Re: ot: 2.2 ghettoforge install systemctl Q

[Aki Tuomi]

> On December 16, 2017 at 1:59 AM voy...@sbt.net.au wrote:
> 
> 
> I've installed new Centos 7 with Dovecot 2.2 from ghettoforge and, used
> /etc/dovecot from current Centos 6 Dovecot 2.1
> 
> I can start/stop Dovecot with dovecot / doveadm stop
> 
> BUT when I tried 'systemctl' I get
> 
> # systemctl status dovecot
> ● dovecot.service - Dovecot IMAP/POP3 email server
>Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled;
> vendor preset: disabled)
>Active: inactive (dead)
>  Docs: man:dovecot(1)
>http://wiki2.dovecot.org/
> 
> how do I fix this, or, do I need to fix it ?
> 
> or maybe I need to pursue this on ghettoforge list
>

Try systemctl enable dovecot

Aki

Re: 2.1 to 2.2 server migration Qs: sanity check, config ?

[Aki Tuomi]

> On December 16, 2017 at 1:44 AM voy...@sbt.net.au wrote:
> 
> 
> On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
> > Please read between the lines =)
> 
> > at least you should remove autocreate plugin.
> 
> Aki, thanks.
> 
> I forgot to write this is meant as a plain vanilla pop/imap multi
> user/multi domain server, no special requirements or deviations should be
> needed
> 
> 
> >> mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
> >>
> >
> > The INDEX= is redundant.
> 
> so I go from
> mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
> to
> mail_location = maildir:/%Lh/Maildir/
> 
> 

you could use

mail_location = maildir:~/Maildir

You can use mail_home (or home) to specify homedir, such as

/var/mail/%Ld/%Ln to get lowercase path.



> 
> 
> >> private }
> >> namespace { list = children location =
> >> maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
> >>
> >
> > You should read https://wiki.dovecot.org/SharedMailboxes/Shared
> 
> (not sure whether I might have tried shareing my mailbox across two
> domains for myself once?...maybe that's why it's there... not sure)
> 
> so I just remove this whole block:
> 
> namespace {
> type = shared
> separator = /
> prefix = Shared/%%u/
> location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
> # this namespace should handle its own subscriptions or not.
> subscriptions = yes
> list = children
> }
> 
> thanks again, sorry for dumb questions
> 
> Voytek
>

No problem, it's better to ask than not. =)

Aki

ot: 2.2 ghettoforge install systemctl Q

[voytek]

I've installed new Centos 7 with Dovecot 2.2 from ghettoforge and, used
/etc/dovecot from current Centos 6 Dovecot 2.1

I can start/stop Dovecot with dovecot / doveadm stop

BUT when I tried 'systemctl' I get

# systemctl status dovecot
● dovecot.service - Dovecot IMAP/POP3 email server
   Loaded: loaded (/usr/lib/systemd/system/dovecot.service; disabled;
vendor preset: disabled)
   Active: inactive (dead)
 Docs: man:dovecot(1)
   http://wiki2.dovecot.org/

how do I fix this, or, do I need to fix it ?

or maybe I need to pursue this on ghettoforge list

Re: 2.1 to 2.2 server migration Qs: sanity check, config ?

[voytek]

On Sat, December 16, 2017 2:34 am, Aki Tuomi wrote:
> Please read between the lines =)

> at least you should remove autocreate plugin.

Aki, thanks.

I forgot to write this is meant as a plain vanilla pop/imap multi
user/multi domain server, no special requirements or deviations should be
needed


>> mail_gid = 2000 mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
>>
>
> The INDEX= is redundant.

so I go from
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
to
mail_location = maildir:/%Lh/Maildir/




>> private }
>> namespace { list = children location =
>> maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
>>
>
> You should read https://wiki.dovecot.org/SharedMailboxes/Shared

(not sure whether I might have tried shareing my mailbox across two
domains for myself once?...maybe that's why it's there... not sure)

so I just remove this whole block:

namespace {
type = shared
separator = /
prefix = Shared/%%u/
location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
# this namespace should handle its own subscriptions or not.
subscriptions = yes
list = children
}

thanks again, sorry for dumb questions

Voytek

Re: IMAP proxy

[x9p]

On Fri, December 15, 2017 3:21 pm, Aki Tuomi wrote:
>
>> On December 15, 2017 at 6:57 PM Gandalf Corvotempesta
>>  wrote:
>>
>>
...
>> server would be proxied to the newer one automatically ?
>>
>> Any additional software or only a configuration change is required ?
>
> Return from passdb, 'proxy host=your-new-host port=143 ssl=starttls'
>
> Aki
>

Or masquerade all traffic to the new server with firewall rules:

iptables -t nat -A PREROUTING -i ethX -p tcp -m tcp --dport 143 -j DNAT
--to-destination 1.1.1.1

iptables -t nat -A POSTROUTING -d 1.1.1.1/32 -p tcp -m tcp --dport 143 -j
MASQUERADE

ethX --> interface where connections come from
1.1.1.1 --> new server IP address

Maybe smth is wrong up there, didnt tested, but I think its cool.


cheers.

--
x9p | PGP : 0x03B50AF5EA4C8D80 / 5135 92C1 AD36 5293 2BDF  DDCC 0DFA 74AE
1524 E7EE

Re: Dovecot path separator clarification

[Alex JOST]

Am 15.12.2017 um 18:35 schrieb Davide Marchi:

Hi Friends,
On Debian Jessie and Dovecot 1:2.2.x using the default separator "/" 
(simply leave commented 10-mail.conf -> "#separator =")


I've create for a vuser (from client) a subfolder Scuola/prova

on server side, Dovecot create:

../Maildir/.Scuola.prova

Here my question: why not

../Maildir/Scuola/prova ?


The mailbox separator doesn't change the filesystem layout. See:

  https://wiki.dovecot.org/Namespaces#Hierarchy_separators

--
Alex JOST

Dovecot path separator clarification

[Davide Marchi]

Hi Friends,
On Debian Jessie and Dovecot 1:2.2.x using the default separator "/" 
(simply leave commented 10-mail.conf -> "#separator =")


I've create for a vuser (from client) a subfolder Scuola/prova

on server side, Dovecot create:

../Maildir/.Scuola.prova

Here my question: why not

../Maildir/Scuola/prova ?



Where I'm wrong?

Many thanks!

Davide

Question about imap (expunge response)

[Kamil Jońca]

(This is not neccesarily about dovecot, but rather IMAP protocol)

At https://drive.google.com/open?id=1j3oa5jYeSdiPbgaihq02K-u_vHbZLJZQ
is fetchmail log from my sessinon with polish email provider "Wirtualna
Polska"
As you can se fetchmail logged "* 1 EXPUNGE" as a response to "STORE"
command.
According to https://tools.ietf.org/html/rfc3501#section-7.4.1
EXPUNGE must not be sent as response to STORE command.
Am I right that their imap server is erroneous or am I missing
something?
KJ


-- 
http://stopstopnop.pl/stop_stopnop.pl_o_nas.html
Lonely men seek companionship.  Lonely women sit at home and wait.
They never meet.

Re: IMAP proxy

[Aki Tuomi]

> On December 15, 2017 at 6:57 PM Gandalf Corvotempesta 
>  wrote:
> 
> 
> I'm migrating an old server to another old server (same dovecot
> version in both servers)
> The migration itself is straightforward, stop dovecot on the old
> server, migrate everything via rsync, start dovecot to the new server.
> 
> There is only one step left: change the dns configuration, pointing
> from the old server to the newer one.
> As most of domains are not managed by me and some other domains are
> pointing to our server via IP, I can't simply change the A record or
> wait for all users to change their domain configuration.
> 
> TL;DR: is possible to use dovecot as IMAP proxy so that even after
> changing our dns records, any user directly connecting to my old
> server would be proxied to the newer one automatically ?
> 
> Any additional software or only a configuration change is required ?

Return from passdb, 'proxy host=your-new-host port=143 ssl=starttls'

Aki

Re: sieve filter move wrong email to Junk folder

[Gao]

Thanks for all of your help.

