Re: The end of Dovecot Director?

[Harlan Stenn]

Please post your solution.

Sent from my iPhone - please excuse brevity and typos

> On Oct 20, 2022, at 10:21 PM, Zhang Huangbin  wrote:
> 
> 
> 
>> On Oct 21, 2022, at 4:19 AM, Antonio Leding  wrote:
>> 
>> My understanding is that Director is targeted toward large enterprise mail 
>> installations that will incorporate several servers for a given function. In 
>> such an environment, Director would be the fore-person\traffic-cop keeping 
>> things organized & squared-away.
> 
> Director is used when you setup frontend servers in a load-balance cluster, 
> proxy imap/pop3/lmtp/managesieve requests to backend Dovecot servers.
> 
> I setup load-balance cluster for clients with HAProxy + KeepAlived + Dovecot 
> Director running in frontend servers, so sad we have to find an alternative 
> to replace Director in such case.
> 
> It's not about "small/medium" servers, but the demand of imap/pop3/lmtp proxy 
> service, especially in load-balance cluster.
> 
> 
> Zhang Huangbin, founder of:
> - iRedMail: Open source email server solution: https://www.iredmail.org/
> - Spider: Lightweight, on-premises Email Archiving Software: 
> https://spiderd.io
> 
> 

Re: Does disabling POP3 just mean removing it from the `protocols` list?

[Harlan Stenn]

The reason to support POP3 is that if you forward email to another 
account and that includes any spam, you are gonna get dinged.  If folks 
want to read their email from gmail, they really need to suck that email 
over via POP to avoid this problem.


H

On 3/1/2022 3:13 PM, Peter wrote:
The only modern reason I can think of to continue to support POP3 is 
that gmail's email fetch feature only works over POP3, so if you want 
people to be able to import their email from your server to gmail or 
google workspace then you should probably continue to support POP3.



Peter


On 2/03/22 10:54 am, Sean McBride wrote:

Hi all,

Hopefully a simple question. If I want to disable POP3 support 
(because everyone is using IMAP anyway), it is just a matter of 
removing |pop3| from the |protocols| setting in dovecot.conf?


Are there side effects or other considerations I should be aware of?

Thanks,

Sean

Re: dsync replication fails with No space left on device / Out of memory

[Harlan Stenn]

