Re: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

2020-10-23 Thread Richard Hector 
Hi, I'm seeing the same, but I think it's every time the lda is called 
to deliver mail to a mailbox. Postfix runs it as vmail:vmail.


My socket is owned by root:dovecot (on Debian buster).

Should I add vmail to the dovecot group to enable it to write? Or is 
changing the socket to 0666 safer?


I'm also a little confused, because according to
https://doc.dovecot.org/configuration_manual/stats/ no statistics are 
logged by default, and I have no mentions of 'metric' anywhere in my 
config, so why is the write even attempted? (dovecot 2.3.4)


Cheers,
Richard

On 24/10/20 4:46 am, Aki Tuomi wrote:

Hi!

You can ignore it, or you can change the socket permissions to 0666.

service stats {
unix_listener stats-writer {
   mode = 0666
}
}

Aki



On 23/10/2020 17:52 mj  wrote:

 
Hi,


Nobody?

It happens so rarely, and the system appears to be running fine 
otherwise, should I just ignore it?


Still makes me wonder way it would happen at all..?

MJ

On 10/22/20 12:53 PM, mj wrote:
> Hi,
> 
> We are getting very occasional messags from dovecot:
> 
>> net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
> 
> Over the last week, the message appeared five times. (on a mail server 
> with over 100 users, to that's basically almost never)
> 
> doveconf -n below
> 
>> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf

>> # Pigeonhole version 0.5.4 ()
>> # OS: Linux 4.19.0-10-amd64 x86_64 Debian 10.6 xfs
> 
> snip...
> 
>> service stats {

>>   unix_listener stats-reader {
>>     group = vmail
>>     mode = 0660
>>     user = vmail
>>   }
>>   unix_listener stats-writer {
>>     group = vmail
>>     mode = 0660
>>     user = vmail
>>   }
>> }
> 
> and the on-disk permissions are:
> 
>> root@dovecot:~# ls -l /var/run/dovecot/*stat*

>> srw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats
>> prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-mail
>> prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-user
>> srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-reader
>> srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-writer
> 
> We're not sure what makes the Permission denied error happen...
> 
> Anyone with an idea?
> 
> MJ

Re: Sieve_before

2020-10-23 Thread Sean Kamath 


> On Oct 23, 2020, at 04:20, @lbutlr  wrote:
>> Does you To or CC address end with a .?
> 
> No, what I am trying to get is "user" and "example" in "u...@example.com 
> "

The question was meant to elucidate that the ‘match’ string ended with a ‘.’.  
I understand what you’re trying to do.

> That would break many things, but I will look into it. What I have done for 
> now and is working is a much more complicated process where I am manually 
> removing the '@' myself:

Perhaps (I am not sure if pigeonhole has it) the regex extension would be 
helpful: https://tools.ietf.org/id/draft-ietf-sieve-regex-01.html 


>> if address :matches ["To", "Cc"] ["*@*.*"] {
> 
> Thanks for the advice, I will definitely give that a go,

I’m unclear if the match line I supposed would set 1, 2 and 3, and you can 
ignore 3. 

Sean

Re: Sieve_before

2020-10-23 Thread 
On 23 Oct 2020, at 05:47, @lbutlr  wrote:
> Excellent! That was the secret sauce!
> 
> Thank you!

For the sake of completeness, this is what I have ended up with:

#v+
require ["copy", "variables", "envelope", "fileinto", "subaddress"];
   # :matches has implicit ^ and $ around the match
   if not envelope :matches "to" "*backup*" {
# get the top level after @ (example.com => example)
if envelope :matches "to" "*@*.*" {
set :lower "domn" "${2}";
}
# get the user without detail (foo+bar => foo)
if envelope :user :matches "to" "*" {
   set :lower "user" "${1}";
}
# Un-needed step, but shows what is done in the trace log
set "backup" "backup+297.${domn}.${user}@*somedomain*";
redirect :copy "${backup}";
   }
#v-

(I don't think I need fileinto)

This means that mail for u...@domain.tld and user+...@domain.tld ends up in a 
mailbox, today, of

backup/Maildir/.297.domain.user/

And us...@domain.tld

backup/Maildir/.297.domain.user2/

(Which means the backup IMAP hierarchy is all sorted DOY=>domain=>user)

I'd like a fail condition if the redirect for some reason cannot send, but 
that's a project for tomorrow.

-- 
and I swear it happened just like this: / a sigh, a cry, a hungry
kiss, the Gates of Love they budged an inch / I can't say much
has happened since / but CLOSING TIME

Re: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

2020-10-23 Thread Aki Tuomi 
Hi!

You can ignore it, or you can change the socket permissions to 0666.

service stats {
   unix_listener stats-writer {
  mode = 0666
   }
}

Aki


> On 23/10/2020 17:52 mj  wrote:
> 
>  
> Hi,
> 
> Nobody?
> 
> It happens so rarely, and the system appears to be running fine 
> otherwise, should I just ignore it?
> 
> Still makes me wonder way it would happen at all..?
> 
> MJ
> 
> On 10/22/20 12:53 PM, mj wrote:
> > Hi,
> > 
> > We are getting very occasional messags from dovecot:
> > 
> >> net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied
> > 
> > Over the last week, the message appeared five times. (on a mail server 
> > with over 100 users, to that's basically almost never)
> > 
> > doveconf -n below
> > 
> >> # 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
> >> # Pigeonhole version 0.5.4 ()
> >> # OS: Linux 4.19.0-10-amd64 x86_64 Debian 10.6 xfs
> > 
> > snip...
> > 
> >> service stats {
> >>   unix_listener stats-reader {
> >>     group = vmail
> >>     mode = 0660
> >>     user = vmail
> >>   }
> >>   unix_listener stats-writer {
> >>     group = vmail
> >>     mode = 0660
> >>     user = vmail
> >>   }
> >> }
> > 
> > and the on-disk permissions are:
> > 
> >> root@dovecot:~# ls -l /var/run/dovecot/*stat*
> >> srw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats
> >> prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-mail
> >> prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-user
> >> srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-reader
> >> srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-writer
> > 
> > We're not sure what makes the Permission denied error happen...
> > 
> > Anyone with an idea?
> > 
> > MJ

Re: net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied

2020-10-23 Thread mj 

Hi,

Nobody?

It happens so rarely, and the system appears to be running fine 
otherwise, should I just ignore it?


Still makes me wonder way it would happen at all..?

MJ

On 10/22/20 12:53 PM, mj wrote:

Hi,

We are getting very occasional messags from dovecot:


net_connect_unix(/var/run/dovecot/stats-writer) failed: Permission denied


Over the last week, the message appeared five times. (on a mail server 
with over 100 users, to that's basically almost never)


doveconf -n below


# 2.3.4.1 (f79e8e7e4): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.5.4 ()
# OS: Linux 4.19.0-10-amd64 x86_64 Debian 10.6 xfs


snip...


service stats {
  unix_listener stats-reader {
    group = vmail
    mode = 0660
    user = vmail
  }
  unix_listener stats-writer {
    group = vmail
    mode = 0660
    user = vmail
  }
}


and the on-disk permissions are:


root@dovecot:~# ls -l /var/run/dovecot/*stat*
srw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats
prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-mail
prw--- 1 root  root  0 Oct  6 00:25 /var/run/dovecot/old-stats-user
srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-reader
srw-rw 1 vmail vmail 0 Oct  6 00:25 /var/run/dovecot/stats-writer


We're not sure what makes the Permission denied error happen...

Anyone with an idea?

MJ

dovecot-uidlist invalid data

2020-10-23 Thread Maciej Milaszewski 
Hello
I have a problem with Invalid data
System debian10 dovecot-2.2.36.4

# 2.2.36.4 (baf9232c1): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.24.rc1 (debaa297)
# OS: Linux 4.19.0-12-amd64 x86_64 Debian 10


Oct 23 15:57:52 dovecot6 dovecot:
lmtp(33973,media4_js,2KEXD2Dhkl+1hAAAe3x6RQ): Error: Broken file
/vmail/me/media4_js/Maildir/dovecot-uidlist line 6875: Invalid data:

In debian9 - kernel-4.9.0-13 - problem exists
In debian10 - kernel-4.19.0-12 - problem exist

In debian8 - kernel 3.16.0-11-amd64 - problem not exists
In debian9 - kernel 3.16.0-11-amd64 - problem not exists

storage mount from storage NetApp

storage:/vmail on /vmail type nfs
(rw,noexec,noatime,vers=3,rsize=65536,wsize=65536,namlen=255,acregmin=120,acregmax=120,acdirmin=120,acdirmax=120,hard,nocto,nordirplus,proto=tcp,timeo=600,retrans=2,sec=sys,mountaddr=10.19.19.19,mountvers=3,mountport=635,mountproto=tcp,local_lock=none,addr=10.19.19.19)

cat /etc/fstab
storage:/vmail    /vmail    nfs   
rw,sec=sys,noexec,noatime,tcp,hard,rsize=65536,wsize=65536,intr,nordirplus,nfsvers=3,tcp,actimeo=120,nocto
   
0    0

Probably somthing in kernel or mount options. Any idea ?

Re: Sieve_before

2020-10-23 Thread @lbutlr 
On 23 Oct 2020, at 05:20, @lbutlr  wrote:
>> Like I said, I’m not 100% sure, but I suspect if you add * to the end:

>> if address :matches ["To", "Cc"] ["*@*.*"] {

> Thanks for the advice, I will definitely give that a go,

Excellent! That was the secret sauce!

Thank you!

-- 
Hard work pays off in the future. Laziness pays off now.

