[Dovecot] can't get sieve to sort virus into spam
I can't get sieve to put virus files in the SPAM folder.
dovecot -n # 2.0.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.8-32.fc15.i686.PAE i686 Fedora release 15 (Lovelock) auth_debug_passwords = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = mail mail_home = /home/vmail/%d/%n mail_location = maildir:~/mail mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { antispam_backend = dspam-exec antispam_dspam_args = --deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_signature = X-DSPAM-Signature antispam_signature_missing = error antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items; Deleted Messages sieve = /home/vmail/%d/%n/dovecot.sieve.script sieve_dir = /home/vmail/%d/%n/dovecot.sieve/ sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } service auth { unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } user = vmail } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } protocol lmtp { mail_plugins = quota sieve } protocol imap { mail_plugins = " antispam" }
cat /var/lib/dovecot/sieve/default.sieve require "fileinto"; if header :contains "X-DSPAM-Result" "Virus" { fileinto "SPAM"; }
if header :contains "X-DSPAM-Result" "Spam" { fileinto "SPAM"; }
and there is a folder SPAM:
cat mail/subscriptions Sent Trash Drafts SPAM
yet :
Content-Type: multipart/alternative; boundary=14dae9399d3b9b67cc04b2d60790 X-DSPAM-Result: Virus X-DSPAM-Processed: Mon Nov 28 21:03:47 2011 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 1.0000 X-DSPAM-Signature: 4ed43d8341479178914901
--14dae9399d3b9b67cc04b2d60790 Content-Type: text/plain; charset=ISO-8859-1
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
does not end up into SPAM, or anyplace else, including inbox.
How do I make this work?
sean
On Tuesday, November 29, 2011 at 02:28:29 UTC, seandarcy2@gmail.com confabulated:
I can't get sieve to put virus files in the SPAM folder.
dovecot -n # 2.0.16: /etc/dovecot/dovecot.conf # OS: Linux 2.6.38.8-32.fc15.i686.PAE i686 Fedora release 15 (Lovelock) auth_debug_passwords = yes info_log_path = /var/log/dovecot-info.log log_path = /var/log/dovecot.log mail_access_groups = mail mail_home = /home/vmail/%d/%n mail_location = maildir:~/mail mail_privileged_group = mail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date mbox_write_locks = fcntl passdb { args = scheme=CRYPT username_format=%u /etc/dovecot/users driver = passwd-file } plugin { antispam_backend = dspam-exec antispam_dspam_args = --deliver;--user;%u antispam_dspam_binary = /usr/bin/dspam antispam_signature = X-DSPAM-Signature antispam_signature_missing = error antispam_spam = Spam antispam_trash = trash;Trash;Deleted Items; Deleted Messages sieve = /home/vmail/%d/%n/dovecot.sieve.script sieve_dir = /home/vmail/%d/%n/dovecot.sieve/ sieve_global_dir = /var/lib/dovecot/sieve/global/ sieve_global_path = /var/lib/dovecot/sieve/default.sieve } service auth { unix_listener auth-userdb { group = vmail mode = 0600 user = vmail } } service lmtp { inet_listener lmtp { address = 127.0.0.1 port = 24 } user = vmail } ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { driver = passwd } userdb { args = username_format=%u /etc/dovecot/users driver = passwd-file } protocol lmtp { mail_plugins = quota sieve } protocol imap { mail_plugins = " antispam" }
cat /var/lib/dovecot/sieve/default.sieve require "fileinto"; if header :contains "X-DSPAM-Result" "Virus" { fileinto "SPAM"; }
if header :contains "X-DSPAM-Result" "Spam" { fileinto "SPAM"; }
and there is a folder SPAM:
cat mail/subscriptions Sent Trash Drafts SPAM
yet :
Content-Type: multipart/alternative; boundary=14dae9399d3b9b67cc04b2d60790 X-DSPAM-Result: Virus X-DSPAM-Processed: Mon Nov 28 21:03:47 2011 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 1.0000 X-DSPAM-Signature: 4ed43d8341479178914901
--14dae9399d3b9b67cc04b2d60790 Content-Type: text/plain; charset=ISO-8859-1
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
does not end up into SPAM, or anyplace else, including inbox.
How do I make this work?
What gets logged? If sieve has an issue storing something, it is logged.
If you don't have the autocreate plugin loaded, the directories have to be created some other way. Does SPAM exist as a directory?
Have you compiled the global sieve file using sievec?
Does the particular mail account have sieve rules? Global rules are not executed if there are account rules. If that is the case, check out the sieve_before and sieve_after parameters.
-- There are 10 kinds of people in the world... Those who understand binary, and those who don't.
On 11/29/2011 4:09 AM, Duane Hill wrote:
On Tuesday, November 29, 2011 at 02:28:29 UTC, seandarcy2@gmail.com confabulated:
I can't get sieve to put virus files in the SPAM folder.
does not end up into SPAM, or anyplace else, including inbox.
How do I make this work? What gets logged? If sieve has an issue storing something, it is logged.