Inodes?  df -i

On 7/1/2021 5:07 PM, Steven Varco wrote:
> Hi All
> 
> Since I configured dsync replication I get strange errors in the maillog on 
> my two mail dovecot nodes:
> 
> PRIMARY:
> Jul  2 01:21:42 mx01.example.com dovecot: doveadm: Error: 
> read(mx02.example.com) failed: read(size=3148) failed: Connection reset by 
> peer (last sent=mail, last recv=mail (EOL))
> 
> 
> The secondary is more interesting:
> 
> SECONDARY
> Jul  2 01:21:42 mx02 dovecot: doveadm: Error: 
> close(-1[istream-seekable.c:237]) failed: No space left on device
> Jul  2 01:21:43 mx02 dovecot: doveadm: Fatal: pool_system_realloc(268435456): 
> Out of memory
> Jul  2 01:21:43 mx02 dovecot: doveadm: Error: Raw backtrace: 
> /usr/lib64/dovecot/libdovecot.so.0(+0xa192e) [0x7f2e9be4c92e] -> 
> /usr/lib64/dovecot/libdovecot.so.0(+0xa1a0e) [0x7f2e9be4ca0e] -> 
> /usr/lib64/dovecot/libdovecot.so.0(i_error+0) [0x7f2e9bddc3d3] -> 
> /usr/lib64/dovecot/libdo
> Jul  2 01:21:43 mx02 dovecot: doveadm: Fatal: master: service(doveadm): child 
> 2876 returned error 83 (Out of memory (service doveadm { vsz_limit=256 MB }, 
> you may need to increase it) - set CORE_OUTOFMEM=1 environment to get core 
> dump)
> Jul  2 01:21:51 mx02 dovecot: dsync-local(u...@example.com): Error: Raw 
> backtrace: /usr/lib64/dovecot/libdovecot.so.0(+0xa192e) [0x7fd56e17e92e] -> 
> /usr/lib64/dovecot/libdovecot.so.0(+0xa1a0e) [0x7fd56e17ea0e] -> 
> /usr/lib64/dovecot/libdovecot.so.0(i_error+0) [0x7fd56e10e3d3] -> /us
> Jul  2 01:21:51 mx02 dovecot: dsync-local(u...@example.com): Fatal: master: 
> service(doveadm): child 2882 returned error 83 (Out of memory (service 
> doveadm { vsz_limit=256 MB }, you may need to increase it) - set 
> CORE_OUTOFMEM=1 environment to get core dump)
> 
> 
> The error messages state that disk space and/or memory is a problem, but disk 
> space and memory is enough available:
> 
> mx02 [~] # df -h /srv/mail/
> Filesystem   Size  Used Avail Use% Mounted on
> /dev/mapper/system-mail   10G  5.7G  4.3G  58% /srv/mail
> 
> mx02 [~] # free -m
>   totalusedfree  shared  buff/cache   
> available
> Mem:   378916021088 1991097
> 1759
> Swap:   471  93 378
> 
> 
> I also tried to increase vsz_limit from 256 MB to 512 MB, which did not help.
> 
> 
> And for the sake of completness also the connection to the doveadm port works 
> well from both nodes:
> 
> mx01-prod [~] # telnet mx02 14310
> Trying 172.20.19.225...
> Connected to mx02.
> Escape character is '^]'.
> ^]
> 
> 
> mx02 [~] # telnet mx01 14310
> Trying 172.20.19.251...
> Connected to mx01.
> Escape character is '^]'.
> ^]
> 
> 
> Although mail replication seems to be working properly and mails are in sync 
> on both nodes (as what I could see), I would like to find the cause of this 
> messages, as this does definetely don’t look normal…
> 
> I’m grateful for any help, since I’m quite on a struggle now…
> 
> Steven
> 
> 
> Here’s my config
> 
> # doveconf -n
> # 2.2.36 (1f10bfa63): /etc/dovecot/dovecot.conf
> # Pigeonhole version 0.4.24 (124e06aa)
> # OS: Linux 3.10.0-1160.31.1.el7.x86_64 x86_64 CentOS Linux release 7.9.2009 
> (Core)
> # Hostname: mx01.example.com
> auth_mechanisms = plain login
> auth_verbose = yes
> dict {
>   sqlquota = mysql:/etc/dovecot/dict-sqlquota.conf.ext
> }
> doveadm_password =  # hidden, use -P to show it
> doveadm_port = 14310
> first_valid_uid = 1000
> mail_plugins = quota notify replication
> managesieve_notify_capability = mailto
> managesieve_sieve_capability = fileinto reject envelope encoded-character 
> vacation subaddress comparator-i;ascii-numeric relational regex imap4flags 
> copy include variables body enotify environment mailbox date index ihave 
> duplicate mime foreverypart extracttext
> mbox_write_locks = fcntl
> namespace inbox {
>   inbox = yes
>   location =
>   mailbox Drafts {
> special_use = \Drafts
>   }
>   mailbox Junk {
> special_use = \Junk
>   }
>   mailbox Sent {
> special_use = \Sent
>   }
>   mailbox "Sent Messages" {
> special_use = \Sent
>   }
>   mailbox Trash {
> special_use = \Trash
>   }
>   prefix =
>   separator = /
>   type = private
> }
> passdb {
>   args = /etc/dovecot/dovecot-sql.conf.ext
>   driver = sql
> }
> plugin {
>   mail_replica = tcp:mx02.example.com
>   quota = maildir:User quota
>   quota_exceeded_message = Quota exceeded, please go to 
> http://www.example.com/over_quota_help for instructions on how to fix this.
>   quota_rule2 = INBOX.Trash:storage=+100M
>   quota_status_nouser = DUNNO
>   quota_status_overquota = 552 5.2.2 Mailbox is full / Mailbox ist voll
>   quota_status_success = DUNNO
>   quota_warning = storage=90%% quota-warning 90 %u
>   quota_warning2 = -storage=90%% quota-warning below %u
>   sieve = file:~/sieve;active=~/.dovecot.sieve
> }
> postmaster_address = 

Re: [patch] Improved error checking for the dovecot-antispam-plugin

[Harlan Stenn]

Robert,

First, thanks!

