[Dovecot] Problem with sieve scripts including sieve scripts
I have the following global cmusieve scripts defined in /etc/dovecot/sieve, which is owned by the user deliver is run (virtual) as defined in the lda session of dovecot.conf:
global-spam.script ======================================
require ["fileinto"]; # Move spam to spam folder if header :contains "X-Spam-Level" "********************" { fileinto "Spam"; # Stop here so that we do not reply on spam stop; } elsif header :contains "X-Spam-Flag" "Yes" { fileinto "Spam"; stop; }
global-default.script ====================================
require ["include"]; include :global "global-spam.script";
i.e. all the default script does is call the spam script. I have created the compiled versions using sievec, making sure they are still owned by virtual:
mail sieve # ls global-default.script global-spam.script global-vacation.script global-default.scriptc global-spam.scriptc global-vacation.scriptc mail sieve #
In the plugins session of dovecot.conf I have defined the path for global scripts (so I can do the include :global thingie) and the path for the default script (just in case user does not have a custom script in the mail directory):
plugin { sieve_global_dir = /etc/dovecot/sieve/ global_script_path = /etc/dovecot/sieve/global-default.script }
So I send me some certifiable spam from my collection of test spam. This is what I got from the log:
Jul 22 14:49:01 mail MailScanner[15047]: New Batch: Scanning 1 messages, 3206 bytes Jul 22 14:49:01 mail MailScanner[15047]: SpamAssassin cache hit for message C04F79F002F.784A8 Jul 22 14:49:01 mail MailScanner[15047]: Spam Checks: Found 1 spam messages Jul 22 14:49:02 mail MailScanner[15047]: Virus and Content Scanning: Starting Jul 22 14:49:02 mail MailScanner[15047]: Requeue: C04F79F002F.784A8 to 304C09F0012 Jul 22 14:49:02 mail postfix/qmgr[14869]: 304C09F0012: from=<raubvogel@gmail.com>, size=2518, nrcpt=1 (queue active) Jul 22 14:49:02 mail MailScanner[15047]: Uninfected: Delivered 1 messages Jul 22 14:49:02 mail deliver(raub@domain.com): Loading modules from directory: /usr/lib/dovecot/lda Jul 22 14:49:02 mail deliver(raub@domain.com): Module loaded: /usr/lib/dovecot/lda/lib90_cmusieve_plugin.so Jul 22 14:49:02 mail dovecot: auth(default): master in: USER 1 raub@domain.com service=deliver Jul 22 14:49:02 mail dovecot: auth(default): master out: USER 1 raub@domain.com uid=1500 gid=1500 home=/var/spool/vmail/domain.com/raub Jul 22 14:49:02 mail deliver(raub@domain.com): auth input: raub@domain.com Jul 22 14:49:02 mail deliver(raub@domain.com): auth input: uid=1500 Jul 22 14:49:02 mail deliver(raub@domain.com): auth input: gid=1500 Jul 22 14:49:02 mail deliver(raub@domain.com): auth input: home=/var/spool/vmail/domain.com/raub Jul 22 14:49:02 mail deliver(raub@domain.com): maildir: data=/var/spool/vmail/domain.com/raub Jul 22 14:49:02 mail deliver(raub@domain.com): maildir++: root=/var/spool/vmail/domain.com/raub, index=, control=, inbox=/var/spool/vmail/domain.com/raub Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: /var/spool/vmail/domain.com/raub/.dovecot.sieve doesn't exist Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: Using sieve path: /etc/dovecot/sieve/global-default.script Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: Executing script /etc/dovecot/sieve/global-default.scriptc Jul 22 14:49:02 mail deliver(raub@domain.com): msgid=<000d01ca078a$d13122a0$6400a8c0@chameleonsh>: saved mail to INBOX Jul 22 14:49:02 mail postfix/pipe[15137]: 304C09F0012: to=<raub@domain.com>, relay=dovecot, delay=3.4, delays=3.3/0/0/0.1, dsn=2.0.0, status=sent (delivered via dovecot service)
From what I gathered, mailscanner saw it was spam and tagged it. When the mail got back, postfix gave it to dovecot deliver, which then passed to cmusieve. Now, cmusieve saw user did not have a script defined,
Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: /var/spool/vmail/domain.com/raub/.dovecot.sieve doesn't exist
So, it used the default script as it should,
Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: Using sieve path: /etc/dovecot/sieve/global-default.script Jul 22 14:49:02 mail deliver(raub@domain.com): cmusieve: Executing script /etc/dovecot/sieve/global-default.scriptc
But, instead of calling the spam script, it simply delivered the spam mail to the inbox,
Jul 22 14:49:02 mail deliver(raub@domain.com): msgid=<000d01ca078a$d13122a0$6400a8c0@chameleonsh>: saved mail to INBOX
Why?
Mauricio Tavares wrote:
I have the following global cmusieve scripts defined in/etc/dovecot/sieve, which is owned by the user deliver is run (virtual) as defined in the lda session of dovecot.conf:
global-spam.script ======================================
require ["fileinto"]; # Move spam to spam folder if header :contains "X-Spam-Level" "********************" { fileinto "Spam"; # Stop here so that we do not reply on spam stop; } elsif header :contains "X-Spam-Flag" "Yes" { fileinto "Spam"; stop; }
First of all, this script can be made simpler by using the anyof() Sieve command, avoiding the need to specify the spam delivery verdict multiple times.
Jul 22 14:49:02 mail deliver(raub@domain.com): msgid=<000d01ca078a$d13122a0$6400a8c0@chameleonsh>: saved mail to INBOX
Why? Good question. Are you sure that the tested headers above are truly present in the message under consideration (check your INBOX)? I know that MailScanner uses custom headers and the SpamAssassin ones are not always produced in addition by default. For debugging purposes, could you put these rules inside the user's personal script (the .dovecot.sieve) to check whether these work at all?
I must say, I've never used CMUSieve's include support before, so I couldn't tell you whether there are any known issues with this.
Regards,
-- Stephan Bosch stephan@rename-it.nl
Stephan Bosch wrote:
Mauricio Tavares wrote:
I have the following global cmusieve scripts defined in/etc/dovecot/sieve, which is owned by the user deliver is run (virtual) as defined in the lda session of dovecot.conf:
global-spam.script ======================================
require ["fileinto"]; # Move spam to spam folder if header :contains "X-Spam-Level" "********************" { fileinto "Spam"; # Stop here so that we do not reply on spam stop; } elsif header :contains "X-Spam-Flag" "Yes" { fileinto "Spam"; stop; }
First of all, this script can be made simpler by using the anyof() Sieve command, avoiding the need to specify the spam delivery verdict multiple times.
Actually that was a goof. What I meant was to discard the mail if it had too many stars (it sounds better than saying X-Spam-Level was too high ;). Shame on me!
Jul 22 14:49:02 mail deliver(raub@domain.com): msgid=<000d01ca078a$d13122a0$6400a8c0@chameleonsh>: saved mail to INBOX
Why? Good question. Are you sure that the tested headers above are truly present in the message under consideration (check your INBOX)? I know that MailScanner uses custom headers and the SpamAssassin ones are not always produced in addition by default. For debugging purposes, could you put these rules inside the user's personal script (the .dovecot.sieve) to check whether these work at all?
I must say, I've never used CMUSieve's include support before, so I couldn't tell you whether there are any known issues with this.
I just found the issue: I typed "X-Spam-Flag" instead of "X-Spam-Status" as defined in the dovecot.conf. Oops! My typing skills are weak!
Regards,
participants (2)
-
Mauricio Tavares
-
Stephan Bosch