Host: VMware Workstation 14.1.8
OS: Debian 12 (Bookworm)
Dovecot: 2.3.19.1
Postfix: 3.7.10 Mailclient: Outlook 2016
Hello,
I am currently working on a new mail server to replace my Debian 10 mail server. For preparation, I use VMware Workstation to learn and test the installation steps. When I'm eventually done, I'll rebuild my root server from scratch.
This time, my problem is getting the IMAPSieve plugin working to trigger rspamd if mail gets moved to the junk folder. Sieve runs well – if rspam recognizes a spam mail, it will be transferred to the junk folder.
For me it looks like the IMAPSieve plugin recognizes the move but will not running the script behind. I can see some actions in the log but nothing happens on the rspamd side where the log is also open to view. Moving a mail with Outlook produces the following log entry:
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: Module loaded: /usr/lib/dovecot/modules/lib95_imap_sieve_plugin.so
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: mailbox INBOX/Spam: APPEND event
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Pigeonhole version 0.5.19 (4eae2f79) initializing
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: Static mailbox rule [1]: mailbox=Spam' from=*' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-spam.sieve' after=(none)
imap(mail@test.example)<1797><a/FKmgIcqKvAqB4a>: Debug: imapsieve: Static mailbox rule [2]: mailbox=*' from=Spam' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-ham.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Deleted)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Pigeonhole version 0.5.19 (4eae2f79) initializing
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.5.19 (4eae2f79) loaded
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: Static mailbox rule [1]: mailbox=Spam' from=*' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-spam.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: Static mailbox rule [2]: mailbox=*' from=Spam' causes=(COPY APPEND) => before=`file:/usr/lib/dovecot/sieve/report-ham.sieve' after=(none)
imap(mail@test.example)<1795><iC6JmQIcnqvAqB4a>: Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Seen)
My /etc/dovecot/local.conf looks like this:
dovecot.conf
Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
10-auth.conf
Disable LOGIN command and all other plaintext authentications unless
SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
matches the local IP (ie. you're connecting from the same computer), the
connection is considered secure and plaintext authentication is allowed.
See also ssl=required setting.
disable_plaintext_auth = yes
Space separated list of wanted authentication mechanisms:
plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
gss-spnego
NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
Username formatting before it's looked up from databases. You can use
the standard variables here, eg. %Lu would lowercase the username, %n would
drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
"-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
Password and user databases
Password database is used to verify user's password (and nothing more).
You can have multiple passdbs and userdbs. This is useful if you want to
allow both system users (/etc/passwd) and virtual users to login without
duplicating the system users into virtual database.
<doc/wiki/PasswordDatabase.txt>
User database specifies where mails are located and what user/group IDs
own them. For single-UID configuration use "static" userdb.
<doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
10-director.conf
10-logging.conf
Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
10-mail.conf
Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
Namespace type: private, shared or public
type = private
Hierarchy separator to use. You should use the same separator for all
namespaces or some clients get confused. '/' is usually a good one.
The default however depends on the underlying mail storage format.
separator = /
Prefix required to access this namespace. This needs to be different for
all namespaces. For example "Public/".
prefix = INBOX/
Physical location of the mailbox. This is in same format as
mail_location, which is also the default for it.
location =
There can be only one INBOX, and this setting defines which namespace
has it.
inbox = yes
If namespace is hidden, it's not advertised to clients via NAMESPACE
extension. You'll most likely also want to set list=no. This is mostly
useful when converting from another server with different namespaces which
you want to deprecate but still keep working. For example you can create
hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
If namespace namespace/location fails to load, by default the entire
session will fail to start. If this is set, this namespace will be ignored
instead.
ignore_on_failure = no
Show the mailboxes under this namespace with LIST command. This makes the
namespace visible for clients that don't support NAMESPACE extension.
"children" value lists child mailboxes, but hides the namespace prefix.
list = yes
Namespace handles its own subscriptions. If set to "no", the parent
namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
See 15-mailboxes.conf for definitions of special mailboxes.
}
10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24}
}
service auth {
auth_socket_path points to this userdb socket by default. It's typically
used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
full permissions to this socket are able to get a list of all usernames and
get the results of everyone's userdb lookups.
The default 0666 mode allows anyone to connect to the socket, but the
userdb lookups will succeed only if the userdb returns an "uid" field that
matches the caller process's UID. Also if caller's uid or gid matches the
socket's uid or gid the lookup succeeds. Anything else causes a failure.
To give the caller full permissions to lookup all users, set the mode to
something else than 0666 and Dovecot lets the kernel enforce the
permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =}
Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666}
Auth process is run as this user.
