Managesieve cannot access script store
Hi,
I am trying to get sieve working on a new OpenSuse leap 42.2 install. On my 'old' OpenSuse 13.2 machine it worked fine.
The problem is that Managesieve can't access the script store and won't let me create any script. It says permission denied on ~/sieve directory. See log below. I 've activated debug logging, but that doesn't give any clues to me. Also, I've set the directory accessible to all, but Managesieve still complains.
cd ~ ls -l drwx------ 1 rogier users 8340 5 feb 16:54 Maildir drwxrwxrwx 1 rogier users 24 5 feb 18:38 sieve
To rule out client issues (kmail) I tested also with Manual TLS Login as described in: http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
Same result.
I am puzzled. I can't find anything wrong in the dovecot configuration. The output of dovecot -n is shown below. Hope someone has a solution. A lot of mail is waiting to get sorted...
Best Regards, Rogier
The log:
feb 05 20:22:18 p150 dovecot[12120]: managesieve-login: Login: user=<rogier>, method=PLAIN, rip=192.168.0.18, lip=192.168.0.20, mpid=12135, TLS, session=<gmb0bs1H5q/AqAAS> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: Effective uid=1000, gid=100, home=/home/rogier feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: maildir++: root=/home/rogier/Maildir, index=, indexpvt=, control=, inbox=/home/rogier/Maildir, alt= feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: Pigeonhole version 0.4.15 (97b3da0) initializing feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using active Sieve script path: /home/rogier/.dovecot.sieve feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using script storage path: /home/rogier/sieve/ feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using permissions from /home/rogier/sieve/: mode=0777 gid=-1 feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/ feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: sync: Synchronization active feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Error: sieve: file storage: Failed to list scripts: opendir(/home/rogier/sieve) failed: Permission denied
Output of dovecot -n:
# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.15 (97b3da0) # OS: Linux 4.4.36-8-default x86_64 openSUSE 42.2 (x86_64) auth_username_format = %Ln base_dir = /var/run/dovecot/ mail_debug = yes mail_location = maildir:~/Maildir managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext namespace inbox { inbox = yes location = mailbox Drafts { special_use = \Drafts } mailbox Junk { special_use = \Junk } mailbox Sent { special_use = \Sent } mailbox "Sent Messages" { special_use = \Sent } mailbox Trash { special_use = \Trash } prefix = } passdb { driver = pam } plugin { sieve = file:~/sieve/;active=~/.dovecot.sieve sieve_trace_debug = yes } protocols = imap lmtp sieve service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0600 user = postfix } } ssl = required ssl_cert = </etc/ssl/private/dovecot.crt ssl_dh_parameters_length = 2048 ssl_key = </etc/ssl/private/dovecot.pem ssl_options = no_compression ssl_prefer_server_ciphers = yes userdb { driver = passwd } verbose_ssl = yes protocol lmtp { mail_plugins = sieve postmaster_address = postmaster@xxxxxxxxxxxxxx }
Op 2/5/2017 om 8:53 PM schreef dovelist:
Hi,
I am trying to get sieve working on a new OpenSuse leap 42.2 install. On my 'old' OpenSuse 13.2 machine it worked fine.
The problem is that Managesieve can't access the script store and won't let me create any script. It says permission denied on ~/sieve directory. See log below. I 've activated debug logging, but that doesn't give any clues to me. Also, I've set the directory accessible to all, but Managesieve still complains.
cd ~ ls -l drwx------ 1 rogier users 8340 5 feb 16:54 Maildir drwxrwxrwx 1 rogier users 24 5 feb 18:38 sieve
To rule out client issues (kmail) I tested also with Manual TLS Login as described in: http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
Same result.
I am puzzled. I can't find anything wrong in the dovecot configuration. The output of dovecot -n is shown below. Hope someone has a solution. A lot of mail is waiting to get sorted...
