM PLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "compar ator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S:OK C:"Z2FiaV80" S:{12} S:VXNlcm5hbWU6 S :{12} S:UGFzc3dvcmQ6 C:LISTSCRIPTS S:OK Net_Sieve 1.1.6 with patch from Horde bugtracker -------------------------- S:"IMPLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "c omparator-i;ascii-numeric fileinto reject vacation imapflags notify include enve lope body relational regex subaddress copy" S:"STARTTLS" S:OK C:CAPABILITY S:"IM PLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "compar ator-i;ascii-numeric fileinto reject vacation imapflags notify include envelope body relational regex subaddress copy" S:"STARTTLS" S:OK C:STARTTLS S:OK "Begin TLS negotiation now" STARTTLS Negotiation Successful C:CAPABILITY S:"IMPLEMENTAT ION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "comparator-i;as cii-numeric fileinto reject vacation imapflags notify include envelope body rela tional regex subaddress copy" S:OK S:"IMPLEMENTATION" "Cyrus timsieved v2.3.12" S:"SASL" "PLAIN LOGIN" S:"SIEVE" "comparator-i;ascii-numeric fileinto reject vac ation imapflags notify include envelope body relational regex subaddress copy" S :OK C:AUTHENTICATE "LOGIN" C:"enJzdGVzNA==" S:{12} S:VXNlcm5hbWU6 C:"Z2FiaV80" S :{12} S:UGFzc3dvcmQ6 S:OK C:LISTSCRIPTS S:"ingo" ACTIVE S:OK C:GETSCRIPT "ingo" S:{368} S:# Sieve Filter # Erzeugt von Ingo (http://www.horde.org/ingo/) (June 2 0, 2008, 8:53 am) require "fileinto"; # Sicher Spam if header :comparator "i;asc ii-casemap" :contains "X-Spam-Level" "**********" { discard; stop; } # Vermutlic h Spam if header :comparator "i;ascii-casemap" :contains "X-Spam-Level" "*****" { fileinto "Mail/v-spam"; stop; } S:OK

The problem is that the managesieve spec changed. And cyrus imapd 2.3.12p2 tracked that change, not in a very good way. So ideally, there'd be a way to configure or automatically decide how the server is expected to behave. I'm preparing a patch for cyrus which will make this behavior configurable as well.

I hit the same problem and managed to resolve it in the same way as Horde guys did. The attached patch is wrong in the sense, that you do not need to do $this->_cmdCapability() after stream_socket_enable_crypto(), you just need to read (and parse) the capabilities. The flow is like this: Net_Sieve sends STARTTLS Server responds with OK, Start TLS authentication now Net_Sieve calls stream_socket_enable_crypto Server responds with capabilities So, I would say that the Horde patch is good. I did however not test this with Sieve servers, that do not respond with capabilities...

--- Sieve.old 2009-03-13 18:45:29.000000000 +0100 +++ Sieve.php 2009-04-01 08:37:29.544409744 +0200 @@ -1128,8 +1128,18 @@ if($this->_debug === true) { echo "STARTTLS Negotiation Successful\n"; } + + // skip capability strings received after STARTTLS + // wait for OK "TLS negotiation successful." + if(PEAR::isError($ret = $this->_doCmd() )) { + $msg='Failed to establish TLS connection, server said: ' . $res->getMessage(); + $code=2; + return $this->_raiseError($msg,$code); + } // RFC says we need to query the server capabilities again + // @TODO: don't call for capabilities if they are returned + // in tls negotiation result above if(PEAR::isError($res = $this->_cmdCapability() )) { $msg='Failed to connect, server said: ' . $res->getMessage(); $code=2;

Thank you for your bug report. This issue has been fixed in the latest released version of the package, which you can download at http://pear.php.net/get/

Hi. I'm using Net_Sieve via the managesieve plugin for the RoundCube PHP IMAP client. It seems the recent change of a call to _doCmd() has broken my setup which uses Cyrus 2.2.13 as packaged in Debian. Current behaviour now appears to consist of blocking at the call to _doCmd(). It would be nice if both behaviours could be supported as it looks like there's been an awful lot of confusion about what it's actually meant to be.

Are you saying that the doCmd call does not return on your system?

I just wanted to add a comment for completeness. Net_Sieve is not at fault here. The full story is here: http://lists.roundcube.net/mail-archive/dev/2009-09/0000141.html