Host: VMware Workstation 14.1.8
OS: Debian 12 (Bookworm)
Dovecot: 2.3.19.1
Postfix: 3.7.10 Mailclient: Outlook 2016
Hello,
I am currently working on a new mail server to replace my Debian 10 mail server. For preparation, I use VMware Workstation to learn and test the installation steps. When I'm eventually done, I'll rebuild my root server from scratch.
This time, my problem is getting the IMAPSieve plugin working to trigger rspamd if mail gets moved to the junk folder. Sieve runs well – if rspam recognizes a spam mail, it will be transferred to the junk folder.
For me it looks like the IMAPSieve plugin recognizes the move but will not running the script behind. I can see some actions in the log but nothing happens on the rspamd side where the log is also open to view. Moving a mail with Outlook produces the following log entry:
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: Module loaded: /usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: mailbox INBOX/Spam: APPEND event
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Pigeonhole version 0.5.19 (4eae2f79) initializing
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: Static mailbox rule [1]: mailbox=Spam' from=
*' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-spam.sieve' after=(none)
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: Static mailbox rule [2]: mailbox=*' from=
Spam' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-ham.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Deleted)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Pigeonhole version 0.5.19 (4eae2f79) initializing
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: Static mailbox rule [1]: mailbox=Spam' from=
*' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-spam.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: Static mailbox rule [2]: mailbox=*' from=
Spam' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-ham.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Seen)
My /etc/dovecot/local.conf looks like this:
## dovecot.conf
# Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
## 10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = yes
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
## 10-director.conf
## 10-logging.conf
# Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
## 10-mail.conf
# Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
# Namespace type: private, shared or public
type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
separator = /
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
prefix = INBOX/
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
# If namespace is hidden, it's not advertised to clients via NAMESPACE
# extension. You'll most likely also want to set list=no. This is mostly
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
# If namespace namespace/location fails to load, by default the entire
# session will fail to start. If this is set, this namespace will be ignored
# instead.
ignore_on_failure = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
# See 15-mailboxes.conf for definitions of special mailboxes.
}
## 10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24
}
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
# Auth process is run as this user.
#user = $default_internal_user
}
## 10-ssl.conf
## 10-tcpwrapper.conf
## 15-lda.conf
## 15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
}
## 20-imap.conf
protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
## 20-lmtp.conf
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
## 20-managesieve.conf
## 90-acl.conf
## 90-plugin.conf
## 90-quota.conf
## 90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
## 90-sieve-extprograms.conf
root@ServerIV-home:~# ^C
root@ServerIV-home:~# cat /etc/dovecot/local.conf
## dovecot.conf
# Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
## 10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = yes
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
## 10-director.conf
## 10-logging.conf
# Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
## 10-mail.conf
# Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
# Namespace type: private, shared or public
type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
separator = /
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
prefix = INBOX/
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
# If namespace is hidden, it's not advertised to clients via NAMESPACE
# extension. You'll most likely also want to set list=no. This is mostly
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
# If namespace namespace/location fails to load, by default the entire
# session will fail to start. If this is set, this namespace will be ignored
# instead.
ignore_on_failure = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
# See 15-mailboxes.conf for definitions of special mailboxes.
}
## 10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24
}
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
# Auth process is run as this user.
#user = $default_internal_user
}
## 10-ssl.conf
## 10-tcpwrapper.conf
## 15-lda.conf
## 15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
}
## 20-imap.conf
protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
## 20-lmtp.conf
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
## 20-managesieve.conf
## 90-acl.conf
## 90-plugin.conf
## 90-quota.conf
## 90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
## 90-sieve-extprograms.conf
root@ServerIV-home:~# cat /etc/dovecot/local.conf
## dovecot.conf
# Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
## 10-auth.conf
# Disable LOGIN command and all other plaintext authentications unless
# SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
# matches the local IP (ie. you're connecting from the same computer), the
# connection is considered secure and plaintext authentication is allowed.
# See also ssl=required setting.
disable_plaintext_auth = yes
# Space separated list of wanted authentication mechanisms:
# plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
# gss-spnego
# NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
# Username formatting before it's looked up from databases. You can use
# the standard variables here, eg. %Lu would lowercase the username, %n would
# drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
# "-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
##
## Password and user databases
##
#
# Password database is used to verify user's password (and nothing more).
# You can have multiple passdbs and userdbs. This is useful if you want to
# allow both system users (/etc/passwd) and virtual users to login without
# duplicating the system users into virtual database.
#
# <doc/wiki/PasswordDatabase.txt>
#
# User database specifies where mails are located and what user/group IDs
# own them. For single-UID configuration use "static" userdb.
#
# <doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
## 10-director.conf
## 10-logging.conf
# Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
## 10-mail.conf
# Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
# Namespace type: private, shared or public
type = private
# Hierarchy separator to use. You should use the same separator for all
# namespaces or some clients get confused. '/' is usually a good one.
# The default however depends on the underlying mail storage format.
separator = /
# Prefix required to access this namespace. This needs to be different for
# all namespaces. For example "Public/".
prefix = INBOX/
# Physical location of the mailbox. This is in same format as
# mail_location, which is also the default for it.
location =
# There can be only one INBOX, and this setting defines which namespace
# has it.
inbox = yes
# If namespace is hidden, it's not advertised to clients via NAMESPACE
# extension. You'll most likely also want to set list=no. This is mostly
# useful when converting from another server with different namespaces which
# you want to deprecate but still keep working. For example you can create
# hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
# If namespace namespace/location fails to load, by default the entire
# session will fail to start. If this is set, this namespace will be ignored
# instead.
ignore_on_failure = no
# Show the mailboxes under this namespace with LIST command. This makes the
# namespace visible for clients that don't support NAMESPACE extension.
# "children" value lists child mailboxes, but hides the namespace prefix.
list = yes
# Namespace handles its own subscriptions. If set to "no", the parent
# namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
# See 15-mailboxes.conf for definitions of special mailboxes.
}
## 10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24
}
}
service auth {
# auth_socket_path points to this userdb socket by default. It's typically
# used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
# full permissions to this socket are able to get a list of all usernames and
# get the results of everyone's userdb lookups.
#
# The default 0666 mode allows anyone to connect to the socket, but the
# userdb lookups will succeed only if the userdb returns an "uid" field that
# matches the caller process's UID. Also if caller's uid or gid matches the
# socket's uid or gid the lookup succeeds. Anything else causes a failure.
#
# To give the caller full permissions to lookup all users, set the mode to
# something else than 0666 and Dovecot lets the kernel enforce the
# permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =
}
# Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666
}
# Auth process is run as this user.
#user = $default_internal_user
}
## 10-ssl.conf
## 10-tcpwrapper.conf
## 15-lda.conf
## 15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
}
## 20-imap.conf
protocol imap {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
## 20-lmtp.conf
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
## 20-managesieve.conf
## 90-acl.conf
## 90-plugin.conf
## 90-quota.conf
## 90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
# From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
# From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
## 90-sieve-extprograms.conf
Meanwhile I tried a lot of several guides in the internet – nothing of them worked for me – what’s hard to understand because it’s a fresh and simple installation I did.
Any help is very appreciated!
Thanks
Jens