Managesieve cannot access script store

Previous Topic Next Topic
 
classic Classic list List threaded Threaded
15 messages Options
Reply | Threaded
Open this post in threaded view
|

Managesieve cannot access script store

dovelist
Hi,

I am trying to get sieve working on a new OpenSuse leap 42.2 install. On
my 'old' OpenSuse 13.2 machine it worked fine.

The problem is that Managesieve can't access the script store and won't
let me create any script. It says permission denied on ~/sieve
directory. See log below. I 've activated debug logging, but that
doesn't give any clues to me. Also, I've set the directory accessible to
all, but Managesieve still complains.

> cd ~
> ls -l
drwx------ 1 rogier users 8340  5 feb 16:54 Maildir
drwxrwxrwx 1 rogier users   24  5 feb 18:38 sieve

To rule out client issues (kmail) I tested also with Manual TLS Login as
described in:
http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting

Same result.

I am puzzled. I can't find anything wrong in the dovecot configuration.
The output of dovecot -n is shown below.
Hope someone has a solution. A lot of mail is waiting to get sorted...

Best Regards,
Rogier


The log:

feb 05 20:22:18 p150 dovecot[12120]: managesieve-login: Login:
user=<rogier>, method=PLAIN, rip=192.168.0.18, lip=192.168.0.20,
mpid=12135, TLS, session=<gmb0bs1H5q/AqAAS>
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
Effective uid=1000, gid=100, home=/home/rogier
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no,
list=yes, subscriptions=yes location=maildir:~/Maildir
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
maildir++: root=/home/rogier/Maildir, index=, indexpvt=, control=,
inbox=/home/rogier/Maildir, alt=
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
Pigeonhole version 0.4.15 (97b3da0) initializing
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
include: sieve_global is not set; it is currently not possible to
include `:global' scripts.
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
file storage: Using active Sieve script path:
/home/rogier/.dovecot.sieve
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
file storage: Using script storage path: /home/rogier/sieve/
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
file storage: Using permissions from /home/rogier/sieve/: mode=0777
gid=-1
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
file storage: Relative path to sieve storage in active link: sieve/
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug: sieve:
file storage: sync: Synchronization active
feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Error: sieve:
file storage: Failed to list scripts: opendir(/home/rogier/sieve)
failed: Permission denied



Output of dovecot -n:

# 2.2.25 (7be1766): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.15 (97b3da0)
# OS: Linux 4.4.36-8-default x86_64 openSUSE 42.2 (x86_64)
auth_username_format = %Ln
base_dir = /var/run/dovecot/
mail_debug = yes
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body enotify
environment mailbox date index ihave duplicate mime foreverypart
extracttext
namespace inbox {
   inbox = yes
   location =
   mailbox Drafts {
     special_use = \Drafts
   }
   mailbox Junk {
     special_use = \Junk
   }
   mailbox Sent {
     special_use = \Sent
   }
   mailbox "Sent Messages" {
     special_use = \Sent
   }
   mailbox Trash {
     special_use = \Trash
   }
   prefix =
}
passdb {
   driver = pam
}
plugin {
   sieve = file:~/sieve/;active=~/.dovecot.sieve
   sieve_trace_debug = yes
}
protocols = imap lmtp sieve
service lmtp {
   unix_listener /var/spool/postfix/private/dovecot-lmtp {
     group = postfix
     mode = 0600
     user = postfix
   }
}
ssl = required
ssl_cert = </etc/ssl/private/dovecot.crt
ssl_dh_parameters_length = 2048
ssl_key = </etc/ssl/private/dovecot.pem
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
userdb {
   driver = passwd
}
verbose_ssl = yes
protocol lmtp {
   mail_plugins = sieve
   postmaster_address = postmaster@xxxxxxxxxxxxxx
}
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve cannot access script store

Stephan Bosch-2
Op 2/5/2017 om 8:53 PM schreef dovelist:

> Hi,
>
> I am trying to get sieve working on a new OpenSuse leap 42.2 install.
> On my 'old' OpenSuse 13.2 machine it worked fine.
>
> The problem is that Managesieve can't access the script store and
> won't let me create any script. It says permission denied on ~/sieve
> directory. See log below. I 've activated debug logging, but that
> doesn't give any clues to me. Also, I've set the directory accessible
> to all, but Managesieve still complains.
>
>> cd ~
>> ls -l
> drwx------ 1 rogier users 8340  5 feb 16:54 Maildir
> drwxrwxrwx 1 rogier users   24  5 feb 18:38 sieve
>
> To rule out client issues (kmail) I tested also with Manual TLS Login
> as described in:
> http://wiki2.dovecot.org/Pigeonhole/ManageSieve/Troubleshooting
>
> Same result.
>
> I am puzzled. I can't find anything wrong in the dovecot
> configuration. The output of dovecot -n is shown below.
> Hope someone has a solution. A lot of mail is waiting to get sorted...
>
> Best Regards,
> Rogier
>
>
> The log:
>
> feb 05 20:22:18 p150 dovecot[12120]: managesieve-login: Login:
> user=<rogier>, method=PLAIN, rip=192.168.0.18, lip=192.168.0.20,
> mpid=12135, TLS, session=<gmb0bs1H5q/AqAAS>
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> Effective uid=1000, gid=100, home=/home/rogier
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> Namespace inbox: type=private, prefix=, sep=, inbox=yes, hidden=no,
> list=yes, subscriptions=yes location=maildir:~/Maildir
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> maildir++: root=/home/rogier/Maildir, index=, indexpvt=, control=,
> inbox=/home/rogier/Maildir, alt=
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: Pigeonhole version 0.4.15 (97b3da0) initializing
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: include: sieve_global is not set; it is currently not possible
> to include `:global' scripts.
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: file storage: Using active Sieve script path:
> /home/rogier/.dovecot.sieve
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: file storage: Using script storage path: /home/rogier/sieve/
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: file storage: Using permissions from /home/rogier/sieve/:
> mode=0777 gid=-1
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: file storage: Relative path to sieve storage in active link:
> sieve/
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Debug:
> sieve: file storage: sync: Synchronization active
> feb 05 20:22:18 p150 dovecot[12120]: managesieve(rogier): Error:
> sieve: file storage: Failed to list scripts:
> opendir(/home/rogier/sieve) failed: Permission denied

Normally, Dovecot permission errors are more helpful than that. So, this
error message in itself is a bit of a bug:

https://github.com/dovecot/pigeonhole/commit/51e4ff296987781e1ce93cb1c0ccc14e863bf8d6

About the cause of this error: keep in mind that the whole directory
path needs read/execute permission, not only the leaf directory.

You could try a command other than LISTSCRIPTS in your manual debugging
efforts. That should take a different code path that provides a more
detailed error.

Regards,

Stephan.
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve cannot access script store

dovelist
Hi Stephan,

> Normally, Dovecot permission errors are more helpful than that. So,
> this
> error message in itself is a bit of a bug:

I'm glad to h've been able to help with this beta-test ;-)


> About the cause of this error: keep in mind that the whole directory
> path needs read/execute permission, not only the leaf directory.

Have checked. They are...


> You could try a command other than LISTSCRIPTS in your manual debugging
> efforts. That should take a different code path that provides a more
> detailed error.

I tried:

PUTSCRIPT "hutsefluts" {6+}
keep;

Gives the same result:

Feb 10 15:43:26 p150 dovecot[2042]: managesieve(rogier): Error: sieve:
file storage: save:
open(/home/rogier/sieve/tmp/hutsefluts_1486737806.M728733P6414.p150.sieve)
failed: Permission denied

I have put a script named "std.sieve" in the sieve directory manually.
Then the GETSCRIPT command gives some more information:

Feb 10 15:50:07 p150 dovecot[2042]: managesieve(rogier): Debug: sieve:
file script: Opened script `std' from `/home/rogier/sieve/std.sieve'
Feb 10 15:50:07 p150 dovecot[2042]: managesieve(rogier): Error: sieve:
file script: Failed to open sieve script:
open(/home/rogier/sieve/std.sieve) failed: Permission denied
(euid=1000(rogier) egid=100(users) UNIX perms appear ok (ACL/MAC
wrong?))


So the UNIX permissions seem not to be the problem. The mentioning of
ACL made me look into the audit.log. There I found this:

type=AVC msg=audit(1486738207.203:354): apparmor="DENIED"
operation="open" profile="/usr/lib/dovecot/managesieve"
name="/home/rogier/sieve/std.sieve" pid=6414 comm="managesieve"
requested_mask="r" denied_mask="r" fsuid=1000 ouid=1000
type=SYSCALL msg=audit(1486738207.203:354): arch=c000003e syscall=2
success=no exit=-13 a0=55e8920917d8 a1=0 a2=7fff73b41a14
a3=65766569732f7265 items=0 ppid=1861 pid=6414 auid=429
4967295 uid=1000 gid=100 euid=1000 suid=1000 fsuid=1000 egid=100
sgid=100 fsgid=100 tty=(none) ses=4294967295 comm="managesieve"
exe="/usr/lib/dovecot/managesieve" key=(null)
type=UNKNOWN[1327] msg=audit(1486738207.203:354):
proctitle="dovecot/managesieve"

Looks like AppArmor says NO...
Does the apparmor profile for managesieve account for this or any other
script store location?
Or is the user expected to tweak apparmor profiles in such cases? Then I
have to figure out how...