Now I modified my sieve script. Three things changes here:
1.   if header :contains "X-Spam-Status" "YES, " {
2.  if header :contains "subject" ["{SPAM?}"] {  ##add the curly brackets
3.  change the order. So send my Mailscanner labeled spam mail directlly 
to the junk folder.


The first one try to avoid the BAYES_ trigger the rule. The 2nd one is 
for MailScanner labeled spam mail. So the final script:

  require "fileinto";
  if header :contains "subject" ["{SPAM?}"] {
    fileinto "Junk";
    stop;
  }
  if exists "X-Spam-Status" {
  if header :contains "X-Spam-Status" "YES, " {
  fileinto "Junk";
  stop;
  } else {
  }
  }

I'll see how this works.

Gao



On 2017-12-15 12:38 AM, Steffen Kaiser wrote:

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 15 Dec 2017, Bill Shirley wrote:


This is what I use.  Notice the comma:
require "fileinto";
if header :contains "X-Spam-Status" "Yes," {
  fileinto "SystemFolders.SuspectedSpam";
  stop;
}


I would even add the space:

if header :contains "X-Spam-Status" "Yes, " {

because the list of tests won't contain a space.

- -- Steffen Kaiser
-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWjOKB8QnQQNheMxiAQIdeAgAyL+FDM/DE5J1sRkJ6P8MuIAT3Zx8zfPO
Mljn/kswG551jyso2FfGqAw6et5uHrab3Wk22NxQVK6yR4ySZstr3RF9ICeuJVvs
pNFzyvBf0BivihWZLMWiVum0/B0LfpW6T7B93Yvbl/JXei2C6+uy8Mk2zFo/5jWP
lpKdIxWs/SMmsjFE2QccfP7Id1aUw+tYM+9P/fzc0/kGkNRs5UCodeo/e30opdvv
tJ8QpwPV/873uhk9p5m2NB/0bi4i9Rg5VMC2ui5trVlyOR2q2WpYVZ1gV2tvVpEA
B3QY8vrzDf9xb1zDoVi8hMDCqynZZGQ++nSfIux/7DBDJvvYx5sYKg==
=sUdv
-END PGP SIGNATURE-

IMAP proxy

[Gandalf Corvotempesta]

I'm migrating an old server to another old server (same dovecot
version in both servers)
The migration itself is straightforward, stop dovecot on the old
server, migrate everything via rsync, start dovecot to the new server.

There is only one step left: change the dns configuration, pointing
from the old server to the newer one.
As most of domains are not managed by me and some other domains are
pointing to our server via IP, I can't simply change the A record or
wait for all users to change their domain configuration.

TL;DR: is possible to use dovecot as IMAP proxy so that even after
changing our dns records, any user directly connecting to my old
server would be proxied to the newer one automatically ?

Any additional software or only a configuration change is required ?

Re: Recommended tool for migrating IMAP servers

[Davide Marchi]

[..]
Well, I've read the dsync documentation, but this warning has me a 
little worried:


"Make sure destination is exactly as source, deleting/reverting any 
changes in destination if necessary"


This is when you use the 'backup' option. Dsync then makes 1:1 copy of
the source. If you use 'sync -1' option,
it does not delete mails/folders from destination.

Sami


Ah, ok, for the next sync I will try Dsync!

Many thanks again!


davide

Re: 2.1 to 2.2 server migration Qs: sanity check, config ?

[Aki Tuomi]

Please read between the lines =)

at least you should remove autocreate plugin.

