[Dovecot] Getting started with sieve and conversion from procmail
Hi,
I have a fedora15 system with dovecot-v2.0.15, dovecot-pigeonhole and and amavisd-new and would like to implement it on my system using postfix. I've read the basic wiki documentation, but I really can't figure out the proper starting point in my case. I've enabled "protocol lda" in 15-lda.conf and added "sieve" to the list of mail_plugins.
I'm trying to adapt postfix to use deliver as its LDA for multiple virtual domains. I've added the following to master.cf:
dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} -a "${RECIPIENT}"
Is that the proper format? Is it okay to use the dovecot user here, or should I create a new user? What permissions does this user need to possess?
I've added the following to main.cf:
dovecot_destination_recipient_limit = 1 virtual_transport = dovecot
I have a number of procmail scripts and I've converted them to sieve, but they didn't convert very well. Can someone show me how to convert the following:
:0 { :0 fhW | /home/alex/bin/process-mail.pl }
The script skipped right over that. I'm also trying to convert the following:
:0
- (RCVD_IN_DNSWL_HI|RCVD_IN_DNSWL_LOW|RCVD_IN_HOSTKARMA_W)
- !USER_IN_WHITELIST
- !BAYES_00
- !URIBL_
- !KHOP_RCVD_UNTRUST
- !RCVD_IN_DNSWL_MED
- !SPF_SOFTFAIL
- SPF_HELO_PASS
- SPF_PASS { LOG="DNSWL: " :0: whitelist/dnswl }
The script only produced the following:
if true { if true { if true { if true { if true { if true { if true { if true { if true { if true { fileinto "{"; fileinto " LOG="DNSWL: ""; fileinto " :0:"; fileinto " whitelist/dnswl"; fileinto "}"; }
Any ideas greatly appreciated.
Thanks, Alex
On 11/15/2011 3:30 AM, Alex wrote:
I have a number of procmail scripts and I've converted them to sieve, but they didn't convert very well. Can someone show me how to convert the following:
:0 { :0 fhW | /home/alex/bin/process-mail.pl }
The script skipped right over that. The Sieve language doesn't support invoking external programs. You can execute this program before Sieve, for instance by wrapping the LDA invocation. Also, there is a non-standard (an still pretty much experimental) language extension for this, as provided by the pipe plugin:
http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe
I'm also trying to convert the following:
:0
- (RCVD_IN_DNSWL_HI|RCVD_IN_DNSWL_LOW|RCVD_IN_HOSTKARMA_W)
- !USER_IN_WHITELIST
- !BAYES_00
- !URIBL_
- !KHOP_RCVD_UNTRUST
- !RCVD_IN_DNSWL_MED
- !SPF_SOFTFAIL
- SPF_HELO_PASS
- SPF_PASS { LOG="DNSWL: " :0: whitelist/dnswl }
The script only produced the following: [...] Any ideas greatly appreciated.
I'm not sure what these rules are supposed to mean (most conditions are obscured in variables), but by the looks of things these should also be executed outside Sieve as well. If all those conditions map to simple header and envelope tests, you can provide a Sieve alternative. However, I think USER_IN_WHITELIST queries some external list and that too is not (currently) possible from Pigeonhole Sieve. Also, it is not possible to change the log prefix from Sieve (as suggested by LOG=).
Regards,
Stephan
Hi,
I have a number of procmail scripts and I've converted them to sieve, but they didn't convert very well. Can someone show me how to convert the following:
:0 { :0 fhW | /home/alex/bin/process-mail.pl }
The script skipped right over that.
The Sieve language doesn't support invoking external programs. You can execute this program before Sieve, for instance by wrapping the LDA invocation.
Can you describe how I might do this?
Also, there is a non-standard (an still pretty much experimental) language extension for this, as provided by the pipe plugin:
Is there a way to just continue to use procmail?
I'm also trying to convert the following:
:0
- (RCVD_IN_DNSWL_HI|RCVD_IN_DNSWL_LOW|RCVD_IN_HOSTKARMA_W)
- !USER_IN_WHITELIST
- !BAYES_00
- !URIBL_
- !KHOP_RCVD_UNTRUST
- !RCVD_IN_DNSWL_MED
- !SPF_SOFTFAIL
- SPF_HELO_PASS
- SPF_PASS { LOG="DNSWL: " :0: whitelist/dnswl }
The script only produced the following:
[...]
Any ideas greatly appreciated.
