On sön, 2024/09/15 at 14:30:19 +0200, Richard via dovecot wrote:
> I've set up dovecot via global sieve scripts to send mails that a user
> manually moved to their junk directory to rspamd to learn them as spam
> (and learn messages as ham if they are moved out of it). I thought I had
> it all properly set up, but I'm now again seeing log messages like this:
root@debian:~# dpkg -l | egrep '^ii.*(rspam|dovecot-core)'
ii dovecot-core 1:2.3.21.1+dfsg1-1~bpo12+1
amd64 secure POP3/IMAP server - core files
ii rspamd 3.4-1
amd64 Rapid spam filtering system
I do the same as you.
> Sep 15 13:01:00 dovecot[523226]:
> imap(username)<823661><4+8RXyYi2L9/AAAB>: Error: sieve: failed to
> execute to program `rspamd-learn-spam.sh': refer to server log for more
> information. [2024-09-15 13:01:00] Sep 15 13:01:00 dovecot[523226]:
> imap(username)<823661><4+8RXyYi2L9/AAAB>: Error: sieve: Execution of
> script /etc/dovecot/sieve/global/learn-spam.sieve failed
>
>
> The content of learn-spam.sieve is this:
>
>
> require ["vnd.dovecot.pipe", "copy", "imapsieve"]; pipe :copy
> "rspamd-learn-spam.sh";
>
>
> And the content of rspamd-learn-spam.sh is this:
>
>
> #!/bin/sh exec /usr/bin/rspamc learn_spam
>
>
> All the necessary files are located in /etc/dovecot/sieve/global and are
> owned by dovecot:dovecot with rw, r, r permissions. Also, I have
> compiled the .sieve files with sievec, the resulting .svbin files have
> the same permissions and ownership. What am I doing wrong? I don't see
> any further "server log" that will tell me more information.
>
>
> I'm using dovecot 2.3.19.1 (9b53102964) on Debian 12.7
root@debian:~# ls -l /etc/dovecot/sieve
total 32
-rw-r----- 1 vmail dovecot 188 Sep 4 13:41 global-spam.sieve
-rw-r----- 1 vmail vmail 330 Sep 4 14:01 global-spam.svbin
-rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-ham.rspamd.script
-rw-r----- 1 vmail dovecot 256 Sep 4 13:42 learn-ham.sieve
-rw-r----- 1 vmail dovecot 442 Sep 5 03:55 learn-ham.svbin
-rwxr-x--- 2 vmail dovecot 2579 Sep 4 13:44 learn-spam.rspamd.script
-rw-r----- 1 vmail dovecot 151 Sep 4 13:43 learn-spam.sieve
-rw-r----- 1 vmail dovecot 341 Sep 5 03:56 learn-spam.svbin
The scripts need to be executable.
I have this in the plugin {} section of dovecot.conf:
# This will automatically move spam into Junk/ and when you move a message
# into Junk, it will tell rspamd that it is spam for Bayes learning. Moving
# false positives out of Junk/ will teach rspamd that it is ham.
sieve_plugins = sieve_imapsieve sieve_extprograms
sieve_extensions = +editheader +imapflags +mboxmetadata +notify
+servermetadata +spamtest +spamtestplus +virustest
imapsieve_mailbox1_before = file:/etc/dovecot/sieve/learn-spam.sieve
imapsieve_mailbox1_causes = COPY APPEND FLAG
imapsieve_mailbox1_name = Junk
imapsieve_mailbox2_before = file:/etc/dovecot/sieve/learn-ham.sieve
imapsieve_mailbox2_causes = COPY APPEND FLAG
imapsieve_mailbox2_from = Junk
imapsieve_mailbox2_name = *
sieve_pipe_bin_dir = /etc/dovecot/sieve
sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
sieve_spamtest_status_type = score
sieve_spamtest_status_header = X-Spam_score: (-?[[:digit:]]+\.[[:digit:]])
sieve_spamtest_max_value = 6
sieve_before = /etc/dovecot/sieve/global-spam.sieve
The only other thing was to get the password out of
/etc/rspamd/worker-controller.inc and put it in
/etc/dovecot/rspamd-controller.password (or whatever file your
learn-{sp,h}am script points at to get the password). It needed to be
pointed at 127.0.0.1:11334 for the socket.
root@debian:~# cat /etc/dovecot/rspamd-controller.conf.sh
# Path to file containing the controller password
# (Or, if it doesn't start with '/' or '.', the password itself.
# But it might leak the password through ps to other users)
RSPAMD_CONTROLLER_PASSWORD=/etc/dovecot/rspamd-controller.password
# passed to rspamc with the -h option (host and port)
RSPAMD_CONTROLLER_SOCKET=127.0.0.1:11334
# if set uses curl instead of rspamc; should start with http: or https:
RSPAMD_CONTROLLER_HOST=
# classifier to learn for (default by rspamc: bayes), e.g. `bayes_user`
RSPAMD_CLASSIFIER=bayes
>From what I remember, it was somewhat fiddly to get this working as I was
not intimately familiar with rspamd, nor dovecot or sieve, but this works
and it works well. Relatively low incident rate of false positives after a
some weeks.
--
Kind regards,
/S
_______________________________________________
dovecot mailing list -- dovecot@dovecot.org
To unsubscribe send an email to dovecot-le...@dovecot.org
