Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
Thanks for this useful information, I will give it a try
On Thu, Mar 15, 2012 at 3:17 PM, Stephan Bosch wrote:
> On 3/15/2012 12:42 PM, Alexis Lelion wrote:
>>
>> Hello Stephan,
>>
>> Thanks for your answer, and sorry for forgetting to specify which
>> dovecot version I was using :-/
>> I'm using Dovecot 2.0.15, with PigeonHole.
>>
>> The syntax issues are some typos I made while writing this email, I
>> double checked, and indeed, my production script was slightly
>> different from what I wrote in the first place. I can confirm that the
>> scripts compile properly with sievec, and also that the folder does
>> exist, but just to be sure this is not an issue, I added the ":create"
>> option to the user's fileinto.
>>
>> I have no errors in my logs, the only thing displayed is
>> tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into
>> mailbox 'INBOX'
>>
>> Is there any way to increase verbosity for sieve only?
>
>
> You can test Sieve outside normal delivery using the sieve-test tool;
> include the global sieve_before script using a -s argument.
>
> Alternatively, you can use the vnd.dovecot.debug extension as follows:
>
> require ["fileinto", "mailbox", "vnd.dovecot.debug"];
>
>
> if address :domain "From" "trusted.tld" {
> fileinto :create "trusted";
> debug_log "Tried to save in \"trusted\"";
> }
>
> You need to add the vnd.dovecot.debug extension to sieve_extensions in your
> 90-sieve.conf, e.g.:
>
> sieve_extensions = +vnd.dovecot.debug
>
> This will produce the following output in the user's personal sieve log
> (typically ~/.dovecot.sieve.log):
>
> sieve: info: started log at Mar 15 15:13:29.
> main_script: line 5: info: DEBUG: Tried to save in "trusted".
> info: msgid=unspecified: stored mail into mailbox 'trusted'.
>
> If the DEBUG line is missing at your end, the fileinto is not executed at
> all. If it is, and things are still delivered in INBOX, something else is
> going on.
>
> Regards,
>
> Stephan.
>
>
Re: [Dovecot] sieve.before script is taking preceedence over user defined rules
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which
dovecot version I was using :-/
I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I
double checked, and indeed, my production script was slightly
different from what I wrote in the first place. I can confirm that the
scripts compile properly with sievec, and also that the folder does
exist, but just to be sure this is not an issue, I added the ":create"
option to the user's fileinto.
I have no errors in my logs, the only thing displayed is
tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into
mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
Thanks
On Thu, Mar 15, 2012 at 12:11 PM, Stephan Bosch wrote:
> Op 3/15/2012 10:48 AM, Alexis Lelion schreef:
>
>> Hello,
>>
>> In my current setup, I have a spam filter upstream that adds a
>> specific header - X-Spam-Level on every incoming mail. Based on this
>> level, the mail will be moved to the user spam folder using sieve by
>> doing "fileinto :create 'spam';"
>> Unfortunately, some legitimate email may end up in this spam folder,
>> so I have kind of a whitelist that performs an explicit keep over
>> specific trusted domains. So, my complete spam filtering rule is :
>
> require ["fileinto", "mailbox"];
>
> if address :domain :contains "From" ["mycompany.tld", "trusted.tld" ] {
> keep;
> } elsif header :contains "X-Spam-Level" ["0","1","2"] {
> fileinto :create "__spam__";
> }
>
> Fixed a few syntax issues there before I could test this.
>
>
>> This rule is stored in "/var/lib/dovecot/sieve/before.sieve", which is
>> my "sieve_before" file as defined in /etc/dovecot/conf.d/90-sieve.conf
>
> What version are you using? The above statement hints that it is recent,
> probably Dovecot v2.1 with matching Pigeonhole.
>
>
>> This works as expected except that it doesn't take into account users
>> filtering for domains that were matched for the explicit keep. For
>> example, I have the following rule :
>> if address :domain "From" "trusted.tld" {
>> fileinto "trusted"
>> }
>> But mail coming from that domain are still delivered in my mailbox.
>
>
> At my end, this is correctly delivered in the "trusted" folder, provided
> that this folder exists. Are you sure that the user's personal script even
> executes correctly? For example, the above script omits a ';'. The script
> also fails when there is n no "trusted" folder. Check the log files for
> errors. The default action in the event of an error is to store the message
> in INBOX, which may well be what you're seeing here.
>
> Regards,
>
> Stephan.
