[Sieve] Understand Sieve processing

2021-03-26 Thread h8h 

Hi,

I have the following configuration:

> cat > /etc/dovecot/conf.d/99-local-sieve.conf << EOF;
> plugin {
>  sieve_before = /etc/dovecot/sieve-spam.sieve
>  sieve_before2 = /mail/sieve/global_before
>  sieve_after = /mail/sieve/global_after
>  sieve = /mail/sieve/%d/%n.sieve
>  sieve_dir = /mail/sieve/%d/%n
> }
> EOF

> cat /etc/dovecot/sieve-spam.sieve
> require ["regex", "fileinto", "imap4flags"];
>
> if allof (header :regex "X-Spam-Status" "^Yes") {
>  fileinto "Spam";
> }

(I removed the keyword "stop;" to proceed rule processing, which does 
not work)



Now as a user (/mail/sieve/%d/%n.sieve) I want to create my own "Spam" rule:
> require ["regex","reject"];
> # rule:[SPAM]
> if allof (header :regex "x-spam-status" "^Yes")
> {
>reject text:
> This E-Mail is SPAM.
> .
> ;
> }



I activate the traces and see the following if the e-mail is SPAM:

>  ## Started executing script 'sieve-spam'
>   3: jump if result is false
>   3:   not jumping
>   4: fileinto action
>   4:   store message in mailbox `Spam'
>  ## Finished executing script 'sieve-spam'


If the e-mail is not SPAM:
>  ## Started executing script 'sieve-spam'
>   3: jump if result is false
>   3:   jumping to line 4
>  ## Finished executing script 'sieve-spam'
>
>
>  ## Started executing script 'roundcube'
>   3: jump if result is false
>   3:   jumping to line 10
>  ## Finished executing script 'roundcube'

So my sieve gets only executed if the e-mail is not SPAM. Thats a bit odd.

Could you explain how the sieve processing work and how I can solve this 
problem?


 dovecot --version
2.2.33.2 (d6601f4ec)
on Ubuntu 18.04 LTS

Best regards
Homy

dsync error: Can't sync mailbox tmp: Mailbox isn't selectable

2021-03-26 Thread Hagen Bauer 

Hi,

I am trying to use dsync to migrate from mbox to Maildir with 


 dovecot --version
 2.2.27 ()


The configuration seems to be working and some of the mailbox can be mirrored 
via

dsync -u username mirror  mbox:/home/username/mail:INBOX=/var/mail/username


I have trouble with one user where I get the error. 


dsync(username2): Error: Can't sync mailbox tmp: Mailbox isn't selectable

Any ideas where to look for hints?

Regards

Hagen Bauer

Sv: ssl_verify_client_cert=yes does not require a client certificate [invalid signature!]

2021-03-26 Thread Sebastian 
What I have understand, you are able in configuration to reject transactions 
with those that doesn't present a valid certificate.
Ergo, they can connect, but they can't do anything.

-Ursprungligt meddelande-
Från: dovecot-boun...@dovecot.org  För Hristo Venev
Skickat: den 27 mars 2021 00:16
Till: dovecot@dovecot.org
Ämne: ssl_verify_client_cert=yes does not require a client certificate [invalid 
signature!]

Hello,

I am trying to set up LMTP over TLS. I have set ssl_verify_client_cert:

protocol lmtp {   
ssl_ca = ctx->client_ctx)
verify_flags = SSL_VERIFY_NONE;
else
-   verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+   verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE 
| 
+SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_set_verify(ssl_io->ssl, verify_flags,
   openssl_iostream_verify_client_cert);
}




smime.p7s
Description: S/MIME Cryptographic Signature

Strange error on multiple recipent email - permission denied

2021-03-26 Thread Salatiel Filho 
Hi, I am doing some tests with dovecot to replace cyrusimapd, but
after the most simple configuration  I am getting some strange errors
on log.



This is the output of dovecot -n:
#davecot -n
disable_plaintext_auth = no ( just for testing )
first_valid_uid = 1000
mail_location = mbox:/var/spool/mail/%n
mail_privileged_group = mail
mbox_write_locks = fcntl
namespace inbox {
  inbox = yes
  location =
  mailbox Drafts {
special_use = \Drafts
  }
  mailbox Junk {
special_use = \Junk
  }
  mailbox Sent {
special_use = \Sent
  }
  mailbox "Sent Messages" {
special_use = \Sent
  }
  mailbox Trash {
special_use = \Trash
  }
  prefix =
}
passdb {
  driver = pam
}
protocols = imap lmtp
ssl_cert = : lmtp-server: conn
unix:pid=1503,uid=0 [1]: rcpt user1:
msgid=:
saved mail to INBOX
Mar 27 00:32:20 mx2 sendmail[1503]: 12R0WKV0001502:
to=, delay=00:00:00, xdelay=00:00:00,
mailer=local, pri=32320, relay=localhost, dsn=2.0.0, stat=Sent
Mar 27 00:32:20 mx2 sendmail[1503]: 12R0WKV0001502: done;
delay=00:00:00, ntries=1
Mar 27 00:32:20 mx2 dovecot[1473]: lmtp(1504): Disconnect from local:
Client has quit the connection (state=READY)