Best Regards, Rogier
The log:
feb 05 20:22:18 p150 dovecot[12120]: managesieve-login: Login: user=<rogier>, method=PLAIN, rip=192.168.0.18, lip=192.168.0.20, mpid=12135, TLS, session=<gmb0bs1H5q/AqAAS> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: Effective uid=1000, gid=100, home=/home/rogier feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no, list=yes, subscriptions=yes location=maildir:~/Maildir feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: maildir++: root=/home/rogier/Maildir, index=, indexpvt=, control=, inbox=/home/rogier/Maildir, alt= feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: Pigeonhole version 0.4.15 (97b3da0) initializing feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts. feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using active Sieve script path: /home/rogier/.dovecot.sieve feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using script storage path: /home/rogier/sieve/ feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Using permissions from /home/rogier/sieve/: mode=0777 gid=-1 feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/ feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve: file storage: sync: Synchronization active feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Error: sieve: file storage: Failed to list scripts: opendir(/home/rogier/sieve) failed: Permission denied
Normally, Dovecot permission errors are more helpful than that. So, this error message in itself is a bit of a bug:
https://github.com/dovecot/pigeonhole/commit/51e4ff296987781e1ce93cb1c0ccc14...
About the cause of this error: keep in mind that the whole directory path needs read/execute permission, not only the leaf directory.
You could try a command other than LISTSCRIPTS in your manual debugging efforts. That should take a different code path that provides a more detailed error.
Regards,
Stephan.
Hi Stephan,
Normally, Dovecot permission errors are more helpful than that. So, this error message in itself is a bit of a bug:
I'm glad to h've been able to help with this beta-test ;-)
About the cause of this error: keep in mind that the whole directory path needs read/execute permission, not only the leaf directory.
Have checked. They are...
You could try a command other than LISTSCRIPTS in your manual debugging efforts. That should take a different code path that provides a more detailed error.
I tried:
PUTSCRIPT "hutsefluts" {6+} keep;
Gives the same result:
Feb 10 15:43:26 p150 dovecot[2042]: managesieve(rogier): Error: sieve: file storage: save: open(/home/rogier/sieve/tmp/hutsefluts_1486737806.M728733P6414.p150.sieve) failed: Permission denied
I have put a script named "std.sieve" in the sieve directory manually. Then the GETSCRIPT command gives some more information:
Feb 10 15:50:07 p150 dovecot[2042]: managesieve(rogier): Debug: sieve:
file script: Opened script std' from
/home/rogier/sieve/std.sieve'
Feb 10 15:50:07 p150 dovecot[2042]: managesieve(rogier): Error: sieve:
file script: Failed to open sieve script:
open(/home/rogier/sieve/std.sieve) failed: Permission denied
(euid=1000(rogier) egid=100(users) UNIX perms appear ok (ACL/MAC
wrong?))
So the UNIX permissions seem not to be the problem. The mentioning of ACL made me look into the audit.log. There I found this:
type=AVC msg=audit(1486738207.203:354): apparmor="DENIED" operation="open" profile="/usr/lib/dovecot/managesieve" name="/home/rogier/sieve/std.sieve" pid=6414 comm="managesieve" requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000 type=SYSCALL msg=audit(1486738207.203:354): arch=c000003e syscall=2 success=no exit=-13 a0=55e8920917d8 a1=0 a2=7fff73b41a14 a3=65766569732f7265 items=0 ppid=1861 pid=6414 auid=429 4967295 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100 sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="managesieve" exe="/usr/lib/dovecot/managesieve" key=(null) type=UNKNOWN[1327] msg=audit(1486738207.203:354): proctitle="dovecot/managesieve"
Looks like AppArmor says NO... Does the apparmor profile for managesieve account for this or any other script store location? Or is the user expected to tweak apparmor profiles in such cases? Then I have to figure out how...
Regards, Rogier
OK, I've figured it out:
In the dovecot profile for apparmor the sieve directory is not confgured. I solved it this way:
To configure only one directory in the apparmor profile, I placed the active-script link inside the .sieve directory. Keeping the scripts separate in a store subdirectory, like this: In /etc/dovecot/conf.d/90-sieve.conf :
sieve = file:~/.sieve/store;active=~/.sieve/active.sieve
Then dovecot is granted access by adding the .sieve directory in the apparmor profile. The dovecot file in the tunables directory seems to be a neat way to that: In /etc/apparmor.d/tunables/dovecot :
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ /var/spool/mail/
@{HOME}/.sieve/
Ofcourse the .sieve directory is not really a MAILSTORE. But this way, the configuration stays close to the defaults. I didn't find something like DOVECOT_SIEVESTORE, which would be more appropriate.
After restart of apparmor and dovecot, it works!
@Stephan: thanks for the advice - it did help to pinpoint the problem!
