How to grant user access to his .dovecot.sieve.log?
Hi, What are the recommended ways to give access to their .dovecot.sieve.log messages to the users? I am thinking about placing this file into users Maildir/new, or piping to dovecot-lda.
-- Regards, Sergey Ivanov
Am 01.02.2018 um 18:01 schrieb Sergey Ivanov:
Hi, What are the recommended ways to give access to their .dovecot.sieve.log messages to the users? I am thinking about placing this file into users Maildir/new, or piping to dovecot-lda.
or serve the log as "magic folder". If the user delete the message it deletes also the log ... just an idea...
Andreas
Andreas, can you explain "magic folder"? The only thing I tried was creating named FIFO .dovecot.sieve.log, and starting mailx user@my.domain.com < .dovecot.sieve.log which need to be done for each user of my domain, and better wrapped in some script which will make it started after each sievec run.
Regards, Sergey.
On Fri, Feb 2, 2018 at 7:23 PM, A. Schulze sca@andreasschulze.de wrote:
Am 01.02.2018 um 18:01 schrieb Sergey Ivanov:
Hi, What are the recommended ways to give access to their .dovecot.sieve.log messages to the users? I am thinking about placing this file into users Maildir/new, or piping to dovecot-lda.
or serve the log as "magic folder". If the user delete the message it deletes also the log ... just an idea...
Andreas
Am 04.02.2018 um 03:44 schrieb Sergey Ivanov:
can you explain "magic folder"? ... a not yet existing implementation in dovecot... The idea is simple: extend dovecot-sieve to deliver the logdata as message in a (special?) folder instead/on top of creating a simple logfile.
I'm unable to implement such stuff, but I think such behavior would be handy for users.
Andreas
Answering myself (not yet implemented, but I hope it will work): Using sieve extprograms extension and global "after" script, I can read .dovecot.sieve.log into a sieve variable 'log_content' if this log is not empty. I hope this log will be written before "after" script is called, but will check if it is true. Then using sieve "notify" action with mailto: ${user_mailaddress}?body=${log_content}"
Sergey.
On Thu, Feb 1, 2018 at 5:01 PM, Sergey Ivanov seriv@cs.umd.edu wrote:
Hi, What are the recommended ways to give access to their .dovecot.sieve.log messages to the users? I am thinking about placing this file into users Maildir/new, or piping to dovecot-lda.
-- Regards, Sergey Ivanov
On Feb 6, 2018, at 19:53, Sergey Ivanov seriv@cs.umd.edu wrote:
Answering myself (not yet implemented, but I hope it will work): Using sieve extprograms extension and global "after" script, I can read .dovecot.sieve.log into a sieve variable 'log_content' if this log is not empty. I hope this log will be written before "after" script is called, but will check if it is true. Then using sieve "notify" action with mailto:${user_mailaddress}?body=${log_content}"
Did that work?
-- This is my signature. There are many like it, but this one is mine.
No, it won't work. "sieve_after" require user script to explicitly "keep" the message. If the script fails, the default action stores the message into INBOX, thus finishing executions of sieve scripts. So, in most wanted case the "sieve_after" which suppose to notify user about problems with his script will not be called. These logs contain messages about syntax errors which depend on the exact environment (say, the list of enabled Sieve extensions). Also they have reports about runtime problems like absent folder referenced in the script. It is a bad situation if user can not read these logs.
I see a couple workarounds.
First: a separate FilterSet which user can activate to get .dovecot.sieve.log when he wants. It can be something like
$ cat /srv/dovecot/seriv/.dovecot.sieve require ["vnd.dovecot.execute"]; # rule:[dovecot.sieve.log] if header :contains "subject" "dovecot.sieve.log" { execute "log_content.sh"; }
with
$ cat /usr/lib64/dovecot/sieve-extprograms/log_content.sh #!/bin/bash if test -s $HOME/.dovecot.sieve.log; then /usr/bin/mailx -s "sieve.log" $recipient < $HOME/.dovecot.sieve.log /usr/bin/echo -n '' > $HOME/.dovecot.sieve.log fi
Second: a separate user, say "givemelogs@imap.example.org" on my IMAP server. When user sends to this address a request, it replies with content of users .dovecot.sieve.log emptying it afterwards. It should have access to the "SENDER" external variable. If needed there should be 2 step authentication against forged "SENDER", sending cryptographically strong token and asking user to reply with the same token to authorize request and emptying log. But isn't it too much complexity for such thing as looking at the log?
Even another way, with proposed httpd access, can be set up to work with apache of the version 2.4.8+, using "LocationMatch" and environment variable set to matched regex in "Require User" statement, like:
$ cat /etc/httpd/conf.d/userdir.conf
<IfModule mod_userdir.c>
UserDir /srv/dovecot
Loglevel debug
AllowOverride None
AuthType Basic
AuthName 'private logs'
AuthBasicProvider file
AuthUserFile /etc/httpd/users
Require user %{env:MATCH_WHICHUSER}
SSLRequireSSL
DirectoryIndex .dovecot.sieve.log
</DirectoryMatch>
</IfModule>
Sure for this to work in production I will put "AuthBasicProvider ldap" and authenticate against the same LDAP server as dovecot uses. And I think I should place these sieve files into separate from mail directory like '/srv/sieve/', so that apache won't get access to mail.
-- Regards, Sergey
On Thu, Feb 8, 2018 at 3:43 AM, LuKreme kremels@kreme.com wrote:
Answering myself (not yet implemented, but I hope it will work): Using sieve extprograms extension and global "after" script, I can read .dovecot.sieve.log into a sieve variable 'log_content' if this log is not empty. I hope this log will be written before "after" script is called, but will check if it is true. Then using sieve "notify" action with mailto:${user_mailaddress}?
On Feb 6, 2018, at 19:53, Sergey Ivanov seriv@cs.umd.edu wrote: body=${log_content}"
Did that work?
-- This is my signature. There are many like it, but this one is mine.
participants (3)
-
A. Schulze
-
LuKreme
-
Sergey Ivanov