> On December 15, 2017 at 4:47 PM voy...@sbt.net.au wrote:
> 
> 
> I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql
> virtual domains, in the process of setting a new Centos 7 to migrate,
> copied /etc/dovecot, made some minor edits to get rid of errors, added
> Letsencrypt in place of self certified certs, it seems to work, using mail
> client I can log on StartSSL/110/143, TLS/995/993 with no visible errors
> when login on
> 
> is there any other sanity checks I should do ? before I start putting
> users on it ?
> 
> attaching dovecot.conf at the end, appreciate any suggestion or correction
> 
> I see a lot of these warning, are they benign?
> 
> #grep Warning  /var/log/dovecot.log | wc
>  7411026900
> # wc  /var/log/dovecot.log
>   174  2299 19716 /var/log/dovecot.log
> 
> 
> Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending
> requests: Connection reset by peer
> Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending
> requests: EOF
> Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending
> requests: Connection reset by peer
> 
> ( as I've re used an old host name, I can see some users already trying to
> connect, they must've never removed this server name when it was shut
> down, perhaps they're generating these errors, repeatedly logging on ?)
> 
> # doveadm who
> username  # proto (pids)  (ips)
> f...@aaa.com.au  1 imap  (9047)  (35.196.255.170)
> se...@aaa.com.au 1 imap  (9056)  (104.196.21.108)
> ei...@aaa.com.au 1 imap  (9062)  (35.196.255.170)
> f...@aa.com.au2 imap  (9240 9044) (203.194.43.48 35.196.255.170)
> s...@aa.com.au 2 imap  (9248 9063) (203.194.43.48 35.185.44.87)
> post...@aa.com.au 1 imap  (9057)  (104.196.178.232)
> ei...@aa.com.au   2 imap  (9244 9050) (203.194.43.48 35.196.255.170)
> se...@aa.com.au   2 imap  (9055 9242) (104.196.21.108 203.194.43.48)
> s...@aaa.com.au   1 imap  (9054)  (35.185.44.87)
> 
> 
> doveconf -n -c /etc/dovecot/test/dovecot.conf >
> /etc/dovecot/test/dovecot.conf.new
> 
> # cat dovecot.conf.new
> 
> # 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf
> # Pigeonhole version 0.4.21 (92477967)
> # OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release
> 7.4.1708 (Core)
> auth_master_user_separator = *
> auth_mechanisms = PLAIN LOGIN
> dict {
>   acl = mysql:/etc/dovecot/dovecot-share-folder.conf
>   quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
> }
> first_valid_uid = 2000
> last_valid_uid = 2000
> listen = *
> log_path = /var/log/dovecot.log
> mail_gid = 2000
> mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/

The INDEX= is redundant.

> mail_plugins = quota
> mail_uid = 2000
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
> copy include variables body enotify environment mailbox date index ihave
> duplicate mime foreverypart extracttext
> namespace {
>   inbox = yes
>   location =
>   prefix =
>   separator = /
>   type = private
> }
> namespace {
>   list = children
>   location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u

You should read https://wiki.dovecot.org/SharedMailboxes/Shared

>   prefix = Shared/%%u/
>   separator = /
>   subscriptions = yes
>   type = shared
> }
> passdb {
>   args = /etc/dovecot/dovecot-mysql.conf
>   driver = sql
> }
> passdb {
>   args = /etc/dovecot/dovecot-master-users-password
>   driver = passwd-file
>   master = yes
> }
> plugin {
>   acl = vfile
>   acl_shared_dict = proxy::acl
>   auth_socket_path = /var/run/dovecot/auth-master
>   autocreate = INBOX
>   autocreate2 = Sent
>   autocreate3 = Trash
>   autocreate4 = Drafts
>   autocreate5 = Junk
>   autosubscribe = INBOX
>   autosubscribe2 = Sent
>   autosubscribe3 = Trash
>   autosubscribe4 = Drafts
>   autosubscribe5 = Junk

autocreate & autosubscribe should be converted into 

namespace {
  mailbox INBOX {
auto = subscribe # (or just create if subscribing is not required)
  }
}

>   quota = dict:user::proxy::quotadict
>   quota_rule = *:storage=1G
>   quota_warning = storage=85%% quota-warning 85 %u
>   quota_warning2 = storage=90%% quota-warning 90 %u
>   quota_warning3 = storage=95%% quota-warning 95 %u
>   sieve = /%Lh/sieve/dovecot.sieve
>   sieve_dir = /%Lh/sieve
>   sieve_global_dir = /var/vmail/sieve
>   sieve_global_path = /var/vmail/sieve/dovecot.sieve
> }
> protocols = pop3 imap sieve
> service auth {
>   unix_listener /var/spool/postfix/dovecot-auth {
> group = postfix
> mode = 0666
> user = postfix
>   }