Second, I'm not a committer on the dovecot project. But I've written a lot of 
software where if an end user has a problem and either they want to know why or 
if they report it and ask for help, I've found it is MUCH better to have enough 
info in the message given to the user/logged somewhere. Something like:

"subroutine: open(%s) failed: %m"

It reduces our support load and gives us the information we need to quickly 
resolve issues. 

Sent from my iPhone - please excuse brevity and typos

> On Aug 18, 2016, at 8:16 AM, Robert Munteanu  
> wrote:
> 
> (snip)
> 
>> I have no issue in resending a new version of the patch with better
>> error reporting, will do so in the following days.
>> 
>> Robert
> 
> I've attached a second version of the patch, feel free to consider any
> of them for inclusion.
> 
> Thanks,
> 
> Robert
> 
> 
> -- 
> http://robert.muntea.nu/
> 

Re: [patch] Improved error checking for the dovecot-antispam-plugin

[Harlan Stenn]

On 8/16/16 1:24 PM, Robert Munteanu wrote:
> Hi,
> 
> Hopefully this is the right channel for such a patch. I have a minor
> enhancement to submit for the antispam plugin
> 
>   http://hg.dovecot.org/dovecot-antispam-plugin
> 
> It adds minimal error checking for the sendmail_binary, otherwise the
> reported error in case of a missing binary or one with missing
> permissions is generic and not useful.
> 
> Thanks,
> 
> Robert

Robert, I like that you did this.

Beyond that and without even looking at the actual code, I'm curious why
you:

+if (access(cfg->binary, F_OK) == -1)
+{
+mail_storage_set_error(storage, MAIL_ERROR_TEMP, "mail_sendmail
file does not exist");

instead of finding a way to include the value of cfg->binary in the
error message string.

This might not be needed if it's really obvious from the config file
what the path to the executable is, but if there is any doubt it might
be friendlier to show the exact path with the problem.  I'd also be
inclined to show the decoded value of errno instead of assuming that
'mail_sendmail file does not exist'.

Perhaps something along the lines of:

"access(%s, F_OK) failed: %m", cfg->binary

if that makes sense.

H

Re: [Dovecot] Dovecot ontop of glusterfs issue.

[Harlan Stenn]

On 5/22/14 3:48 AM, Eliezer Croitoru wrote:
 Well manually using a crontab with ntpdate to a pool of servers should
 be good enough right?

Is there a good reason you're not just running ntpd?

Ntpdate has had a number of bugs in it for a long time, they will never
be fixed, and ntpdate really isn't designed for what you seem to be doing.
-- 
Harlan Stenn
http://nwtime.org - Be a member!

Re: [Dovecot] Dovecot ontop of glusterfs issue.

[Harlan Stenn]

On 5/22/14 4:30 AM, Darac Marjal wrote:
 ntpdate is really only any good being run once (at boot), for example if
 you have a clock that can't keep time while the system is off.

I'm not aware of any cases where one needs to run ntpdate at startup
before running ntpd, because one can run 'ntpd -g' at startup which will
correct a very large offset.  If I'm wrong I'd love to hear about it.

This should be true for ntp-stable (4.2.6) and behaves even better for
ntp-dev (4.2.7).

H

Re: [Dovecot] An unconstructive grumble

[Harlan Stenn]

If you're hosting this on the domain where the users will have email,
then do you have a good reason for wanting to use virtual stuff?  If
not, use system users.

If you are hosting for another domain (or plan to) I don't have enough
info to tell you more - I routinely set up virtual domains (I use
postfixadmin for most of this maintenance.  I probably followed the
instructions in the dovecot virtual user readme file(s).

H

Re: [Dovecot] Server Time 45min ahead

[Harlan Stenn]

Ralf wrote:

 stop dovecot  postfix
 ntpdate timeserver
 start dovecot  postfix
 start ntpd

Speaking as st...@ntp.org, I recommend:

- run 'ntpd -gN' as early as possible in the startup sequence (no need
  for ntpdate)

then as late as possible in the startup sequence, run:

- ntp-wait -v -s 1 ; start dovecot and postfix (and database servers)

H

Re: [Dovecot] integrating procmail

[Harlan Stenn]

I have not tried this:

 
http://www.zimbra.com/forums/users/7239-any-way-add-message-filters-command-line.html

H

Re: [Dovecot] ntp revisited (so what to do ?)

