TechQA.

Sieve filter not running

1.4k views Asked by At

I am trying to automatically move mails detected as spam to the junk folder but my sieve filters are not running. I can send and receive mails and mails are detected as spam.

X-Virus-Scanned: amavisd-new at ...
X-Spam-Flag: YES
X-Spam-Score: 999.802
X-Spam-Level: ****************************************************************
X-Spam-Status: Yes, score=999.802 tagged_above=-999 required=5
    tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1,
    DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, GTUBE=1000,
    HTML_MESSAGE=0.001, SPF_PASS=-0.001, TVD_SPACE_RATIO=0.001]
    autolearn=no autolearn_force=no

I think the problem is, that postfix does not deliver mails via dovecot but I can not figure out why.

My System:

  • Arch Linux
  • postfix 3.3.2-3
  • dovecot 2.3.4.1-1

Things I have done or checked again and again...

  • pidgeonehole is installed
  • The dovecot-lmtp socket exists in /var/spool/postfix/private and is read- and writable to postfix
  • The virtual_transport in postfix main.cf is set to lmtps:unix:private/dovecot-lmtp
  • lmtp service and protocol blocks in dovecot.conf are present and protocols value contains lmtp
  • path to global sieve scripts seems to be correct
  • sieve scripts are compiling without errors
  • Folder junk exists
  • Dovecot never logs anything related to lmtp even if mail_debug = yes is set

I really dont have any idea anymore. So below are some relevant information. Being in hope that someone can help me to get this to working.

Here is an excerpt of the postfix log where postfix always sais ...status=sent (delivered to maildir)

Feb 10 19:37:59 hostname postfix/w.x.y.z/postscreen[1133]: CONNECT from [209.85.208.174]:44008 to [w.x.y.z]:25
Feb 10 19:37:59 hostname postfix/dnsblog[1136]: addr 209.85.208.174 listed by domain dnsbl.sorbs.net as 127.0.0.6
Feb 10 19:37:59 hostname postfix/dnsblog[1138]: addr 209.85.208.174 listed by domain hostkarma.junkemailfilter.com as 127.0.0.3
Feb 10 19:37:59 hostname postfix/dnsblog[1138]: addr 209.85.208.174 listed by domain hostkarma.junkemailfilter.com as 127.0.1.1
Feb 10 19:38:00 hostname postfix/w.x.y.z/postscreen[1133]: PASS OLD [209.85.208.174]:44008
Feb 10 19:38:00 hostname postfix/w.x.y.z/smtpd[1142]: connect from mail-lj1-f174.google.com[209.85.208.174]
Feb 10 19:38:00 hostname postfix/w.x.y.z/smtpd[1142]: Anonymous TLS connection established from mail-lj1-f174.google.com[209.85.208.174]: TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)
Feb 10 19:38:00 hostname postfix/w.x.y.z/smtpd[1142]: NOQUEUE: client=mail-lj1-f174.google.com[209.85.208.174]
Feb 10 19:38:02 hostname postfix/smtpd[1159]: connect from unknown[127.0.0.1]
Feb 10 19:38:02 hostname postfix/smtpd[1159]: 6262DAE1876: client=unknown[127.0.0.1]
Feb 10 19:38:02 hostname postfix/cleanup[1160]: 6262DAE1876: message-id=
Feb 10 19:38:02 hostname postfix/smtpd[1159]: disconnect from unknown[127.0.0.1] ehlo=1 mail=1 rcpt=1 data=1 quit=1 commands=5
Feb 10 19:38:02 hostname postfix/qmgr[28602]: 6262DAE1876: from=, size=5817, nrcpt=1 (queue active)
Feb 10 19:38:02 hostname postfix/smtpd[1159]: connect from unknown[127.0.0.1]
Feb 10 19:38:02 hostname postfix/smtpd[1159]: 67345AE1879: client=unknown[127.0.0.1], orig_client=mail-lj1-f174.google.com[209.85.208.174]
Feb 10 19:38:02 hostname postfix/cleanup[1160]: 67345AE1879: message-id=
Feb 10 19:38:02 hostname postfix/smtpd[1159]: disconnect from unknown[127.0.0.1] ehlo=1 xforward=1 mail=1 rcpt=1 data=1 quit=1 commands=6
Feb 10 19:38:02 hostname postfix/qmgr[28602]: 67345AE1879: from=, size=3901, nrcpt=1 (queue active)
Feb 10 19:38:02 hostname postfix/w.x.y.z/smtpd[1142]: proxy-accept: END-OF-MESSAGE: 250 2.0.0 from MTA(smtp:[127.0.0.1]:10035): 250 2.0.0 Ok: queued as 67345AE1879; from= to= proto=ESMTP helo=
Feb 10 19:38:02 hostname postfix/virtual[1161]: 6262DAE1876: to=, orig_to=, relay=virtual, delay=0.05, delays=0.02/0.02/0/0.01, dsn=2.0.0, status=sent (delivered to maildir)
Feb 10 19:38:02 hostname postfix/qmgr[28602]: 6262DAE1876: removed
Feb 10 19:38:02 hostname postfix/virtual[1161]: 67345AE1879: to=, relay=virtual, delay=0.02, delays=0.01/0.01/0/0, dsn=2.0.0, status=sent (delivered to maildir)
Feb 10 19:38:02 hostname postfix/qmgr[28602]: 67345AE1879: removed