I'm not sure what these rules are supposed to mean (most conditions are obscured in variables), but by the looks of things these should also be executed outside Sieve as well. If all those conditions map to simple header and envelope tests, you can provide a Sieve alternative. However, I think USER_IN_WHITELIST queries some external list and that too is not (currently) possible from Pigeonhole Sieve. Also, it is not possible to change the log prefix from Sieve (as suggested by LOG=).
No, these are all simple header matches. There's no external program being executed here. The LOG= is also a procmail built-in, but I can do without that.
Thanks again, Alex
Op 15-11-2011 16:38, Alex schreef:
Hi,
The Sieve language doesn't support invoking external programs. You can execute this program before Sieve, for instance by wrapping the LDA invocation. Can you describe how I might do this?
You can write a shell script that is executed from your MTA instead of the Dovecot LDA. Perform the process-mail task from within that script and then call the Dovecot LDA from the shell script (and pipe the message to it).
Also, there is a non-standard (an still pretty much experimental) language extension for this, as provided by the pipe plugin: Is there a way to just continue to use procmail?
Yes, you can pipe the message to the Dovecot LDA from procmail. This would be similar to the solution described above, only using Procmail instead of a shell script.
Regards,
Stephan.
Hi,
The Sieve language doesn't support invoking external programs. You can execute this program before Sieve, for instance by wrapping the LDA invocation.
Can you describe how I might do this?
You can write a shell script that is executed from your MTA instead of the Dovecot LDA. Perform the process-mail task from within that script and then call the Dovecot LDA from the shell script (and pipe the message to it).
So you mean from master.cf, in the same way as deliver is being executed?
dovecot unix - n n - - pipe flags=DRhu user=dovecot:dovecot argv=/usr/libexec/dovecot/deliver -f ${sender} -d ${recipient} -a "${RECIPIENT}"
Replacing deliver here with a shell script? Then execute deliver from within the shell script, or just do the delivery from within a shell script altogether?
Is there a way to just continue to use procmail?
Yes, you can pipe the message to the Dovecot LDA from procmail. This would be similar to the solution described above, only using Procmail instead of a shell script.
Are you referring to doing something like this:
http://wiki2.dovecot.org/procmail
I just don't understand how to invoke procmail from deliver.
My main motivation for trying to continue to use procmail is that the sieve language seems far more complicated and involved than even a procmail recipe, and isn't as fully developed.
I don't want to make this even more complicated, however. Perhaps you can explain how to filter a basic message based on something in the body or a header and sort it into a file?
Thanks so much for your help. Best, Alex
On Tue, 2011-11-15 at 13:09 -0500, Alex wrote:
Yes, you can pipe the message to the Dovecot LDA from procmail. This would be similar to the solution described above, only using Procmail instead of a shell script.
Are you referring to doing something like this:
http://wiki2.dovecot.org/procmail
I just don't understand how to invoke procmail from deliver.
The idea was to invoke deliver from procmail. I still do this myself since I haven't bothered changing my procmail scripts to Sieve:
DELIVER=/usr/local/libexec/dovecot/deliver
:0
- ^List-Id.*dovecot.dovecot.org | $DELIVER -m dovecot
:0 | $DELIVER
etc.
Hi,
I just don't understand how to invoke procmail from deliver.
The idea was to invoke deliver from procmail. I still do this myself since I haven't bothered changing my procmail scripts to Sieve:
DELIVER=/usr/local/libexec/dovecot/deliver
:0
- ^List-Id.*dovecot.dovecot.org | $DELIVER -m dovecot
:0 | $DELIVER
How do I tell dovecot to use procmail so that it may invoke deliver?
Thanks again, Alex
On 16.11.2011, at 0.14, Alex wrote:
I just don't understand how to invoke procmail from deliver.
The idea was to invoke deliver from procmail. I still do this myself since I haven't bothered changing my procmail scripts to Sieve:
DELIVER=/usr/local/libexec/dovecot/deliver
:0
- ^List-Id.*dovecot.dovecot.org | $DELIVER -m dovecot
:0 | $DELIVER
How do I tell dovecot to use procmail so that it may invoke deliver?
You don't. You tell your MTA to invoke procmail, which is what I think you're already doing? So the only change would be to modify your ~/.procmailrc.
Hi,
I just don't understand how to invoke procmail from deliver.
The idea was to invoke deliver from procmail. I still do this myself since I haven't bothered changing my procmail scripts to Sieve:
DELIVER=/usr/local/libexec/dovecot/deliver
:0
- ^List-Id.*dovecot.dovecot.org | $DELIVER -m dovecot
:0 | $DELIVER
How do I tell dovecot to use procmail so that it may invoke deliver?
