Cyrus IMAP Sieve client with StartTLS: Connection reset by peer

Evgeniy Arbatov arbatovevgeniy at
Mon May 31 09:09:56 EDT 2010


I am trying to write a Sieve client that would support StartTLS (since
the default sieveshell does not have the StartTLS option). I got the
plain text version of my code to work. However, the StartTLS version
is not working, although, I am sending the identical commands with and
without the encryption.

For the reference, the plain text Sieve client in Python is:

        conn.send('AUTHENTICATE "PLAIN" {' + str(len(user)) + "+}" +
'\x0d\x0a'+ user + '\x0d\x0a'); re = conn.recv(1024)
        conn.send('PUTSCRIPT "sieve" {' + str(len(scriptFile))+ '+}\x0d\x0a')
        conn.send(scriptFile + "\n"); re = conn.recv(1024)
        conn.send('SETACTIVE "sieve"\x0d\x0a'); re = conn.recv(1024)

The same thing using SSL:

        conn.send('STARTTLS\n'); print conn.recv(1024),
        sslConn = ssl.wrap_socket(conn)

        sslConn.write('AUTHENTICATE "PLAIN" {' + str(len(user)) + "+}"
+ '\x0d\x0a'+ user + '\x0d\x0a')
        sslConn.write(user+"\n"); re =

        sslConn.write('PUTSCRIPT "sieve" {' + str(len(scriptFile))+
        sslConn.write(scriptFile + '\x0d\x0a'); re =
(1)        sslConn.write('SETACTIVE "sieve"\x0d\x0a'); re =

After the command in (1) the SSL connection fails returning either:

Traceback (most recent call last):
  File "./", line 94, in <module>
    sslConn.write('SETACTIVE "sieve"\x0d\x0a'); re =
  File "/usr/lib/python2.6/", line 136, in read
socket.error: [Errno 104] Connection reset by peer

Or an empty string in 're'.

The Cyrus IMAP 2.3.14 logs for Sieve client with SSL contain:

  sieve[26244]: canonified arbatove -> arbatove
  sieve[26244]: login: host[] arbatove PLAIN+TLS User logged in
  sieve[26244]: Lost connection to client -- exiting
  master[28419]: process 26244 exited, status 0

If you want to see the whole client code, I put it here

Can you please help me to find the problem?

Thank you very much!


PS: Earlier I was trying to use Perl's Net::Sieve with TLS. There
StartTLS also failed without a good reason

More information about the Info-cyrus mailing list