Sieve broken after upgrade
Pavel Stratil
pavel at senbonzakura.net
Sun Dec 2 18:12:03 EET 2018
Hi everyone,
after switching to ubuntu (from debian) and running a newer dovecot
--version 2.2.33.2 (d6601f4ec) i encountered a problem with configuring
sieve. The mailserver has virtual maila accounts stored in /decrypted/%d/%n
Prior, i used
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_before = /etc/dovecot/sieve/before.d
}
after the upgrade, I moved the sieve_before location on disk and changed
this to
plugin {
sieve = file:~/sieve;active=~/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/before.d
}
only to see that sieve didnt forward e-mails anymore. Looking at the
logs below, i suspect, that I didnt understood the meaning of sieve =
file:~/sieve;active=~/.dovecot.sieve correctly:
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
sieve: Pigeonhole version 0.4.21 (92477967) initializing
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
sieve: include: sieve_global is not set; it is currently not possible to
include `:global' scripts.
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Using active Sieve script
path: /decrypted/industra.space/events/.dovecot.sieve
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Using script storage path:
/decrypted/industra.space/events/sieve
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Relative path to sieve
storage in active link: sieve/
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Using Sieve script path:
/decrypted/industra.space/events/.dovecot.sieve
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Storage path
`/decrypted/industra.space/events/.dovecot.sieve' not found
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: User has no active script in storage
`/decrypted/industra.space/events/sieve'
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: User has no personal script
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file storage: Using script storage path:
/var/lib/dovecot/sieve/before.d
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: file script: Opened script `move-spam'
from `/var/lib/dovecot/sieve/before.d/move-spam.sieve'
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: Executed before user's personal Sieve
script(1): /var/lib/dovecot/sieve/before.d/move-spam.sieve
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: Opening script 1 of 1 from
`/var/lib/dovecot/sieve/before.d/move-spam.sieve'
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: Loading script
/var/lib/dovecot/sieve/before.d/move-spam.sieve
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: Script binary
/var/lib/dovecot/sieve/before.d/move-spam.svbin successfully loaded
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: binary save: not saving binary
/var/lib/dovecot/sieve/before.d/move-spam.svbin, because it is already
stored
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space): Debug:
gPtsCPUBBFwMFQAA9mr2oQ: sieve: Executing script from
`/var/lib/dovecot/sieve/before.d/move-spam.svbin'
Dec 2 16:01:57 vao01 dovecot: lmtp(events at industra.space):
gPtsCPUBBFwMFQAA9mr2oQ: sieve:
msgid=<faae5de1-10b7-9ad3-30d8-f0b91cca942a at fenix.cz>: stored mail into
mailbox 'INBOX'
After changing this to
sieve = file:/decrypted/%d/%n/sieve;active=/decrypted/%d/%n/.dovecot.sieve
I got working sieve rules that forward mails correctly again, but at the
same time I loose the ability to let users edit their sieve scripts via
the roundcube managesieve plugin (roundcube reported an unknown error),
but dovecot complained that the active file wasnt a symlink. I tried
several combinations of configuring this, but I seem to miss some
important point. Would you kindly help me get this right? Configs are
attached.
Thanks in advance, Pavel
-------------- next part --------------
root at vao01:/var/www/roundcube/plugins/managesieve# cat config.inc.php
<?php
// managesieve server port. When empty the port will be determined automatically
// using getservbyname() function, with 4190 as a fallback.
$config['managesieve_port'] = null;
// managesieve server address, default is localhost.
// Replacement variables supported in host name:
// %h - user's IMAP hostname
// %n - http hostname ($_SERVER['SERVER_NAME'])
// %d - domain (http hostname without the first part)
// For example %n = mail.domain.tld, %d = domain.tld
$config['managesieve_host'] = 'localhost';
// authentication method. Can be CRAM-MD5, DIGEST-MD5, PLAIN, LOGIN, EXTERNAL
// or none. Optional, defaults to best method supported by server.
$config['managesieve_auth_type'] = null;
// Optional managesieve authentication identifier to be used as authorization proxy.
// Authenticate as a different user but act on behalf of the logged in user.
// Works with PLAIN and DIGEST-MD5 auth.
$config['managesieve_auth_cid'] = null;
// Optional managesieve authentication password to be used for imap_auth_cid
$config['managesieve_auth_pw'] = null;
// use or not TLS for managesieve server connection
// Note: tls:// prefix in managesieve_host is also supported
$config['managesieve_usetls'] = false;
// Connection scket context options
// See http://php.net/manual/en/context.ssl.php
// The example below enables server certificate validation
//$config['managesieve_conn_options'] = array(
// 'ssl' => array(
// 'verify_peer' => true,
// 'verify_depth' => 3,
// 'cafile' => '/etc/openssl/certs/ca.crt',
// ),
// );
$config['managesieve_conn_options'] = null;
// default contents of filters script (eg. default spam filter)
$config['managesieve_default'] = '/var/www/roundcube/config/global.sieve';
// The name of the script which will be used when there's no user script
$config['managesieve_script_name'] = 'managesieve';
// Sieve RFC says that we should use UTF-8 endcoding for mailbox names,
// but some implementations does not covert UTF-8 to modified UTF-7.