Regards,
Rogier
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve cannot access script store

dovelist
OK, I've figured it out:

In the dovecot profile for apparmor the sieve directory is not
confgured. I solved it this way:

To configure only one directory in the apparmor profile, I placed the
active-script link inside the .sieve  directory. Keeping the scripts
separate in a store subdirectory, like this:
In /etc/dovecot/conf.d/90-sieve.conf :

    sieve = file:~/.sieve/store;active=~/.sieve/active.sieve

Then dovecot is granted access by adding the .sieve directory in the
apparmor profile. The dovecot file in the tunables directory seems to be
a neat way to that:
In /etc/apparmor.d/tunables/dovecot :

    @{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ /var/spool/mail/
@{HOME}/.sieve/

Ofcourse the .sieve directory is not really a MAILSTORE. But this way,
the configuration stays close to the defaults. I didn't find something
like DOVECOT_SIEVESTORE, which would be more appropriate.

After restart of apparmor and dovecot, it works!

@Stephan: thanks for the advice - it did help to pinpoint the problem!

Regards,
Rogier
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve cannot access script store

Stephan Bosch-2
In reply to this post by dovelist
Op 2/10/2017 om 5:05 PM schreef dovelist:

> Hi Stephan,
>
>> Normally, Dovecot permission errors are more helpful than that. So, this
>> error message in itself is a bit of a bug:
>
> I'm glad to h've been able to help with this beta-test ;-)
>
>
>> About the cause of this error: keep in mind that the whole directory
>> path needs read/execute permission, not only the leaf directory.
>
> Have checked. They are...
>
>
>> You could try a command other than LISTSCRIPTS in your manual debugging
>> efforts. That should take a different code path that provides a more
>> detailed error.
>
> I tried:
>
> PUTSCRIPT "hutsefluts" {6+}
> keep;
>
> Gives the same result:
>
> Feb 10 15:43:26 p150 dovecot[2042]: managesieve(rogier): Error: sieve:
> file storage: save:
> open(/home/rogier/sieve/tmp/hutsefluts_1486737806.M728733P6414.p150.sieve)
> failed: Permission denied

Ah, so there's more. Fixed that too:

https://github.com/dovecot/pigeonhole/commit/34d44f7ad9e872dec6ffa62de2642cb91ad5f6fc

Regards,

Stephan.
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve cannot access script store

Stephan Bosch-2
In reply to this post by dovelist
Op 2/11/2017 om 3:24 PM schreef dovelist:

> OK, I've figured it out:
>
> In the dovecot profile for apparmor the sieve directory is not
> confgured. I solved it this way:
>
> To configure only one directory in the apparmor profile, I placed the
> active-script link inside the .sieve  directory. Keeping the scripts
> separate in a store subdirectory, like this:
> In /etc/dovecot/conf.d/90-sieve.conf :
>
>    sieve = file:~/.sieve/store;active=~/.sieve/active.sieve
>
> Then dovecot is granted access by adding the .sieve directory in the
> apparmor profile. The dovecot file in the tunables directory seems to
> be a neat way to that:
> In /etc/apparmor.d/tunables/dovecot :
>
>    @{DOVECOT_MAILSTORE}=@{HOME}/Maildir/ /var/spool/mail/ @{HOME}/.sieve/
>
> Ofcourse the .sieve directory is not really a MAILSTORE. But this way,
> the configuration stays close to the defaults. I didn't find something
> like DOVECOT_SIEVESTORE, which would be more appropriate.
>
> After restart of apparmor and dovecot, it works!
>
> @Stephan: thanks for the advice - it did help to pinpoint the problem!

I have no experience with AppArmor. I assume these profile configuration
files are created by the packagers for your distribution. You could talk
to them to get this fixed in general.

Regards,

Stephan.
GP
Reply | Threaded
Open this post in threaded view
|

Managesieve and virtual users

GP
In reply to this post by dovelist
Hello list,

I'm trying to setup sieve on a Debian 9 install with virtual users.
Perhaps I'm getting old, but I can't figure out why managesieve is
not working for virtual users. I have about 20 v users on this machine
and only one has also a real unix account. The sieve rules work for this
single unix account  but not for any other account.
I have read tried various HOWTO's found on the net like this :

https://forum.vestacp.com/viewtopic.php?t=11363

but nothing is working for my case, so something is wrong in my setup and I
hope you guys might shed some light .
The setup is rather simple it's 20 v users with one public folder , I
have tried both
dovecot lda and lmtp .

doveconf -n  included

Thanks in advance for any help

dovecot.conf (3K) Download Attachment
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

Aki Tuomi-2


On 11.01.2018 11:45, CP wrote:

> Hello list,
>
> I'm trying to setup sieve on a Debian 9 install with virtual users.
> Perhaps I'm getting old, but I can't figure out why managesieve is
> not working for virtual users. I have about 20 v users on this machine
> and only one has also a real unix account. The sieve rules work for this
> single unix account  but not for any other account.
> I have read tried various HOWTO's found on the net like this :
>
> https://forum.vestacp.com/viewtopic.php?t=11363
>
> but nothing is working for my case, so something is wrong in my setup
> and I
> hope you guys might shed some light .
> The setup is rather simple it's 20 v users with one public folder , I
> have tried both
> dovecot lda and lmtp .
>
> doveconf -n  included
>
> Thanks in advance for any help

Hi!

