Postfix sendmail cannot be called from Sieve redirect

Ulrich Zehl ulrich-dovecot at topfen.net
Tue Apr 17 20:00:07 EEST 2018 

Sending (in my case: forwarding) messages from Sieve via sendmail does not
work with version 2.3.1.

I have narrowed it down to this simple test case:


# dovecot -n
# 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
# OS: Linux 4.4.0-119-generic x86_64 Ubuntu 16.04.4 LTS
# Hostname: tuxi.topfen.net
first_valid_gid = 200
first_valid_uid = 200
mail_location = mbox:~/mail
passdb {
  args = password=secret
  driver = static
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = lmtp
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
}
userdb {
  args = uid=200 gid=200 home=/home/vmail
  driver = static
}
protocol lmtp {
  mail_plugins = sieve
}

# cat /home/vmail/.dovecot.sieve
redirect "test at example.invalid";
stop;


$ swaks --protocol lmtp -s 127.0.0.1 -f ulrich at topfen.net -t ulrich at topfen.net
=== Trying 127.0.0.1:24...
=== Connected to 127.0.0.1.
<-  220 tuxi.topfen.net Dovecot ready.
 -> LHLO tuxi.topfen.net
<-  250-tuxi.topfen.net
<-  250-8BITMIME
<-  250-CHUNKING
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250 VRFY
 -> MAIL FROM:<ulrich at topfen.net>
<-  250 2.1.0 OK
 -> RCPT TO:<ulrich at topfen.net>
<-  250 2.1.5 OK
 -> DATA
<-  354 OK
 -> Date: Tue, 17 Apr 2018 18:44:42 +0200
 -> To: ulrich at topfen.net
 -> From: ulrich at topfen.net
 -> Subject: test Tue, 17 Apr 2018 18:44:42 +0200
 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ->
 -> This is a test mailing
 ->
 -> .
<** 451 4.3.0 <ulrich at topfen.net> Temporary internal error
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.


$ tail -n 10 /var/log/mail.log
Apr 17 18:45:36 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create file maildrop/421882.22643: Permission denied
Apr 17 18:45:36 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter: create file maildrop/421882.22643: Permission denied
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: program `/usr/sbin/sendmail' was forcibly terminated with signal 15
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: sieve: msgid=unspecified: failed to redirect message to <test at test.at>: Failed to execute sendmail (temporary failure)
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: sieve: Execution of script /home/vmail/.dovecot.sieve was aborted due to temporary failure (user logfile /home/vmail/.dovecot.sieve.log may reveal additional details)
Apr 17 18:45:36 tuxi dovecot: lmtp(22639): Disconnect from 127.0.0.1: Client has quit the connection (state = READY)
Apr 17 18:45:46 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create file maildrop/422091.22643: Permission denied
Apr 17 18:45:46 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter: create file maildrop/422091.22643: Permission denied
Apr 17 18:45:56 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create file maildrop/422227.22643: Permission denied
Apr 17 18:45:56 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter: create file maildrop/422227.22643: Permission denied


As far as I can tell, this is because Dovecot somehow does not allow suid
programs to run (Postfix' postdrop(1), which is invoked by sendmail(1),
requires set-gid to write the queue file).

What can I do to change this (besides using SMTP from Dovecot directly)?

I am using Ubuntu 16.04 and the Dovecot packages from the community
repository:

~$ dpkg -l dovecot* | grep ^ii
ii  dovecot-core          2:2.3.1-1    amd64        secure POP3/IMAP server - core files
ii  dovecot-lmtpd         2:2.3.1-1    amd64        secure POP3/IMAP server - LMTP server
ii  dovecot-sieve         2:2.3.1-1    amd64        secure POP3/IMAP server - Sieve filters support


Ulrich

More information about the dovecot mailing list