// Defaults to UTF7-IMAP
$config['managesieve_mbox_encoding'] = 'UTF-8';
// I need this because my dovecot (with listescape plugin) uses
// ':' delimiter, but creates folders with dot delimiter
$config['managesieve_replace_delimiter'] = '';
// disabled sieve extensions (body, copy, date, editheader, encoded-character,
// envelope, environment, ereject, fileinto, ihave, imap4flags, index,
// mailbox, mboxmetadata, regex, reject, relational, servermetadata,
// spamtest, spamtestplus, subaddress, vacation, variables, virustest, etc.
// Note: not all extensions are implemented
$config['managesieve_disabled_extensions'] = array();
// Enables debugging of conversation with sieve server. Logs it into <log_dir>/sieve
$config['managesieve_debug'] = false;
// Enables features described in http://wiki.kolab.org/KEP:14
$config['managesieve_kolab_master'] = false;
// Script name extension used for scripts including. Dovecot uses '.sieve',
// Cyrus uses '.siv'. Doesn't matter if you have managesieve_kolab_master disabled.
$config['managesieve_filename_extension'] = '.sieve';
// List of reserved script names (without extension).
// Scripts listed here will be not presented to the user.
$config['managesieve_filename_exceptions'] = array();
// List of domains limiting destination emails in redirect action
// If not empty, user will need to select domain from a list
$config['managesieve_domains'] = array();
// Enables separate management interface for vacation responses (out-of-office)
// 0 - no separate section (default),
// 1 - add Vacation section,
// 2 - add Vacation section, but hide Filters section
$config['managesieve_vacation'] = 0;
// Default vacation interval (in days).
// Note: If server supports vacation-seconds extension it is possible
// to define interval in seconds here (as a string), e.g. "3600s".
$config['managesieve_vacation_interval'] = 0;
// Some servers require vacation :addresses to be filled with all
// user addresses (aliases). This option enables automatic filling
// of these on initial vacation form creation.
$config['managesieve_vacation_addresses_init'] = false;
// Supported methods of notify extension. Default: 'mailto'
$config['managesieve_notify_methods'] = array('mailto');
-------------- next part --------------
root at vao01:/etc/dovecot/conf.d# dovecot -n
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.19.2 x86_64 Ubuntu 18.04.1 LTS zfs
auth_mechanisms = plain login
default_internal_user = vmail
first_valid_uid = 0
hostname = mail.senbonzakura.net
mail_debug = yes
mail_location = maildir:/decrypted/%d/%n
mail_privileged_group = vmail
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
}
passdb {
args = /etc/dovecot/dovecot-sql.conf.ext
driver = sql
}
plugin {
antispam_backend = pipe
antispam_mail_notspam = learn_ham
antispam_mail_sendmail = /usr/bin/rspamc
antispam_mail_sendmail_args = -h;localhost:11334
antispam_mail_spam = learn_spam
antispam_spam = Junk
antispam_trash = Trash
fts = solr
fts_solr = break-imap-search url=http://localhost:8080/solr/
sieve = file:/decrypted/%d/%n/sieve;active=/decrypted/%d/%n/.dovecot.sieve
sieve_before = /var/lib/dovecot/sieve/before.d
}
postmaster_address = postmaster at senbonzakura.net
protocols = imap lmtp sieve pop3
service auth-worker {
unix_listener auth-worker {
user = vmail
}
}
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
}
user = vmail
}
service imap-login {
inet_listener imap {
port = 0
}
}
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0666
user = postfix
}
user = vmail
}
service pop3-login {
inet_listener pop3 {
port = 0
}
}
ssl = required
ssl_cert = </etc/letsencrypt/live/senbonzakura.net/fullchain.pem
ssl_cipher_list = ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-SHA384:ECDHE-RSA-AES256-SHA384:ECDHE-ECDSA-AES128-SHA256:ECDHE-RSA-AES128-SHA256
ssl_client_ca_dir = /etc/ssl/certs
ssl_dh_parameters_length = 4096
ssl_key = # hidden, use -P to show it
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv3 !TLSv1 !TLSv1.1 TLSv1.2
userdb {
args = uid=vmail gid=vmail home=/decrypted/%d/%n
driver = static
}
protocol lmtp {
mail_plugins = " sieve sieve"
postmaster_address = postmaster at senbonzakura.net
}
protocol lda {
mail_plugins = " sieve"
}
protocol imap {
mail_plugins = " antispam fts fts_solr"
}
More information about the dovecot
mailing list