Can you enable mail_debug=yes in dovecot config and see what Sieve says
for those rules. Also can you provide sieve rules. The sieve rules in
your config file are per-user rules, managesieved does not actually do
sieve processing, but provides ability to manage sieve rules remotely.

Aki
GP
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

GP
On 01/11/2018 11:49 AM, Aki Tuomi wrote:

>
> On 11.01.2018 11:45, CP wrote:
>> Hello list,
>>
>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>> Perhaps I'm getting old, but I can't figure out why managesieve is
>> not working for virtual users. I have about 20 v users on this machine
>> and only one has also a real unix account. The sieve rules work for this
>> single unix account  but not for any other account.
>> I have read tried various HOWTO's found on the net like this :
>>
>> https://forum.vestacp.com/viewtopic.php?t=11363
>>
>> but nothing is working for my case, so something is wrong in my setup
>> and I
>> hope you guys might shed some light .
>> The setup is rather simple it's 20 v users with one public folder , I
>> have tried both
>> dovecot lda and lmtp .
>>
>> doveconf -n  included
>>
>> Thanks in advance for any help
> Hi!
>
> Can you enable mail_debug=yes in dovecot config and see what Sieve says
> for those rules. Also can you provide sieve rules. The sieve rules in
> your config file are per-user rules, managesieved does not actually do
> sieve processing, but provides ability to manage sieve rules remotely.
>
> Aki

I have already done it but I can't really tell what I 'm supposed to see
in the log

this is a line for a message without matching rule :

Jan 09 23:07:48 lda([hidden email]): Info: sieve:
msgid=<[hidden email]>:
stored mail into mailbox 'INBOX'

and this with a working rule:

Jan 10 01:00:04 lda([hidden email]): Info: sieve:
msgid=<[hidden email]>: stored mail into
mailbox 'INBOX/Postfix'

both are with lda delivery

and with lmtp :

Jan 11 01:00:04 lmtp([hidden email]): Info: QVkQD/SaVloKFQAAyyBr5g:
sieve: msgid=<[hidden email]>: stored mail
into mailbox 'INBOX/Postfix'
Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit



The rule is pretty simple actually :

require ["fileinto"];
# rule:[Bad]
if header :is "subject" "Bad Filename Detected"
{
         fileinto "INBOX/BAD";
stop;
}
# rule:[postfix]
if allof (header :is "subject" "Postfix Dailly logcheck")
{
         fileinto "INBOX/Postfix";
stop;
}

And this is a sample rule from a v user that doesn't work :

require ["fileinto"];
# rule:[1]
if  header :is "from" "[hidden email]"
{
         fileinto "INBOX/9 - 1";
}

The thing is I expected more verbosity from sieve  . is there some
option to
to turn more verbose messages on ?




Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

Aki Tuomi-2


On 11.01.2018 12:09, CP wrote:

> On 01/11/2018 11:49 AM, Aki Tuomi wrote:
>>
>> On 11.01.2018 11:45, CP wrote:
>>> Hello list,
>>>
>>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>>> Perhaps I'm getting old, but I can't figure out why managesieve is
>>> not working for virtual users. I have about 20 v users on this machine
>>> and only one has also a real unix account. The sieve rules work for
>>> this
>>> single unix account  but not for any other account.
>>> I have read tried various HOWTO's found on the net like this :
>>>
>>> https://forum.vestacp.com/viewtopic.php?t=11363
>>>
>>> but nothing is working for my case, so something is wrong in my setup
>>> and I
>>> hope you guys might shed some light .
>>> The setup is rather simple it's 20 v users with one public folder , I
>>> have tried both
>>> dovecot lda and lmtp .
>>>
>>> doveconf -n  included
>>>
>>> Thanks in advance for any help
>> Hi!
>>
>> Can you enable mail_debug=yes in dovecot config and see what Sieve says
>> for those rules. Also can you provide sieve rules. The sieve rules in
>> your config file are per-user rules, managesieved does not actually do
>> sieve processing, but provides ability to manage sieve rules remotely.
>>
>> Aki
>
> I have already done it but I can't really tell what I 'm supposed to
> see in the log
>
> this is a line for a message without matching rule :
>
> Jan 09 23:07:48 lda([hidden email]): Info: sieve:
> msgid=<[hidden email]>:
> stored mail into mailbox 'INBOX'
>
> and this with a working rule:
>
> Jan 10 01:00:04 lda([hidden email]): Info: sieve:
> msgid=<[hidden email]>: stored mail into
> mailbox 'INBOX/Postfix'
>
> both are with lda delivery
>
> and with lmtp :
>
> Jan 11 01:00:04 lmtp([hidden email]): Info: QVkQD/SaVloKFQAAyyBr5g:
> sieve: msgid=<[hidden email]>: stored mail
> into mailbox 'INBOX/Postfix'
> Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
>
>
>
> The rule is pretty simple actually :
>
> require ["fileinto"];
> # rule:[Bad]
> if header :is "subject" "Bad Filename Detected"
> {
>         fileinto "INBOX/BAD";
> stop;
> }
> # rule:[postfix]
> if allof (header :is "subject" "Postfix Dailly logcheck")
> {
>         fileinto "INBOX/Postfix";
> stop;
> }
>
> And this is a sample rule from a v user that doesn't work :
>
> require ["fileinto"];
> # rule:[1]
> if  header :is "from" "[hidden email]"
> {
>         fileinto "INBOX/9 - 1";
> }
>
> The thing is I expected more verbosity from sieve  . is there some
> option to
> to turn more verbose messages on ?
>
>
>
>
I cannot see any Debug prefix messages there.