Now I send one email to user2@mydomain and I can receive just fine and
there are no errors on logs.

Mar 27 00:33:45 mx2 dovecot[1473]: lmtp(1510): Connect from local
Mar 27 00:33:46 mx2 sendmail[1509]: STARTTLS=client, relay=localhost,
version=TLSv1.3, verify=FAIL, cipher=TLS_AES_256_GCM_SHA384,
bits=256/256
Mar 27 00:33:46 mx2 dovecot[1473]:
lmtp(user2)<1510>: lmtp-server: conn
unix:pid=1509,uid=0 [1]: rcpt user2:
msgid=:
saved mail to INBOX
Mar 27 00:33:46 mx2 sendmail[1509]: 12R0XjKj001508:
to=, delay=00:00:01, xdelay=00:00:01,
mailer=local, pri=32318, relay=localhost, dsn=2.0.0, stat=Sent
Mar 27 00:33:46 mx2 sendmail[1509]: 12R0XjKj001508: done;
delay=00:00:01, ntries=1
Mar 27 00:33:46 mx2 dovecot[1473]: lmtp(1510): Disconnect from local:
Client has quit the connection (state=READY)


The problem starts if I send one email to user1 AND user2 ( user2 can
be in TO or CC )


Mar 27 00:35:04 mx2 dovecot[1473]:
lmtp(user2)<1518>: lmtp-server: conn
unix:pid=1517,uid=0 [1]: rcpt user2:
msgid=:
saved mail to INBOX
Mar 27 00:35:04 mx2 dovecot[1473]:
lmtp(user1)<1518>: Error: lmtp-server: conn
unix:pid=1517,uid=0 [1]: rcpt user2:
stat(/var/spool/mail/user2/.imap/INBOX/dovecot.index.log) failed:
Permission denied (euid=1003(user1) egid=1003(user1) missing +x perm:
/var/spool/mail/user2, dir owned by 1004:1004 mode=0700)
Mar 27 00:35:04 mx2 dovecot[1473]:
lmtp(user1)<1518>: Error: lmtp-server: conn
unix:pid=1517,uid=0 [1]: rcpt user2:
open(/var/spool/mail/user2/.imap/INBOX/dovecot.index) failed:
Permission denied (euid=1003(user1) egid=1003(user1) missing +x perm:
/var/spool/mail/user2, dir owned by 1004:1004 mode=0700)
Mar 27 00:35:04 mx2 dovecot[1473]:
lmtp(user1)<1518>: lmtp-server: conn
unix:pid=1517,uid=0 [1]: rcpt user1:
msgid=:
saved mail to INBOX
Mar 27 00:35:04 mx2 sendmail[1517]: 12R0Z4h0001516:
to=,, delay=00:00:00,
xdelay=00:00:00, mailer=local, pri=62302, relay=localhost, dsn=2.0.0,
stat=Sent
Mar 27 00:35:04 mx2 sendmail[1517]: 12R0Z4h0001516: done;
delay=00:00:00, ntries=1
Mar 27 00:35:04 mx2 dovecot[1473]: lmtp(1518): Disconnect from local:
Client has quit the connection (state=READY)



Although I can receive the email, there's an ERROR log in maillog. It
appears user1 wants to open the user2 index file.
Any ideas why ?

Thank you very much!

ssl_verify_client_cert=yes does not require a client certificate

2021-03-26 Thread Hristo Venev 
Hello,

I am trying to set up LMTP over TLS. I have set ssl_verify_client_cert:

protocol lmtp {   
ssl_ca = ctx->client_ctx)
verify_flags = SSL_VERIFY_NONE;
else
-   verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE;
+   verify_flags = SSL_VERIFY_PEER | SSL_VERIFY_CLIENT_ONCE 
| SSL_VERIFY_FAIL_IF_NO_PEER_CERT;
SSL_set_verify(ssl_io->ssl, verify_flags,
   openssl_iostream_verify_client_cert);
}



signature.asc
Description: This is a digitally signed message part