You don't. You tell your MTA to invoke procmail, which is what I think you're already doing? So the only change would be to modify your ~/.procmailrc.
Okay, I'm making progress. I disabled the virtual_domain stuff in main.cf for postfix and just enabled mail_command=procmail. I think there's something wrong with the deliver command.
It's now delivering, but my deliver command must be wrong. This is my ~/.procmailrc:
# Log an abstract of all messages LOGABSTRACT=all
PATH=/bin:/sbin:/usr/bin:/usr/sbin:/usr/lib:/usr/local/bin LOGFILE=$HOME/.maillog MAILDIR=$HOME/mail PROCHOME=$HOME/.procmail SENDMAIL=/usr/sbin/sendmail VERBOSE=yes
DELIVER=/usr/libexec/dovecot/deliver
:0 fhW | $DELIVER -m xspamtest
:0 fhw | $DELIVER
When a mail is received, it prints this to .maillog:
procmail: [23382] Tue Nov 15 18:56:04 2011 procmail: Assigning "COMSAT=no" procmail: Assigning "COMSAT=no" procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Executing "/usr/libexec/dovecot/deliver,-m,xspamtest" procmail: [23383] Tue Nov 15 18:56:04 2011 procmail: Assigning "COMSAT=no" procmail: Assigning "COMSAT=no" procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Executing "/usr/libexec/dovecot/deliver,-m,xspamtest" procmail: Non-zero exitcode (75) from "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Executing "/usr/libexec/dovecot/deliver" procmail: Non-zero exitcode (75) from "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Program failure (75) of "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Locking "/var/spool/mail/alexuser.lock" procmail: Assigning "LASTFOLDER=/var/spool/mail/alexuser" procmail: Opening "/var/spool/mail/alexuser" procmail: Acquiring kernel-lock procmail: Executing "/usr/libexec/dovecot/deliver" procmail: Program failure (75) of "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Locking "/var/spool/mail/alexuser.lock" procmail: Unlocking "/var/spool/mail/alexuser.lock"
From prvs=293a46ea3=mm@mydomain.com Tue Nov 15 18:56:04 2011 Subject: Grand Manor, Corvallis, OR, USA, AUTOMATED Extrane Folder: /var/spool/mail/bcc-user 17025
It delivers to the mail spool, but executing deliver as its printed in the procmailrc:
# # /usr/libexec/dovecot/deliver -m spamtest lda(root): Fatal: destination user parameter (-d user) not given
Am I doing something wrong?
Thanks, Alex
On 16.11.2011, at 2.00, Alex wrote:
It's now delivering, but my deliver command must be wrong. This is my ~/.procmailrc: .. # # /usr/libexec/dovecot/deliver -m spamtest lda(root): Fatal: destination user parameter (-d user) not given
Am I doing something wrong?
Is it trying to deliver mails to root user? That's not supported.
Hi,
It's now delivering, but my deliver command must be wrong. This is my ~/.procmailrc: .. # # /usr/libexec/dovecot/deliver -m spamtest lda(root): Fatal: destination user parameter (-d user) not given
Am I doing something wrong?
Is it trying to deliver mails to root user? That's not supported.
No, I was just running as root from the command-line for an example. The maillog shows error 75:
procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Executing "/usr/libexec/dovecot/deliver,-m,xspamtest" procmail: Non-zero exitcode (75) from "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Executing "/usr/libexec/dovecot/deliver" procmail: Program failure (75) of "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded
This was for a test user named "alexuser" I created.
Thanks again, Alex
On 16.11.2011, at 2.08, Alex wrote:
No, I was just running as root from the command-line for an example. The maillog shows error 75:
procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Executing "/usr/libexec/dovecot/deliver,-m,xspamtest" procmail: Non-zero exitcode (75) from "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Executing "/usr/libexec/dovecot/deliver" procmail: Program failure (75) of "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded
This was for a test user named "alexuser" I created.
deliver should have logged something, or alternatively the problem was exactly that it couldn't log anything. http://wiki.dovecot.org/LDA#logging
Hi,
procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Executing "/usr/libexec/dovecot/deliver,-m,xspamtest" procmail: Non-zero exitcode (75) from "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded procmail: Executing "/usr/libexec/dovecot/deliver" procmail: Program failure (75) of "/usr/libexec/dovecot/deliver" procmail: Rescue of unfiltered data succeeded
This was for a test user named "alexuser" I created.
deliver should have logged something, or alternatively the problem was exactly that it couldn't log anything. http://wiki.dovecot.org/LDA#logging
Yes, looks like permissions. I have the following now in syslog:
Nov 15 19:51:07 mail02 dovecot: lda(alexuser): Fatal: setresgid(12(mail),12(mail),12(mail)) failed with euid=500(alexuser): Operation not permitted
Where is it trying to write that it can't? Does alexuser need to be a member of group mail?