[Harlan Stenn]

 On 5/10/2011 8:50 AM, Ed W wrote:
 
  So, in practice it's fairly irrelevant to be hooked to a stratum 1 for
  most purposes ...

Actually, an excellent argument can be made for hooking up to some S2
servers instead of S1 servers..

H

Re: [Dovecot] ntp revisited (so what to do ?)

[Harlan Stenn]

Per wrote:
 Sure, I meant 'ntpd -q'.

What benefit do you see in running something to set the time and exit
before starting ntpd instead of just starting ntpd with -g?

H

Re: [Dovecot] ntp revisited (so what to do ?)

[Harlan Stenn]

Per wrote:
 Luigi Rosa wrote:
 
  Harlan Stenn said the following on 08/05/11 21:58:
  
  - Start ntd as early as possible
  - - ntpd -g ... is better than ntpdate ... ; ntpd ...
  - Wait before starting time-sensitive services
  - - As last as possible in the boot sequence, run 'ntp-wait -v', and
  start time-sensitive services after it successfully returns.
  
  What happens if the server starts with a date very far in the past due
  to hardware clock reset or something like that?
  
  I mean: if a Linux starts with the hardware clock set to 1/1/2000 how
  much does it take to get the real date?
 
 ntpd -g will set it immediately. 

Put another way, ntpd needs the system time to be correct to within 68
years.  Assuming that is true, with a good drift file and good
servers/peers and the use of the 'iburst' flag, ntpd will set the clock
and your (real) machine  will be accurate and stable in about 11
seconds' time.

H

Re: [Dovecot] ntp revisited (so what to do ?)

[Harlan Stenn]

Spyros wrote
 OK,
 
 So what you people say is :
 
 1. Run ntpdate during startup only once
 2. After that, keep time with ntpd 
 
 Right ?

https://support.ntp.org/bin/view/Support/StartingNTP4 says:

- Start ntd as early as possible
- - ntpd -g ... is better than ntpdate ... ; ntpd ...
- Wait before starting time-sensitive services
- - As last as possible in the boot sequence, run 'ntp-wait -v', and
start time-sensitive services after it successfully returns.

I'm fairly certain the above is excellent advice, and BCP.

H

Re: [Dovecot] Dotlock dovecot-uidlist errors / NFS / High Load

[Harlan Stenn]

Michael wrote:

 We tested the patch you suggested with no success.  We are seeing
 timestamps straying into the 100's of seconds of difference, which
 does not reflect the perceivable drift that shows on our systems clock
 (which is negligible, sub 1 second).  Currently we run against two
 stratum 2 servers that get their time from two stratum 1 servers, and
 per Stan's suggestions earlier we are rebuilding the stratum 2
 machines on bare metal hardware (not in a virtual machine) to be sure
 the clocks will be super stable.  I guess what I am asking is if you
 have ever seen an issue similar to this and if NTP actually played a
 role.  I have spent some time reviewing the mailing list archives and
 have not found a definitive answer from other Dovecot user's
 experiences.

(posting from my work account...)

Barring strange hardware or OS behavior, NTP is generally really good at
what it does.

There are known problems with some hardware and some OSes (and virtual
environments in particular).

See http://support.ntp.org/bin/view/Support/TroubleshootingNTP for more
information.

And just to try the direct approach, if correct time and NTP are
important to you, please join the NTP Forum.  We need the support.

--
Harlan Stenn st...@ntp.org
http://ntpforum.isc.org  - be a member!

Re: [Dovecot] Dotlock dovecot-uidlist errors / NFS / High Load

[Harlan Stenn]

I may have missed something - if this is NFS related, you are running
NTP on *all* of your machines (clients and servers) that are involved in
this NFS share, right?

NFS cares that the time is sync'd on the computers it works with.

H

Re: [Dovecot] Startup error dovecot-2.0.5

[Harlan Stenn]

Ralf,

Are you using tcsh?

H

Re: [Dovecot] Startup error dovecot-2.0.5

[Harlan Stenn]

 * Harlan Stenn harlan.st...@pfcs.com:
  Ralf,
  
  Are you using tcsh?
 