Regards, Rogier
Op 2/11/2017 om 3:24 PM schreef dovelist:
OK, I've figured it out:
In the dovecot profile for apparmor the sieve directory is not confgured. I solved it this way:
To configure only one directory in the apparmor profile, I placed the active-script link inside the .sieve directory. Keeping the scripts separate in a store subdirectory, like this: In /etc/dovecot/conf.d/90-sieve.conf :
sieve = file:~/.sieve/store;active=~/.sieve/active.sieve
Then dovecot is granted access by adding the .sieve directory in the apparmor profile. The dovecot file in the tunables directory seems to be a neat way to that: In /etc/apparmor.d/tunables/dovecot :
@{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ /var/spool/mail/ @{HOME}/.sieve/
Ofcourse the .sieve directory is not really a MAILSTORE. But this way, the configuration stays close to the defaults. I didn't find something like DOVECOT_SIEVESTORE, which would be more appropriate.
After restart of apparmor and dovecot, it works!
@Stephan: thanks for the advice - it did help to pinpoint the problem!
I have no experience with AppArmor. I assume these profile configuration files are created by the packagers for your distribution. You could talk to them to get this fixed in general.
Regards,
Stephan.
Op 2/10/2017 om 5:05 PM schreef dovelist:
Hi Stephan,
Normally, Dovecot permission errors are more helpful than that. So, this error message in itself is a bit of a bug:
I'm glad to h've been able to help with this beta-test ;-)
About the cause of this error: keep in mind that the whole directory path needs read/execute permission, not only the leaf directory.
Have checked. They are...
You could try a command other than LISTSCRIPTS in your manual debugging efforts. That should take a different code path that provides a more detailed error.
I tried:
PUTSCRIPT "hutsefluts" {6+} keep;
Gives the same result:
Feb 10 15:43:26 p150 dovecot[2042]: managesieve(rogier): Error: sieve: file storage: save: open(/home/rogier/sieve/tmp/hutsefluts_1486737806.M728733P6414.p150.sieve) failed: Permission denied
Ah, so there's more. Fixed that too:
https://github.com/dovecot/pigeonhole/commit/34d44f7ad9e872dec6ffa62de2642cb...
Regards,
Stephan.
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help
Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki
On 01/11/2018 11:49 AM, Aki Tuomi wrote:
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki
I have already done it but I can't really tell what I 'm supposed to see in the log
this is a line for a message without matching rule :
Jan 09 23:07:48 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<849d7f91-fdd3-4c07-8039-9e00acfefd2e_2961dc3c-f238-4f72-ad8e-02b1c779e6b5@SYSTEM5.de.local>: stored mail into mailbox 'INBOX'
and this with a working rule:
Jan 10 01:00:04 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<20180109230004.1BC1344773@xxx.xxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix'
both are with lda delivery
and with lmtp :
Jan 11 01:00:04 lmtp(xxxx@xxxxxx.xxx): Info: QVkQD/SaVloKFQAAyyBr5g: sieve: msgid=<20180110230003.D577A42C77@xxx.xxxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix' Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
The rule is pretty simple actually :
require ["fileinto"]; # rule:[Bad] if header :is "subject" "Bad Filename Detected" { fileinto "INBOX/BAD"; stop; } # rule:[postfix] if allof (header :is "subject" "Postfix Dailly logcheck") { fileinto "INBOX/Postfix"; stop; }
And this is a sample rule from a v user that doesn't work :
require ["fileinto"]; # rule:[1] if header :is "from" "xxx@xxxxxxx.com" { fileinto "INBOX/9 - 1"; }
The thing is I expected more verbosity from sieve . is there some option to to turn more verbose messages on ?
On 11.01.2018 12:09, CP wrote:
On 01/11/2018 11:49 AM, Aki Tuomi wrote:
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki
I have already done it but I can't really tell what I 'm supposed to see in the log
this is a line for a message without matching rule :
Jan 09 23:07:48 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<849d7f91-fdd3-4c07-8039-9e00acfefd2e_2961dc3c-f238-4f72-ad8e-02b1c779e6b5@SYSTEM5.de.local>: stored mail into mailbox 'INBOX'
and this with a working rule:
Jan 10 01:00:04 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<20180109230004.1BC1344773@xxx.xxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix'
both are with lda delivery
and with lmtp :
Jan 11 01:00:04 lmtp(xxxx@xxxxxx.xxx): Info: QVkQD/SaVloKFQAAyyBr5g: sieve: msgid=<20180110230003.D577A42C77@xxx.xxxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix' Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
The rule is pretty simple actually :
require ["fileinto"]; # rule:[Bad] if header :is "subject" "Bad Filename Detected" { fileinto "INBOX/BAD"; stop; } # rule:[postfix] if allof (header :is "subject" "Postfix Dailly logcheck") { fileinto "INBOX/Postfix"; stop; }
And this is a sample rule from a v user that doesn't work :
require ["fileinto"]; # rule:[1] if header :is "from" "xxx@xxxxxxx.com" { fileinto "INBOX/9 - 1"; }
The thing is I expected more verbosity from sieve . is there some option to to turn more verbose messages on ?
