Duplicate e-mail with Dovecot and Sieve
Hi everyone,
we have a duplicate e-mail problem with Dovecot 2.2.13 (LMTP as MDA) on a Debian 8 server.
Our users are on external LDAP.
We just need to setup a vacation responder (with Sieve) for our employees with a redirect to an alias (a distribution list), let's call it /LIST@domain.com/, that comprehends even the user that just activated the out of office.
This generates a loop: when someone write to LIST@domain.com every user of the aforementioned distribution list receives a duplicate e-mail generated from the sieve script of the user with vacation responder active that contains the redirect to LIST@domain.com.
We just tried activating the duplicate extension into sieve script but the redirected e-mail has a different MSG-ID and it's not recognized as a duplicate by the server.
Our dovecot conf is:
/# 2.2.13: /etc/dovecot/dovecot.conf auth_mechanisms = plain login default_vsz_limit = 512 M disable_plaintext_auth = no dotlock_use_excl = no info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_fsync = never mail_location = maildir:~/Maildir mail_max_userip_connections = 50 managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave duplicate mmap_disable = yes passdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } passdb { args = /etc/dovecot/dovecot-ldap-archive.conf driver = ldap } plugin { sieve = file:/var/www/html/ooo/%n/script sieve_dir = /var/www/html/ooo/%n/ sieve_duplicate_default_period = 1m sieve_duplicate_max_period = 1d sieve_extensions = +vnd.dovecot.duplicate +notify +imapflags +vacation-seconds sieve_global = /etc/dovecot/sieve/ sieve_max_redirects = 10 sieve_user_log = file:/var/www/html/ooo/%n/sieve_error.log sieve_vacation_default_period = 1d sieve_vacation_max_period = 90d sieve_vacation_min_period = 5s } protocols = imap pop3 lmtp sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = vmail mode = 0660 user = vmail } user = root } service imap-login { process_limit = 200 } service lmtp { executable = lmtp -L process_min_avail = 5 unix_listener /var/spool/postfix/private/dovecot-lmtp { group = postfix mode = 0666 user = postfix } user = vmail } service managesieve-login { executable = /usr/lib/dovecot/managesieve-login inet_listener sieve { port = 4190 } process_min_avail = 10 service_count = 1 } service managesieve { executable = /usr/lib/dovecot/managesieve } ssl_cert = *xxxxxxxxxxxxxxxxxxxxxxxx* ssl_cipher_list = ALL:!LOW:!aNULL:!eNULL:!SSLv2:!RC4:!MD5:!DES:!EXP:!SEED:!IDEA:!3DES ssl_key = *xxxxxxxxxxxxxxxxxx* userdb { args = /etc/dovecot/dovecot-ldap.conf driver = ldap } userdb { args = /etc/dovecot/dovecot-ldap-archive.conf driver = ldap } protocol lda { auth_socket_path = /var/run/dovecot/auth-master hostname = *xxxxxxxxxxxxxxxxx* info_log_path = /var/log/dovecot-lda.log log_path = /var/log/dovecot-lda-errors.log mail_plugins = " autocreate sieve quota" } protocol lmtp { info_log_path = /var/log/dovecot-lmtp.log log_path = /var/log/dovecot-lmtp-errors.log mail_plugins = " autocreate sieve quota" postmaster_address = postmaster@*xxxxxxxxxx* } protocol sieve { info_log_path = log_path = mail_max_userip_connections = 10 managesieve_implementation_string = dovecot managesieve_logout_format = bytes=%i/%o managesieve_max_compile_errors = 5 managesieve_max_line_length = 65536 }/
An example of user sieve script is:
/require ["vnd.dovecot.duplicate","copy","fileinto","vacation-seconds"]; # rule:[Outofoffice] if true { vacation :addresses "xxxxxxx@domain.tld" :subject "Automatic Reply" text: /
/<Text here> . ; fileinto "INBOX";/
/ redirect "LIST@domain.com";/
/}/
Please could someone give us support on the matter?
