sieve vacation alias handling problem
Karol Augustin
karol at augustin.pl
Sat Mar 3 23:47:57 EET 2018
On 2018-03-03 21:28, Stephan Bosch wrote:
> Op 3/2/2018 om 3:35 PM schreef Karol Augustin:
>> Hi,
>>
>> I am using Dovecot LDA as LMTP renders envelope extension unusable.
>>
>> The problem I have noticed is that when user has multiple aliases sieve
>> responds to all of them, not only to :addresses specified.
>>
>> From testing it seems that :addresses only adds addresses to the list of
>> "known" emails to check against. It is not limiting it.
>>
>> As I understand, sieve should check if To: header is consistent with
>> addresses known to be users. But how Dovecot knows about aliases
>> assigned to the user?
>>
>> From my testing if header To: address is consistent with envelope To:
>> address the reply is fired. I have sieve_vacation_use_original_recipient
>> left at it's default value (no), so that shouldn't be the case. Now if
>> user address at example.com has alias alias at example.com specified, the
>> vacation reply will be sent to email addressed to alias at example.com,
>> which is weird, because this behavior should be enabled by switching
>> sieve_vacation_use_original_recipient to yes.
>>
>> When user receives an email that was originally sent to his gmail
>> account (forwarded) there is no reply. If I add gmail address to
>> :addresses reply is generated as expected.
>>
>> So my main question is if this is expected? I would like to enable only
>> delivery to primary address and to + extensions to that address by
>> default.
>>
>> I think that it might be that Postfix is expanding aliases and passing
>> the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that
>> address to check for explicit delivery, but something fails, as this
>> address is obviously not in To: header. So it looks like orig_to has to
>> be used as well which should be disabled by
>> sieve_vacation_use_original_recipient?
>>
>>
>> My address is: karol at augustin.pl, alias is: carol at augustin.pl
>>
>>
>> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve:
>> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: sent vacation
>> response to <sender at example.com>
>> Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>,
>> size=732, nrcpt=1 (queue active)
>> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve:
>> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: stored mail into
>> mailbox 'INBOX'
>> Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw:
>> to=<karol at augustin.pl>, orig_to=<carol at augustin.pl>, relay=dovecot,
>> delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via
>> dovecot service)
>>
>>
>> Forward from from gmail:
>>
>> Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg:
>> from=<karolaug+caf_=karol=augustin.pl at gmail.com>, size=5831, nrcpt=1
>> (queue active)
>> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve:
>> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: discarding vacation
>> response for implicitly delivered message; no known (envelope) recipient
>> address found in message headers (recipient=<karol at augustin.pl>, and
>> additional `:addresses' are specified)
>> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve:
>> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: stored mail into
>> mailbox 'INBOX'
>> Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg:
>> to=<karol at augustin.pl>, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05,
>> dsn=2.0.0, status=sent (delivered via dovecot service)
>>
>>
>> from my master.cf:
>> dovecot unix - n n - - pipe
>> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f
>> ${sender} -a ${original_recipient} -d ${user}@${nexthop}
>
> What is your configuration. Please provide output from `dovecot -n`.
>
> Regards,
>
> Stephan.
To clarify the problem. After more testing I figured that the vacation
works as specified in RFC, taking known address from envelope recipient
and comparing it with To and Cc. If it matches, which is true also for
aliases, the reply is generated.
My problem is that from documentation I understand that this behavior
(RFC5230 point 4.5 par 2.) is controlled by
sieve_vacation_use_original_recipient parameter, which doesn't disable
envelope address check if set at default "no" and also if explicitly set
in the config.