I cannot see any Debug prefix messages there.
Do you have syslog configured to log debug messages somewhere else? or do you need to set debug_log_path if you are not using syslog?
Aki
On 01/11/2018 12:18 PM, Aki Tuomi wrote:
On 11.01.2018 12:09, CP wrote:
On 01/11/2018 11:49 AM, Aki Tuomi wrote:
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki I have already done it but I can't really tell what I 'm supposed to see in the log
this is a line for a message without matching rule :
Jan 09 23:07:48 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<849d7f91-fdd3-4c07-8039-9e00acfefd2e_2961dc3c-f238-4f72-ad8e-02b1c779e6b5@SYSTEM5.de.local>: stored mail into mailbox 'INBOX'
and this with a working rule:
Jan 10 01:00:04 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<20180109230004.1BC1344773@xxx.xxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix'
both are with lda delivery
and with lmtp :
Jan 11 01:00:04 lmtp(xxxx@xxxxxx.xxx): Info: QVkQD/SaVloKFQAAyyBr5g: sieve: msgid=<20180110230003.D577A42C77@xxx.xxxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix' Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
The rule is pretty simple actually :
require ["fileinto"]; # rule:[Bad] if header :is "subject" "Bad Filename Detected" { fileinto "INBOX/BAD"; stop; } # rule:[postfix] if allof (header :is "subject" "Postfix Dailly logcheck") { fileinto "INBOX/Postfix"; stop; }
And this is a sample rule from a v user that doesn't work :
require ["fileinto"]; # rule:[1] if header :is "from" "xxx@xxxxxxx.com" { fileinto "INBOX/9 - 1"; }
The thing is I expected more verbosity from sieve . is there some option to to turn more verbose messages on ?
I cannot see any Debug prefix messages there.
Do you have syslog configured to log debug messages somewhere else? or do you need to set debug_log_path if you are not using syslog?
Aki
The only thing I tampered with logging is this :
log_path = /var/log/dovecot.log
I wanted to have dovecot messages separeted from mail.log
Anyway I have setup now those two below options re-enabled mail_debug
info_log_path = /var/log/dovecotsieve.log debug_log_path = /var/log/dovecot-sieve-errors.log
George
On 01/11/2018 12:18 PM, Aki Tuomi wrote:
On 11.01.2018 12:09, CP wrote:
On 01/11/2018 11:49 AM, Aki Tuomi wrote:
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki I have already done it but I can't really tell what I 'm supposed to see in the log
this is a line for a message without matching rule :
Jan 09 23:07:48 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<849d7f91-fdd3-4c07-8039-9e00acfefd2e_2961dc3c-f238-4f72-ad8e-02b1c779e6b5@SYSTEM5.de.local>: stored mail into mailbox 'INBOX'
and this with a working rule:
Jan 10 01:00:04 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<20180109230004.1BC1344773@xxx.xxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix'
both are with lda delivery
and with lmtp :
Jan 11 01:00:04 lmtp(xxxx@xxxxxx.xxx): Info: QVkQD/SaVloKFQAAyyBr5g: sieve: msgid=<20180110230003.D577A42C77@xxx.xxxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix' Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
The rule is pretty simple actually :
require ["fileinto"]; # rule:[Bad] if header :is "subject" "Bad Filename Detected" { fileinto "INBOX/BAD"; stop; } # rule:[postfix] if allof (header :is "subject" "Postfix Dailly logcheck") { fileinto "INBOX/Postfix"; stop; }
And this is a sample rule from a v user that doesn't work :
require ["fileinto"]; # rule:[1] if header :is "from" "xxx@xxxxxxx.com" { fileinto "INBOX/9 - 1"; }
The thing is I expected more verbosity from sieve . is there some option to to turn more verbose messages on ?
I cannot see any Debug prefix messages there.
Do you have syslog configured to log debug messages somewhere else? or do you need to set debug_log_path if you are not using syslog?