Removing the redirect from sieve user script is not an option :-)
Thanks
Cheers
--
*Claudio Corvino IT Systems Administrator*
Trust Italia S.p.A. https://www.trustitalia.it/
*DigiCert Italian Affiliate Certified Partner Platinum Elite*
Via Flaminia, 497 - 00191 Roma *tel.: +39 06332287* *fax: +39 063336145* *e-mail: * ccorvino@trustitalia.it mailto:ccorvino@trustitalia.it *website: * www.trustitalia.it https://www.trustitalia.it
Symantec Authentication Service Le modalità di trattamento dei dati a cui è stato dato il consenso e le relative finalità sono consultabili al link https://www.trustitalia.it/archivio/legal_agreements/informativa_privacy_ema.... Qualora non desiderasse ricevere le nostre comunicazioni, potrà comunicarlo mediante il seguente link https://www.trustitalia.it/site/info_css/05110101/revoca-del-consenso. Inoltre, in ogni momento, potrà modificare o cancellare i dati presenti nel nostro archivio contattandoci all'indirizzo privacy@trustitalia.it mailto:privacy@trustitalia.it
Se possibile non stamparmi! Se possibile, non stamparmi!
On 26 Nov 2019, at 03:13, Claudio Corvino ccorvino@trustitalia.it wrote:
<body text=3D"#000000" bgcolor=3D"#FFFFFF">
Please do not do this.
-- IT DOES NOT SUCK TO BE YOU Bart chalkboard Ep. AABF13
On Tue, Nov 26, 2019, at 5:13 AM, Claudio Corvino via dovecot wrote:
Hi everyone,
we have a duplicate e-mail problem with Dovecot 2.2.13 (LMTP as MDA) on a Debian 8 server.
Our users are on external LDAP.
We just need to setup a vacation responder (with Sieve) for our employees with a redirect to an alias (a distribution list), let's call it *LIST@domain.com*, that comprehends even the user that just activated the out of office.
This generates a loop: when someone write to LIST@domain.com every user of the aforementioned distribution list receives a duplicate e-mail generated from the sieve script of the user with vacation responder active that contains the redirect to LIST@domain.com.
We just tried activating the duplicate extension into sieve script but the redirected e-mail has a different MSG-ID and it's not recognized as a duplicate by the server.
Our dovecot conf is:
[snip]
An example of user sieve script is:
*require ["vnd.dovecot.duplicate","copy","fileinto","vacation-seconds"]; # rule:[Outofoffice] if true { vacation :addresses "xxxxxxx@domain.tld" :subject "Automatic Reply" text: *
*<Text here> . ; fileinto "INBOX";*
- redirect "LIST@domain.com";*
*}*
You've not used the duplicate test anywhere in your example. See the RFC for examples: https://tools.ietf.org/html/rfc7352#section-5
Specifically, example 3 might help: https://tools.ietf.org/html/rfc7352#section-5.3
but most simply, you can probably replace if true with if not duplicate
V/r, James Cassell
Corvino via dovecot dovecot@dovecot.org:
# rule:[Outofoffice] if true
Is this true check used to toggle the vacation responder by commenting/uncommenting the line above?
The "duplicate" test was removed because not working in this particular case, I already read the RFC but I didn't find anything useful for our case.
I'll try replacing if true with if not duplicate into sieve script
and I'll post back the result.
The "true" check is used to enable the out of office rule, otherwise we use "if false # true" to disable it.
Thanks
--
*Claudio Corvino IT Systems Administrator*
Hi,
I think that the test "if not duplicate" could not work for our case, as the out of office should answer everytime, we only wants the redirect to not be sent as a duplicate for the users of the alias LIST.
In other words we would like:
To redirect the e-mail directed to a single user (with out of office active) to LIST@domain.tld, so that every user of the LIST receives one copy;
To delete one copy for the e-mail directed to LIST@domain.tld, otherwise every user of the LIST will receive two e-mail, one directed to the LIST and one generated from the redirect of the sieve script by the user with out of office in active state.
So we're considering to add this part to the users sieve scripts:
/# rule:[RemoveMail]/
/if allof (header :contains "X-Sieve" "Pigeonhole Sieve", header :contains "X-Sieve-Redirected-From" "domain.tld", header :contains ["to", "cc"] "LIST@domain.tld")// //{// // fileinto "Trash";// //}/
So the script become:
/require ["fileinto","vacation-seconds"];/
/# rule:[RemoveDuplicateMail]/
///if allof (header :contains "X-Sieve" "Pigeonhole Sieve", header :contains "X-Sieve-Redirected-From" "domain.tld", header :contains ["to", "cc"] "LIST@domain.tld") { fileinto "Trash"; /
/}/
/# rule:[Outofoffice] if true { vacation :addresses "//xxxxxxx at domain.tld https://dovecot.org/mailman/listinfo/dovecot//" :subject "Automatic Reply" text: <Text here> . ; fileinto "INBOX"; redirect "//LIST at domain.tld https://dovecot.org/mailman/listinfo/dovecot//"; }/
In this way, the duplicate e-mail generated from the redirect to LIST@domain.tld should be moved into Trash.