Do you have syslog configured to log debug messages somewhere else? or
do you need to set debug_log_path if you are not using syslog?

Aki
GP
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

GP
On 01/11/2018 12:18 PM, Aki Tuomi wrote:

>
> On 11.01.2018 12:09, CP wrote:
>> On 01/11/2018 11:49 AM, Aki Tuomi wrote:
>>> On 11.01.2018 11:45, CP wrote:
>>>> Hello list,
>>>>
>>>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>>>> Perhaps I'm getting old, but I can't figure out why managesieve is
>>>> not working for virtual users. I have about 20 v users on this machine
>>>> and only one has also a real unix account. The sieve rules work for
>>>> this
>>>> single unix account  but not for any other account.
>>>> I have read tried various HOWTO's found on the net like this :
>>>>
>>>> https://forum.vestacp.com/viewtopic.php?t=11363
>>>>
>>>> but nothing is working for my case, so something is wrong in my setup
>>>> and I
>>>> hope you guys might shed some light .
>>>> The setup is rather simple it's 20 v users with one public folder , I
>>>> have tried both
>>>> dovecot lda and lmtp .
>>>>
>>>> doveconf -n  included
>>>>
>>>> Thanks in advance for any help
>>> Hi!
>>>
>>> Can you enable mail_debug=yes in dovecot config and see what Sieve says
>>> for those rules. Also can you provide sieve rules. The sieve rules in
>>> your config file are per-user rules, managesieved does not actually do
>>> sieve processing, but provides ability to manage sieve rules remotely.
>>>
>>> Aki
>> I have already done it but I can't really tell what I 'm supposed to
>> see in the log
>>
>> this is a line for a message without matching rule :
>>
>> Jan 09 23:07:48 lda([hidden email]): Info: sieve:
>> msgid=<[hidden email]>:
>> stored mail into mailbox 'INBOX'
>>
>> and this with a working rule:
>>
>> Jan 10 01:00:04 lda([hidden email]): Info: sieve:
>> msgid=<[hidden email]>: stored mail into
>> mailbox 'INBOX/Postfix'
>>
>> both are with lda delivery
>>
>> and with lmtp :
>>
>> Jan 11 01:00:04 lmtp([hidden email]): Info: QVkQD/SaVloKFQAAyyBr5g:
>> sieve: msgid=<[hidden email]>: stored mail
>> into mailbox 'INBOX/Postfix'
>> Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
>>
>>
>>
>> The rule is pretty simple actually :
>>
>> require ["fileinto"];
>> # rule:[Bad]
>> if header :is "subject" "Bad Filename Detected"
>> {
>>          fileinto "INBOX/BAD";
>> stop;
>> }
>> # rule:[postfix]
>> if allof (header :is "subject" "Postfix Dailly logcheck")
>> {
>>          fileinto "INBOX/Postfix";
>> stop;
>> }
>>
>> And this is a sample rule from a v user that doesn't work :
>>
>> require ["fileinto"];
>> # rule:[1]
>> if  header :is "from" "[hidden email]"
>> {
>>          fileinto "INBOX/9 - 1";
>> }
>>
>> The thing is I expected more verbosity from sieve  . is there some
>> option to
>> to turn more verbose messages on ?
>>
>>
>>
>>
> I cannot see any Debug prefix messages there.
>
> Do you have syslog configured to log debug messages somewhere else? or
> do you need to set debug_log_path if you are not using syslog?
>
> Aki

The only thing I tampered with logging is this :

log_path = /var/log/dovecot.log

I wanted to have dovecot messages separeted from mail.log

Anyway I have setup now those two below options re-enabled mail_debug

info_log_path = /var/log/dovecotsieve.log
debug_log_path = /var/log/dovecot-sieve-errors.log


George

Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

Steffen Kaiser-2
In reply to this post by GP
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On Thu, 11 Jan 2018, CP wrote:

> I'm trying to setup sieve on a Debian 9 install with virtual users.
> Perhaps I'm getting old, but I can't figure out why managesieve is
> not working for virtual users. I have about 20 v users on this machine
> and only one has also a real unix account. The sieve rules work for this
> single unix account  but not for any other account.