This could be mode = 0600

>   unix_listener auth-master {
> group = vmail
> mode = 0666
> user = vmail
>   }
>   unix_listener auth-userdb {
> group = vmail
> mode = 0660
> user = vmail
>   }
> }

You sure you need 

Re: Mail-crypt plugin clarification

[Aki Tuomi]

> On December 15, 2017 at 2:29 AM Joseph Tam  wrote:
> 
> 
> Aki Tuomi writes:
> 
> > Dovecot does support making it difficult to prevent access to the stored
> > mail.
> 
> Those who have had problems understanding the documentation might find
> this unintended double-negative ironically funny.
> 

Indeed. Although we are open to improvements for the documentation, or even 
pointing out where it's wrong.

> > You can, with suitable workflows, ensure that the user's emails are not
> > readable by anyone but the user.  Of course the only way to be fully
> > sure is to use end-to-end encryption, ...
> 
> "Ensure" (or OP: "impossible") are very high standards of privacy.
> If the OP really means it, then since a third party has control over
> the (virtual or real) hardware, the server should never have access to
> private keys or decrypted data.  (We're in agreement I think.)
> 

You are quite right. The mail-crypt plugin cannot provide absolute guarantees 
that the data won't be accessible by sufficiently determined adversary, due to 
the fact that the keys are indeed on the server, or accessible by the server.

> If the OP lowers their standards to "inconvenient" to gain access,
> then the plugin is enough.  It will keep the honest admin honest.
> 
> > ... like PGP or S/MIME, but this does go a long way to prevent admin access
> > to user's email.
> 
> Don't ignore metadata; who/when/where (and headers?) could reveal much
> information.
> 
> Joseph Tam 

It's always all about who you are guarding against. I'd say that against your 
hosting provide, mail crypt can provide reasonable safeguards, especially if 
the storage is not on the same device.

The weak point is, as you point out, key management and handling, and special 
attention should be paid to this and I suggest clearly outlining the threats 
you are planning on mitigating and how the solution(s) you use achieve this.

Aki

2.1 to 2.2 server migration Qs: sanity check, config ?

[voytek]

I have an old Centos 6 running dovecot 2.1.17 with Postfix 2.1x, mysql
virtual domains, in the process of setting a new Centos 7 to migrate,
copied /etc/dovecot, made some minor edits to get rid of errors, added
Letsencrypt in place of self certified certs, it seems to work, using mail
client I can log on StartSSL/110/143, TLS/995/993 with no visible errors
when login on

is there any other sanity checks I should do ? before I start putting
users on it ?

attaching dovecot.conf at the end, appreciate any suggestion or correction

I see a lot of these warning, are they benign?

#grep Warning  /var/log/dovecot.log | wc
 7411026900
# wc  /var/log/dovecot.log
  174  2299 19716 /var/log/dovecot.log


Dec 16 00:57:12 auth: Warning: auth client 0 disconnected with 1 pending
requests: Connection reset by peer
Dec 16 00:57:52 auth: Warning: auth client 0 disconnected with 1 pending
requests: EOF
Dec 16 00:57:59 auth: Warning: auth client 0 disconnected with 1 pending
requests: Connection reset by peer

( as I've re used an old host name, I can see some users already trying to
connect, they must've never removed this server name when it was shut
down, perhaps they're generating these errors, repeatedly logging on ?)

# doveadm who
username  # proto (pids)  (ips)
f...@aaa.com.au  1 imap  (9047)  (35.196.255.170)
se...@aaa.com.au 1 imap  (9056)  (104.196.21.108)
ei...@aaa.com.au 1 imap  (9062)  (35.196.255.170)
f...@aa.com.au2 imap  (9240 9044) (203.194.43.48 35.196.255.170)
s...@aa.com.au 2 imap  (9248 9063) (203.194.43.48 35.185.44.87)
post...@aa.com.au 1 imap  (9057)  (104.196.178.232)
ei...@aa.com.au   2 imap  (9244 9050) (203.194.43.48 35.196.255.170)
se...@aa.com.au   2 imap  (9055 9242) (104.196.21.108 203.194.43.48)
s...@aaa.com.au   1 imap  (9054)  (35.185.44.87)


doveconf -n -c /etc/dovecot/test/dovecot.conf >
/etc/dovecot/test/dovecot.conf.new

# cat dovecot.conf.new

# 2.2.33.2 (d6601f4ec): /etc/dovecot/test/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 3.10.0-693.11.1.el7.x86_64 x86_64 CentOS Linux release
7.4.1708 (Core)
auth_master_user_separator = *
auth_mechanisms = PLAIN LOGIN
dict {
  acl = mysql:/etc/dovecot/dovecot-share-folder.conf
  quotadict = mysql:/etc/dovecot/dovecot-used-quota.conf
}
first_valid_uid = 2000
last_valid_uid = 2000
listen = *
log_path = /var/log/dovecot.log
mail_gid = 2000
mail_location = maildir:/%Lh/Maildir/:INDEX=/%Lh/Maildir/
mail_plugins = quota
mail_uid = 2000
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character
vacation subaddress comparator-i;ascii-numeric relational regex imap4flags
copy include variables body enotify environment mailbox date index ihave
duplicate mime foreverypart extracttext
namespace {
  inbox = yes
  location =
  prefix =
  separator = /
  type = private
}
namespace {
  list = children
  location = maildir:/%%Lh/Maildir/:INDEX=/%%Lh/Maildir/Shared/%%u
  prefix = Shared/%%u/
  separator = /
  subscriptions = yes
  type = shared
}
passdb {
  args = /etc/dovecot/dovecot-mysql.conf
  driver = sql
}
passdb {
  args = /etc/dovecot/dovecot-master-users-password
  driver = passwd-file
  master = yes
}
plugin {
  acl = vfile
  acl_shared_dict = proxy::acl
  auth_socket_path = /var/run/dovecot/auth-master
  autocreate = INBOX
  autocreate2 = Sent
  autocreate3 = Trash
  autocreate4 = Drafts
  autocreate5 = Junk
  autosubscribe = INBOX
  autosubscribe2 = Sent
  autosubscribe3 = Trash
  autosubscribe4 = Drafts
  autosubscribe5 = Junk
  quota = dict:user::proxy::quotadict
  quota_rule = *:storage=1G
  quota_warning = storage=85%% quota-warning 85 %u
  quota_warning2 = storage=90%% quota-warning 90 %u
  quota_warning3 = storage=95%% quota-warning 95 %u
  sieve = /%Lh/sieve/dovecot.sieve
  sieve_dir = /%Lh/sieve
  sieve_global_dir = /var/vmail/sieve
  sieve_global_path = /var/vmail/sieve/dovecot.sieve
}
protocols = pop3 imap sieve
service auth {
  unix_listener /var/spool/postfix/dovecot-auth {
group = postfix
mode = 0666
user = postfix
  }
  unix_listener auth-master {
group = vmail
mode = 0666
user = vmail
  }
  unix_listener auth-userdb {
group = vmail
mode = 0660
user = vmail
  }
}
service dict {
  unix_listener dict {
group = vmail
mode = 0660
user = vmail
  }
}
service imap-login {
  process_limit = 500
  service_count = 1
}
service pop3-login {
  service_count = 1
}
service quota-warning {
  executable = script /usr/local/bin/dovecot-quota-warning.sh
  unix_listener quota-warning {
group = vmail
mode = 0660
user = vmail
  }
}
ssl = required
ssl_cert = 

Re: sieve filter move wrong email to Junk folder

[Olaf Hopp]

On 12/15/2017 02:36 PM, Alex JOST wrote:

Am 14.12.2017 um 18:47 schrieb Gao:

I use a sieve filter to move spam email to user's Junk folder:
# cat spam_to_junk.sieve
require "fileinto";
   if exists "X-Spam-Status" {
   if header :contains "X-Spam-Status" "YES" {
   fileinto "Junk";
   stop;
   } else {
   }
   }
   if header :contains "subject" ["SPAM?"] {
 fileinto "Junk";
 stop;
   }

Most time this filter works fine but occasionally it move non-spam in to Junk 
folder. Here is an example, this email is from dovecot mailling list and it end 
up in my Junk folder. Mailllog and header here. Would someone help me to figure 
out what went wrong here?