In postfix master.cf I set:

...
lmtps     unix  -       -       -       -       -       lmtp
  -o lmtp_use_tls=yes
  -o lmtp_tls_loglevel=1
  -o lmtp_tls_CAfile=/etc/ssl/certs/ca-certificates.crt
  -o lmtp_enforce_tls=yes
  -o lmtp_tls_mandatory_protocols=!SSLv2,!SSLv3
  -o lmtp_tls_protocols=!SSLv2,!SSLv3
  -o lmtp_tls_mandatory_ciphers=high
  -o lmtp_tls_ciphers=high
  -o lmtp_send_xforward_command=yes
  -o lmtp_tls_security_level=encrypt
  -o lmtp_tls_note_starttls_offer=yes
...

In postfix main.cf I set:

...
virtual_transport = lmtps:unix:private/dovecot-lmtp
...

dovecot.conf:

...
protocols = imap lmtp sieve
...
service managesieve-login {
    inet_listener sieve {
        port = 4190
    }

    service_count = 1
    process_min_avail = 2
    vsz_limit = 128M
}

service managesieve {
    process_limit = 256
}

service lmtp {
    unix_listener /var/spool/postfix/private/dovecot-lmtp {
        group = postfix
        mode = 0600
        user = postfix
    }
    user = vmail
}
...
protocol lmtp {
    mail_plugins = quota sieve acl notify
    auth_socket_path = /var/run/dovecot/auth-master
    postmaster_address = ...
}

protocol sieve {
    managesieve_max_line_length = 65536
    mail_max_userip_connections = 10
    mail_plugins =
    managesieve_logout_format = bytes=%i/%o
    managesieve_implementation_string = Dovecot Pigeonhole
    managesieve_sieve_capability =
    managesieve_notify_capability =
    managesieve_max_compile_errors = 5
}
...
plugin {
    ...
    sieve_extensions = +spamtest

    sieve_spamtest_status_type = score
    sieve_spamtest_status_header = \
    X-Spam_score: (-?[[:digit:]]+\.[[:digit:]]).*
    sieve_spamtest_max_value = 5.0

    # Own sieve filters are located in the home directory
    sieve = file:~/sieve;active=~/.dovecot.sieve
    # The global filter is located outside
    sieve_before = /var/lib/dovecot/sieve/move_to_spam_folder.sieve
    sieve_max_script_size = 1M
    sieve_quota_max_scripts = 0
    sieve_quota_max_storage = 0
    # Continue even if the quota can not be determined
    # Valid for the Postfix policy service provided from Dovecot
    quota_status_success = DUNNO
    quota_status_nouser = DUNNO
    quota_status_overquota = "552 5.2.2 Mailbox is over quota"
    sieve_plugins = sieve_imapsieve sieve_extprograms

    # From elsewhere to Spam folder
    imapsieve_mailbox1_name = Junk
    imapsieve_mailbox1_cause = COPY
    imapsieve_mailbox1_before = file:/var/lib/dovecot/sieve/report-spam.sieve

    # From Spam folder to elsewhere
    imapsieve_mailbox2_name = *
    imapsieve_mailbox2_from = Junk
    imapsieve_mailbox2_cause = COPY
    imapsieve_mailbox2_before = file:/var/lib/dovecot/sieve/report-ham.sieve

    sieve_pipe_bin_dir = /var/lib/dovecot/sieve
    sieve_global_extensions = +vnd.dovecot.pipe +vnd.dovecot.environment
}

Finally the global sieve script:

require "fileinto";

if header :contains "X-Spam-Flag" "YES" {
    fileinto "Junk";
}
email postfix-mta dovecot sieve lmtp
Original Q&A
0

There are 0 answers

Related Questions in EMAIL

Related Questions in POSTFIX-MTA

Related Questions in DOVECOT

Related Questions in SIEVE

Related Questions in LMTP

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions