Re: Trying to do antispam with Sieve
For the archives: after reading
https://www.dovecot.org/list/dovecot/2017-February/107039.html I found &
fixed the issue, it appears I *must* use the inbox prefix, hence the
configuration should be:
plugin {
sieve_plugins = sieve_imapsieve sieve_extprograms
imapsieve_mailbox1_name = INBOX.Spam
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_before =
file:/usr/lib64/dovecot/sieve/report-spam.sieve
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = INBOX.Spam
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_before =
file:/usr/lib64/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib64/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
Perhaps worth adding a note to
https://wiki.dovecot.org/HowTo/AntispamWithSieve for this case?
--
Adi Pircalabu
On 2018-11-14 15:08, Adi Pircalabu wrote:
On 2018-11-14 14:25, Adi Pircalabu wrote:
On 2018-11-14 13:51, Adi Pircalabu wrote:
On 2018-11-14 13:11, Adi Pircalabu wrote:
Hi,
Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to
execute scripts when moving to/from Spam folder, however nothing's
happening. The actions are:
1. Move to Spam: redirect :copy "spamcop_spam@domain.local";
2. Move from Spam: redirect :copy "spamcop_ham@domain.local";
[...]
/usr/lib64/dovecot/sieve/report-spam.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_spam@domain.local";
/usr/lib64/dovecot/sieve/report-ham.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_ham@domain.local";
More information after enabling mail_debug, in maillog I see:
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Mail set keywords
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX.Spam: FLAG event (changed
flags: Junk)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX: MOVE event
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
So imapsieve "sees" the configuration, then I went and enabled
debugging in the 2 sieve scripts which now read:
1. /usr/lib64/dovecot/sieve/report-spam.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve",
"vnd.dovecot.debug"];
debug_log "/var/tmp/report-spam.sieve.debug";
redirect :copy
Re: Trying to do antispam with Sieve
On 2018-11-14 14:25, Adi Pircalabu wrote:
On 2018-11-14 13:51, Adi Pircalabu wrote:
On 2018-11-14 13:11, Adi Pircalabu wrote:
Hi,
Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to
execute scripts when moving to/from Spam folder, however nothing's
happening. The actions are:
1. Move to Spam: redirect :copy "spamcop_spam@domain.local";
2. Move from Spam: redirect :copy "spamcop_ham@domain.local";
[...]
/usr/lib64/dovecot/sieve/report-spam.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_spam@domain.local";
/usr/lib64/dovecot/sieve/report-ham.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_ham@domain.local";
More information after enabling mail_debug, in maillog I see:
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Mail set keywords
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX.Spam: FLAG event (changed
flags: Junk)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX: MOVE event
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
So imapsieve "sees" the configuration, then I went and enabled
debugging in the 2 sieve scripts which now read:
1. /usr/lib64/dovecot/sieve/report-spam.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve",
"vnd.dovecot.debug"];
debug_log "/var/tmp/report-spam.sieve.debug";
redirect :copy "spamcop_spam@domain.local";
2. /usr/lib64/dovecot/sieve/report-ham.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve",
"vnd.dovecot.debug"];
debug_log "/var/tmp/report-ham.sieve.debug";
redirect :copy "spamcop_ham@domain.local";
Should I expect to see debugging in /var/tmp/report-ham.sieve.debug
and /var/tmp/report-spam.sieve.debug, respectively? The 2 files aren't
created, nothing in that directory.
BTW, getenforce=Disabled.
Tried with another set of ham/spam scripts that are supposed to log to
syslog. Now using:
1. log-ham.sieve which contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];
2.
Re: Trying to do antispam with Sieve
On 2018-11-14 13:51, Adi Pircalabu wrote:
On 2018-11-14 13:11, Adi Pircalabu wrote:
Hi,
Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to
execute scripts when moving to/from Spam folder, however nothing's
happening. The actions are:
1. Move to Spam: redirect :copy "spamcop_spam@domain.local";
2. Move from Spam: redirect :copy "spamcop_ham@domain.local";
[...]
/usr/lib64/dovecot/sieve/report-spam.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_spam@domain.local";
/usr/lib64/dovecot/sieve/report-ham.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_ham@domain.local";
More information after enabling mail_debug, in maillog I see:
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Mail set keywords
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX.Spam: FLAG event (changed
flags: Junk)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: Module loaded:
/usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: mailbox INBOX: MOVE event
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
initializing
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
currently not possible to include `:global' scripts.
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
version 0.4.16 (fed8554) loaded
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
from=`*' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local,
ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
from=`Spam' causes=(COPY) =>
before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
So imapsieve "sees" the configuration, then I went and enabled
debugging in the 2 sieve scripts which now read:
1. /usr/lib64/dovecot/sieve/report-spam.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve", "vnd.dovecot.debug"];
debug_log "/var/tmp/report-spam.sieve.debug";
redirect :copy "spamcop_spam@domain.local";
2. /usr/lib64/dovecot/sieve/report-ham.sieve
require ["vnd.dovecot.pipe", "copy", "imapsieve", "vnd.dovecot.debug"];
debug_log "/var/tmp/report-ham.sieve.debug";
redirect :copy "spamcop_ham@domain.local";
Should I expect to see debugging in /var/tmp/report-ham.sieve.debug
and /var/tmp/report-spam.sieve.debug, respectively? The 2 files aren't
created, nothing in that directory.
BTW, getenforce=Disabled.