[Dovecot] sieve.before script is taking preceedence over user defined rules
Hello,
In my current setup, I have a spam filter upstream that adds a
specific header - X-Spam-Level on every incoming mail. Based on this
level, the mail will be moved to the user spam folder using sieve by
doing "fileinto :create 'spam';"
Unfortunately, some legitimate email may end up in this spam folder,
so I have kind of a whitelist that performs an explicit keep over
specific trusted domains. So, my complete spam filtering rule is :
if address :domain :contains "From" ["mycompany.tld", "trusted.tld" ]{
keep;
elseif header :contains "X-Spam-Level" ["0","1","2"] {
fileinto :create "__spam__";
}
This rule is stored in "/var/lib/dovecot/sieve/before.sieve", which is
my "sieve_before" file as defined in /etc/dovecot/conf.d/90-sieve.conf
This works as expected except that it doesn't take into account users
filtering for domains that were matched for the explicit keep. For
example, I have the following rule :
if address :domain "From" "trusted.tld" {
fileinto "trusted"
}
But mail coming from that domain are still delivered in my mailbox.
Is there something I'm missing here? I guess yes, otherwise it would
work as I want ^_^
Any help/comment is appreciated
Thanks!
Alexis
Re: [Dovecot] LMTP : Can't handle mixed proxy/non-proxy destinations
On 1/28/12, Timo Sirainen wrote: > On 27.1.2012, at 12.59, Alexis Lelion wrote: > >> Jan 25 09:05:12 mail01 postfix/lmtp[23934]: A92709300DB: to=< >> user_on_mai...@domain.com>, relay=mail01.domain.com[private/dovecot-lmtp], >> delay=0.07, delays=0.01/0/0/0.06, dsn=4.3.0, status=deferred (host >> mail01.domain.com[private/dovecot-lmtp] said: 451 4.3.0 < >> user_on_mai...@domain.com> Can't handle mixed proxy/non-proxy destinations >> (in reply to RCPT TO command)) >> >> I was wondering if there was another way of handling this, for example >> by triggering an immediate queue lookup from postfix or forwarding a >> copy of the mail to the other server. Note that the postfix >> "queue_run_delay" was increased to 15min on purpose, so I cannot change >> that. > > It would be possible to change the code to support mixed destinations, but > it's probably not a simple change and I have other things to do.. Yes I understand, this is a quite specific request, and not that impacting actually. But it would be cool if you could keep this request somewhere in your queue :-) > > Maybe you could work around it so that LMTP always proxies the mails, to > localhost as well, but to a different port which doesn't do proxying at all. Actually this was my first try, but I had proxying loops because unlike for IMAP, the LMTP server doesn't seem to support 'proxy_maybe' option yet, does it? > >
[Dovecot] LMTP : Can't handle mixed proxy/non-proxy destinations
Hello, In my current setup, I uses two mailservers to handle the users connections, and my emails are stored on a distant server using NFS (maildir architecture) Dovecot is both my IMAP server and the delivery agent (LMTP via postfix) To avoid indexing issues related to NFS, proxying is enabled both on IMAP and LMTP. But when a mail is sent to users that are shared between the servers, I got the subject mentionned error in the logs : Jan 25 09:05:12 mail01 postfix/lmtp[23934]: A92709300DB: to=< user_on_mai...@domain.com>, relay=mail01.domain.com[private/dovecot-lmtp], delay=0.07, delays=0.01/0/0/0.06, dsn=4.3.0, status=deferred (host mail01.domain.com[private/dovecot-lmtp] said: 451 4.3.0 < user_on_mai...@domain.com> Can't handle mixed proxy/non-proxy destinations (in reply to RCPT TO command)) >From what I saw, the mail is then put in the queue, and wait until the next time Postifx will browse the queue. The mail will then be correctly delivered on "mail02". However, the "queue_run_delay" postfix parameter is set to 900, which means that the mail will be delivered with a lag of 15 minutes. I was wondering if there was another way of handling this, for example by triggering an immediate queue lookup from postfix or forwarding a copy of the mail to the other server. Note that the postfix "queue_run_delay" was increased to 15min on purpose, so I cannot change that. I'm using dovecot 2.0.15 on Debian Squeeze, kernel 2.6.32-5-amd64. Thanks, Alexis
Re: [Dovecot] ACL with IMAP proxying
It worked! Thanks a lot for your help and have a wonderful day! On Fri, Jan 6, 2012 at 1:57 PM, Timo Sirainen wrote: > Another possibility: http://wiki2.dovecot.org/PostLoginScripting > > and set MASTER_USER environment. > > On Fri, 2012-01-06 at 13:55 +0100, Alexis Lelion wrote: > > Thanks Timo. > > I'm actually using a packaged version of Dovecot 2.0 from Debian, so I > > can't apply the patch easily right now. > > I'll try do build dovecot this weekend and see if it solves the issue. > > > > Cheers > > > > Alexis > > > > On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen wrote: > > > > > On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > > > > > > > Thanks for your prompt answer, I wasn't expecting an answer that > soon ;-) > > > > I just tried your workaround, and actually, master_user is properly > set > > > to > > > > the username, but then is overriden with the proxy login again : > > > > > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > mail=maildir:/var/vmail/domain/user > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/quota=dirsize:storage=0 > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/master_user=user > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > > > plugin/master_user=proxy > > > > > > I thought it would have been the other way around.. See if > > > http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > > > > > > > Is there any other flag I can set to avoid this? (Something like Y > for > > > the > > > > password)? > > > > > > Nope. > > > > > > > > > > > >
