execute sieve command - fails to notice script has exited

Lionel Elie Mamane lionel at mamane.lu
Tue Nov 13 19:22:17 EET 2018


I found a work-around. I added an :output option to the execute
command, and then it works like a charm.

I've run the whole dovecot-lda under strace (without the :output
option, when it shows the problem):

6410  stat("/usr/local/lib/dovecot/sieve-execute/foofilter", {st_mode=S_IFREG|0755, st_size=57, ...}) = 0
6410  rt_sigaction(SIGCHLD, {sa_handler=0x7f65d5bdd010, sa_mask=[], sa_flags=SA_RESTORER|SA_RESTART|SA_SIGINFO, sa_restorer=0x7f65d57c3060}, NULL, 8) = 0
6410  epoll_ctl(6, EPOLL_CTL_DEL, 4, 0x7ffe88f53b2c) = 0
6410  epoll_create(128)                 = 10
6410  fcntl(10, F_GETFD)                = 0
6410  fcntl(10, F_SETFD, FD_CLOEXEC)    = 0
6410  epoll_ctl(10, EPOLL_CTL_ADD, 4, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=2603604112, u64=94543423723664}}) = 0
6410  pipe([11, 12])                    = 0
6410  clone(child_stack=NULL, flags=CLONE_CHILD_CLEARTID|CLONE_CHILD_SETTID|SIGCHLD, child_tidptr=0x7f65d65a84d0) = 6411
6410  close(11)                         = 0
6410  fcntl(12, F_GETFL <unfinished ...>
6411  close(12 <unfinished ...>
6410  <... fcntl resumed> )             = 0x1 (flags O_WRONLY)
6411  <... close resumed> )             = 0
6410  fcntl(12, F_SETFL, O_WRONLY|O_NONBLOCK) = 0
6411  geteuid()                         = 1000
6410  lseek(12, 0, SEEK_CUR <unfinished ...>
6411  getuid( <unfinished ...>
6410  <... lseek resumed> )             = -1 ESPIPE (Illegal seek)
6411  <... getuid resumed> )            = 1000
6410  getsockname(12,  <unfinished ...>
6411  getgid( <unfinished ...>
6410  <... getsockname resumed> 0x7ffe88f53a40, [28]) = -1 ENOTSOCK (Socket operation on non-socket)
6411  <... getgid resumed> )            = 1000
6411  getegid()                         = 1000
6411  setuid(1000 <unfinished ...>
6410  write(12, "Return-path: <master at blitz.conur"..., 706 <unfinished ...>
6411  <... setuid resumed> )            = 0
6410  <... write resumed> )             = 706
6411  setuid(0 <unfinished ...>
6410  read(0,  <unfinished ...>
6411  <... setuid resumed> )            = -1 EPERM (Operation not permitted)
6410  <... read resumed> "", 3408)      = 0
6411  getgid()                          = 1000
6410  close(12 <unfinished ...>
6411  getegid( <unfinished ...>
6410  <... close resumed> )             = 0
6411  <... getegid resumed> )           = 1000
6410  wait4(6411,  <unfinished ...>
6411  setgid(0 <unfinished ...>
6410  <... wait4 resumed> 0x55fc9b30efe4, WNOHANG, NULL) = 0
6411  <... setgid resumed> )            = -1 EPERM (Operation not permitted)
6410  epoll_wait(10,  <unfinished ...>
(insert here the execution of the script as process 6411)
6411  exit_group(1)                     = ?
6411  +++ exited with 1 +++
6410  <... epoll_wait resumed> [], 1, 300000) = 0
6410  kill(6411, SIGTERM)               = 0
6410  epoll_wait(10, [], 1, 5000)       = 0
6410  kill(6411, SIGKILL)               = 0
6410  wait4(6411, [{WIFEXITED(s) && WEXITSTATUS(s) == 0}], 0, NULL) = 6411
6410  epoll_ctl(10, EPOLL_CTL_DEL, 4, 0x7ffe88f53b2c) = 0
6410  epoll_ctl(6, EPOLL_CTL_ADD, 4, {EPOLLIN|EPOLLPRI|EPOLLERR|EPOLLHUP, {u32=2603424576, u64=94543423544128}}) = 0
6410  close(10)                         = 0

then it does the delivery into the test-spam mailbox.

You see that dovecot-lda doesn't do a waitpid()/wait4() on the script
(child process) before starting to kill it.


