Trying to do antispam with Sieve

Adi Pircalabu adi at ddns.com.au
Wed Nov 14 06:08:29 EET 2018 

On 2018-11-14 14:25, Adi Pircalabu wrote:
> On 2018-11-14 13:51, Adi Pircalabu wrote:
>> On 2018-11-14 13:11, Adi Pircalabu wrote:
>>> Hi,
>>> 
>>> Using https://wiki.dovecot.org/HowTo/AntispamWithSieve I'm trying to
>>> execute scripts when moving to/from Spam folder, however nothing's
>>> happening. The actions are:
>>> 1. Move to Spam: redirect :copy "spamcop_spam at domain.local";
>>> 2. Move from Spam: redirect :copy "spamcop_ham at domain.local";
>> [...]
>>> /usr/lib64/dovecot/sieve/report-spam.sieve contains:
>>> require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", 
>>> "variables"];
>>> redirect :copy "spamcop_spam at domain.local";
>>> /usr/lib64/dovecot/sieve/report-ham.sieve contains:
>>> require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", 
>>> "variables"];
>>> redirect :copy "spamcop_ham at domain.local";
>> 
>> More information after enabling mail_debug, in maillog I see:
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: Module loaded:
>> /usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: Mail set keywords
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: mailbox INBOX.Spam: FLAG event (changed
>> flags: Junk)
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
>> initializing
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
>> currently not possible to include `:global' scripts.
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
>> 0.4.16 (fed8554) loaded
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
>> version 0.4.16 (fed8554) loaded
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
>> from=`*' causes=(COPY) =>
>> before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
>> from=`Spam' causes=(COPY) =>
>> before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: Module loaded:
>> /usr/libexec/dovecot/modules/lib95_imap_sieve_plugin.so
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: mailbox INBOX: MOVE event
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Pigeonhole version 0.4.16 (fed8554)
>> initializing
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: include: sieve_global is not set; it is
>> currently not possible to include `:global' scripts.
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Sieve imapsieve plugin for Pigeonhole version
>> 0.4.16 (fed8554) loaded
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: sieve: Sieve Extprograms plugin for Pigeonhole
>> version 0.4.16 (fed8554) loaded
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: Static mailbox rule [1]: mailbox=`Spam'
>> from=`*' causes=(COPY) =>
>> before=`file:/usr/lib64/dovecot/sieve/report-spam.sieve' after=(none)
>> Nov 14 13:41:52 plesk12 dovecot: service=imap, user=adi1 at adit1.local,
>> ip=[::1]. Debug: imapsieve: Static mailbox rule [2]: mailbox=`*'
>> from=`Spam' causes=(COPY) =>
>> before=`file:/usr/lib64/dovecot/sieve/report-ham.sieve' after=(none)
>> 
>> So imapsieve "sees" the configuration, then I went and enabled
>> debugging in the 2 sieve scripts which now read:
>> 1. /usr/lib64/dovecot/sieve/report-spam.sieve
>> require ["vnd.dovecot.pipe", "copy", "imapsieve", 
>> "vnd.dovecot.debug"];
>> debug_log "/var/tmp/report-spam.sieve.debug";
>> redirect :copy "spamcop_spam at domain.local";
>> 2. /usr/lib64/dovecot/sieve/report-ham.sieve
>> require ["vnd.dovecot.pipe", "copy", "imapsieve", 
>> "vnd.dovecot.debug"];
>> debug_log "/var/tmp/report-ham.sieve.debug";
>> redirect :copy "spamcop_ham at domain.local";
>> 
>> Should I expect to see debugging in /var/tmp/report-ham.sieve.debug
>> and /var/tmp/report-spam.sieve.debug, respectively? The 2 files aren't
>> created, nothing in that directory.
>> BTW, getenforce=Disabled.
> 
> Tried with another set of ham/spam scripts that are supposed to log to
> syslog. Now using:
> 1. log-ham.sieve which contains:
> require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", 
> "variables"];
> 
> if environment :matches "imap.mailbox" "*" {
>   set "mailbox" "${1}";
> }
> 
> if string "${mailbox}" "Trash" {
>   stop;
> }
> 
> if environment :matches "imap.user" "*" {
>   set "username" "${1}";
> }
> 
> pipe :copy "sa-learn-ham.sh" [ "${username}" ];
> 
> 2. log-spam.sieve which contains:
> require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", 
> "variables"];
> 
> if environment :matches "imap.user" "*" {
>   set "username" "${1}";
> }
> 
> pipe :copy "sa-learn-spam.sh" [ "${username}" ];
> 
> And the 2 sa-learn scripts:
> 1. sa-learn-ham.sh contains:
> #!/bin/bash
> 
> exec /usr/bin/logger `basename $0` Called for mailbox $1
> 
> 2. sa-learn-spam.sh contains:
> #!/bin/bash
> 
> exec /usr/bin/logger `basename $0` Called for mailbox $1
> 
> After compiling log-ham.sieve and log-spam.sieve, making
> sa-learn-spam.sh and sa-learn-ham.sh executable and reloading dovecot
> I should see syslog entries like this:
> Nov 14 14:19:08 plesk12 root: sa-learn-spam.sh Called for mailbox 
> test at test.com
> 
> But I see nothing. Needless to say the sa-learn scripts are running
> from command line. I'm a bit lost at the moment, any ideas?

After more digging I've ended up with this sieve spam script:
require ["vnd.dovecot.pipe", "copy", "imapsieve", "environment", 
"variables", "vnd.dovecot.debug"];

---CUT HERE---
if environment :matches "imap.user" "*" {
   set "username" "${1}";
}

debug_log "In log-spam.sieve, username = ${username}";

pipe :copy "sa-learn-spam.sh" [ "${username}" ];
---CUT HERE---

Can't see anything in maillog. Where can I read more about debugging 
imapsieve?

-- 
Adi Pircalabu, System Administrator
DDNS, a Total Internet Company
159 Barkly Avenue, Burnley, Vic 3121, T +61 3 9815 6868

More information about the dovecot mailing list