Hmm, your conf contains just one passdb and one userbd:

mail_location = maildir:/home/vmail/%d/%n/Maildir

sieve =
file:/home/vmail/%d/%n/sieve;active=/home/vmail/%d/%n/.dovecot.sieve

userdb {
   args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir
   driver = static
}

So, how does the real user authentificate?

Second, you've violated:
https://wiki2.dovecot.org/VirtualUsers/Home?highlight=%28home%29|%28mail%29

make home and mail_location distinct. I guess, above should read:
home=/home/vmail/%d/%n/

You've wrote "managesieve" is not working. That means, sieve is working?
So, has vmail write permission to : /home/vmail/%d/%n/sieve is it a
directory? Does your users log into managesieve with domain, too?

> but nothing is working for my case, so something is wrong in my setup and I
> hope you guys might shed some light .
> The setup is rather simple it's 20 v users with one public folder , I have
> tried both
> dovecot lda and lmtp .
>
> doveconf -n  included
>
> Thanks in advance for any help
>
- --
Steffen Kaiser
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1

iQEVAwUBWldLMMQnQQNheMxiAQLwjAf/enwWoeT5Phx1zuFPh3L0Cn2xemt+nJZU
N1z0N6bkICBJKty7L8t/KNnA0a3L7suFKw3lCuQnP3O1FS6O9Kb8dtdynZgjkBeI
xjdtVMjK1qtNmwdEtWfZ1LwAuPeMe/qNDDMBpsyqPAPN6RwMrFsEwvoGgq+PdVVX
1XQsQkSpJqjv2mzZfHRqS4c7vrUR/6l54+PY6NT8MEGtX4tZs/z7TVd0Oh75yTKn
SpQT7cW/4Xmt06k4ddfB+WjR5MMaEtrc14Zr7RGCIuAyyaS3c/j9xCTYm/nRben8
GykXJS8VYY2xHT2Eq7q397EZKjtMISv07qunLaZjONAsIxMt6T6dBA==
=I8QQ
-----END PGP SIGNATURE-----
GP
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

GP
In reply to this post by Aki Tuomi-2
On 01/11/2018 12:18 PM, Aki Tuomi wrote:

>
> On 11.01.2018 12:09, CP wrote:
>> On 01/11/2018 11:49 AM, Aki Tuomi wrote:
>>> On 11.01.2018 11:45, CP wrote:
>>>> Hello list,
>>>>
>>>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>>>> Perhaps I'm getting old, but I can't figure out why managesieve is
>>>> not working for virtual users. I have about 20 v users on this machine
>>>> and only one has also a real unix account. The sieve rules work for
>>>> this
>>>> single unix account  but not for any other account.
>>>> I have read tried various HOWTO's found on the net like this :
>>>>
>>>> https://forum.vestacp.com/viewtopic.php?t=11363
>>>>
>>>> but nothing is working for my case, so something is wrong in my setup
>>>> and I
>>>> hope you guys might shed some light .
>>>> The setup is rather simple it's 20 v users with one public folder , I
>>>> have tried both
>>>> dovecot lda and lmtp .
>>>>
>>>> doveconf -n  included
>>>>
>>>> Thanks in advance for any help
>>> Hi!
>>>
>>> Can you enable mail_debug=yes in dovecot config and see what Sieve says
>>> for those rules. Also can you provide sieve rules. The sieve rules in
>>> your config file are per-user rules, managesieved does not actually do
>>> sieve processing, but provides ability to manage sieve rules remotely.
>>>
>>> Aki
>> I have already done it but I can't really tell what I 'm supposed to
>> see in the log
>>
>> this is a line for a message without matching rule :
>>
>> Jan 09 23:07:48 lda([hidden email]): Info: sieve:
>> msgid=<[hidden email]>:
>> stored mail into mailbox 'INBOX'
>>
>> and this with a working rule:
>>
>> Jan 10 01:00:04 lda([hidden email]): Info: sieve:
>> msgid=<[hidden email]>: stored mail into
>> mailbox 'INBOX/Postfix'
>>
>> both are with lda delivery
>>
>> and with lmtp :
>>
>> Jan 11 01:00:04 lmtp([hidden email]): Info: QVkQD/SaVloKFQAAyyBr5g:
>> sieve: msgid=<[hidden email]>: stored mail
>> into mailbox 'INBOX/Postfix'
>> Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful quit
>>
>>
>>
>> The rule is pretty simple actually :
>>
>> require ["fileinto"];
>> # rule:[Bad]
>> if header :is "subject" "Bad Filename Detected"
>> {
>>          fileinto "INBOX/BAD";
>> stop;
>> }
>> # rule:[postfix]
>> if allof (header :is "subject" "Postfix Dailly logcheck")
>> {
>>          fileinto "INBOX/Postfix";
>> stop;
>> }
>>
>> And this is a sample rule from a v user that doesn't work :
>>
>> require ["fileinto"];
>> # rule:[1]
>> if  header :is "from" "[hidden email]"
>> {
>>          fileinto "INBOX/9 - 1";
>> }
>>
>> The thing is I expected more verbosity from sieve  . is there some
>> option to
>> to turn more verbose messages on ?
>>
>>
>>
>>
> I cannot see any Debug prefix messages there.
>
> Do you have syslog configured to log debug messages somewhere else? or
> do you need to set debug_log_path if you are not using syslog?
>
> Aki

