sieve vacation alias handling problem
Hi,
I am using Dovecot LDA as LMTP renders envelope extension unusable.
The problem I have noticed is that when user has multiple aliases sieve responds to all of them, not only to :addresses specified.
From testing it seems that :addresses only adds addresses to the list of "known" emails to check against. It is not limiting it.
As I understand, sieve should check if To: header is consistent with addresses known to be users. But how Dovecot knows about aliases assigned to the user?
From my testing if header To: address is consistent with envelope To: address the reply is fired. I have sieve_vacation_use_original_recipient left at it's default value (no), so that shouldn't be the case. Now if user address@example.com has alias alias@example.com specified, the vacation reply will be sent to email addressed to alias@example.com, which is weird, because this behavior should be enabled by switching sieve_vacation_use_original_recipient to yes.
When user receives an email that was originally sent to his gmail account (forwarded) there is no reply. If I add gmail address to :addresses reply is generated as expected.
So my main question is if this is expected? I would like to enable only delivery to primary address and to + extensions to that address by default.
I think that it might be that Postfix is expanding aliases and passing the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that address to check for explicit delivery, but something fails, as this address is obviously not in To: header. So it looks like orig_to has to be used as well which should be disabled by sieve_vacation_use_original_recipient?
My address is: karol@augustin.pl, alias is: carol@augustin.pl
Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: sent vacation response to sender@example.com Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, size=732, nrcpt=1 (queue active) Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: stored mail into mailbox 'INBOX' Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: to=karol@augustin.pl, orig_to=carol@augustin.pl, relay=dovecot, delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
Forward from from gmail:
Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: from=karolaug+caf_=karol=augustin.pl@gmail.com, size=5831, nrcpt=1 (queue active) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=karol@augustin.pl, and additional `:addresses' are specified) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: stored mail into mailbox 'INBOX' Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: to=karol@augustin.pl, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
from my master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
Thanks, Karol
-- Karol Augustin karol@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Op 3/2/2018 om 3:35 PM schreef Karol Augustin:
Hi,
I am using Dovecot LDA as LMTP renders envelope extension unusable.
The problem I have noticed is that when user has multiple aliases sieve responds to all of them, not only to :addresses specified.
From testing it seems that :addresses only adds addresses to the list of "known" emails to check against. It is not limiting it.
As I understand, sieve should check if To: header is consistent with addresses known to be users. But how Dovecot knows about aliases assigned to the user?
From my testing if header To: address is consistent with envelope To: address the reply is fired. I have sieve_vacation_use_original_recipient left at it's default value (no), so that shouldn't be the case. Now if user address@example.com has alias alias@example.com specified, the vacation reply will be sent to email addressed to alias@example.com, which is weird, because this behavior should be enabled by switching sieve_vacation_use_original_recipient to yes.
When user receives an email that was originally sent to his gmail account (forwarded) there is no reply. If I add gmail address to :addresses reply is generated as expected.
So my main question is if this is expected? I would like to enable only delivery to primary address and to + extensions to that address by default.
I think that it might be that Postfix is expanding aliases and passing the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that address to check for explicit delivery, but something fails, as this address is obviously not in To: header. So it looks like orig_to has to be used as well which should be disabled by sieve_vacation_use_original_recipient?
My address is: karol@augustin.pl, alias is: carol@augustin.pl
Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: sent vacation response to sender@example.com Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, size=732, nrcpt=1 (queue active) Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: stored mail into mailbox 'INBOX' Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: to=karol@augustin.pl, orig_to=carol@augustin.pl, relay=dovecot, delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
Forward from from gmail:
Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: from=karolaug+caf_=karol=augustin.pl@gmail.com, size=5831, nrcpt=1 (queue active) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=karol@augustin.pl, and additional `:addresses' are specified) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: stored mail into mailbox 'INBOX' Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: to=karol@augustin.pl, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
from my master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
What is your configuration. Please provide output from dovecot -n.
Regards,
Stephan.
On 2018-03-03 21:28, Stephan Bosch wrote:
Op 3/2/2018 om 3:35 PM schreef Karol Augustin:
Hi,
I am using Dovecot LDA as LMTP renders envelope extension unusable.
The problem I have noticed is that when user has multiple aliases sieve responds to all of them, not only to :addresses specified.
From testing it seems that :addresses only adds addresses to the list of "known" emails to check against. It is not limiting it.
As I understand, sieve should check if To: header is consistent with addresses known to be users. But how Dovecot knows about aliases assigned to the user?
From my testing if header To: address is consistent with envelope To: address the reply is fired. I have sieve_vacation_use_original_recipient left at it's default value (no), so that shouldn't be the case. Now if user address@example.com has alias alias@example.com specified, the vacation reply will be sent to email addressed to alias@example.com, which is weird, because this behavior should be enabled by switching sieve_vacation_use_original_recipient to yes.
When user receives an email that was originally sent to his gmail account (forwarded) there is no reply. If I add gmail address to :addresses reply is generated as expected.
So my main question is if this is expected? I would like to enable only delivery to primary address and to + extensions to that address by default.
I think that it might be that Postfix is expanding aliases and passing the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that address to check for explicit delivery, but something fails, as this address is obviously not in To: header. So it looks like orig_to has to be used as well which should be disabled by sieve_vacation_use_original_recipient?
My address is: karol@augustin.pl, alias is: carol@augustin.pl
Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: sent vacation response to sender@example.com Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, size=732, nrcpt=1 (queue active) Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: stored mail into mailbox 'INBOX' Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: to=karol@augustin.pl, orig_to=carol@augustin.pl, relay=dovecot, delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
Forward from from gmail:
Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: from=karolaug+caf_=karol=augustin.pl@gmail.com, size=5831, nrcpt=1 (queue active) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=karol@augustin.pl, and additional `:addresses' are specified) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: stored mail into mailbox 'INBOX' Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: to=karol@augustin.pl, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
from my master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
What is your configuration. Please provide output from
dovecot -n.Regards,
Stephan.
To clarify the problem. After more testing I figured that the vacation works as specified in RFC, taking known address from envelope recipient and comparing it with To and Cc. If it matches, which is true also for aliases, the reply is generated.
My problem is that from documentation I understand that this behavior (RFC5230 point 4.5 par 2.) is controlled by sieve_vacation_use_original_recipient parameter, which doesn't disable envelope address check if set at default "no" and also if explicitly set in the config.
dovecot -n as requested:
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.14.0-3-amd64 x86_64 Debian buster/sid ext4 auth_cache_negative_ttl = 1 mins auth_cache_size = 3000 B auth_master_user_separator = * auth_mechanisms = plain login auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@+ auth_verbose = yes dict { expire = mysql:/etc/dovecot/dovecot-dict-expire.conf quota = mysql:/etc/dovecot/dovecot-dict-sql.conf } hostname = mail.nimitz.pl imap_idle_notify_interval = 29 mins listen = *, [::] log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_fsync = always mail_gid = 5000 mail_home = /var/vmail/mails/%d/%n mail_location = maildir:/var/vmail/mails/%d/%n/Maildir:INDEX=/var/vmail/indexes/%d/%n mail_plugins = quota zlib fts fts_lucene expire mail_privileged_group = vmail mail_uid = 5000 mailbox_list_index = yes maildir_very_dirty_syncs = yes managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date index ihave mime foreverypart extracttext namespace { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = pipe antispam_pipe_program = /etc/dovecot/sa-learn.sh antispam_pipe_program_notspam_arg = ham antispam_pipe_program_spam_arg = spam antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = Spam;Spam.*;Junk* antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted Messages;Kosz expire = Trash expire2 = Trash.* expire3 = Spam expire4 = Spam.* expire5 = Kosz expire6 = Kosz.* expire_cache = yes expire_dict = proxy::expire fts = lucene fts_autoindex = yes fts_decoder = decode2text fts_lucene = whitespace_chars=@. quota = dict:User quota::proxy::quota quota_grace = 500M quota_rule2 = Trash:storage=+100M quota_rule3 = Spam:storage=+100M quota_vsizes = yes sieve = /var/vmail/mails/%d/%n/.dovecot.sieve sieve_before = /var/vmail/mails/global-spam sieve_dir = /var/vmail/mails/%d/%n/sieve sieve_extensions = -enotify sieve_global_extensions = duplicate sieve_vacation_default_period = 1d sieve_vacation_max_period = 10d sieve_vacation_min_period = 1d zlib_save = bz2 zlib_save_level = 9 } protocols = imap sieve lmtp recipient_delimiter = - service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = root } service decode2text { executable = script /usr/local/sbin/decode2text.sh unix_listener decode2text { mode = 0666 } user = dovecot } service dict { unix_listener dict { group = vmail mode = 0660 user = dovecot } } service imap-login { process_limit = 600 process_min_avail = 10 service_count = 1 vsz_limit = 64 M } service lmtp { inet_listener lmtp { address = 127.0.0.1 ::1 port = 24 } process_min_avail = 2 user = vmail } service managesieve-login { inet_listener sieve { port = 2000 } } ssl_ca =
-- Karol Augustin karol@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
On 2018-03-03 21:47, Karol Augustin wrote:
On 2018-03-03 21:28, Stephan Bosch wrote:
Op 3/2/2018 om 3:35 PM schreef Karol Augustin:
Hi,
I am using Dovecot LDA as LMTP renders envelope extension unusable.
The problem I have noticed is that when user has multiple aliases sieve responds to all of them, not only to :addresses specified.
From testing it seems that :addresses only adds addresses to the list of "known" emails to check against. It is not limiting it.
As I understand, sieve should check if To: header is consistent with addresses known to be users. But how Dovecot knows about aliases assigned to the user?
From my testing if header To: address is consistent with envelope To: address the reply is fired. I have sieve_vacation_use_original_recipient left at it's default value (no), so that shouldn't be the case. Now if user address@example.com has alias alias@example.com specified, the vacation reply will be sent to email addressed to alias@example.com, which is weird, because this behavior should be enabled by switching sieve_vacation_use_original_recipient to yes.
When user receives an email that was originally sent to his gmail account (forwarded) there is no reply. If I add gmail address to :addresses reply is generated as expected.
So my main question is if this is expected? I would like to enable only delivery to primary address and to + extensions to that address by default.
I think that it might be that Postfix is expanding aliases and passing the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that address to check for explicit delivery, but something fails, as this address is obviously not in To: header. So it looks like orig_to has to be used as well which should be disabled by sieve_vacation_use_original_recipient?
My address is: karol@augustin.pl, alias is: carol@augustin.pl
Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: sent vacation response to sender@example.com Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, size=732, nrcpt=1 (queue active) Mar 2 12:37:32 mail dovecot: lda(karol@augustin.pl): sieve: msgid=3ba0578a5f6b170e942b5bac1b19be36@posteo.net: stored mail into mailbox 'INBOX' Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: to=karol@augustin.pl, orig_to=carol@augustin.pl, relay=dovecot, delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via dovecot service)
Forward from from gmail:
Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: from=karolaug+caf_=karol=augustin.pl@gmail.com, size=5831, nrcpt=1 (queue active) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=karol@augustin.pl, and additional `:addresses' are specified) Mar 2 11:38:19 mail dovecot: lda(karol@augustin.pl): sieve: msgid=e610a47934f9aabb31f833c025075cff@posteo.net: stored mail into mailbox 'INBOX' Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: to=karol@augustin.pl, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, dsn=2.0.0, status=sent (delivered via dovecot service)
from my master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
What is your configuration. Please provide output from
dovecot -n.Regards,
Stephan.
To clarify the problem. After more testing I figured that the vacation works as specified in RFC, taking known address from envelope recipient and comparing it with To and Cc. If it matches, which is true also for aliases, the reply is generated.
My problem is that from documentation I understand that this behavior (RFC5230 point 4.5 par 2.) is controlled by sieve_vacation_use_original_recipient parameter, which doesn't disable envelope address check if set at default "no" and also if explicitly set in the config.
Sorry for causing problems and wasting time. The problem was with lacking -r parameter in LDA invocation:
"-r <address>: Final envelope recipient address. Defaults to -a address, but may differ if e.g. aliases are used or when dropping the +ext part. (v2.0.3+)" So the final recipient that is used by vacation was always set to the original recipient value.
With the following Postfix config everything works exactly as expected. Response is generated if mail is send to +exct address and is not generated if it is send to an alias unless the alias is configured in "addresses variable.
Also the sieve_vacation_use_original_recipient parameter works as expected.
dovecot unix - n n - - pipe flags=OXDRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -r ${recipient} -d ${user}@${nexthop}
Thanks, Karol
-- Karol Augustin karol@augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Thank you for sharing your solution! That made my life easier.
Regards.
Em 04/03/2018 08:08, Karol Augustin escreveu:
On 2018-03-03 21:47, Karol Augustin wrote:
On 2018-03-03 21:28, Stephan Bosch wrote:
Op 3/2/2018 om 3:35 PM schreef Karol Augustin:
Hi,
I am using Dovecot LDA as LMTP renders envelope extension unusable. (...) from my master.cf: dovecot unix - n n - - pipe flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
Sorry for causing problems and wasting time. The problem was with lacking -r parameter in LDA invocation:
"-r <address>: Final envelope recipient address. Defaults to -a address, but may differ if e.g. aliases are used or when dropping the +ext part. (v2.0.3+)" So the final recipient that is used by vacation was always set to the original recipient value.
With the following Postfix config everything works exactly as expected. Response is generated if mail is send to +exct address and is not generated if it is send to an alias unless the alias is configured in "addresses variable.
Also the sieve_vacation_use_original_recipient parameter works as expected.
dovecot unix - n n - - pipe flags=OXDRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -r ${recipient} -d ${user}@${nexthop}
Thanks, Karol
-- *Marcio Merlone*
participants (3)
-
Karol Augustin
-
Marcio Vogel Merlone dos Santos
-
Stephan Bosch