Tried with another set of ham/spam scripts that are supposed to log to
syslog. Now using:
1. log-ham.sieve which contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
if environment :matches "imap.mailbox" "*" {
set "mailbox" "${1}";
}
if string "${mailbox}" "Trash" {
stop;
}
if environment :matches "imap.user" "*" {
set "username" "${1}";
}
pipe :copy "sa-learn-ham.sh" [ "${username}" ];
2. log-spam.sieve which contains:
require
Re: Trying to do antispam with Sieve
On 2018-11-14 13:11, Adi Pircalabu wrote: Hi, Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to execute scripts when moving to/from Spam folder, however nothing's happening. The actions are: 1. Move to Spam: redirect :copy "spamcop_spam@domain.local"; 2. Move from Spam: redirect :copy "spamcop_ham@domain.local"; [...] /usr/lib64/dovecot/sieve/report-spam.sieve contains: require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"]; redirect :copy "spamcop_spam@domain.local"; /usr/lib64/dovecot/sieve/report-ham.sieve contains: require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", "variables"]; redirect :copy "spamcop_ham@domain.local"; More information after enabling mail_debug, in maillog I see: Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: Module loaded: /usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: Mail set keywords Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: mailbox INBOX.Spam: FLAG event (changed flags: Junk) Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.16 (fed8554) loaded Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.4.16 (fed8554) loaded Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam' from=`*' causes=(COPY) => before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none) Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*' from=`Spam' causes=(COPY) => before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none) Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: Module loaded: /usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: mailbox INBOX: MOVE event Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.16 (fed8554) loaded Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.4.16 (fed8554) loaded Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam' from=`*' causes=(COPY) => before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none) Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1@adit1.local, ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*' from=`Spam' causes=(COPY) => before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none) So imapsieve "sees" the configuration, then I went and enabled debugging in the 2 sieve scripts which now read: 1. /usr/lib64/dovecot/sieve/report-spam.sieve require ["vnd.dovecot.pipe", "copy", "imapsieve", "vnd.dovecot.debug"]; debug_log "/var/tmp/report-spam.sieve.debug"; redirect :copy "spamcop_spam@domain.local"; 2. /usr/lib64/dovecot/sieve/report-ham.sieve require ["vnd.dovecot.pipe", "copy", "imapsieve", "vnd.dovecot.debug"]; debug_log "/var/tmp/report-ham.sieve.debug"; redirect :copy "spamcop_ham@domain.local"; Should I expect to see debugging in /var/tmp/report-ham.sieve.debug and /var/tmp/report-spam.sieve.debug, respectively? The 2 files aren't created, nothing in that directory. BTW, getenforce=Disabled. -- Adi Pircalabu
Trying to do antispam with Sieve
Hi,
Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to
execute scripts when moving to/from Spam folder, however nothing's
happening. The actions are:
1. Move to Spam: redirect :copy "spamcop_spam@domain.local";
2. Move from Spam: redirect :copy "spamcop_ham@domain.local";
Here's the configuration I'm working with:
doveconf: Warning: service anvil { client_limit=1000 } is lower than
required under max. load (1153)
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.14.80-6.el7xen.x86_64 x86_64 CentOS Linux release 7.5.1804
(Core) ext4
auth_mechanisms = plain login digest-md5 cram-md5 apop
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890&.-_@'
disable_plaintext_auth = no
first_valid_uid = 30
imap_client_workarounds = delay-newmail
imap_logout_format = rcvd=%i, sent=%o
mail_attribute_dict = file:/var/qmail/mailnames/%Ld/dovecot-attributes
mail_fsync = never
mail_home = /var/qmail/mailnames/%Ld/%Ln
mail_location = maildir:/var/qmail/mailnames/%Ld/%Ln/Maildir
mail_log_prefix = "service=%s, user=%u, ip=[%r]. "
mail_max_userip_connections = 100
mail_plugins = " quota"
mailbox_list_index = yes
maildir_very_dirty_syncs = yes
managesieve_logout_format = rcvd=%i, sent=%o
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext imapflags notify imapsieve
mmap_disable = yes
namespace {
hidden = no
list = children
location =
maildir:/var/qmail/mailnames/%Ld/%%Ln/Maildir:INDEXPVT=/var/qmail/mailnames/%Ld/%Ln/user/%%u/Maildir
prefix = Other Users.%%n.
separator = .
subscriptions = no
type = shared
}
namespace {
list = children
location =
maildir:/var/qmail/mailnames/%Ld/public/Maildir:INDEXPVT=/var/qmail/mailnames/%Ld/%Ln/public/Maildir
prefix = Public.
separator = .
subscriptions = no
type = public
}
namespace inbox {
inbox = yes
location =
mailbox Archives {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 90 days
special_use = \Junk
}
mailbox Templates {
auto = subscribe
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix = INBOX.
separator = .