On Tue, Nov 13, 2018 at 05:52:27PM +0100, Lionel Elie Mamane wrote:
> And the Sieve script:
> 
> ------- start sieve script ---------
> require ["vnd.dovecot.execute", "fileinto", "mailbox", "vnd.dovecot.debug"];
> 
> debug_log "about to execute";
> if not execute :pipe "foofilter" {
>   debug_log "if condition fulfilled";
>   fileinto :create "test-spam";
>   debug_log "about to stop";
>   stop;
> }
> debug_log "after execute";
> ------- end sieve script ---------
> 
> The user's sieve log looks like:
> 
> sieve: info: started log at Nov 13 16:56:32.
> test-foofilter: line 3: info: DEBUG: about to execute.
> test-foofilter: line 4: error: execute action: failed to execute to program `foofilter': refer to server log for more information. [2018-11-13 16:59:57].
> test-foofilter: line 5: info: DEBUG: if condition fulfilled.
> test-foofilter: line 7: info: DEBUG: about to stop.
> info: msgid=<20181113155632.k6pybm45sdwwp2bs at blitz.conuropsis.org>: stored mail into mailbox 'test-spam'.
> 
> 
> On Tue, Nov 13, 2018 at 05:00:21PM +0100, Lionel Elie Mamane wrote:
> > Hi,
> > 
> > Running dovecot 2.2.27 (c0f36b0) on Debian GNU/Linux stable (version
> > 9.6), I'm trying to use the execute command in a sieve script, with
> > direct execution (not service socket).
> > 
> > The script is executed, and returns (the process exits), but the
> > dovecot-lda process seems to not notice, and thinks the script did not
> > terminate. After sieve_execute_exec_timeout has passed, it sends a
> > TERM, a bit later a KILL and then logs a failure.
> > 
> > The "ps -Af f" looks like:
> > S      0:00  \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> > S      0:00      \_ /usr/lib/dovecot/dovecot-lda -f master at blitz.conuropsis.org
> > Z      0:00      |   \_ [foofilter] <defunct>
> > S      0:00      \_ /usr/sbin/exim4 -Mc 1gMazS-0007IV-RB
> > 
> > The dovecot debug log looks like:
> > 
> > lda(user): Debug: Loading modules from directory: /usr/lib/dovecot/modules
> > lda(user): Debug: Module loaded: /usr/lib/dovecot/modules/lib90_sieve_plugin.so
> > lda(user): Debug: Effective uid=1000, gid=1000, home=/home/user
> > lda(user): Debug: maildir++: root=/home/user/Maildir, index=, indexpvt=, control=, inbox=/home/user/Maildir, alt=
> > lda(user): Debug: userdb lookup skipped, username taken from USER environment
> > lda(user): Debug: none: root=, index=, indexpvt=, control=, inbox=, alt=
> > lda(user): Debug: Destination address: user at blitz.conuropsis.org (source: user at hostname)
> > lda(user): Debug: sieve: Pigeonhole version 0.4.16 (fed8554) initializing
> > lda(user): Debug: sieve: include: sieve_global is not set; it is currently not possible to include `:global' scripts.
> > lda(user): Debug: sieve: Sieve imapsieve plugin for Pigeonhole version 0.4.16 (fed8554) loaded
> > lda(user): Debug: sieve: Sieve Extprograms plugin for Pigeonhole version 0.4.16 (fed8554) loaded
> > lda(user): Debug: sieve: file storage: Using active Sieve script path: /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: file storage: Using script storage path: /home/user/sieve
> > lda(user): Debug: sieve: file storage: Relative path to sieve storage in active link: sieve/
> > lda(user): Debug: sieve: file storage: Using Sieve script path: /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: file script: Opened script `test-foofilter' from `/data/home/user/.dovecot.sieve'
> > lda(user): Debug: sieve: Using the following location for user's Sieve script: /data/home/user/.dovecot.sieve
> > lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: header Message-ID (Cache file is unusable)
> > lda(user): Debug: sieve: Opening script 1 of 1 from `/data/home/user/.dovecot.sieve'
> > lda(user): Debug: sieve: Loading script /data/home/user/.dovecot.sieve
> > lda(user): Debug: sieve: Script binary /data/home/user/.dovecot.svbin successfully loaded
> > lda(user): Debug: sieve: binary save: not saving binary /data/home/user/.dovecot.svbin, because it is already stored
> > lda(user): Debug: sieve: Executing script from `/data/home/user/.dovecot.svbin'
> > lda(user): Debug: sieve: action execute: running program: foofilter
> > lda(user): Debug: Mailbox stdin: Opened mail UID=1 because: mail stream
> > lda(user): Debug: waiting for program `/usr/local/lib/dovecot/sieve-execute/foofilter' to finish after 0 msecs
> > lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter'(24669) execution timed out after 2000 milliseconds: sending TERM signal
> > lda(user): Debug: program `/usr/local/lib/dovecot/sieve-execute/foofilter' (24669) did not die after 5000 milliseconds: sending KILL signal
> > 
> > 
> > and an strace on the dovecot-lda process shows it is in an
> > "epoll_wait(9 ....".
> > 
> > The script is very simple:
> > 
> > #! /bin/sh
> > 
> > cat > /dev/null
> > exit 1
> > 
> > 
> > Anyone has a clue? Thanks in advance.
> > 
> > Best Regards,
> > 
> > Lionel
> > 
> 


More information about the dovecot mailing list