STARTTLS encryption on managesieve cannot be enabled anymore

[fgaz]

24101d6 (#45) enabled SSL by default on managesieve (port 4190), but as far as I understand no plaintext alternative port is provided, so STARTTLS is not possible.

Since the managesieve spec does not define a SSL port, some managesieve clients (claws mail and sieve-connect for example) only support STARTTLS, and have no way to connect to the nixcloud-webservices' managesieve server (unless encryption is disabled altogether with enableTLS = false;).

[qknight]

probably everyone uses TLS by default i'd imagine. what do you propose?

[fgaz]

probably everyone uses TLS by default i'd imagine

I don't think so. For example, iRedMail seems to expose an unencrypted (well, until the client does a STARTTLS (and most clients enforce it)) managesieve:

https://docs.iredmail.org/network.ports.html

And so does mailinabox:

https://mailinabox.email/static/architecture.svg

Also every client I tried only supports STARTTLS, but I didn't try many. Do you use one that supports TLS?

Finally, the RFC only mentions STARTTLS (contrary to the SMTP and IMAP ones):

https://tools.ietf.org/html/rfc5804#section-2.2

what do you propose?

Maybe a managesieveEncryptionMethod flag that can be "STARTTLS" or "TLS" (or "none") and defaults to "STARTTLS". Also two separate ports like it's done for IMAP/SMTP are ok, but the RFC does not specify a standard port for managesieve over TLS

[qknight]

with TLS i also meant STARTTLS but now i notice the difference. would you want to create a PR for this?

[fgaz]

Sure, just assign the issue to me so I don't forget it. I'm rather busy atm, so this will have to wait a bit.