Re: Sieve body test

2020-10-23 Thread @lbutlr 
On 22 Oct 2020, at 19:09, Stephan Bosch  wrote:
> You need to include the extprograms plugin:

I have, and vnf.dovecot.pipe doesn't give the error.

  sieve_plugins = sieve_imapsieve sieve_extprograms

¯\_(ツ)_/¯ 

I am not using filter now though, so I haven't try to track down what the issue 
is.

-- 
Romy: All I've had to eat for the past six days are Gummi Bears, jelly beans,
and candy corns.
Michelle: I wish I had your discipline.

Re: Sieve_before

2020-10-23 Thread @lbutlr 



> On 22 Oct 2020, at 18:22, Sean Kamath  wrote:
> 
> 
> 
>> On Oct 22, 2020, at 15:58, @lbutlr  wrote:
>> 
>> On 22 Oct 2020, at 15:46, @lbutlr  wrote:
>>> And it doesn't explain why "if address :matches ["To", "Cc"] ["*@*."] {" 
>>> also failed to match despite also showing the email address.
>>> 
 “krem...@kreme.com” does not have a :detail part 
 (https://wiki2.dovecot.org/Pigeonhole/Sieve/Examples talks about this).
>>> 
>>> And I am not asking for :detail
>> 
>> OK, fair enough. I looked at that line many times for some reason.
>> But the first point still stand.
> 
> Does you To or CC address end with a .?

No, what I am trying to get is "user" and "example" in "u...@example.com"

> One problem I had with :matches (if I recall correctly, I can’t find where I 
> ran into this) is that :matches has an implicit “^” and “$” wrapped around 
> what you’re looking for.

That would break many things, but I will look into it. What I have done for now 
and is working is a much more complicated process where I am manually removing 
the '@' myself:

require ["copy", "variables", "envelope", "fileinto", "subaddress"];

   if not envelope :matches "to" "backup" {
if envelope :matches "to" "*" {
set :lower "name" "${1}";
if string :matches "${name}" "*@*" {
set "email" "${1}_${2}";
}
# Only replaces one '.' But that's OK at this point.
if string :matches "${email}" "*.*" {
set "name" "${1}_${2}";
}
set "backup" "backup+296.${name}@...";
redirect :copy "${backup}";
}
   else {
 redirect :copy "backup+296@...";
   }
}

This properly redirects a copy of the message to, for example, 
backup+296.kremels_kreme_com@...

If all goes well, the 'else' will never trigger. 

I will try your suggestion if the implicit ^$.

> Like I said, I’m not 100% sure, but I suspect if you add * to the end:
> 
> if address :matches ["To", "Cc"] ["*@*.*"] {

Thanks for the advice, I will definitely give that a go,


-- 
Mister Teatime had a truly brilliant mind, but it was brilliant like
a fractured mirror, all marvelous facets and rainbows but,
ultimately, also something that was broken. --Hogfather

antispam plugin again

2020-10-23 Thread Maciej Milaszewski 
Hello
I have a problem with migrating dovecot from 2.2.36 to 2.3.8 -
everything works fine, but a problem with migrating anti-spam plugins

New dovecot 2.3.x has implemented own antispam-plugin like:

 new from dovecot 2.3.8 -
# From elsewhere to Spam folder
  imapsieve_mailbox1_name = Spam
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_before =
file:/usr/lib64/dovecot/sieve/report-spam.sieve

  # From Spam folder to elsewhere
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Spam
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:/usr/lib64/dovecot/sieve/report-ham.sieve

  sieve_pipe_bin_dir = /usr/lib64/dovecot/sieve

  sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment

  #setting_name = value
  sieve_global_dir = /etc/sieve_global
  sieve_max_redirects = 20
  sieve_vacation_use_original_recipient = yes

  expire = SPAM
  #expire_dict = proxy::expire
  expire_dict = redis:host=127.0.0.1:prefix=expire/
---


In older version dovecot I use antispam_plugin + simple script:

 old from 2.2.36.4 + antispam plugin --
 ...
 antispam_backend = MAILTRAIN
  antispam_mail_spam = --spam
  antispam_mail_notspam = --ham
  antispam_mail_sendmail = /usr/local/bin/spam-learn.sh
  antispam_pipe_tmpdir = /tmp

  antispam_spam_pattern_ignorecase = spam;inbox.spam;Unwanted
  antispam_trash_pattern_ignorecase = trash;Deleted *;Junk*;kosz

  antispam_debug_target = syslog
  antispam_verbose_debug = 1
-

How do I change the bash file to make it work like on the old system (I
use pyzor) like:

cat /usr/local/bin/spam-learn.sh

#!/bin/sh
date >> /tmp/spam.txt
echo $@ >> /tmp/spam.txt

if [ "x$1" = "x--spam" ]; then
    /usr/bin/pyzor report >> /tmp/spam.txt 2>&1
fi
if [ "x$1" = "x--ham" ]; then
    /usr/bin/pyzor whitelist >> /tmp/ham.txt 2>&1
fi