type = private
}
passdb {
driver = plesk
}
plugin {
acl = vfile
acl_shared_dict = file:/var/qmail/mailnames/%Ld/shared-mailboxes
imapsieve_mailbox1_before =
file:/usr/lib64/dovecot/sieve/report-spam.sieve
imapsieve_mailbox1_causes = COPY
imapsieve_mailbox1_name = Spam
imapsieve_mailbox2_before =
file:/usr/lib64/dovecot/sieve/report-ham.sieve
imapsieve_mailbox2_causes = COPY
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_name = *
quota = maildir:User quota
quota_grace = 0
quota_warning = storage=95%% quota-warning 95 %u
quota_warning2 = storage=99%% quota-warning 99 %u
sieve = ~/.dovecot.sieve
sieve_after = /etc/dovecot/sieve/after
sieve_dir = ~/sieve
sieve_extensions = +notify +imapflags
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_pipe_bin_dir = /usr/lib64/dovecot/sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
}
pop3_client_workarounds = outlook-no-nuls oe-ns-eoh
pop3_logout_format = rcvd=%i, sent=%o, top=%t/%p, retr=%r/%b, del=%d/%m,
size=%s
protocols = imap pop3 sieve
service auth-worker {
group =
user =
}
service auth {
group =
unix_listener auth-userdb {
group = popuser
mode = 0600
user = popuser
}
user =
}
service imap-login {
process_limit = 850
service_count = 1
}
service imap {
process_limit = 700
service_count = 1
}
service pop3 {
process_limit = 700
service_count = 1
}
service quota-warning {
executable = script /usr/local/bin/mail-quota-warning.sh
group = popuser
unix_listener quota-warning {
group = popuser
user = popuser
}
user = popuser
}
ssl_cert = require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_spam@domain.local";
/usr/lib64/dovecot/sieve/report-ham.sieve contains:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment",
"variables"];
redirect :copy "spamcop_ham@domain.local";
I must be missing something obvious. Thanks,
--
Adi Pircalabu
Sync in the 'new' folder on the standby server
DOVEADM SYNC -U usern...@example.com TCP:10.10.1.125: Online server mail is in the cur directory, but the backup server mail is in the new directory
Re: dovecot lmtp thinks that "disk quota exceeded" is "internal error"
On 13/11/2018 21:07, Aki Tuomi wrote: > >> On 13 November 2018 at 22:06 Arkadiusz Miśkiewicz wrote: >> >> >> On 13/11/2018 15:54, Arkadiusz Miśkiewicz wrote: >>> >>> 2.2.36 (not migrated to 2.3 yet) reports such problem: >>> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk quota exceeded Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock: file_create_locked(/var/mail/xxx/mailboxes.lock) failed: safe_mkstemp(/var /mail/xxx/mailboxes.lock) failed: Disk quota exceeded Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, msgid=: save failed to open mailbox INBOX.Spam: Internal error occurred. Refer to server log for more informat ion. [2018-11-13 15:50:58] >>> >>> Looks a bug to me since disk exceeded is not a internal error. Shouldn't >>> lmtp return over quota info instead of error? >>> >> >> Just to confirm - dovecot 2.3.3 - the same behaviour, internal error >> >> -- >> Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) > > Are you using quota:fs? Yes. I remember there was some similar problem and solution/workaround was to keep CONTROL= files on non-quota parition. > Aki -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Re: dovecot lmtp thinks that "disk quota exceeded" is "internal error"
On 13/11/2018 21:07, Sami Ketola wrote: > > >> On 13 Nov 2018, at 21.06, Arkadiusz Miśkiewicz wrote: >> >> On 13/11/2018 15:54, Arkadiusz Miśkiewicz wrote: >>> >>> 2.2.36 (not migrated to 2.3 yet) reports such problem: >>> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk quota exceeded Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock: file_create_locked(/var/mail/xxx/mailboxes.lock) failed: safe_mkstemp(/var /mail/xxx/mailboxes.lock) failed: Disk quota exceeded Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, msgid=: save failed to open mailbox INBOX.Spam: Internal error occurred. Refer to server log for more informat ion. [2018-11-13 15:50:58] >>> >>> Looks a bug to me since disk exceeded is not a internal error. Shouldn't >>> lmtp return over quota info instead of error? >>> >> >> Just to confirm - dovecot 2.3.3 - the same behaviour, internal error > > Dovecot can't create the lock file and it's treated as internal error. Why do > you think that it should not be treated as such? Dovecot knows it's over quota error and can report that way. Just like it reports other over quota conditions. > Sami -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Re: execute sieve command - fails to notice script has exited
> On 13 November 2018 at 20:38 Lionel Elie Mamane wrote: > > > On Tue, Nov 13, 2018 at 07:10:47PM +0200, Aki Tuomi wrote: > > Did you look at the server logs as suggested by the logfile? > > Yes. The server log is in my first email, where I called it "dovecot > debug log". Sorry the information is over several emails. > > -- > Lionel The problem is in IO handling, I'm afraid. The way you wrote the script is a normal way how it won't work. You can't consume stdin like that in this situation, you probably want to do something like cat /dev/null Aki
Re: dovecot lmtp thinks that "disk quota exceeded" is "internal error"
> On 13 November 2018 at 22:06 Arkadiusz Miśkiewicz wrote: > > > On 13/11/2018 15:54, Arkadiusz Miśkiewicz wrote: > > > > 2.2.36 (not migrated to 2.3 yet) reports such problem: > > > >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, > >> Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk > >> quota exceeded > >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, > >> Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock: > >> file_create_locked(/var/mail/xxx/mailboxes.lock) failed: safe_mkstemp(/var > >> /mail/xxx/mailboxes.lock) failed: Disk quota exceeded > >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, > >> msgid=: save failed to open mailbox > >> INBOX.Spam: Internal error occurred. Refer to server log for more informat > >> ion. [2018-11-13 15:50:58] > > > > Looks a bug to me since disk exceeded is not a internal error. Shouldn't > > lmtp return over quota info instead of error? > > > > Just to confirm - dovecot 2.3.3 - the same behaviour, internal error > > -- > Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) Are you using quota:fs? Aki
Re: dovecot lmtp thinks that "disk quota exceeded" is "internal error"
