Sieve extprograms ?not exexuting?
Hello, I was testing the extprograms plugin. I think I had it working in the past, but many things have changed since then, so no use trying to figure out where it broke - starting over again...
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Dovecot 2.2.16 Pigeonhole 0.4.7
On 4/27/2015 10:47 AM, E.B. wrote:
Hello, I was testing the extprograms plugin. I think I had it working in the past, but many things have changed since then, so no use trying to figure out where it broke - starting over again...
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
It works here. What exactly is your config (output from dovecot -n)?
What does the Sieve script that calls this script look like?
Regards,
Stephan.
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Mon, 27 Apr 2015, E.B. wrote:
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Well, first try with a script that cannot fail (well most likely), e.g.:
#!/bin/sh
( id date set ) >>/tmp/test.$$.log 2>&1
Note the /tmp/test.$$.log, so it will create a new file (hopefully) each time it runs, in order to bypass permission problems, if the file exists already.
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBVT4Ds3z1H7kL/d9rAQIuKgf+J5lnE+6DHNZQYz4nA4Kt+xQI3ul0Gf9/ cdHUeyVfpYtPbSUheHalzlXMgnIulHNHs4FBuRpbWoTVG184Vy6ZVFXRUJSNRRyG wLZhYqVFyTa3zRpoxq1fdxbmdyPtq5dKzO8+lGeDAtiNZdi1cGVWfG1wYEbRQkUp cS7l9FiDba7DvwL6LjQZxGkUNsveyq6ZKitOsveSmWugUphfw0ko+84Y0yVI/5d6 QtslPOj7C4Ag5TFg+5UoQ3GSwOBaTY+kYzF58y4XNatpUWiKtOCbGv3P7FbEgfzl Xle6e6a6Wqg+7/3D11sy+1R9CQUIJjLA1dgC6E8Lgi5cdvyNqJdWRQ== =HO71 -----END PGP SIGNATURE-----
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Well, first try with a script that cannot fail (well most likely), e.g.:
I tried your script for fun, same result. Log showing the script was called, but no output from the script.
I also deleted the script and made sure that debug log showed that sieve could not find the script. Is it chrooted or something weird?
I have confirmed it is being run by calling "exit 3" and seeing in the log that "program ... terminated with non-zero exit code 3" so problem is in commands accessing the filesystem I guess. I added this:
echo "HELLO WORLD" 1>&2
And log shows "Error: HELLO WORLD"
So it's working but no filesystem access. Calling from sieve script with:
execute :input "myinput" "test.sh";
Also tried
execute "test.sh";
Am 27.04.2015 um 20:55 schrieb E.B.:
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Well, first try with a script that cannot fail (well most likely), e.g.:
I tried your script for fun, same result. Log showing the script was called, but no output from the script.
I also deleted the script and made sure that debug log showed that sieve could not find the script. Is it chrooted or something weird?
In another thread you said you are running CentOS. So I strongly guess it is SELinux interfering. Check your auditd log
grep -i AVC /var/log/audit/audit.log
You can test whether your setup works after "setenforce 0". That sets SELinux into permissive mode, loggging AVCs but not blocking actions.
Alexander
In another thread you said you are running CentOS. So I strongly guess it is SELinux interfering. Check your auditd log
grep -i AVC /var/log/audit/audit.log
You can test whether your setup works after "setenforce 0". That sets SELinux into permissive mode, loggging AVCs but not blocking actions.
Good idea, but there are no AVC reports so I guess that's not it. In the meantime I switched to calling the script using a dovecot service and now the script isn't run at all ------ see my new thread on that.
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Well, first try with a script that cannot fail (well most likely), e.g.:
I tried your script for fun, same result. Log showing the script was called, but no output from the script.
I also deleted the script and made sure that debug log showed that sieve could not find the script. Is it chrooted or something weird?
I have confirmed it is being run by calling "exit 3" and seeing in the log that "program ... terminated with non-zero exit code 3" so problem is in commands accessing the filesystem I guess. I added this:
echo "HELLO WORLD" 1>&2
And log shows "Error: HELLO WORLD"
So it's working but no filesystem access.
I just tried this too:
touch /tmp/hello-world
And nothing. I tried to *read* from the filesystem:
TEST=$(cat /tmp/test) echo "TEST: $TEST" 1>&2
Nothing. I found that the script can do other things like connect to network or other services, but any way I try to do something with the filesystem come up empty.
Dont' know if calling the script via dovecot socket service would make this different because there is a bug that prevents extprograms execute via socket broken (see other thread).
Is this on purpose no filesystem access allowed? why?
Calling from sieve script with:
execute :input "myinput" "test.sh";
Also tried
execute "test.sh";
Hello, I was testing the extprograms plugin. I think I had it working in the past, but many things have changed since then, so no use trying to figure out where it broke - starting over again...
Debug-enabled log give me: Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running program: test.sh Apr 27 04:11:36 mail dovecot: lmtp(test@example.com): Debug: waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' to finish after 0 seconds
So I guess it thinks it is running my script? But simple test script does nothing. Here it is:
#!/bin/sh read INPUT INPUT="Hello world: $INPUT" echo "$INPUT" >> /tmp/hello echo "---------------------------" >> /tmp/hello
Permissions on this script file for now are rwxrwxrwx But nothing goes to /tmp/hello at all. Script works when I run it manually. I also tried without the "read" but I think that's required isn't it? Anyway, what else can I do to debug this?
Turns out this is a problem with systemd. I have PrivateTmp=true in the dovecot.service file so anything written to /tmp goes to lala land (is it anywhere I can see outside of the dovecot process?).
Problem solved.
participants (4)
-
Alexander Dalloz
-
E.B.
-
Steffen Kaiser
-
Stephan Bosch