On 16.09.24 09:50, Sirius wrote:
On sön, 2024/09/15 at 14:30:19 +0200, Richard via dovecot wrote:
I've set up dovecot via global sieve scripts to send mails that a user manually moved to their junk directory to rspamd to learn them as spam (and learn messages as ham if they are moved out of it). I thought I had it all properly set up, but I'm now again seeing log messages like this: root@debian:~# dpkg -l | egrep '^ii.*(rspam|dovecot-core)' ii dovecot-core 1:2.3.21.1+dfsg1-1~bpo12+1 amd64 secure POP3/IMAP server - core files ii rspamd 3.4-1 amd64 Rapid spam filtering system
I do the same as you.
Not exactly. I'm on rspamd 3.9.1-1~82f43560f~bookworm. From rspamd's repo.
root@debian:~# ls -l /etc/dovecot/sieve total 32 -rw-r----- 1 vmail dovecot 188 Sep 4 13:41 global-spam.sieve -rw-r----- 1 vmail vmail 330 Sep 4 14:01 global-spam.svbin -rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-ham.rspamd.script -rw-r----- 1 vmail dovecot 256 Sep 4 13:42 learn-ham.sieve -rw-r----- 1 vmail dovecot 442 Sep 5 03:55 learn-ham.svbin -rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-spam.rspamd.script -rw-r----- 1 vmail dovecot 151 Sep 4 13:43 learn-spam.sieve -rw-r----- 1 vmail dovecot 341 Sep 5 03:56 learn-spam.svbin
The scripts need to be executable.
Yes, I forgot to mention that both shell scripts have 770 permissions.
I have this in the plugin {} section of dovecot.conf:
# This will automatically move spam into Junk/ and when you move a message # into Junk, it will tell rspamd that it is spam for Bayes learning. Moving # false positives out of Junk/ will teach rspamd that it is ham. sieve_plugins = sieve_imapsieve sieve_extprograms sieve_extensions = +editheader +imapflags +mboxmetadata +notify +servermetadata +spamtest +spamtestplus +virustest
I only have sieve_global_extensions enabled. As user scripts aren't supposed to be able to access external programs I don't see any benefit configuring that setting
imapsieve_mailbox1_before =file:/etc/dovecot/sieve/learn-spam.sieve imapsieve_mailbox1_causes = COPY APPEND FLAG imapsieve_mailbox1_name = Junk imapsieve_mailbox2_before =file:/etc/dovecot/sieve/learn-ham.sieve imapsieve_mailbox2_causes = COPY APPEND FLAG imapsieve_mailbox2_from = Junk imapsieve_mailbox2_name = * sieve_pipe_bin_dir = /etc/dovecot/sieve sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
I only had +vnd.dovecot.pipe in here. Let's the if adding +vnd.dovecot.environment changes anything.
sieve_spamtest_status_type = score sieve_spamtest_status_header = X-Spam_score: (-?[[:digit:]]+\.[[:digit:]]) sieve_spamtest_max_value = 6 sieve_before = /etc/dovecot/sieve/global-spam.sieve
I never configured these. What are their use? I've just set up another sieve script (which seems to be working just fine) to sort out all messages marked as spam into the users junk directory. Is this just to do that?
The only other thing was to get the password out of /etc/rspamd/worker-controller.inc and put it in /etc/dovecot/rspamd-controller.password (or whatever file your learn-{sp,h}am script points at to get the password). It needed to be pointed at 127.0.0.1:11334 for the socket.
What is the password needed for? Because manually executing rspamc doesn't ask for some password either. The worker-controller.inc does point at 127.0.0.1 and ::1, but no port seems to be configured.
root@debian:~# cat /etc/dovecot/rspamd-controller.conf.sh # Path to file containing the controller password # (Or, if it doesn't start with '/' or '.', the password itself. # But it might leak the password through ps to other users) RSPAMD_CONTROLLER_PASSWORD=/etc/dovecot/rspamd-controller.password # passed to rspamc with the -h option (host and port) RSPAMD_CONTROLLER_SOCKET=127.0.0.1:11334 # if set uses curl instead of rspamc; should start with http: or https: RSPAMD_CONTROLLER_HOST= # classifier to learn for (default by rspamc: bayes), e.g.
bayes_userRSPAMD_CLASSIFIER=bayesFrom what I remember, it was somewhat fiddly to get this working as I was not intimately familiar with rspamd, nor dovecot or sieve, but this works and it works well. Relatively low incident rate of false positives after a some weeks.
We used to have the same for quite a while now, without needing any of that. I guess the last rspamd update was just borked that much that it won't work for the time being. Some messages aren't even processed at all...