Re: [Dovecot] ACL with IMAP proxying
Thanks Timo. I'm actually using a packaged version of Dovecot 2.0 from Debian, so I can't apply the patch easily right now. I'll try do build dovecot this weekend and see if it solves the issue. Cheers Alexis On Fri, Jan 6, 2012 at 1:30 PM, Timo Sirainen wrote: > On Fri, 2012-01-06 at 13:22 +0100, Alexis Lelion wrote: > > > Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) > > I just tried your workaround, and actually, master_user is properly set > to > > the username, but then is overriden with the proxy login again : > > > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > mail=maildir:/var/vmail/domain/user > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/quota=dirsize:storage=0 > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/master_user=user > > Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: > > plugin/master_user=proxy > > I thought it would have been the other way around.. See if > http://hg.dovecot.org/dovecot-2.0/raw-rev/684381041dc4 helps? > > > Is there any other flag I can set to avoid this? (Something like Y for > the > > password)? > > Nope. > > >
Re: [Dovecot] ACL with IMAP proxying
Hi Timo, Thanks for your prompt answer, I wasn't expecting an answer that soon ;-) I just tried your workaround, and actually, master_user is properly set to the username, but then is overriden with the proxy login again : Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: mail=maildir:/var/vmail/domain/user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/quota=dirsize:storage=0 Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=user Jan 6 13:14:19 mail01 dovecot: imap: Debug: Added userdb setting: plugin/master_user=proxy Is there any other flag I can set to avoid this? (Something like Y for the password)? Alexis On Fri, Jan 6, 2012 at 12:48 PM, Timo Sirainen wrote: > On Fri, 2012-01-06 at 12:36 +0100, Alexis Lelion wrote: > > The thing is that when the ACLs are checked, it actually doesn't give > > the user login, but the master login, which is useless. > > Yes, this is intentional. > > > Is there a way to use the first part of destuser as it is done when > > fetching info from the userdb? > > You should be able to work around this with modifying userdb's query: > > user_query = select '%n' AS master_user, ... > > >
[Dovecot] ACL with IMAP proxying
Hello,
I'm trying to use ACLs to restrict subscription on public mailboxes, but
I went into trouble.
My setup is made of two servers, and users are shared between them via a
proxy. User authentication is done with LDAP, and credentials aren't
shared between the mailservers. Instead, the proxies are using master
password.
The thing is that when the ACLs are checked, it actually doesn't give
the user login, but the master login, which is useless.
Is there a way to use the first part of destuser as it is done when
fetching info from the userdb?
Any help is appreciated,
Thansk!
Alexis
--
ACL bug logs :
104184 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: acl
username = proxy
104185 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl: owner
= 0
104186 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: acl vfile:
Global ACL directory: (none)
104187 Jan 6 12:09:35 mail02 dovecot: imap(user@domain): Debug: Namespace
: type=public, prefix=Shared., sep=., inbox=no,hidden=no, list=yes,
subscriptions=no location=maildir:/var/vmail/domain/Shared
--
Output of "dovecot -n"
# 2.0.15: /etc/dovecot/dovecot.conf
# OS: Linux 2.6.32-5-amd64 x86_64 Debian 6.0.3 ext3
auth_debug = yes
auth_master_user_separator = *
auth_socket_path = /var/run/dovecot/auth-userdb
auth_verbose = yes
first_valid_uid = 150
lmtp_proxy = yes
login_trusted_networks = mail01.ip
mail_debug = yes
mail_location = maildir:/var/vmail/%d/%n
mail_nfs_storage = yes
mail_plugins = acl
mail_privileged_group = mail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location = maildir:/var/vmail/%d/%n
prefix =
separator = .
type = private
}
namespace {
location = maildir:/var/vmail/domain/Shared
prefix = Shared.
separator = .
subscriptions = no
type = public
}
passdb {
args = /etc/dovecot/master-users
driver = passwd-file
master = yes
}
passdb {
args = /etc/dovecot/dovecot-ldap.conf
driver = ldap
}
plugin {
acl = vfile:/etc/dovecot/global-acls:cache_secs=300
recipient_delimiter = +
sieve_after = /var/lib/dovecot/sieve/after.d/
sieve_before = /var/lib/dovecot/sieve/pre.d/
sieve_dir = /var/vmail/%d/%n/sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
}
postmaster_address = user@domain
protocols = " imap lmtp sieve"
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = mail
mode = 0600
user = vmail
}
}
service lmtp {
inet_listener lmtp {
address = mail02.ip
port = 24
}
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0660
user = postfix
}
}
ssl = required
ssl_cert =