X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
  autolearn=ham version=3.3.2, No


AFAIK, header matching is case-insensitive. That's why 'YES' matches 'BAYES' 
and triggers the action.


So any spammer might simply add a Header "X-Spam-Status: No"
and the Mail gets into the INBOX ?

Thats why my exim / spamasssassin combination adds the
header "X-Spam-Status:" with all the various checks and
if and only if the score is above e.g. 5 points it additionally adds
the header "X-Spam-Flag: YES" .
Ham mail is not affected with this "X-Spam-Flag".

My global sieve filter only checks for the existance of
the header line - not the value. I think this can't be
circumvented by the spammers.

Regards, Olaf

--
Karlsruher Institut für Technologie (KIT)
ATIS - Abt. Technische Infrastruktur, Fakultät für Informatik

Dipl.-Geophys. Olaf Hopp
- Leitung IT-Dienste -

Am Fasanengarten 5, Gebäude 50.34, Raum 009
76131 Karlsruhe
Telefon: +49 721 608-43973
Fax: +49 721 608-46699
E-Mail: olaf.h...@kit.edu
atis.informatik.kit.edu

www.kit.edu

KIT – Die Forschungsuniversität in der Helmholtz-Gemeinschaft

Das KIT ist seit 2010 als familiengerechte Hochschule zertifiziert.




smime.p7s
Description: S/MIME Cryptographic Signature

Re: sieve filter move wrong email to Junk folder

[Alex JOST]

Am 14.12.2017 um 18:47 schrieb Gao:

I use a sieve filter to move spam email to user's Junk folder:
# cat spam_to_junk.sieve
require "fileinto";
   if exists "X-Spam-Status" {
   if header :contains "X-Spam-Status" "YES" {
   fileinto "Junk";
   stop;
   } else {
   }
   }
   if header :contains "subject" ["SPAM?"] {
     fileinto "Junk";
     stop;
   }

Most time this filter works fine but occasionally it move non-spam in to 
Junk folder. Here is an example, this email is from dovecot mailling 
list and it end up in my Junk folder. Mailllog and header here. Would 
someone help me to figure out what went wrong here?



X-Spam-Status: No, score=-2.9 required=5.0 tests=ALL_TRUSTED,BAYES_00
  autolearn=ham version=3.3.2, No


AFAIK, header matching is case-insensitive. That's why 'YES' matches 
'BAYES' and triggers the action.

--
Alex JOST

Re: sieve filter move wrong email to Junk folder

[Steffen Kaiser]

-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1

On Fri, 15 Dec 2017, Bill Shirley wrote:


This is what I use.  Notice the comma:
require "fileinto";
if header :contains "X-Spam-Status" "Yes," {
  fileinto "SystemFolders.SuspectedSpam";
  stop;
}


I would even add the space:

if header :contains "X-Spam-Status" "Yes, " {

because the list of tests won't contain a space.

- -- 
Steffen Kaiser

-BEGIN PGP SIGNATURE-
Version: GnuPG v1

iQEVAwUBWjOKB8QnQQNheMxiAQIdeAgAyL+FDM/DE5J1sRkJ6P8MuIAT3Zx8zfPO
Mljn/kswG551jyso2FfGqAw6et5uHrab3Wk22NxQVK6yR4ySZstr3RF9ICeuJVvs
pNFzyvBf0BivihWZLMWiVum0/B0LfpW6T7B93Yvbl/JXei2C6+uy8Mk2zFo/5jWP
lpKdIxWs/SMmsjFE2QccfP7Id1aUw+tYM+9P/fzc0/kGkNRs5UCodeo/e30opdvv
tJ8QpwPV/873uhk9p5m2NB/0bi4i9Rg5VMC2ui5trVlyOR2q2WpYVZ1gV2tvVpEA
B3QY8vrzDf9xb1zDoVi8hMDCqynZZGQ++nSfIux/7DBDJvvYx5sYKg==
=sUdv
-END PGP SIGNATURE-