On sön, 2024/09/15 at 14:30:19 +0200, Richard via dovecot wrote:
I've set up dovecot via global sieve scripts to send mails that a user manually moved to their junk directory to rspamd to learn them as spam (and learn messages as ham if they are moved out of it). I thought I had it all properly set up, but I'm now again seeing log messages like this:
root@debian:~# dpkg -l | egrep '^ii.*(rspam|dovecot-core)' ii dovecot-core 1:2.3.21.1+dfsg1-1~bpo12+1 amd64 secure POP3/IMAP server - core files ii rspamd 3.4-1 amd64 Rapid spam filtering system
I do the same as you.
Sep 15 13:01:00 dovecot[523226]: imap(username)<823661><4+8RXyYi2L9/AAAB>: Error: sieve: failed to execute to program `rspamd-learn-spam.sh': refer to server log for more information. [2024-09-15 13:01:00] Sep 15 13:01:00 dovecot[523226]: imap(username)<823661><4+8RXyYi2L9/AAAB>: Error: sieve: Execution of script /etc/dovecot/sieve/global/learn-spam.sieve failed
The content of learn-spam.sieve is this:
require ["vnd.dovecot.pipe", "copy", "imapsieve"]; pipe :copy "rspamd-learn-spam.sh";
And the content of rspamd-learn-spam.sh is this:
#!/bin/sh exec /usr/bin/rspamc learn_spam
All the necessary files are located in /etc/dovecot/sieve/global and are owned by dovecot:dovecot with rw, r, r permissions. Also, I have compiled the .sieve files with sievec, the resulting .svbin files have the same permissions and ownership. What am I doing wrong? I don't see any further "server log" that will tell me more information.
I'm using dovecot 2.3.19.1 (9b53102964) on Debian 12.7
root@debian:~# ls -l /etc/dovecot/sieve total 32 -rw-r----- 1 vmail dovecot 188 Sep 4 13:41 global-spam.sieve -rw-r----- 1 vmail vmail 330 Sep 4 14:01 global-spam.svbin -rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-ham.rspamd.script -rw-r----- 1 vmail dovecot 256 Sep 4 13:42 learn-ham.sieve -rw-r----- 1 vmail dovecot 442 Sep 5 03:55 learn-ham.svbin -rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-spam.rspamd.script -rw-r----- 1 vmail dovecot 151 Sep 4 13:43 learn-spam.sieve -rw-r----- 1 vmail dovecot 341 Sep 5 03:56 learn-spam.svbin
The scripts need to be executable.
I have this in the plugin {} section of dovecot.conf:
# This will automatically move spam into Junk/ and when you move a message # into Junk, it will tell rspamd that it is spam for Bayes learning. Moving # false positives out of Junk/ will teach rspamd that it is ham. sieve_plugins = sieve_imapsieve sieve_extprograms sieve_extensions = +editheader +imapflags +mboxmetadata +notify +servermetadata +spamtest +spamtestplus +virustest imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve imapsieve_mailbox1_causes = COPY APPEND FLAG imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve imapsieve_mailbox2_causes = COPY APPEND FLAG imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam_score: (-?[[:digit:]]+\.[[:digit:]]) sieve_spamtest_max_value = 6 sieve_before = /etc/dovecot/sieve/global-spam.sieve
The only other thing was to get the password out of /etc/rspamd/worker-controller.inc and put it in /etc/dovecot/rspamd-controller.password (or whatever file your learn-{sp,h}am script points at to get the password). It needed to be pointed at 127.0.0.1:11334 for the socket.
root@debian:~# cat /etc/dovecot/rspamd-controller.conf.sh
# Path to file containing the controller password
# (Or, if it doesn't start with '/' or '.', the password itself.
# But it might leak the password through ps to other users)
RSPAMD_CONTROLLER_PASSWORD=/etc/dovecot/rspamd-controller.password
# passed to rspamc with the -h option (host and port)
RSPAMD_CONTROLLER_SOCKET=127.0.0.1:11334
# if set uses curl instead of rspamc; should start with http: or https:
RSPAMD_CONTROLLER_HOST=
# classifier to learn for (default by rspamc: bayes), e.g. bayes_user
RSPAMD_CLASSIFIER=bayes
From what I remember, it was somewhat fiddly to get this working as I was not intimately familiar with rspamd, nor dovecot or sieve, but this works and it works well. Relatively low incident rate of false positives after a some weeks.
-- Kind regards,
/S