On 13/11/2018 15:54, Arkadiusz Miśkiewicz wrote: > > 2.2.36 (not migrated to 2.3 yet) reports such problem: > >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, >> Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk quota >> exceeded >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, >> Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock: >> file_create_locked(/var/mail/xxx/mailboxes.lock) failed: safe_mkstemp(/var >> /mail/xxx/mailboxes.lock) failed: Disk quota exceeded >> Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, >> msgid=: save failed to open mailbox >> INBOX.Spam: Internal error occurred. Refer to server log for more informat >> ion. [2018-11-13 15:50:58] > > Looks a bug to me since disk exceeded is not a internal error. Shouldn't > lmtp return over quota info instead of error? > Just to confirm - dovecot 2.3.3 - the same behaviour, internal error -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Re: dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
On 13 November 2018 at 20:53 Arkadiusz Miśkiewicz < ar...@maven.pl> wrote: Hi. I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to dovecot 2.3.3 run with openssl 1.1.1. Currently I have both variants running with identical configs and certs (the only differences are due to config syntax changes in dovecot 2.3), so for example on both I have: ssl_ca = (this file contains single intermediate certificate of my CA) ssl_cert = (this contains single cerificate for my *.example.com domain) ssl_key = # hidden, use -P to show it (and one key) No alt certs in use. Chain is: - CA trusted by clients (this certificate isn't provided by my dovecot, it's not needed) - wildcard_ca.pem - intermediate CA - wildcard_crt.pem - wildcard certificate for my *.example.com domain dovecot 2.2.36 behaviour is to provide wildcard_ca.pem and wildcard_crt.pem to the client - that behaviour is OK. Client has full trust chain. dovecot 2.3.3 provides only wildcard_crt.pem certificate to the client which is a big problem because missing wildcard_ca.pem (intermediate certificate) breaks chain and client is not able to verify trust chain. Testing is done with simple: openssl s_client -connect my.example.com:143 -starttls imap -servername my.example.com -showcerts 2.3.x announcements and upgrade wiki mention no such behaviour change, so I assume it is a regression. Now doing cat wildcard_ca.pem >> wildcard_crt.pem solves the problem and dovecot starts providing both certs to clients but if that's the proper way of solving this issue then what's the point of having ssl_ca config setting? Ideas? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org ) Including ssl_ca with cert is not actually a good idea, but perhaps this should indeed be mentioned in the upgrading page. Not a regression in any case. --- Aki Tuomi
dovecot 2.2/openssl 1.0 vs dovecot 2.3/openssl 1.1.1 ssl regression
Hi. I'm considering dovecot migration from 2.2.36 run with openssl 1.0.2o to dovecot 2.3.3 run with openssl 1.1.1. Currently I have both variants running with identical configs and certs (the only differences are due to config syntax changes in dovecot 2.3), so for example on both I have: ssl_ca = > wildcard_crt.pem solves the problem and dovecot starts providing both certs to clients but if that's the proper way of solving this issue then what's the point of having ssl_ca config setting? Ideas? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Re: execute sieve command - fails to notice script has exited
On Tue, Nov 13, 2018 at 07:10:47PM +0200, Aki Tuomi wrote: > Did you look at the server logs as suggested by the logfile? Yes. The server log is in my first email, where I called it "dovecot debug log". Sorry the information is over several emails. -- Lionel
Re: execute sieve command - fails to notice script has exited
I found a work-around. I added an :output option to the execute
command, and then it works like a charm.
I've run the whole dovecot-lda under strace (without the :output
option, when it shows the problem):
6410 stat("/usr/local/lib/dovecot/sieve-execute/foofilter",
{st_mode=S_IFREG|0755, st_size=57, ...}) = 0
6410 rt_sigaction(SIGCHLD, {sa_handler=0x7f65d5bdd010, sa_mask=[],
sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65d57c3060}, NULL,
8) = 0
6410 epoll_ctl(6, EPOLL_CTL_DEL, 4, 0x7ffe88f53b2c) = 0
6410 epoll_create(128) = 10
6410 fcntl(10, F_GETFD)= 0
6410 fcntl(10, F_SETFD, FD_CLOEXEC)= 0
6410 epoll_ctl(10, EPOLL_CTL_ADD, 4, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP,
{u32=2603604112, u64=94543423723664}}) = 0
6410 pipe([11, 12])= 0
6410 clone(child_stack=NULL,
flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD,
child_tidptr=0x7f65d65a84d0) = 6411
6410 close(11) = 0
6410 fcntl(12, F_GETFL
6411 close(12
6410 <... fcntl resumed> ) = 0x1 (flags O_WRONLY)
6411 <... close resumed> ) = 0
6410 fcntl(12, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
6411 geteuid() = 1000
6410 lseek(12, 0, SEEK_CUR
6411 getuid(
6410 <... lseek resumed> ) = -1 ESPIPE (Illegal seek)
6411 <... getuid resumed> )= 1000
6410 getsockname(12,
6411 getgid(
6410 <... getsockname resumed> 0x7ffe88f53a40, [28]) = -1 ENOTSOCK (Socket
operation on non-socket)
6411 <... getgid resumed> )= 1000
6411 getegid() = 1000
6411 setuid(1000
6410 write(12, "Return-path:
6411 <... setuid resumed> )= 0
6410 <... write resumed> ) = 706
6411 setuid(0
6410 read(0,
6411 <... setuid resumed> )= -1 EPERM (Operation not permitted)
6410 <... read resumed> "", 3408) = 0
6411 getgid() = 1000
6410 close(12
6411 getegid(
6410 <... close resumed> ) = 0
6411 <... getegid resumed> ) = 1000
6410 wait4(6411,
6411 setgid(0
6410 <... wait4 resumed> 0x55fc9b30efe4, WNOHANG, NULL) = 0
6411 <... setgid resumed> )= -1 EPERM (Operation not permitted)
6410 epoll_wait(10,
(insert here the execution of the script as process 6411)
6411 exit_group(1) = ?
6411 +++ exited with 1 +++
6410 <... epoll_wait resumed> [], 1, 30) = 0
6410 kill(6411, SIGTERM) = 0
6410 epoll_wait(10, [], 1, 5000) = 0
6410 kill(6411, SIGKILL) = 0
6410 wait4(6411, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6411
6410 epoll_ctl(10, EPOLL_CTL_DEL, 4, 0x7ffe88f53b2c) = 0
6410 epoll_ctl(6, EPOLL_CTL_ADD, 4, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP,
{u32=2603424576, u64=94543423544128}}) = 0
6410 close(10) = 0
then it does the delivery into the test-spam mailbox.