Aki
This is a fresh log , if you can make something out of it, it seems that it loads the script alright and then I guess there is something wrong with the rule itself ?
Jan 11 12:43:42 lmtp(user@company.com): Debug: sieve: Pigeonhole version
0.4.16 (fed8554) initializing
Jan 11 12:43:42 lmtp(user@company.com): Debug: sieve: include:
sieve_global is not set; it is currently not possible to include
:global' scripts. Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using active Sieve script path: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using script storage path: /home/vmail/company/user/sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Relative path to sieve storage in active link: sieve/ Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using Sieve script path: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file script: Opened script
roundcube'
from /home/vmail/company/user/.dovecot.sieve' Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Using the following location for user's Sieve script: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Opening script 1 of 1 from
/home/vmail/company/user/.dovecot.sieve'
Jan 11 12:43:42 lmtp(user@company.com): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Loading script
/home/vmail/company/user/.dovecot.sieve
Jan 11 12:43:42 lmtp(user@company.com): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Script binary
/home/vmail/company/user/.dovecot.svbin successfully loaded
Jan 11 12:43:42 lmtp(user@company.com): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: binary save: not saving binary
/home/vmail/company/user/.dovecot.svbin, because it is already stored
Jan 11 12:43:42 lmtp(user@company.com): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Executing script from
`/home/vmail/company/user/.dovecot.svbin'
If I'm not asking too much is there a way to manually run the script on the virtual users mailbox in order to check the rules without waiting for a message to arrive ?
Thanks anyway ! George
On 11.01.2018 13:56, CP wrote:
On 01/11/2018 12:18 PM, Aki Tuomi wrote:
On 11.01.2018 12:09, CP wrote:
On 01/11/2018 11:49 AM, Aki Tuomi wrote:
On 11.01.2018 11:45, CP wrote:
Hello list,
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account. I have read tried various HOWTO's found on the net like this :
https://forum.vestacp.com/viewtopic.php?t=11363
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help Hi!
Can you enable mail_debug=yes in dovecot config and see what Sieve says for those rules. Also can you provide sieve rules. The sieve rules in your config file are per-user rules, managesieved does not actually do sieve processing, but provides ability to manage sieve rules remotely.
Aki I have already done it but I can't really tell what I 'm supposed to see in the log
this is a line for a message without matching rule :
Jan 09 23:07:48 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<849d7f91-fdd3-4c07-8039-9e00acfefd2e_2961dc3c-f238-4f72-ad8e-02b1c779e6b5@SYSTEM5.de.local>:
stored mail into mailbox 'INBOX'
and this with a working rule:
Jan 10 01:00:04 lda(xxxx@xxxxxx.xxx): Info: sieve: msgid=<20180109230004.1BC1344773@xxx.xxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix'
both are with lda delivery
and with lmtp :
Jan 11 01:00:04 lmtp(xxxx@xxxxxx.xxx): Info: QVkQD/SaVloKFQAAyyBr5g: sieve: msgid=<20180110230003.D577A42C77@xxx.xxxxxx.xxx>: stored mail into mailbox 'INBOX/Postfix' Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
The rule is pretty simple actually :
require ["fileinto"]; # rule:[Bad] if header :is "subject" "Bad Filename Detected" { fileinto "INBOX/BAD"; stop; } # rule:[postfix] if allof (header :is "subject" "Postfix Dailly logcheck") { fileinto "INBOX/Postfix"; stop; }
And this is a sample rule from a v user that doesn't work :
require ["fileinto"]; # rule:[1] if header :is "from" "xxx@xxxxxxx.com" { fileinto "INBOX/9 - 1"; }
The thing is I expected more verbosity from sieve . is there some option to to turn more verbose messages on ?
I cannot see any Debug prefix messages there.
Do you have syslog configured to log debug messages somewhere else? or do you need to set debug_log_path if you are not using syslog?
Aki
This is a fresh log , if you can make something out of it, it seems that it loads the script alright and then I guess there is something wrong with the rule itself ?
