[Dovecot] sieve.before script is taking preceedence over user defined rules
Hello,
In my current setup, I have a spam filter upstream that adds a specific header - X-Spam-Level on every incoming mail. Based on this level, the mail will be moved to the user spam folder using sieve by doing "fileinto :create 'spam';" Unfortunately, some legitimate email may end up in this spam folder, so I have kind of a whitelist that performs an explicit keep over specific trusted domains. So, my complete spam filtering rule is : if address :domain :contains "From" ["mycompany.tld", "trusted.tld" ]{ keep; elseif header :contains "X-Spam-Level" ["0","1","2"] { fileinto :create "__spam__"; } This rule is stored in "/var/lib/dovecot/sieve/before.sieve", which is my "sieve_before" file as defined in /etc/dovecot/conf.d/90-sieve.conf
This works as expected except that it doesn't take into account users filtering for domains that were matched for the explicit keep. For example, I have the following rule : if address :domain "From" "trusted.tld" { fileinto "trusted" } But mail coming from that domain are still delivered in my mailbox.
Is there something I'm missing here? I guess yes, otherwise it would work as I want ^_^ Any help/comment is appreciated
Thanks!
Alexis
Op 3/15/2012 10:48 AM, Alexis Lelion schreef:
Hello,
In my current setup, I have a spam filter upstream that adds a specific header - X-Spam-Level on every incoming mail. Based on this level, the mail will be moved to the user spam folder using sieve by doing "fileinto :create 'spam';" Unfortunately, some legitimate email may end up in this spam folder, so I have kind of a whitelist that performs an explicit keep over specific trusted domains. So, my complete spam filtering rule is : require ["fileinto", "mailbox"]; if address :domain :contains "From" ["mycompany.tld", "trusted.tld" ] { keep; } elsif header :contains "X-Spam-Level" ["0","1","2"] { fileinto :create "__spam__"; }
Fixed a few syntax issues there before I could test this.
This rule is stored in "/var/lib/dovecot/sieve/before.sieve", which is my "sieve_before" file as defined in /etc/dovecot/conf.d/90-sieve.conf What version are you using? The above statement hints that it is recent, probably Dovecot v2.1 with matching Pigeonhole.
This works as expected except that it doesn't take into account users filtering for domains that were matched for the explicit keep. For example, I have the following rule : if address :domain "From" "trusted.tld" { fileinto "trusted" } But mail coming from that domain are still delivered in my mailbox.
At my end, this is correctly delivered in the "trusted" folder, provided that this folder exists. Are you sure that the user's personal script even executes correctly? For example, the above script omits a ';'. The script also fails when there is n no "trusted" folder. Check the log files for errors. The default action in the event of an error is to store the message in INBOX, which may well be what you're seeing here.
Regards,
Stephan.
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which dovecot version I was using :-/ I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I double checked, and indeed, my production script was slightly different from what I wrote in the first place. I can confirm that the scripts compile properly with sievec, and also that the folder does exist, but just to be sure this is not an issue, I added the ":create" option to the user's fileinto.
I have no errors in my logs, the only thing displayed is tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
Thanks
On Thu, Mar 15, 2012 at 12:11 PM, Stephan Bosch <stephan@rename-it.nl> wrote:
Op 3/15/2012 10:48 AM, Alexis Lelion schreef:
Hello,
In my current setup, I have a spam filter upstream that adds a specific header - X-Spam-Level on every incoming mail. Based on this level, the mail will be moved to the user spam folder using sieve by doing "fileinto :create 'spam';" Unfortunately, some legitimate email may end up in this spam folder, so I have kind of a whitelist that performs an explicit keep over specific trusted domains. So, my complete spam filtering rule is :
require ["fileinto", "mailbox"];
if address :domain :contains "From" ["mycompany.tld", "trusted.tld" ] { keep; } elsif header :contains "X-Spam-Level" ["0","1","2"] { fileinto :create "__spam__"; }
Fixed a few syntax issues there before I could test this.