Just one problem remaining: the e-mail that have LIST@domain.tld in BCC could not be intercepted by the sieve filter as in the header is not present any reference to LIST@domain.tld; am I missing something or this cannot be fixed?
Thanks
Claudio
On 28 Nov 2019, at 09:44, Claudio Corvino ccorvino@trustitalia.it wrote:
Just one problem remaining: the e-mail that have LIST@domain.tld in BCC could not be intercepted by the sieve filter as in the header is not present any reference to LIST@domain.tld; am I missing something or this cannot be fixed?
The normal way to do this is to add an X-Loop header.
And no, there is no way to “fix” the design of Bcc.
-- "Those people who think they know everything are a great annoyance to those of us who do." - Isaac Asimov
X-Loop header could be what I was looking for, thanks!
On 28/11/19 22:03, @lbutlr via dovecot wrote:
On 28 Nov 2019, at 09:44, Claudio Corvino ccorvino@trustitalia.it wrote:
Just one problem remaining: the e-mail that have LIST@domain.tld in BCC could not be intercepted by the sieve filter as in the header is not present any reference to LIST@domain.tld; am I missing something or this cannot be fixed? The normal way to do this is to add an X-Loop header.
And no, there is no way to “fix” the design of Bcc.
Trying to figure out how to implement an X-Loop header to my configuration, any ideas?
On 29/11/19 10:00, Claudio Corvino via dovecot wrote:
X-Loop header could be what I was looking for, thanks!
On 28/11/19 22:03, @lbutlr via dovecot wrote:
On 28 Nov 2019, at 09:44, Claudio Corvino ccorvino@trustitalia.it wrote:
Just one problem remaining: the e-mail that have LIST@domain.tld in BCC could not be intercepted by the sieve filter as in the header is not present any reference to LIST@domain.tld; am I missing something or this cannot be fixed? The normal way to do this is to add an X-Loop header.
And no, there is no way to “fix” the design of Bcc.
Hi Claudio Corvino via dovecot, We have received your request and a ticket has been created with Ticket ID - 22073. A support representative will be reviewing your request and will contact you shortly.
To view the status of the ticket or add comments, please visit https://support.atomia.com/helpdesk/tickets/22073
Speak to you soon,
Atomia Support Team
Atomia via dovecot skrev den 2019-12-11 17:37:
Hi Claudio Corvino via dovecot,
wonderfull example on why mailman sooks on change sender from ://
this mail here should imho be very private not posted to maillists
stop breaking dkim please
Hi all! On 11/12/2019 19:16, Benny Pedersen via dovecot wrote:
Atomia via dovecot skrev den 2019-12-11 17:37: [...] wonderfull example on why mailman sooks on change sender from ://
Reply-to munging is considered harmful - please fix that. And thunderbird shows in the "From", "Recipient", "Correspondents" and "Sender[@]" column only "dovecot@dovecot.org" which neither helpful nor correct.
[...]
Mfg, Bernd
Bernd Petrovitsch Email : bernd@petrovitsch.priv.at LUGA : http://www.luga.at
Bernd Petrovitsch skrev den 2019-12-12 00:44:
Reply-to munging is considered harmful - please fix that. And thunderbird shows in the "From", "Recipient", "Correspondents" and "Sender[@]" column only "dovecot@dovecot.org" which neither helpful nor correct.
it is solved imho
ARC-Authentication-Results i=1; talvi.dovecot.org; dkim=none; spf=pass (talvi.dovecot.org: domain of bernd@petrovitsch.priv.at designates 78.47.184.11 as permitted sender) smtp.mailfrom=bernd@petrovitsch.priv.at
not dkim signed is not a problem
and Reply-to is not default dkim signed
we are btw OT, i am happy its now solved, if more maillists based on mailman follow what dovecot did now we would be out of bussiness
participants (8)
-
@lbutlr
-
Admin
-
admin@awib.it
-
Atomia
-
Benny Pedersen
-
Bernd Petrovitsch
-
Claudio Corvino
-
James Cassell