Jan 11 12:43:42 lmtp(user@company.com): Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing Jan 11 12:43:42 lmtp(user@company.com): Debug: sieve: include: sieve_global is not set; it is currently not possible to include
:global' scripts. Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using active Sieve script path: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using script storage path: /home/vmail/company/user/sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Relative path to sieve storage in active link: sieve/ Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using Sieve script path: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file script: Opened script
roundcube' from/home/vmail/company/user/.dovecot.sieve' Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Using the following location for user's Sieve script: /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Opening script 1 of 1 from
/home/vmail/company/user/.dovecot.sieve' Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Loading script /home/vmail/company/user/.dovecot.sieve Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Script binary /home/vmail/company/user/.dovecot.svbin successfully loaded Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: binary save: not saving binary /home/vmail/company/user/.dovecot.svbin, because it is already stored Jan 11 12:43:42 lmtp(user@company.com): Debug: SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Executing script from `/home/vmail/company/user/.dovecot.svbin'If I'm not asking too much is there a way to manually run the script on the virtual users mailbox in order to check the rules without waiting for a message to arrive ?
Thanks anyway ! George
Yes, use 'sieve-test'.
Aki
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 11 Jan 2018, CP wrote:
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account.
Hmm, your conf contains just one passdb and one userbd:
mail_location = maildir:/home/vmail/%d/%n/Maildir
sieve = file:/home/vmail/%d/%n/sieve;active=/home/vmail/%d/%n/.dovecot.sieve
userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir driver = static }
So, how does the real user authentificate?
Second, you've violated: https://wiki2.dovecot.org/VirtualUsers/Home?highlight=%28home%29|%28mail%29
make home and mail_location distinct. I guess, above should read: home=/home/vmail/%d/%n/
You've wrote "managesieve" is not working. That means, sieve is working? So, has vmail write permission to : /home/vmail/%d/%n/sieve is it a directory? Does your users log into managesieve with domain, too?
but nothing is working for my case, so something is wrong in my setup and I hope you guys might shed some light . The setup is rather simple it's 20 v users with one public folder , I have tried both dovecot lda and lmtp .
doveconf -n included
Thanks in advance for any help
Steffen Kaiser -----BEGIN PGP SIGNATURE----- Version: GnuPG v1
iQEVAwUBWldLMMQnQQNheMxiAQLwjAf/enwWoeT5Phx1zuFPh3L0Cn2xemt+nJZU N1z0N6bkICBJKty7L8t/KNnA0a3L7suFKw3lCuQnP3O1FS6O9Kb8dtdynZgjkBeI xjdtVMjK1qtNmwdEtWfZ1LwAuPeMe/qNDDMBpsyqPAPN6RwMrFsEwvoGgq+PdVVX 1XQsQkSpJqjv2mzZfHRqS4c7vrUR/6l54+PY6NT8MEGtX4tZs/z7TVd0Oh75yTKn SpQT7cW/4Xmt06k4ddfB+WjR5MMaEtrc14Zr7RGCIuAyyaS3c/j9xCTYm/nRben8 GykXJS8VYY2xHT2Eq7q397EZKjtMISv07qunLaZjONAsIxMt6T6dBA== =I8QQ -----END PGP SIGNATURE-----
On 01/11/2018 01:32 PM, Steffen Kaiser wrote:
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
On Thu, 11 Jan 2018, CP wrote:
I'm trying to setup sieve on a Debian 9 install with virtual users. Perhaps I'm getting old, but I can't figure out why managesieve is not working for virtual users. I have about 20 v users on this machine and only one has also a real unix account. The sieve rules work for this single unix account but not for any other account.
Hmm, your conf contains just one passdb and one userbd:
mail_location = maildir:/home/vmail/%d/%n/Maildir
sieve = file:/home/vmail/%d/%n/sieve;active=/home/vmail/%d/%n/.dovecot.sieve
userdb { args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir driver = static }
So, how does the real user authentificate?
Sorry my bad , the real user does not login for mail , as I said to Aki probably the rule is not working as expected and on the contrast it works OK for the other v user.
Second, you've violated: https://wiki2.dovecot.org/VirtualUsers/Home?highlight=%28home%29|%28mail%29
make home and mail_location distinct. I guess, above should read: home=/home/vmail/%d/%n/
If I switch it now will it affect how the users are working now ? Will it produce trouble if I leave it as is ?
You've wrote "managesieve" is not working. That means, sieve is working? So, has vmail write permission to : /home/vmail/%d/%n/sieve is it a directory? Does your users log into managesieve with domain, too?
Yes sieve is a dir , everything is owned by vmail user, no permissions problem. Sieve is working for other user so I guess something is wrong with rules
Thank you guys for all the help
George
participants (5)
-
Aki Tuomi
-
CP
-
dovelist
-
Steffen Kaiser
-
Stephan Bosch