 No.

I didn't think you were, but I wanted to ask, as I remember some
versions of tcsh have a non-huge buffer for something (which, now that
I think about it, was either command-line length or an environment
buffer).

H

Re: [Dovecot] AntiSpam Plugin

[Harlan Stenn]

Figure out exactly what script is running and see if it says why it
would return with a status of 9.  If that is because of a SIGKILL, it is
because some process is sending that signal.  You are gonna get to
figure out what debug knobs to crank to figure out why this is going on.

Can you invoke any of this stuff manually from the command line to see
what messages may come up?

h

Re: [Dovecot] 1.2.11, mbox, new mail

[Harlan Stenn]

Hey Greg,

I picked up the right-size screwdrivers (P00, T6, T8) today.  Still need
to find a spudger, but I think I can use my fingernails until then.

How critical is antistatic for disassembly checking out the fan motors?

H

Re: [Dovecot] Mailing list's prefix

[Harlan Stenn]

I would have preferred this be a private reply but I like to honor the
sender's request re Reply-To:.

I have a slight preference for keeping the [Dovecot] prefix in the
Subject: header, as it makes it really obvious to me where a message in
my inbox comes from.  I have never liked to pre-sort incoming messages
into separate folders.  The fact that the prefix is relativelyh short
also helps.

H

Re: [Dovecot] dovecot-antispam plugin and Failed to call dspam message

[Harlan Stenn]

It is probably a good idea to figure out the underlying problem instead
of ignoring it.

I use the following patch...

H


patch-dspam-exec.c
Description: Binary data

Re: [Dovecot] dovecot-antispam plugin and Failed to call dspam message

[Harlan Stenn]

Note that according to dspam-exec.c, and info sent to stderr by dspam is
treated by the antispam plugin as a fatal error.

All my patch does is to provide enough information to see what the
problem is.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Backward time steps can cause real problems for Maildir, as its
uniqueness algorithms can be ... theoretically correct.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

NTP comes with a script, ntp-wait, that is specifically designed to be
used during the boot-sequence for the purpose of waiting until the clock
is sync'd before starting time-sensitive applications.

See http://support.ntp.org/bin/view/Support/StartingNTP4 for more
information.

BCP is:

- Start ntpd as early as possible during the boot sequence
- As late as possible during the boot sequence run ntp-wait,
  before starting things like Dovecot and database servers

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Timo wrote:
 On Jun 9, 2009, at 1:03 PM, Eugene wrote:
 
  But really, all this leads is that admin has to detect the dovecot  
  termination and simply go and restart it manually -- after some bad  
  thoughts.
 
 Or the admin actually permanently fixes the time.

This is usually a startup issue and the fact that so many OSes get this
wrong and that dovecot complains about it so strongly points out this
rough edge.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Eugene wrote:
 In most cases we talk about, it can't be fixed permanently because this 
 happens after (cold or warm) system restart, when ntpd can take up to 15 
 minutes (and in most cases about 3-5 minutes) to actually resync the time.

If you have a good drift file and use iburst (as discussed at
http://support.ntp.org/bin/view/Support/StartingNTP4 and also at
http://support.ntp.org/bin/view/Support/ConfiguringNTP) ntpd will have
your clock sync'd in about 11 seconds' time.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Have you seen http://support.ntp.org/Support ?

You said your clock is running fast, so it's not a clock interrupt
issue.

If your OS supports it, and you have a *steady* problem with your clock,
you might be able to correct this problem with the tickadj program and
then ntpd should be able to keep the clock in sync.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Pascal Volk wrote:
 On Debian systems I'm very happy with the OpenBSD NTP daemon.
 Package: openntpd
 This ntpd adjusts the local time in little steps.

The last I checked openntpd was an SNTP implementation, not NTP.

If it works for you, great.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Juergen wrote:
  How will chrony help here if the PC is not online at boot time?
 
 From http://chrony.sunsite.dk/guide/chrony.html
 
 - chronyd can perform usefully in an environment where access to the time
   reference is intermittent. chronyd estimates both the current time
   offset and the rate at which the computer's clock gains or loses time,
   and can use that rate estimate to trim the clock after the reference
   disappears.