Thanks, Alex
On Tue, 2011-11-15 at 20:50 -0500, Alex wrote:
deliver should have logged something, or alternatively the problem was exactly that it couldn't log anything. http://wiki.dovecot.org/LDA#logging
Yes, looks like permissions. I have the following now in syslog:
Nov 15 19:51:07 mail02 dovecot: lda(alexuser): Fatal: setresgid(12(mail),12(mail),12(mail)) failed with euid=500(alexuser): Operation not permitted
Where is it trying to write that it can't?
It's trying to change the process's UID/GID to mail/mail for some reason. Have you set "mail_uid=mail" or something?
Does alexuser need to be a member of group mail?
No.
Hi,
deliver should have logged something, or alternatively the problem was exactly that it couldn't log anything. http://wiki.dovecot.org/LDA#logging
Yes, looks like permissions. I have the following now in syslog:
Nov 15 19:51:07 mail02 dovecot: lda(alexuser): Fatal: setresgid(12(mail),12(mail),12(mail)) failed with euid=500(alexuser): Operation not permitted
Where is it trying to write that it can't?
It's trying to change the process's UID/GID to mail/mail for some reason. Have you set "mail_uid=mail" or something?
mail_uid isn't set, but I have the following in dovecot.conf:
mail_gid = mail mail_location = mbox:~/mail:INBOX=/var/spool/mail/%u mail_privileged_group = mail
Is that not correct?
Thanks, Alex
On 17.11.2011, at 2.29, Alex wrote:
Nov 15 19:51:07 mail02 dovecot: lda(alexuser): Fatal: setresgid(12(mail),12(mail),12(mail)) failed with euid=500(alexuser): Operation not permitted
Where is it trying to write that it can't?
It's trying to change the process's UID/GID to mail/mail for some reason. Have you set "mail_uid=mail" or something?
mail_uid isn't set, but I have the following in dovecot.conf:
mail_gid = mail
The error most likely happens because of this. Is there a reason why you want this?
mail_privileged_group = mail
This should be enough for creating lock files to /var/spool/mail/. Although dovecot-lda can't use this setting, since it's not started as root..
Hi,
Nov 15 19:51:07 mail02 dovecot: lda(alexuser): Fatal: setresgid(12(mail),12(mail),12(mail)) failed with euid=500(alexuser): Operation not permitted
Where is it trying to write that it can't?
It's trying to change the process's UID/GID to mail/mail for some reason. Have you set "mail_uid=mail" or something?
mail_uid isn't set, but I have the following in dovecot.conf:
mail_gid = mail
The error most likely happens because of this. Is there a reason why you want this?
mail_privileged_group = mail
This should be enough for creating lock files to /var/spool/mail/. Although dovecot-lda can't use this setting, since it's not started as root..
Okay, that fixed it. It's now delivering mail properly, thanks.
Just to be clear I understand, if I use the following .procmailrc, it should save all messages with the X-Spam-Status header in xspamstatus, and everything else gets delivered to /var/spool/mail/user, correct?
DELIVER=/usr/libexec/dovecot/deliver
:0
- ^X-Spam-Status | $DELIVER -m xspamstatus
:0 | $DELIVER
This is just a simple test which appears to work the way I outlined, but wanted to be sure.
Thanks again for sticking with me. Best, Alex
Hi,
My apologies if a previous message appeared twice. Not sure how that happened...
Okay, that fixed it. It's now delivering mail properly, thanks.
Just to be clear I understand, if I use the following .procmailrc, it should save all messages with the X-Spam-Status header in xspamstatus, and everything else gets delivered to /var/spool/mail/user, correct?