This rule is stored in "/var/lib/dovecot/sieve/before.sieve", which is my "sieve_before" file as defined in /etc/dovecot/conf.d/90-sieve.conf
What version are you using? The above statement hints that it is recent, probably Dovecot v2.1 with matching Pigeonhole.
This works as expected except that it doesn't take into account users filtering for domains that were matched for the explicit keep. For example, I have the following rule : if address :domain "From" "trusted.tld" { fileinto "trusted" } But mail coming from that domain are still delivered in my mailbox.
At my end, this is correctly delivered in the "trusted" folder, provided that this folder exists. Are you sure that the user's personal script even executes correctly? For example, the above script omits a ';'. The script also fails when there is n no "trusted" folder. Check the log files for errors. The default action in the event of an error is to store the message in INBOX, which may well be what you're seeing here.
Regards,
Stephan.
On 3/15/2012 12:42 PM, Alexis Lelion wrote:
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which dovecot version I was using :-/ I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I double checked, and indeed, my production script was slightly different from what I wrote in the first place. I can confirm that the scripts compile properly with sievec, and also that the folder does exist, but just to be sure this is not an issue, I added the ":create" option to the user's fileinto.
I have no errors in my logs, the only thing displayed is tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
You can test Sieve outside normal delivery using the sieve-test tool; include the global sieve_before script using a -s argument.
Alternatively, you can use the vnd.dovecot.debug extension as follows:
require ["fileinto", "mailbox", "vnd.dovecot.debug"];
if address :domain "From" "trusted.tld" { fileinto :create "trusted"; debug_log "Tried to save in \"trusted\""; }
You need to add the vnd.dovecot.debug extension to sieve_extensions in your 90-sieve.conf, e.g.:
sieve_extensions = +vnd.dovecot.debug
This will produce the following output in the user's personal sieve log (typically ~/.dovecot.sieve.log):
sieve: info: started log at Mar 15 15:13:29. main_script: line 5: info: DEBUG: Tried to save in "trusted". info: msgid=unspecified: stored mail into mailbox 'trusted'.
If the DEBUG line is missing at your end, the fileinto is not executed at all. If it is, and things are still delivered in INBOX, something else is going on.
Regards,
Stephan.
Thanks for this useful information, I will give it a try
On Thu, Mar 15, 2012 at 3:17 PM, Stephan Bosch <stephan@rename-it.nl> wrote:
On 3/15/2012 12:42 PM, Alexis Lelion wrote:
Hello Stephan,
Thanks for your answer, and sorry for forgetting to specify which dovecot version I was using :-/ I'm using Dovecot 2.0.15, with PigeonHole.
The syntax issues are some typos I made while writing this email, I double checked, and indeed, my production script was slightly different from what I wrote in the first place. I can confirm that the scripts compile properly with sievec, and also that the folder does exist, but just to be sure this is not an issue, I added the ":create" option to the user's fileinto.
I have no errors in my logs, the only thing displayed is tThbJ1myYU+ZPwAA6RJXdw: sieve: msgid=unspecified: stored mail into mailbox 'INBOX'
Is there any way to increase verbosity for sieve only?
You can test Sieve outside normal delivery using the sieve-test tool; include the global sieve_before script using a -s argument.
Alternatively, you can use the vnd.dovecot.debug extension as follows:
require ["fileinto", "mailbox", "vnd.dovecot.debug"];
if address :domain "From" "trusted.tld" { fileinto :create "trusted"; debug_log "Tried to save in \"trusted\""; }
You need to add the vnd.dovecot.debug extension to sieve_extensions in your 90-sieve.conf, e.g.:
sieve_extensions = +vnd.dovecot.debug
This will produce the following output in the user's personal sieve log (typically ~/.dovecot.sieve.log):
sieve: info: started log at Mar 15 15:13:29. main_script: line 5: info: DEBUG: Tried to save in "trusted". info: msgid=unspecified: stored mail into mailbox 'trusted'.
If the DEBUG line is missing at your end, the fileinto is not executed at all. If it is, and things are still delivered in INBOX, something else is going on.
Regards,
Stephan.
participants (2)
-
Alexis Lelion
-
Stephan Bosch