Dovecot Sieve and Postfix header_checks Issue

Klaipedaville on Google klaipedaville at gmail.com
Fri Sep 26 13:10:40 UTC 2014


Hey! You are right Alex! Many thanks for pointing me to head over to the right direction!

It was a clash on rules for some reason. Now, I was also right that these two systems could not be used together because the rules declared in different systems to perform the same action (REJECT) cause the error I was having!

The following rule in default.sieve:

require ["reject"];
# rule: Reject on "x-spam-flag" header
if header :contains "X-Spam-Flag" "YES" {
      reject "No spamming allowed here.";
   stop;
}

and the following Postfix's regexp header_check rules on the subject field:

/^Subject:.**{5}SPAM*{5}/                REJECT No spammers allowed here.
/^Subject:.*\*\*\*\*\*SPAM\*\*\*\*\*/    REJECT No spammers allowed.
/\s**{5}SPAM*{5}/                        REJECT No spamming hullababballos allowed.
/^Subject:(.*)SPAM/                      REJECT Spam is not allowed. DISCARD.

were causing the Dovecot Sieve rejection bounce not to go through. The rules blocked the spam all right but rejection was turned into discard for some reason.

Now the question is how do I find out which regular expressions will be in conflict with default.sieve scripting rules? Default.sieve is set to block spam on the X-Spam-Flag header and header_checks is set to block spam on the subject field. I am still clueless why didn't these two "cooperate"? Was it just because they were "told" to perform the same action as per my previous guess? But the target to perform this same action on was different... Any more ideas anyone? Alex? Many thanks in advance for any input!


From: Klaipedaville on Google 
Sent: Friday, September 26, 2014 15:00
To: Alex Crow ; dovecot at dovecot.org 
Subject: Re: Dovecot Sieve and Postfix header_checks Issue

Thank you for your suggestion, Alex.

However, my header_checks file has just 5 lines of regexp as follows:

/^Subject:.**{5}SPAM*{5}/                REJECT No spammers allowed here.
/^Subject:.*\*\*\*\*\*SPAM\*\*\*\*\*/    REJECT No spammers allowed.
/\s**{5}SPAM*{5}/                        REJECT No spamming hullababballos allowed.
/^Subject:(.*)SPAM/                      REJECT Spam is not allowed. DISCARD.
/^From:.*\@.*\.tw/                       REJECT Sorry, Taiwanese mail is not allowed.

All the regexp are correct.  The first and the third lines actually do the same thing and they are there for testing purposes only. Execution stops at the very first rule matched so there is no problem in having any rules repeated. I can't see how a few the most simplest regular expressions can cause the bounce from Sieve not to go through.. Do you see any problems in these lines above that could possibly be the cause of your suggestion?


From: Alex Crow 
Sent: Friday, September 26, 2014 14:47
To: dovecot at dovecot.org 
Subject: Re: Dovecot Sieve and Postfix header_checks Issue

That would most likely be something in your header_checks that is 
causing the bounce from Sieve to be rejected.

There is no reason why you cannot use both.

On 26/09/14 12:35, Klaipedaville on Google wrote:
> Hello List,
>
> I tried to subscribe but it's taking forever for the confirmation email to arrive so I thought I would ask away by emailing directly. My apologies in advance should this question appear twice.
>
> It may seem real simple to experts but I cannot really figure it out. I'll try to be concise:
>
> Dovecot version is 2.1.7. Its dovecot –n is real short one and follows right after my question.
>
> I have my Postfix 2.9.6 properties set like this: header_checks = /etc/path/to/myfile. Then I have Dovecot Sieve also configured and working fine.
>
> Now the trouble is that these two cannot be combined together can they? Dovecot Sieve and Postfix's header_checks?  If I turn off header_checks in Postfix then Dovecot Sieve is working fine. If I vise versa turn off Dovecot Sieve then Postfix's header-checks are also working fine. However, when I keep them both turned on it also works but only partially and in this case Dovecot Sieve never bounces back any rejected massages remotely, the bounce happens only locally. That is I can see it in my logs that it was rejected locally but the message is never sent back to the sender saying something like, "Spam is rejected here". Thus the reject turns into a silent discard without telling the sender anything at all. Any ideas, help, advices how do I fix that? Would be really grateful for any suggestions / assistance at all. Many thanks in advance!
>
> P.S. I would like to use both because Dovecot Sieve is a very powerful and great plugin that uses Spamassassin's added tags and headers based on which I create my rules. Postfix in its turn has a very neat feature of checking the headers via regexp but Postfix does not see / detect Spamassassin's added headers at all because I passed delivery and authentication (which is a way better than Postfix's) to dovecot deliver.
>
> # 2.1.7: /etc/dovecot/dovecot.conf
> # OS: Linux 3.2.0-4-amd64 x86_64 Debian 7.6 ext4
> auth_mechanisms = plain login cram-md5 scram-sha-1
> auth_verbose = yes
> hostname = WindTalker
> info_log_path = /var/log/dovecot-sieve.log
> log_path = /var/log/dovecot-sieve-errors.log
> mail_location = maildir:/home/mvail/%d/%n
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
> passdb {
>    args = /etc/dovecot/passwd
>    driver = passwd-file
> }
> plugin {
>    sieve = ~/.dovecot.sieve
>    sieve_default = /etc/dovecot/default.sieve
>    sieve_dir = ~/sieve
> }
> pop3_uidl_format = %g
> postmaster_address = postmaster at example.com
> protocols = imap pop3 sieve
> service auth {
>    unix_listener /var/spool/postfix/private/auth {
>      group = postfix
>      mode = 0660
>      user = postfix
>    }
> }
> ssl_ca = </etc/ssl/ca.crt
> ssl_cert = </etc/ssl//new.crt
> ssl_key = </etc/ssl/new.key
> userdb {
>    args = uid=vmail gid=vmail home=/home/vmail/%u
>    driver = static
> }
> protocol lda {
>    mail_debug = yes
>    mail_plugins = sieve
> }
>
> Regards,
> Dennis.
>

-- 
This message is intended only for the addressee and may contain
confidential information. Unless you are that person, you may not
disclose its contents or use it in any way and are requested to delete
the message along with any attachments and notify us immediately.
"Transact" is operated by Integrated Financial Arrangements plc. 29
Clement's Lane, London EC4N 7AE. Tel: (020) 7608 4900 Fax: (020) 7608
5300. (Registered office: as above; Registered in England and Wales
under number: 3727592). Authorised and regulated by the Financial
Conduct Authority (entered on the Financial Services Register; no. 190856).


More information about the dovecot mailing list