The message must be stored somewhere, even if Sieve fails entirely. If your Dovecot logs provide no indication that a message was handled, are you even sure that LTMP is getting a message at all? In this regard your MTA's logs are of importance as well.
Regards,
Stephan.
On 11/29/2011 03:00 AM, Stephan Bosch wrote:
On 11/29/2011 4:09 AM, Duane Hill wrote:
On Tuesday, November 29, 2011 at 02:28:29 UTC, seandarcy2@gmail.com confabulated:
I can't get sieve to put virus files in the SPAM folder.
does not end up into SPAM, or anyplace else, including inbox.
How do I make this work? What gets logged? If sieve has an issue storing something, it is logged.
The message must be stored somewhere, even if Sieve fails entirely. If your Dovecot logs provide no indication that a message was handled, are you even sure that LTMP is getting a message at all? In this regard your MTA's logs are of importance as well.
Regards,
Stephan.
Thanks for your response. I solved the disappearing problem: the message is being put into the INBOX.
There are no user sieve scripts. Is there a way to disable any that could occur?
Here are the headers: Content-Type: multipart/alternative; boundary=000e0cd5712cced62c04b2fe370e X-DSPAM-Result: Virus X-DSPAM-Processed: Wed Nov 30 21:00:35 2011 X-DSPAM-Confidence: 1.0000 X-DSPAM-Probability: 1.0000 X-DSPAM-Signature: 4ed6dfc341474953737117
--000e0cd5712cced62c04b2fe370e Content-Type: text/plain; charset=ISO-8859-1
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
Here's default.sieve: cat /var/lib/dovecot/sieve/default.sieve require "fileinto"; if header :contains "X-DSPAM-Result" "Virus" { fileinto "Virus"; }
if header :contains "X-DSPAM-Result" "Spam" { fileinto "SPAM"; }
From dovecot-info.log:
Nov 30 21:25:43 auth: Debug: master in: USER 1 firstlast@<>.com service=lmtp lip=127.0.0.1 lport=24 rip=127. 0.0.1 rport=35594 Nov 30 21:25:43 auth: Debug: passwd(firstlast@<>,127.0.0.1): lookup Nov 30 21:25:43 auth: Info: passwd(firstlast@<>,127.0.0.1): unknown user Nov 30 21:25:43 auth: Debug: passwd-file(firstlast@<>.com,127.0.0.1): lookup: user=firstlast@<>.com file=/etc/dovecot/users Nov 30 21:25:43 auth: Debug: master out: USER 1 firstlast@<>.com uid=504 gid=504 home=/home/vmail/<>.com/firstlas t Nov 30 21:25:43 lmtp(12609, firstlast@<>.com): Info: Av/jFKfl1k5BMQAABoXEcA: msgid=<CA+SwxUix1Y5GCZ89vMWpEmcfuEwxxR61wWKGvr=+pafJ05Dh_w@ mail.gmail.com>: saved mail to INBOX
sean
On 12/1/2011 3:37 AM, sean darcy wrote:
On 11/29/2011 03:00 AM, Stephan Bosch wrote:
On 11/29/2011 4:09 AM, Duane Hill wrote:
On Tuesday, November 29, 2011 at 02:28:29 UTC, seandarcy2@gmail.com confabulated:
I can't get sieve to put virus files in the SPAM folder.
does not end up into SPAM, or anyplace else, including inbox.
How do I make this work? What gets logged? If sieve has an issue storing something, it is logged.
The message must be stored somewhere, even if Sieve fails entirely. If your Dovecot logs provide no indication that a message was handled, are you even sure that LTMP is getting a message at all? In this regard your MTA's logs are of importance as well.
Regards,
Stephan.
Thanks for your response. I solved the disappearing problem: the message is being put into the INBOX.
There are no user sieve scripts. Is there a way to disable any that could occur? [...] Nov 30 21:25:43 auth: Debug: master in: USER 1
firstlast@<>.com service=lmtp lip=127.0.0.1
lport=24 rip=127. 0.0.1 rport=35594 Nov 30 21:25:43 auth: Debug: passwd(firstlast@<>,127.0.0.1): lookup Nov 30 21:25:43 auth: Info: passwd(firstlast@<>,127.0.0.1): unknown user Nov 30 21:25:43 auth: Debug: passwd-file(firstlast@<>.com,127.0.0.1): lookup: user=firstlast@<>.com file=/etc/dovecot/users Nov 30 21:25:43 auth: Debug: master out: USER 1
firstlast@<>.com uid=504 gid=504 home=/home/vmail/<>.com/firstlas t Nov 30 21:25:43 lmtp(12609, firstlast@<>.com): Info: Av/jFKfl1k5BMQAABoXEcA: msgid=<CA+SwxUix1Y5GCZ89vMWpEmcfuEwxxR61wWKGvr=+pafJ05Dh_w@ mail.gmail.com>: saved mail to INBOX
Apparently, the Sieve plugin is not active or not loaded. The message is stored by lmtp, because otherwise that final log line would have a `sieve: ' prefix somewhere. Do you see any sieve-related log lines when mail_debug=yes?
Regards,
Stephan.
participants (3)
-
Duane Hill
-
sean darcy
-
Stephan Bosch