Farhan Yusufzai
Reputation: 337
Sieve not filtering email
I setup Postfix with Spamassassin and Dovecot with Sieve. Spamassassin will tag the email as spam.
I am trying to get Sieve to move mail tagged as "Spam" by SpamAssassin into the Junk folder. However, it is not doing so. I have no idea what I am doing wrong and am quite frustrated.
Here's my dovecot.conf dump:
$ dovecot -n
# 2.2.9: /etc/dovecot/dovecot.conf
# OS: Linux 3.13.0-37-generic x86_64 Linux Mint 17.1 Rebecca ext4
info_log_path = /var/log/dovecot-info.log
log_path = /var/log/dovecot.log
mail_location = maildir:/var/mail/vmail/%u
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date ihave
namespace {
inbox = yes
location =
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = /
type = private
}
passdb {
args = scheme=plain /etc/dovecot/passwd
driver = passwd-file
}
plugin {
sieve = ~/.dovecot.sieve
sieve_before = /etc/dovecot/sieve/sieve.default
sieve_default = /etc/dovecot/sieve/sieve.default
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/
}
protocols = imap lmtp sieve
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
user = postfix
}
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
inet_listener sieve_deprecated {
port = 2000
}
process_min_avail = 0
service_count = 1
vsz_limit = 64 M
}
service managesieve {
process_limit = 1024
}
ssl_cert = </etc/ssl/certs/ssl-cert-snakeoil.pem
ssl_key = </etc/ssl/private/ssl-cert-snakeoil.key
userdb {
args = uid=vmail gid=vmail home=/home/vmail/%u
driver = static
}
protocol lda {
mail_plugins = " sieve"
}
protocol lmtp {
mail_plugins = " sieve"
}
protocol sieve {
mail_max_userip_connections = 10
mail_plugins =
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_logout_format = bytes=%i/%o
managesieve_max_compile_errors = 5
managesieve_max_line_length = 65536
managesieve_notify_capability =
managesieve_sieve_capability =
}
My /etc/dovecot/sieve/sieve.default is the following:
$ cat /etc/dovecot/sieve/sieve.default
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
The "Junk" folder exists. Here is a dump of the email:
From [email protected] Mon May 11 14:37:44 2015
Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: by Linux-Mint (Postfix, from userid 5001)
id A59ECE34D1; Mon, 11 May 2015 14:37:44 -0400 (EDT)
Received: from localhost by Linux-Mint
with SpamAssassin (version 3.4.0);
Mon, 11 May 2015 14:37:44 -0400
From: User <[email protected]>
To: [email protected]
Subject: *****SPAM***** This is Junk Mail
Date: Mon, 11 May 2015 14:37:38 -0400
Message-Id: <20150511183738.GD7930@user-pc>
X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on Linux-Mint
X-Spam-Flag: YES
X-Spam-Level: **************************************************
X-Spam-Status: Yes, score=1000.0 required=5.0 tests=GTUBE autolearn=no
autolearn_force=no version=3.4.0
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="----------=_5550F6F8.2DF3E67D"
Status: RO
Content-Length: 1867
Lines: 52
This is a multi-part message in MIME format.
------------=_5550F6F8.2DF3E67D
Content-Type: text/plain; charset=iso-8859-1
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Spam detection software, running on the system "Linux-Mint",
has identified this incoming email as possible spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
@@CONTACT_ADDRESS@@ for details.
Content preview: GTUBE string: XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
[...]
Content analysis details: (1000.0 points, 5.0 required)
pts rule name description
---- ---------------------- --------------------------------------------------
1000 GTUBE BODY: Generic Test for Unsolicited Bulk Email
------------=_5550F6F8.2DF3E67D
Content-Type: message/rfc822; x-spam-type=original
Content-Description: original message before SpamAssassin
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Received: from domain.tld (my-hostname.domain.tld [IPv6:REMOVED])
by Linux-Mint (Postfix) with ESMTPS id 0A6A2E34BF
for <[email protected]>; Mon, 11 May 2015 14:37:40 -0400 (EDT)
Received: from user-pc (unknown [IPv6:2001:470:8:209::c0ff:ee])
by domain.tld (Postfix) with ESMTPSA id 03FD41028E
for <[email protected]>; Mon, 11 May 2015 18:37:40 +0000 (UTC)
Date: Mon, 11 May 2015 14:37:38 -0400
From: User <[email protected]>
To: [email protected]
Subject: This is Junk Mail
Message-ID: <20150511183738.GD7930@user-pc>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.21 (2010-09-15)
GTUBE string:
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
------------=_5550F6F8.2DF3E67D--
I am testing this email from one server to another, the sender and receiver are not the same machine. The recipient was [email protected] and the sender was [email protected]. The email is clearly marked as spam.
Why isn't it moving the email into the Junk folder?
Upvotes: 0
Views: 3933
Answers (1)
Farhan Yusufzai
Reputation: 337
Figured it out. As I am still a noob, my answer may not be the best, but I hope it helps someone out there.
This had a few problems, but primarily postfix was not routing mail to dovecot for delivery. Dovecot+sieve were totally bypassed.
To fix this, I had to have Postfix and Dovecot communicate over lmtp. First, I setup dovecot:
protocol lda {
mail_plugins = $mail_plugins sieve
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 10025
}
}
Then I had to tell postfix to talk to dovecot. I did this by doing:
virtual_transport = lmtp:[::1]:10025
Then back to dovecot, I had to properly configure sieve.
plugin {
sieve = ~/.dovecot.sieve
sieve_dir = ~/sieve
sieve_before = /etc/dovecot/sieve/sieve.default
sieve_default = /etc/dovecot/sieve/sieve.default
sieve_global_dir = /var/lib/dovecot/sieve/
}
service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 0
vsz_limit = 64M
}
service managesieve {
process_limit = 1024
}
protocol sieve {
managesieve_max_line_length = 65536
mail_max_userip_connections = 10
# Space separated list of plugins to load (none known to be useful so far).
# Do NOT try to load IMAP plugins here.
mail_plugins =
managesieve_logout_format = bytes=%i/%o
managesieve_implementation_string = Dovecot Pigeonhole
managesieve_sieve_capability =
managesieve_notify_capability =
managesieve_max_compile_errors = 5
}
From here I put in the standard spamassassin filter rules in /etc/dovecot/sieve/sieve.default, which in my case was:
require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
fileinto "Junk";
}
After that, I ran:
sievec /etc/dovecot/sieve/sieve.default
This "compiled" the sieve rules. And finally, I restarted dovecot and postfix.
sudo service dovecot restart
sudo service postfix restart
Upon that, I sent myself a test spam and it was redirected to the spam folder. I hope this helps and I ask that you pardon and correct any mistakes I may have made.
Upvotes: 4
Related Questions
- Sieve filter rule
- Filtering mail through Sieve/Pigeonhole function
- Dovecot Sieve filters not working
- Move E-Mails to subfolder of inbox using sieve
- Cannot match spamassassin custom regex rule
- Why is my script is not consistently detecting contents in email bodies?
- Sieve fails on encoded subjects
- Spamassassin Bayes Not Working
- SpamAssassin filter header
- SpamAssassin Regular Expression not matching