DELIVER=/usr/libexec/dovecot/deliver
:0
- ^X-Spam-Status | $DELIVER -m xspamstatus
I thought this was working, but it doesn't create or populate a folder named xspamstatus although it executes deliver:
From smarchant@mydomain.com.au Wed Nov 16 20:39:36 2011
procmail: [30333] Wed Nov 16 20:39:36 2011 procmail: Assigning "COMSAT=no" procmail: Assigning "COMSAT=no" procmail: Assigning "DELIVER=/usr/libexec/dovecot/deliver" procmail: Match on "^X-Spam-Status" procmail: Assigning "LASTFOLDER=/usr/libexec/dovecot/deliver -m xspamstatus" procmail: Executing "/usr/libexec/dovecot/deliver,-m,mymailbox" Subject: Riverside (97293) Folder: /usr/libexec/dovecot/deliver -m mymailbox 28400
I've set lda_mailbox_autocreate to yes, but it still doesn't create it. Is this folder relative to ~user/mail/ ?
Is there an index file that dovecot-lda updates for imap? Can I just eliminate it entirely and just have procmail do all the delivery?
Thanks again, Alex
On Wed, 2011-11-16 at 20:42 -0500, Alex wrote: [...]
Unrelated to other dovecot specific questions...
Is there an index file that dovecot-lda updates for imap?
Yes. Which would be the advantage of using dovecot deliver, directly or called from procmail.
Can I just eliminate it entirely and just have procmail do all the delivery?
Yes, you can.
In fact, that's what I usually still use. Procmail can just do much more than sieve. And procmail doesn't scare me as much as sieve. But then again, I like Perl... And I've never yet encountered a problem with dovecot IMAP updating indexes on the fly -- which it does, unless deliver does it incrementally.
However, wasn't your original question about converting procmail recipes to sieve? (Yes, it was.) So what would hold you back of just not converting?
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i
Unrelated to other dovecot specific questions...
Is there an index file that dovecot-lda updates for imap?
Yes. Which would be the advantage of using dovecot deliver, directly or called from procmail.
Can I just eliminate it entirely and just have procmail do all the delivery?
Yes, you can.
In fact, that's what I usually still use. Procmail can just do much more than sieve. And procmail doesn't scare me as much as sieve. But then again, I like Perl... And I've never yet encountered a problem with dovecot IMAP updating indexes on the fly -- which it does, unless deliver does it incrementally.
However, wasn't your original question about converting procmail recipes to sieve? (Yes, it was.) So what would hold you back of just not converting?
Yes, because I hadn't realized it was possible to still use procmail at all.
I had said previously, although possibly not clearly, that I'd prefer to use continue to use procmail -- sieve looks entirely too convoluted, and I just don't need to do mail filtering frequently enough to have the time to figure out sieve. It also didn't support a few other things I'm currently doing with procmail.
I can't figure out why "deliver -m" doesn't work as expected. It just doesn't create the mailbox.
Should I just use 'c' with procmail to make a copy to forward on to deliver?
DELIVER=/usr/libexec/dovecot/deliver :0 { :0c * ^X-Spam-Status xspamstatus
:0
| $DELIVER}
There has to be a better way...
Thanks, Alex
On Tue, 2011-11-15 at 19:00 -0500, Alex wrote:
DELIVER=/usr/libexec/dovecot/deliver
:0 fhW | $DELIVER -m xspamtest
Do you really want the pipe to be a (f)ilter? What do you expect deliver to pass back? And you're feeding deliver the mail (h)eaders only, dropping the body.
--
char *t="\10pse\0r\0dtu\0.@ghno\x4e\xc8\x79\xf4\xab\x51\x8a\x10\xf4\xf4\xc4";
main(){ char h,m=h=*t++,*x=t+2*h,c,i,l=*x,s=0; for (i=0;i
Hi,
DELIVER=/usr/libexec/dovecot/deliver
:0 fhW | $DELIVER -m xspamtest
Do you really want the pipe to be a (f)ilter? What do you expect deliver to pass back? And you're feeding deliver the mail (h)eaders only, dropping the body.
Yes, thanks. I pasted from another filter we were using, and forgot.
procmail still seems to be much better than the deliver sieve language, despite how long it's been since I've used it :-)
Thanks, Alex
Hi,
DELIVER=/usr/libexec/dovecot/deliver
:0 fhW | $DELIVER -m xspamtest
Do you really want the pipe to be a (f)ilter? What do you expect deliver to pass back? And you're feeding deliver the mail (h)eaders only, dropping the body.
Yes, thanks. I pasted from another filter we were using, and forgot.
procmail still seems to be much better than the deliver sieve language, despite how long it's been since I've used it :-)
Thanks, Alex
participants (4)
-
Alex
-
Karsten Bräckelmann
-
Stephan Bosch
-
Timo Sirainen