Doesn't apply to the use case.  This is *before* the PC goes online.

 - chronyd provides support to work out the gain or loss rate of the
   `real-time clock', i.e. the clock that maintains the time when the
   computer is turned off. It can use this data when the system boots to
   set the system time from a corrected version of the real-time clock.

There is no corrected version of the real-time clock before the PC goes
online.

H

Re: [Dovecot] dovecot and ntp: Fatal: Time just moved backwards

[Harlan Stenn]

Juergen wrote:
 Harlan wrote:
  There is no corrected version of the real-time clock before the PC goes
  online.
 
 I'd suggest to read chrony's manual. Chrony stores the reference values
 collected while running online for further use after reboot, even if we
 have no online connection at that point.

I'm pretty familiar with ntp in particular and computer timekeeping in
general.

I've also seen a fair number of situations where the hardware clock is
just wrong, especially after a reboot.

In my world, it's about getting things to work right in as many cases as
possible.

 Of course, this doesn't work if you never have synced with an NTP
 server.

And more often than one might think, if one has just rebooted a machine.

H

Re: [Dovecot] Time moved backwards errors

[Harlan Stenn]

 Why not just run ntpd and be done with it, ensure you start ntpd with
 -g option

It's more than this.  ntpd should be started ASAP in the boot process,
and then as late as possible in the boot process one should run
ntp-wait.  Only after ntp-wait finishes should time-critical services be
started.

H

Re: [Dovecot] Time moved backwards ....

[Harlan Stenn]

Rob wrote:
 Is this related to the leap second that occured yesterday?

There was no leap second in February.

H

Re: [Dovecot] Dovecot-antispam does not work

[Harlan Stenn]

Jehan wrote:

 ...  Apparently the ml is not very well configured because a reply
 does not reply to the whole ml, but to the single sender. I will take
 care now.

I bet there are a *lot* of people (me included) who think the ml is very
well configured precisely because it does not set Reply-to: the list.

H

Re: [Dovecot] antispam plugin signature-log backend with v1.1.2

[Harlan Stenn]

The antispam plugn has, IMO, suboptimal logging.  I had problems with it
too.  I have patches for it that helped me debug the situation, and I'll
be submitting them to the FreeBSD ports maintainer as I didn't get any
response when I emailed the antispam plugin author.

H

Re: [Dovecot] antispam plugin problem with dspam

[Harlan Stenn]

I got it working.

Here are the problems I fixed, and it would have been *lots* easier if
the dovecot antispam plugin had better error/debug logging.

Johannes, I can work on a patch for the following if you prefer, and I'd
much rather spend my time getting ntp-4.2.6 out the door.

Getting this working would have been lots easier if the dovecot-antispam
package would:

- build dspam-exec's argv before the fork so it can be fully and cleanly
  reported in the debug log
- If there is a problem, report WIFEXITED(status) and
  WEXITSTATUS(status)
- if the execv fails, log an error message, noting dspam_binary,
  strerror(errno) and the uid/gid

If you want to be thorough about it I recommend logging an error
whenever any system call fails.

The current freebsd ports tools offer postfix, dovecot,
dovecot-antispam, and dspam in a way that they do not play nicely
together.

The antispam plugin cannot exec the dspam binary.  Choices include
figuring out what user/group are needed (dspam is suid root, executable
by the root or the mail group only, and dovecot will exec it as
virtual/virtual), or opening up the execute privs on the dspam
executable.

The dspam.conf file will need a Trust virtual line in it.

There might have been something else.

Having said all this, I really appreciate the dovecot antispam plugin.

H

[Dovecot] antispam plugin problem with dspam

[Harlan Stenn]

I'm trying to use the dovecot antispam plugin with dspam.

I'm running dovecot 1.1.2.

Using thunderbird and IMAP, when I drag a spam message from the inbox
into the SPAM folder, I get a popup saying The current command did not
succeed.  The mail server responded: antispam signature not found.

When I look at the message in the maildir folder, I see the dspam
signature both in the header of the message and at the end of the body.

What's a good way to debug this situation and figure things out?  I'm
not seeing anything in any log files, and I'm not seeing much in the way
of debug capability in the dovecot antispam plugin.

Harlan