You see that dovecot-lda doesn't do a waitpid()/wait4() on the script
(child process) before starting to kill it.
On Tue, Nov 13, 2018 at 05:52:27PM +0100, Lionel Elie Mamane wrote:
> And the Sieve script:
>
> --- start sieve script -
> require ["vnd.dovecot.execute", "fileinto", "mailbox", "vnd.dovecot.debug"];
>
> debug_log "about to execute";
> if not execute :pipe "foofilter" {
> debug_log "if condition fulfilled";
> fileinto :create "test-spam";
> debug_log "about to stop";
> stop;
> }
> debug_log "after execute";
> --- end sieve script -
>
> The user's sieve log looks like:
>
> sieve: info: started log at Nov 13 16:56:32.
> test-foofilter: line 3: info: DEBUG: about to execute.
> test-foofilter: line 4: error: execute action: failed to execute to program
> `foofilter': refer to server log for more information. [2018-11-13 16:59:57].
> test-foofilter: line 5: info: DEBUG: if condition fulfilled.
> test-foofilter: line 7: info: DEBUG: about to stop.
> info: msgid=<20181113155632.k6pybm45sdwwp...@blitz.conuropsis.org>: stored
> mail into mailbox 'test-spam'.
>
>
> On Tue, Nov 13, 2018 at 05:00:21PM +0100, Lionel Elie Mamane wrote:
> > Hi,
> >
> > Running dovecot 2.2.27 (c0f36b0) on Debian GNU/Linux stable (version
> > 9.6), I'm trying to use the execute command in a sieve script, with
> > direct execution (not service socket).
> >
> > The script is executed, and returns (the process exits), but the
> > dovecot-lda process seems to not notice, and thinks the script did not
> > terminate. After sieve_execute_exec_timeout has passed, it sends a
> > TERM, a bit later a KILL and then logs a failure.
> >
> > The "ps -Af f" looks like:
> > S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> > S 0:00 \_ /usr/lib/dovecot/dovecot-lda -f
> > mas...@blitz.conuropsis.org
> > Z 0:00 | \_ [foofilter]
> > S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> >
> > The dovecot debug log looks like:
> >
> > lda(user): Debug: Loading modules from
Re: execute sieve command - fails to notice script has exited
Did you look at the server logs as suggested by the logfile?
Aki
> On 13 November 2018 at 18:52 Lionel Elie Mamane wrote:
>
>
> And the Sieve script:
>
> --- start sieve script -
> require ["vnd.dovecot.execute", "fileinto", "mailbox", "vnd.dovecot.debug"];
>
> debug_log "about to execute";
> if not execute :pipe "foofilter" {
> debug_log "if condition fulfilled";
> fileinto :create "test-spam";
> debug_log "about to stop";
> stop;
> }
> debug_log "after execute";
> --- end sieve script -
>
> The user's sieve log looks like:
>
> sieve: info: started log at Nov 13 16:56:32.
> test-foofilter: line 3: info: DEBUG: about to execute.
> test-foofilter: line 4: error: execute action: failed to execute to program
> `foofilter': refer to server log for more information. [2018-11-13 16:59:57].
> test-foofilter: line 5: info: DEBUG: if condition fulfilled.
> test-foofilter: line 7: info: DEBUG: about to stop.
> info: msgid=<20181113155632.k6pybm45sdwwp...@blitz.conuropsis.org>: stored
> mail into mailbox 'test-spam'.
>
>
> On Tue, Nov 13, 2018 at 05:00:21PM +0100, Lionel Elie Mamane wrote:
> > Hi,
> >
> > Running dovecot 2.2.27 (c0f36b0) on Debian GNU/Linux stable (version
> > 9.6), I'm trying to use the execute command in a sieve script, with
> > direct execution (not service socket).
> >
> > The script is executed, and returns (the process exits), but the
> > dovecot-lda process seems to not notice, and thinks the script did not
> > terminate. After sieve_execute_exec_timeout has passed, it sends a
> > TERM, a bit later a KILL and then logs a failure.
> >
> > The "ps -Af f" looks like:
> > S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> > S 0:00 \_ /usr/lib/dovecot/dovecot-lda -f
> > mas...@blitz.conuropsis.org
> > Z 0:00 | \_ [foofilter]
> > S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> >
> > The dovecot debug log looks like:
> >
> > lda(user): Debug: Loading modules from directory: /usr/lib/dovecot/modules
> > lda(user): Debug: Module loaded:
> > /usr/lib/dovecot/modules/lib90_sieve_plugin.so
> > lda(user): Debug: Effective uid=1000, gid=1000, home=/home/user
> > lda(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=,
> > control=, inbox=/home/user/Maildir, alt=
> > lda(user): Debug: userdb lookup skipped, username taken from USER
> > environment
> > lda(user): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt=
> > lda(user): Debug: Destination address: u...@blitz.conuropsis.org (source:
> > user@hostname)
> > lda(user): Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing
> > lda(user): Debug: sieve: include: sieve_global is not set; it is currently
> > not possible to include `:global' scripts.
> > lda(user): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
> > 0.4.16 (fed8554) loaded
> > lda(user): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version
> > 0.4.16 (fed8554) loaded
> > lda(user): Debug: sieve: file storage: Using active Sieve script path:
> > /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: file storage: Using script storage path:
> > /home/user/sieve
> > lda(user): Debug: sieve: file storage: Relative path to sieve storage in
> > active link: sieve/
> > lda(user): Debug: sieve: file storage: Using Sieve script path:
> > /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: file script: Opened script `test-foofilter' from
> > `/data/home/user/.dovecot.sieve'
> > lda(user): Debug: sieve: Using the following location for user's Sieve
> > script: /data/home/user/.dovecot.sieve
> > lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: header
> > Message-ID (Cache file is unusable)
> > lda(user): Debug: sieve: Opening script 1 of 1 from
> > `/data/home/user/.dovecot.sieve'
> > lda(user): Debug: sieve: Loading script /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: Script binary /data/home/user/.dovecot.svbin
> > successfully loaded
> > lda(user): Debug: sieve: binary save: not saving binary
> > /data/home/user/.dovecot.svbin, because it is already stored
> > lda(user): Debug: sieve: Executing script from
> > `/data/home/user/.dovecot.svbin'
> > lda(user): Debug: sieve: action execute: running program: foofilter
> > lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream
> > lda(user): Debug: waiting for program
> > `/usr/local/lib/dovecot/sieve-execute/foofilter' to finish after 0 msecs
> > lda(user): Debug: program
> > `/usr/local/lib/dovecot/sieve-execute/foofilter'(24669) execution timed out
> > after 2000 milliseconds: sending TERM signal
> > lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter'
> > (24669) did not die after 5000 milliseconds: sending KILL signal
> >
> >
> > and an strace on the dovecot-lda process shows it is in an
> > "epoll_wait(9 ".
> >
> > The script is very simple:
> >
> > #! /bin/sh
> >
> > cat > /dev/null
> > exit 1
> >
>
Re: execute sieve command - fails to notice script has exited
And the Sieve script:
--- start sieve script -
require ["vnd.dovecot.execute", "fileinto", "mailbox", "vnd.dovecot.debug"];
debug_log "about to execute";
if not execute :pipe "foofilter" {
debug_log "if condition fulfilled";
fileinto :create "test-spam";
debug_log "about to stop";
stop;
}
debug_log "after execute";
--- end sieve script -
The user's sieve log looks like:
sieve: info: started log at Nov 13 16:56:32.
test-foofilter: line 3: info: DEBUG: about to execute.
test-foofilter: line 4: error: execute action: failed to execute to program
`foofilter': refer to server log for more information. [2018-11-13 16:59:57].
test-foofilter: line 5: info: DEBUG: if condition fulfilled.
test-foofilter: line 7: info: DEBUG: about to stop.
info: msgid=<20181113155632.k6pybm45sdwwp...@blitz.conuropsis.org>: stored mail
into mailbox 'test-spam'.
On Tue, Nov 13, 2018 at 05:00:21PM +0100, Lionel Elie Mamane wrote:
> Hi,
>
> Running dovecot 2.2.27 (c0f36b0) on Debian GNU/Linux stable (version
> 9.6), I'm trying to use the execute command in a sieve script, with
> direct execution (not service socket).
>
> The script is executed, and returns (the process exits), but the
> dovecot-lda process seems to not notice, and thinks the script did not
> terminate. After sieve_execute_exec_timeout has passed, it sends a
> TERM, a bit later a KILL and then logs a failure.
>
> The "ps -Af f" looks like:
> S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> S 0:00 \_ /usr/lib/dovecot/dovecot-lda -f
> mas...@blitz.conuropsis.org
> Z 0:00 | \_ [foofilter]
> S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
>
> The dovecot debug log looks like:
>
> lda(user): Debug: Loading modules from directory: /usr/lib/dovecot/modules
> lda(user): Debug: Module loaded:
> /usr/lib/dovecot/modules/lib90_sieve_plugin.so
> lda(user): Debug: Effective uid=1000, gid=1000, home=/home/user
> lda(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=,
> control=, inbox=/home/user/Maildir, alt=
> lda(user): Debug: userdb lookup skipped, username taken from USER environment
> lda(user): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt=
> lda(user): Debug: Destination address: u...@blitz.conuropsis.org (source:
> user@hostname)
> lda(user): Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing
> lda(user): Debug: sieve: include: sieve_global is not set; it is currently
> not possible to include `:global' scripts.
> lda(user): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.16
> (fed8554) loaded
> lda(user): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version
> 0.4.16 (fed8554) loaded
> lda(user): Debug: sieve: file storage: Using active Sieve script path:
> /data/home/user/.dovecot.sieve
> lda(user): Debug: sieve: file storage: Using script storage path:
> /home/user/sieve
> lda(user): Debug: sieve: file storage: Relative path to sieve storage in
> active link: sieve/
> lda(user): Debug: sieve: file storage: Using Sieve script path:
> /data/home/user/.dovecot.sieve
> lda(user): Debug: sieve: file script: Opened script `test-foofilter' from
> `/data/home/user/.dovecot.sieve'
> lda(user): Debug: sieve: Using the following location for user's Sieve
> script: /data/home/user/.dovecot.sieve
> lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: header Message-ID
> (Cache file is unusable)
> lda(user): Debug: sieve: Opening script 1 of 1 from
> `/data/home/user/.dovecot.sieve'
> lda(user): Debug: sieve: Loading script /data/home/user/.dovecot.sieve
> lda(user): Debug: sieve: Script binary /data/home/user/.dovecot.svbin
> successfully loaded
> lda(user): Debug: sieve: binary save: not saving binary
> /data/home/user/.dovecot.svbin, because it is already stored
> lda(user): Debug: sieve: Executing script from
> `/data/home/user/.dovecot.svbin'
> lda(user): Debug: sieve: action execute: running program: foofilter
> lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream
> lda(user): Debug: waiting for program
> `/usr/local/lib/dovecot/sieve-execute/foofilter' to finish after 0 msecs
> lda(user): Debug: program
> `/usr/local/lib/dovecot/sieve-execute/foofilter'(24669) execution timed out
> after 2000 milliseconds: sending TERM signal
> lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter'
> (24669) did not die after 5000 milliseconds: sending KILL signal
>
>
> and an strace on the dovecot-lda process shows it is in an
> "epoll_wait(9 ".