This is a fresh log , if you can make something out of it,  it seems
that it loads the script alright and then I guess
there is something wrong with the rule itself ?


Jan 11 12:43:42 lmtp([hidden email]): Debug: sieve: Pigeonhole version
0.4.16 (fed8554) initializing
Jan 11 12:43:42 lmtp([hidden email]): Debug: sieve: include:
sieve_global is not set; it is currently not possible to include
`:global' scripts.
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using active Sieve
script path: /home/vmail/company/user/.dovecot.sieve
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using script storage
path: /home/vmail/company/user/sieve
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Relative path to sieve
storage in active link: sieve/
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using Sieve script path:
/home/vmail/company/user/.dovecot.sieve
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file script: Opened script `roundcube'
from `/home/vmail/company/user/.dovecot.sieve'
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Using the following location for
user's Sieve script: /home/vmail/company/user/.dovecot.sieve
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Opening script 1 of 1 from
`/home/vmail/company/user/.dovecot.sieve'
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Loading script
/home/vmail/company/user/.dovecot.sieve
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Script binary
/home/vmail/company/user/.dovecot.svbin successfully loaded
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: binary save: not saving binary
/home/vmail/company/user/.dovecot.svbin, because it is already stored
Jan 11 12:43:42 lmtp([hidden email]): Debug:
SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Executing script from
`/home/vmail/company/user/.dovecot.svbin'

If I'm not asking too much is there a way to manually run the script on
the virtual users mailbox in order to check the rules
without waiting for a message to arrive ?

Thanks anyway !
George

Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

Aki Tuomi-2


On 11.01.2018 13:56, CP wrote:

> On 01/11/2018 12:18 PM, Aki Tuomi wrote:
>>
>> On 11.01.2018 12:09, CP wrote:
>>> On 01/11/2018 11:49 AM, Aki Tuomi wrote:
>>>> On 11.01.2018 11:45, CP wrote:
>>>>> Hello list,
>>>>>
>>>>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>>>>> Perhaps I'm getting old, but I can't figure out why managesieve is
>>>>> not working for virtual users. I have about 20 v users on this
>>>>> machine
>>>>> and only one has also a real unix account. The sieve rules work for
>>>>> this
>>>>> single unix account  but not for any other account.
>>>>> I have read tried various HOWTO's found on the net like this :
>>>>>
>>>>> https://forum.vestacp.com/viewtopic.php?t=11363
>>>>>
>>>>> but nothing is working for my case, so something is wrong in my setup
>>>>> and I
>>>>> hope you guys might shed some light .
>>>>> The setup is rather simple it's 20 v users with one public folder , I
>>>>> have tried both
>>>>> dovecot lda and lmtp .
>>>>>
>>>>> doveconf -n  included
>>>>>
>>>>> Thanks in advance for any help
>>>> Hi!
>>>>
>>>> Can you enable mail_debug=yes in dovecot config and see what Sieve
>>>> says
>>>> for those rules. Also can you provide sieve rules. The sieve rules in
>>>> your config file are per-user rules, managesieved does not actually do
>>>> sieve processing, but provides ability to manage sieve rules remotely.
>>>>
>>>> Aki
>>> I have already done it but I can't really tell what I 'm supposed to
>>> see in the log
>>>
>>> this is a line for a message without matching rule :
>>>
>>> Jan 09 23:07:48 lda([hidden email]): Info: sieve:
>>> msgid=<[hidden email]>:
>>>
>>> stored mail into mailbox 'INBOX'
>>>
>>> and this with a working rule:
>>>
>>> Jan 10 01:00:04 lda([hidden email]): Info: sieve:
>>> msgid=<[hidden email]>: stored mail into
>>> mailbox 'INBOX/Postfix'
>>>
>>> both are with lda delivery
>>>
>>> and with lmtp :
>>>
>>> Jan 11 01:00:04 lmtp([hidden email]): Info: QVkQD/SaVloKFQAAyyBr5g:
>>> sieve: msgid=<[hidden email]>: stored mail
>>> into mailbox 'INBOX/Postfix'
>>> Jan 11 01:00:04 lmtp(5386): Info: Disconnect from local: Successful
>>> quit
>>>
>>>
>>>
>>> The rule is pretty simple actually :
>>>
>>> require ["fileinto"];
>>> # rule:[Bad]
>>> if header :is "subject" "Bad Filename Detected"
>>> {
>>>          fileinto "INBOX/BAD";
>>> stop;
>>> }
>>> # rule:[postfix]
>>> if allof (header :is "subject" "Postfix Dailly logcheck")
>>> {
>>>          fileinto "INBOX/Postfix";
>>> stop;
>>> }
>>>
>>> And this is a sample rule from a v user that doesn't work :
>>>
>>> require ["fileinto"];
>>> # rule:[1]
>>> if  header :is "from" "[hidden email]"
>>> {
>>>          fileinto "INBOX/9 - 1";
>>> }
>>>
>>> The thing is I expected more verbosity from sieve  . is there some
>>> option to
>>> to turn more verbose messages on ?
>>>
>>>
>>>
>>>
>> I cannot see any Debug prefix messages there.
>>
>> Do you have syslog configured to log debug messages somewhere else? or
>> do you need to set debug_log_path if you are not using syslog?
>>
>> Aki
>
> This is a fresh log , if you can make something out of it,  it seems
> that it loads the script alright and then I guess
> there is something wrong with the rule itself ?
>
>
> Jan 11 12:43:42 lmtp([hidden email]): Debug: sieve: Pigeonhole
> version 0.4.16 (fed8554) initializing
> Jan 11 12:43:42 lmtp([hidden email]): Debug: sieve: include:
> sieve_global is not set; it is currently not possible to include
> `:global' scripts.
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using active Sieve
> script path: /home/vmail/company/user/.dovecot.sieve
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using script storage
> path: /home/vmail/company/user/sieve
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Relative path to sieve
> storage in active link: sieve/
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file storage: Using Sieve script
> path: /home/vmail/company/user/.dovecot.sieve
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: file script: Opened script
> `roundcube' from `/home/vmail/company/user/.dovecot.sieve'
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Using the following location for
> user's Sieve script: /home/vmail/company/user/.dovecot.sieve
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Opening script 1 of 1 from
> `/home/vmail/company/user/.dovecot.sieve'
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Loading script
> /home/vmail/company/user/.dovecot.sieve
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Script binary
> /home/vmail/company/user/.dovecot.svbin successfully loaded
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: binary save: not saving binary
> /home/vmail/company/user/.dovecot.svbin, because it is already stored
> Jan 11 12:43:42 lmtp([hidden email]): Debug:
> SYrVAt4/V1rhUQAAyyBr5g:11: sieve: Executing script from
> `/home/vmail/company/user/.dovecot.svbin'
>
> If I'm not asking too much is there a way to manually run the script
> on the virtual users mailbox in order to check the rules
> without waiting for a message to arrive ?
>
> Thanks anyway !
> George
>

Yes, use 'sieve-test'.

Aki
GP
Reply | Threaded
Open this post in threaded view
|

Re: Managesieve and virtual users

GP
In reply to this post by Steffen Kaiser-2
On 01/11/2018 01:32 PM, Steffen Kaiser wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> On Thu, 11 Jan 2018, CP wrote:
>
>> I'm trying to setup sieve on a Debian 9 install with virtual users.
>> Perhaps I'm getting old, but I can't figure out why managesieve is
>> not working for virtual users. I have about 20 v users on this machine
>> and only one has also a real unix account. The sieve rules work for this
>> single unix account  but not for any other account.
>
> Hmm, your conf contains just one passdb and one userbd:
>
> mail_location = maildir:/home/vmail/%d/%n/Maildir
>
> sieve =
> file:/home/vmail/%d/%n/sieve;active=/home/vmail/%d/%n/.dovecot.sieve
>
> userdb {
>   args = uid=vmail gid=vmail home=/home/vmail/%d/%n/Maildir
>   driver = static
> }
>
> So, how does the real user authentificate?

Sorry my bad , the real user does not login for mail ,  as I said to Aki
probably the rule is not working
as expected and on the contrast it works OK for the other v user.

>
> Second, you've violated:
> https://wiki2.dovecot.org/VirtualUsers/Home?highlight=%28home%29|%28mail%29
>
>
> make home and mail_location distinct. I guess, above should read:
> home=/home/vmail/%d/%n/

If I switch it now will it affect how the users are working now ? Will
it produce trouble  if I leave it as is ?

>
> You've wrote "managesieve" is not working. That means, sieve is working?
> So, has vmail write permission to : /home/vmail/%d/%n/sieve is it a
> directory? Does your users log into managesieve with domain, too?

Yes sieve is a dir , everything is  owned by vmail user, no permissions
problem. Sieve is working for other user
so I guess something is wrong with rules

Thank you guys for all the help

George