dovecot -n as requested:
# 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.21 (92477967)
# OS: Linux 4.14.0-3-amd64 x86_64 Debian buster/sid ext4
auth_cache_negative_ttl = 1 mins
auth_cache_size = 3000 B
auth_master_user_separator = *
auth_mechanisms = plain login
auth_username_chars =
abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ at +
auth_verbose = yes
dict {
expire = mysql:/etc/dovecot/dovecot-dict-expire.conf
quota = mysql:/etc/dovecot/dovecot-dict-sql.conf
}
hostname = mail.nimitz.pl
imap_idle_notify_interval = 29 mins
listen = *, [::]
log_timestamp = "%Y-%m-%d %H:%M:%S "
login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k
mail_attribute_dict = file:%h/Maildir/dovecot-attributes
mail_fsync = always
mail_gid = 5000
mail_home = /var/vmail/mails/%d/%n
mail_location =
maildir:/var/vmail/mails/%d/%n/Maildir:INDEX=/var/vmail/indexes/%d/%n
mail_plugins = quota zlib fts fts_lucene expire
mail_privileged_group = vmail
mail_uid = 5000
mailbox_list_index = yes
maildir_very_dirty_syncs = yes
managesieve_sieve_capability = fileinto reject envelope
encoded-character vacation subaddress comparator-i;ascii-numeric
relational regex imap4flags copy include variables body environment
mailbox date index ihave mime foreverypart extracttext
namespace {
inbox = yes
location =
mailbox Archive {
auto = subscribe
special_use = \Archive
}
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Spam {
auto = subscribe
special_use = \Junk
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
prefix =
separator = .
type = private
}
passdb {
args = /etc/dovecot/passwd.masterusers
driver = passwd-file
master = yes
pass = yes
}
passdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
plugin {
antispam_backend = pipe
antispam_pipe_program = /etc/dovecot/sa-learn.sh
antispam_pipe_program_notspam_arg = ham
antispam_pipe_program_spam_arg = spam
antispam_pipe_tmpdir = /tmp
antispam_spam_pattern_ignorecase = Spam;Spam.*;Junk*
antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted
Messages;Kosz
expire = Trash
expire2 = Trash.*
expire3 = Spam
expire4 = Spam.*
expire5 = Kosz
expire6 = Kosz.*
expire_cache = yes
expire_dict = proxy::expire
fts = lucene
fts_autoindex = yes
fts_decoder = decode2text
fts_lucene = whitespace_chars=@.
quota = dict:User quota::proxy::quota
quota_grace = 500M
quota_rule2 = Trash:storage=+100M
quota_rule3 = Spam:storage=+100M
quota_vsizes = yes
sieve = /var/vmail/mails/%d/%n/.dovecot.sieve
sieve_before = /var/vmail/mails/global-spam
sieve_dir = /var/vmail/mails/%d/%n/sieve
sieve_extensions = -enotify
sieve_global_extensions = duplicate
sieve_vacation_default_period = 1d
sieve_vacation_max_period = 10d
sieve_vacation_min_period = 1d
zlib_save = bz2
zlib_save_level = 9
}
protocols = imap sieve lmtp
recipient_delimiter = -
service auth {
unix_listener /var/spool/postfix/private/auth {
group = postfix
mode = 0666
user = postfix
}
unix_listener auth-master {
group = vmail
mode = 0600
user = vmail
}
user = root
}
service decode2text {
executable = script /usr/local/sbin/decode2text.sh
unix_listener decode2text {
mode = 0666
}
user = dovecot
}
service dict {
unix_listener dict {
group = vmail
mode = 0660
user = dovecot
}
}
service imap-login {
process_limit = 600
process_min_avail = 10
service_count = 1
vsz_limit = 64 M
}
service lmtp {
inet_listener lmtp {
address = 127.0.0.1 ::1
port = 24
}
process_min_avail = 2
user = vmail
}
service managesieve-login {
inet_listener sieve {
port = 2000
}
}
ssl_ca = </etc/dehydrated/certs/mail/chain.pem
ssl_cert = </etc/dehydrated/certs/mail/cert.pem
ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!ADH:!aNULL:!EXP
ssl_dh_parameters_length = 2048
ssl_key = # hidden, use -P to show it
ssl_parameters_regenerate = 1 days
userdb {
args = /etc/dovecot/dovecot-sql.conf
driver = sql
}
protocol imap {
imap_capability = +SPECIAL-USE
imap_idle_notify_interval = 29 mins
imap_metadata = yes
mail_max_userip_connections = 100
mail_plugins = quota zlib fts fts_lucene expire imap_quota antispam
imap_zlib
}
protocol lda {
auth_socket_path = /run/dovecot/auth-master
mail_plugins = quota zlib fts fts_lucene expire sieve
postmaster_address = postmaster at mail.nimitz.pl
quota_full_tempfail = no
}
protocol lmtp {
mail_plugins = quota zlib fts fts_lucene expire sieve
postmaster_address = postmaster at mail.nimitz.pl
}
--
Karol Augustin
karol at augustin.pl
http://karolaugustin.pl/
+353 85 775 5312
More information about the dovecot
mailing list