>
> The script is very simple:
>
> #! /bin/sh
>
> cat > /dev/null
> exit 1
>
>
> Anyone has a clue? Thanks in advance.
>
> Best Regards,
>
> Lionel
>
Re: Proxy + 2x static passdb not working as expected
> On 13 Nov 2018, at 12.19, Michael Goth wrote:
>
> Hi all,
>
> I'm trying to setup a Dovecot proxy that authenticates the user against two
> backend servers. If login server1 fails, server2 should be tried.
>
> The problem: Only the first server seems to be tried, even if the login fails.
>
> Config snippet:
>
> protocol imap {
>passdb {
> driver = static
> args = proxy=y nopassword=y host=oldserver1.example.com port=993 ssl=y
>}
>
>passdb {
> driver = static
> args = proxy=y nopassword=y host=oldserver2.example.com port=993 ssl=y
>}
> }
>
> With this config, only accounts on oldserver1.example.com can login. If I
> reverse the two passdb entries, only accounts on oldserver2.example.com can
> login.
>
> I've done the same with SQL passdb first + static passdb second. That worked
> as expected. Not sure what I'm doing wrong here.
The config does work as expected. Static passdb with nopassword=y always
matches and the entry is used.
You need to have some kind of key on a database to indicate correct backend and
then build passdb -setup to
utilise that key.
Sami
execute sieve command - fails to notice script has exited
Hi, Running dovecot 2.2.27 (c0f36b0) on Debian GNU/Linux stable (version 9.6), I'm trying to use the execute command in a sieve script, with direct execution (not service socket). The script is executed, and returns (the process exits), but the dovecot-lda process seems to not notice, and thinks the script did not terminate. After sieve_execute_exec_timeout has passed, it sends a TERM, a bit later a KILL and then logs a failure. The "ps -Af f" looks like: S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB S 0:00 \_ /usr/lib/dovecot/dovecot-lda -f mas...@blitz.conuropsis.org Z 0:00 | \_ [foofilter] S 0:00 \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB The dovecot debug log looks like: lda(user): Debug: Loading modules from directory: /usr/lib/dovecot/modules lda(user): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so lda(user): Debug: Effective uid=1000, gid=1000, home=/home/user lda(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=, control=, inbox=/home/user/Maildir, alt= lda(user): Debug: userdb lookup skipped, username taken from USER environment lda(user): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt= lda(user): Debug: Destination address: u...@blitz.conuropsis.org (source: user@hostname) lda(user): Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing lda(user): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. lda(user): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.16 (fed8554) loaded lda(user): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.4.16 (fed8554) loaded lda(user): Debug: sieve: file storage: Using active Sieve script path: /data/home/user/.dovecot.sieve lda(user): Debug: sieve: file storage: Using script storage path: /home/user/sieve lda(user): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/ lda(user): Debug: sieve: file storage: Using Sieve script path: /data/home/user/.dovecot.sieve lda(user): Debug: sieve: file script: Opened script `test-foofilter' from `/data/home/user/.dovecot.sieve' lda(user): Debug: sieve: Using the following location for user's Sieve script: /data/home/user/.dovecot.sieve lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: header Message-ID (Cache file is unusable) lda(user): Debug: sieve: Opening script 1 of 1 from `/data/home/user/.dovecot.sieve' lda(user): Debug: sieve: Loading script /data/home/user/.dovecot.sieve lda(user): Debug: sieve: Script binary /data/home/user/.dovecot.svbin successfully loaded lda(user): Debug: sieve: binary save: not saving binary /data/home/user/.dovecot.svbin, because it is already stored lda(user): Debug: sieve: Executing script from `/data/home/user/.dovecot.svbin' lda(user): Debug: sieve: action execute: running program: foofilter lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream lda(user): Debug: waiting for program `/usr/local/lib/dovecot/sieve-execute/foofilter' to finish after 0 msecs lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter'(24669) execution timed out after 2000 milliseconds: sending TERM signal lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter' (24669) did not die after 5000 milliseconds: sending KILL signal and an strace on the dovecot-lda process shows it is in an "epoll_wait(9 ". The script is very simple: #! /bin/sh cat > /dev/null exit 1 Anyone has a clue? Thanks in advance. Best Regards, Lionel
dsync / doveadm sync problem
Hi,
I had an old dovecot server with a working backup script.
Basic concept was:
- to dsync to a temp folder
- using tar to preserve datetime
- piping this 7z to benefit from my 16 core cpu
- piping this through openssl to encrypt
Over time the size of all my mail grew from 3GB to about 70GB.
I used to keep the last 14 backups, but this uses a lot of space.
I now want to dsync my Maildir onto my NAS via NFS and use the backup
tool provided by Synology to have incremental compressed backup.