#user = $default_internal_user
}
10-ssl.conf
10-tcpwrapper.conf
15-lda.conf
15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}}
20-imap.conf
protocol imap {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
20-lmtp.conf
protocol lmtp {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
20-managesieve.conf
90-acl.conf
90-plugin.conf
90-quota.conf
90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
90-sieve-extprograms.conf
root@ServerIV-home:~# ^C
root@ServerIV-home:~# cat /etc/dovecot/local.conf
dovecot.conf
Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
10-auth.conf
Disable LOGIN command and all other plaintext authentications unless
SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
matches the local IP (ie. you're connecting from the same computer), the
connection is considered secure and plaintext authentication is allowed.
See also ssl=required setting.
disable_plaintext_auth = yes
Space separated list of wanted authentication mechanisms:
plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
gss-spnego
NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
Username formatting before it's looked up from databases. You can use
the standard variables here, eg. %Lu would lowercase the username, %n would
drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
"-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
Password and user databases
Password database is used to verify user's password (and nothing more).
You can have multiple passdbs and userdbs. This is useful if you want to
allow both system users (/etc/passwd) and virtual users to login without
duplicating the system users into virtual database.
<doc/wiki/PasswordDatabase.txt>
User database specifies where mails are located and what user/group IDs
own them. For single-UID configuration use "static" userdb.
<doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
10-director.conf
10-logging.conf
Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
10-mail.conf
Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
Namespace type: private, shared or public
type = private
Hierarchy separator to use. You should use the same separator for all
namespaces or some clients get confused. '/' is usually a good one.
The default however depends on the underlying mail storage format.
separator = /
Prefix required to access this namespace. This needs to be different for
all namespaces. For example "Public/".
prefix = INBOX/
Physical location of the mailbox. This is in same format as
mail_location, which is also the default for it.
location =
There can be only one INBOX, and this setting defines which namespace
has it.
inbox = yes
If namespace is hidden, it's not advertised to clients via NAMESPACE
extension. You'll most likely also want to set list=no. This is mostly
useful when converting from another server with different namespaces which
you want to deprecate but still keep working. For example you can create
hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
If namespace namespace/location fails to load, by default the entire
session will fail to start. If this is set, this namespace will be ignored
instead.
ignore_on_failure = no
Show the mailboxes under this namespace with LIST command. This makes the
namespace visible for clients that don't support NAMESPACE extension.
"children" value lists child mailboxes, but hides the namespace prefix.
list = yes
Namespace handles its own subscriptions. If set to "no", the parent
namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
See 15-mailboxes.conf for definitions of special mailboxes.
}
10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24}
}
service auth {
auth_socket_path points to this userdb socket by default. It's typically
used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
full permissions to this socket are able to get a list of all usernames and
get the results of everyone's userdb lookups.
The default 0666 mode allows anyone to connect to the socket, but the
userdb lookups will succeed only if the userdb returns an "uid" field that
matches the caller process's UID. Also if caller's uid or gid matches the
socket's uid or gid the lookup succeeds. Anything else causes a failure.
To give the caller full permissions to lookup all users, set the mode to
something else than 0666 and Dovecot lets the kernel enforce the
permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =}
Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666}
Auth process is run as this user.
#user = $default_internal_user
}
10-ssl.conf
10-tcpwrapper.conf
15-lda.conf
15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}}
20-imap.conf
protocol imap {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
20-lmtp.conf
protocol lmtp {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
20-managesieve.conf
90-acl.conf
90-plugin.conf
90-quota.conf
90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
90-sieve-extprograms.conf
root@ServerIV-home:~# cat /etc/dovecot/local.conf
dovecot.conf
Mailuser im Log mit Namen darstellen
verbose_proctitle = yes
protocols = imap lmtp sieve
10-auth.conf
Disable LOGIN command and all other plaintext authentications unless
SSL/TLS is used (LOGINDISABLED capability). Note that if the remote IP
matches the local IP (ie. you're connecting from the same computer), the
connection is considered secure and plaintext authentication is allowed.
See also ssl=required setting.
disable_plaintext_auth = yes
Space separated list of wanted authentication mechanisms:
plain login digest-md5 cram-md5 ntlm rpa apop anonymous gssapi otp
gss-spnego
NOTE: See also disable_plaintext_auth setting.
auth_mechanisms = plain login
Username formatting before it's looked up from databases. You can use
the standard variables here, eg. %Lu would lowercase the username, %n would
drop away the domain if it was given, or "%n-AT-%d" would change the '@' into
"-AT-". This translation is done after auth_username_translation changes.
auth_username_format = %Lu
Password and user databases
Password database is used to verify user's password (and nothing more).