However I cannot get dsync to run.
root@mail:/mnt/backup_mail# dsync -f -u USER@DOMAIN backup
maildir:/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail
dsync(USER@DOMAIN): Error: User initialization failed: Namespace '':
stat(/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail) failed: Permission
denied (euid=1001(vmail) egid=1001(vmail) missing +x perm: /mnt/backup_mail,
UNIX perms appear ok (ACL/MAC wrong?))
root@mail:/mnt/backup_mail# dsync -u USER@DOMAIN backup
maildir:/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail
dsync(USER@DOMAIN): Error: User initialization failed: Namespace '':
stat(/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail) failed: Permission
denied (euid=1001(vmail) egid=1001(vmail) missing +x perm: /mnt/backup_mail,
dir owner missing perms)
———
Error message changed after removing „-f“. I then applied the folder
permissions (chmod +x backup_mail/) and I get a different error:
root@mail:/mnt/backup_mail# dsync -f -u USER@DOMAIN backup
maildir:/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail
dsync(USER@DOMAIN): Error: User initialization failed: namespace configuration
error: All list=yes namespaces must use the same separator
I found something about the namespace issue, but did not quite understand I
guess. (separators seem to differ)
From doveconf -n:
[...]
namespace {
list = children
location =
maildir:/var/vmail/mailboxes/%%d/%%n/Maildir:INDEXPVT=~/Maildir/shared/%%u
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 30 days
special_use = \Junk
}
mailbox Trash {
auto = subscribe
autoexpunge = 183 days
special_use = \Trash
}
prefix =
}
[…]
———
However I only set up the namespace for inbox.
root@mail:/mnt/backup_mail# doveconf namespace gives
namespace {
disabled = no
hidden = no
ignore_on_failure = no
inbox = no
list = children
location =
maildir:/var/vmail/mailboxes/%%d/%%n/Maildir:INDEXPVT=~/Maildir/shared/%%u
order = 0
prefix = shared/%%u/
separator = /
subscriptions = yes
type = shared
}
namespace inbox {
disabled = no
hidden = no
ignore_on_failure = no
inbox = yes
list = yes
location =
mailbox Drafts {
auto = subscribe
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
autoexpunge = 0
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Sent
}
mailbox Spam {
auto = subscribe
autoexpunge = 60 days
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Junk
}
mailbox Trash {
auto = subscribe
autoexpunge = 60 days
autoexpunge_max_mails = 0
comment =
driver =
special_use = \Trash
}
order = 0
prefix =
separator =
subscriptions = yes
type = private
}
I guess here we see the config including defaults. Well… I think I only need
the inbox namespace either way, so I tried:
root@mail:/mnt/backup_mail# dsync -f -u USER@DOMAIN backup
maildir:/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail/ -n inbox
dsync-local(USER@DOMAIN): Error: read(remote) failed: EOF (version not received)
doveadm(USER@DOMAIN): Fatal:
execvp(maildir:/mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail/) failed: No
such file or directory
dsync-local(USER@DOMAIN): Error: Remote command process isn't dying, killing it
dsync-local(USER@DOMAIN): Error: kill(15306, SIGKILL) failed: Operation not
permitted
The folder (mnt/backup_mail/MAILSERVER_FQDN/DOMAIN/USER/mail) however does
exist.
Can anybody tell me if there is something I miss?
Thanks in advance!
-M
dovecot lmtp thinks that "disk quota exceeded" is "internal error"
2.2.36 (not migrated to 2.3 yet) reports such problem: > Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, > Error: open(/var/mail/xxx/mailboxes.lock1bf6ad16b7b8b703) failed: Disk quota > exceeded > Nov 13 15:50:58 mbox dovecot: lmtp(xxx): session=, > Error: Couldn't create mailbox list lock /var/mail/xxx/mailboxes.lock: > file_create_locked(/var/mail/xxx/mailboxes.lock) failed: safe_mkstemp(/var > /mail/xxx/mailboxes.lock) failed: Disk quota exceeded > Nov 13 15:50:58 mbox dovecot: lmtp(awypior): > session=, > msgid=: save failed to open mailbox > INBOX.Spam: Internal error occurred. Refer to server log for more informat > ion. [2018-11-13 15:50:58] Looks a bug to me since disk exceeded is not a internal error. Shouldn't lmtp return over quota info instead of error? -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
compressed folders
Hello. Is this still true? https://www.dovecot.org/list/dovecot/2013-March/089084.html Ability to have specific folders compressed only. -- Arkadiusz Miśkiewicz, arekm / ( maven.pl | pld-linux.org )
Proxy + 2x static passdb not working as expected
Hi all,
I'm trying to setup a Dovecot proxy that authenticates the user against
two backend servers. If login server1 fails, server2 should be tried.
The problem: Only the first server seems to be tried, even if the login
fails.
Config snippet:
protocol imap {
passdb {
driver = static
args = proxy=y nopassword=y host=oldserver1.example.com port=993
ssl=y
}
passdb {
driver = static
args = proxy=y nopassword=y host=oldserver2.example.com port=993
ssl=y
}
}
With this config, only accounts on oldserver1.example.com can login. If
I reverse the two passdb entries, only accounts on
oldserver2.example.com can login.
I've done the same with SQL passdb first + static passdb second. That
worked as expected. Not sure what I'm doing wrong here.
Attached is the output of doveconf -n
Thanks
Michael
Mit freundlichen Grüßen
--
Michael Goth
.webflow GmbH
Geschäftsführer: Andreas Schrei
Wasserburger Straße 4
D - 83352 Altenmarkt a. d. Alz
Amtsgericht Traunstein HRB 18537
E-Mail: m...@webflow.de
Tel: +49 (0) 8621 - 99989 - 26
Fax: +49 (0) 8621 - 99989 - 28
Web: www.webflow.de
# 2.3.3 (dcead646b): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.3 (f018bbab)
# OS: Linux 4.15.0-36-generic x86_64 Ubuntu 18.04.1 LTS
# Hostname: proxy.example.com
auth_mechanisms = plain login
auth_verbose = yes
disable_plaintext_auth = no
listen = *
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy
include variables body enotify environment mailbox date index ihave duplicate
mime foreverypart extracttext
passdb {
args = /dev/null
driver = passwd-file
}
protocols = imap pop3 submission sieve
ssl_ca =