You can have multiple passdbs and userdbs. This is useful if you want to
allow both system users (/etc/passwd) and virtual users to login without
duplicating the system users into virtual database.
<doc/wiki/PasswordDatabase.txt>
User database specifies where mails are located and what user/group IDs
own them. For single-UID configuration use "static" userdb.
<doc/wiki/UserDatabase.txt>
#!include conf.d/auth-deny.conf.ext
#!include conf.d/auth-master.conf.ext
#!include conf.d/auth-system.conf.ext
#!include conf.d/auth-sql.conf.ext
#!include conf.d/auth-ldap.conf.ext
!include conf.d/auth-passwdfile.conf.ext
#!include conf.d/auth-checkpassword.conf.ext
#!include conf.d/auth-static.conf.ext
10-director.conf
10-logging.conf
Loglevel festelegen
auth_verbose = no
auth_debug = no
mail_debug = yes
10-mail.conf
Format der Mailbox ändern
mail_location = maildir:~/Maildir
namespace inbox {
Namespace type: private, shared or public
type = private
Hierarchy separator to use. You should use the same separator for all
namespaces or some clients get confused. '/' is usually a good one.
The default however depends on the underlying mail storage format.
separator = /
Prefix required to access this namespace. This needs to be different for
all namespaces. For example "Public/".
prefix = INBOX/
Physical location of the mailbox. This is in same format as
mail_location, which is also the default for it.
location =
There can be only one INBOX, and this setting defines which namespace
has it.
inbox = yes
If namespace is hidden, it's not advertised to clients via NAMESPACE
extension. You'll most likely also want to set list=no. This is mostly
useful when converting from another server with different namespaces which
you want to deprecate but still keep working. For example you can create
hidden namespaces with prefixes "~/mail/", "~%u/mail/" and "mail/".
hidden = no
If namespace namespace/location fails to load, by default the entire
session will fail to start. If this is set, this namespace will be ignored
instead.
ignore_on_failure = no
Show the mailboxes under this namespace with LIST command. This makes the
namespace visible for clients that don't support NAMESPACE extension.
"children" value lists child mailboxes, but hides the namespace prefix.
list = yes
Namespace handles its own subscriptions. If set to "no", the parent
namespace handles them (empty prefix should always have this as "yes")
subscriptions = yes
See 15-mailboxes.conf for definitions of special mailboxes.
}
10-master.conf
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24}
}
service auth {
auth_socket_path points to this userdb socket by default. It's typically
used by dovecot-lda, doveadm, possibly imap process, etc. Users that have
full permissions to this socket are able to get a list of all usernames and
get the results of everyone's userdb lookups.
The default 0666 mode allows anyone to connect to the socket, but the
userdb lookups will succeed only if the userdb returns an "uid" field that
matches the caller process's UID. Also if caller's uid or gid matches the
socket's uid or gid the lookup succeeds. Anything else causes a failure.
To give the caller full permissions to lookup all users, set the mode to
something else than 0666 and Dovecot lets the kernel enforce the
permissions (e.g. 0777 allows everyone full permissions).
unix_listener auth-userdb {
#mode = 0666
#user =
#group =}
Postfix smtp-auth
unix_listener /var/spool/postfix/private/auth {
mode = 0666}
Auth process is run as this user.
#user = $default_internal_user
}
10-ssl.conf
10-tcpwrapper.conf
15-lda.conf
15-mailboxes.conf
namespace inbox {
inbox = yes
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}}
20-imap.conf
protocol imap {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins imap_sieve
}
20-lmtp.conf
protocol lmtp {
Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
20-managesieve.conf
90-acl.conf
90-plugin.conf
90-quota.conf
90-sieve.conf
plugin {
sieve_before = /etc/dovecot/conf.d/custom-sieve/global_before.sieve
sieve_after = /etc/dovecot/conf.d/custom-sieve/global_after.sieve
sieve_plugins = sieve_imapsieve sieve_extprograms
From elsewhere to Spam folder
imapsieve_mailbox1_name = Spam
imapsieve_mailbox1_causes = COPY APPEND
imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve
From Spam folder to elsewhere
imapsieve_mailbox2_name = *
imapsieve_mailbox2_from = Spam
imapsieve_mailbox2_causes = COPY APPEND
imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
sieve_pipe_bin_dir = /usr/lib/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}
90-sieve-extprograms.conf
Meanwhile I tried a lot of several guides in the internet – nothing of them worked for me – what’s hard to understand because it’s a fresh and simple installation I did.
Any help is very appreciated!
Thanks
Jens