Christos Chatzaras
2018-Apr-03 20:25 UTC
issue with sieve forwarding after upgrade to 0.5.1
Hello, After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 to 0.5.1 when I use sieve to forward a message to other address using "redirect :copy" I get this: (host server1.myserver.com <http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 <chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve filters was aborted due to temporary failure (in reply to end of DATA command)) And in sieve log I see: failed to redirect message to <chris at mydomain.com <mailto:chris at mydomain.com>>: Sendmail program returned error (temporary failure). Any idea what is wrong? Kind regards, Christos Chatzaras -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180403/209a22d5/attachment.html>
Christos Chatzaras
2018-Apr-03 20:34 UTC
issue with sieve forwarding after upgrade to 0.5.1
Here are some logs: Apr 3 23:25:35 server1 dovecot: lmtp(chris at coderz.gr)<47735><AUI6Aj/jw1p3ugAAPz4RRA>: program `/usr/sbin/sendmail' terminated with non-zero exit code 75 Apr 3 23:25:35 server1 dovecot: lmtp(chris at coderz.gr)<47735><AUI6Aj/jw1p3ugAAPz4RRA>: Error: sieve: msgid=<DE90EB45-9B58-4679-9BCE-E2698773519E at cretaforce.gr>: failed to redirect message to <chris at cretaforce.gr>: Sendmail program returned error (temporary failure) In my postfix main.cf I have this: authorized_submit_users = root, filter When I change it to: authorized_submit_users = root, filter, myUserName where myUserName is the username that owns the mailbox it works. So I guess that something changed to dovecot between 2.2.35 and 2.3.1 and is not related to pigeonhole.> On 3 Apr 2018, at 23:25, Christos Chatzaras <chris at cretaforce.gr> wrote: > > Hello, > > After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 to 0.5.1 when I use sieve to forward a message to other address using "redirect :copy" I get this: > > (host server1.myserver.com <http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 <chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve filters was aborted due to temporary failure (in reply to end of DATA command)) > > And in sieve log I see: failed to redirect message to <chris at mydomain.com <mailto:chris at mydomain.com>>: Sendmail program returned error (temporary failure). > > Any idea what is wrong? > > Kind regards, > Christos Chatzaras-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180403/46bc1a62/attachment.html>
Op 4/3/2018 om 10:34 PM schreef Christos Chatzaras:> Here are some logs: > > Apr ?3 23:25:35 server1 dovecot: lmtp(chris at coderz.gr > <mailto:chris at coderz.gr>)<47735><AUI6Aj/jw1p3ugAAPz4RRA>: program > `/usr/sbin/sendmail' terminated with non-zero exit code 75 > Apr ?3 23:25:35 server1 dovecot: lmtp(chris at coderz.gr > <mailto:chris at coderz.gr>)<47735><AUI6Aj/jw1p3ugAAPz4RRA>: Error: > sieve: msgid=<DE90EB45-9B58-4679-9BCE-E2698773519E at cretaforce.gr > <mailto:DE90EB45-9B58-4679-9BCE-E2698773519E at cretaforce.gr>>: failed > to redirect message to <chris at cretaforce.gr > <mailto:chris at cretaforce.gr>>: Sendmail program returned error > (temporary failure) > > In my postfix main.cf I have this: > > authorized_submit_users = root, filter > > When I change it to: > > authorized_submit_users = root, filter, myUserName > > where myUserName is the username that owns the mailbox it works. > > So I guess that something changed to dovecot between 2.2.35 and 2.3.1 > and is not related to pigeonhole.Yeah, this is likely due to the fact that sendmail is now invoked using the program-client (same as Sieve extprograms), which takes great care to drop any unwanted (seteuid) root privileges. Regards, Stephan.> > >> On 3 Apr 2018, at 23:25, Christos Chatzaras <chris at cretaforce.gr >> <mailto:chris at cretaforce.gr>> wrote: >> >> Hello, >> >> After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 ?to >> 0.5.1 when I use sieve to forward a message to other address using >> "redirect :copy" I get this: >> >> (host?server1.myserver.com >> <http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 >> <chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve >> filters was aborted due to temporary failure (in reply to end of DATA >> command)) >> >> And in sieve log I see: failed to redirect message to >> <chris at mydomain.com <mailto:chris at mydomain.com>>: Sendmail program >> returned error (temporary failure). >> >> Any idea what is wrong? >> >> Kind regards, >> Christos Chatzaras >
Hello, The new systemd service file has NoNewPrivileges set to true. You need to override that to false and then it should work again. (if you need help with that ask again.. I'm on the train now so I can't write much comfortably..) Cheers. On April 3, 2018 10:25:22 PM GMT+02:00, Christos Chatzaras <chris at cretaforce.gr> wrote:>Hello, > >After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 to 0.5.1 >when I use sieve to forward a message to other address using "redirect >:copy" I get this: > >(host server1.myserver.com ><http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 ><chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve >filters was aborted due to temporary failure (in reply to end of DATA >command)) > >And in sieve log I see: failed to redirect message to ><chris at mydomain.com <mailto:chris at mydomain.com>>: Sendmail program >returned error (temporary failure). > >Any idea what is wrong? > >Kind regards, >Christos Chatzaras-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180404/4e580677/attachment.html>
Helmut K. C. Tessarek
2018-Apr-04 06:44 UTC
issue with sieve forwarding after upgrade to 0.5.1
On 2018-04-04 01:54, B. Reino wrote:> The new systemd service file has NoNewPrivileges set to true. You need > to override that to false and then it should work again.It seems that the NoNewPrivileges option messes with several things. PAM authentication stopped working as well besides the fact that CAP_AUDIT_WRITE is also missing in CapabilityBoundingSet. I've opened a pull request https://github.com/dovecot/core/pull/71 Although I removed NoNewPrivileges altogether, since I didn't know what to write in the comment. The only thing I could think of was something along the lines: # If you want most things to stop working, set this to true I thought this would be rather counterproductive, thus I removed it. Maybe somebody else could enlighten me who came up with this default setting and why it was set to true in the first place. Cheers, K. C. -- regards Helmut K. C. Tessarek KeyID 0x172380A011EF4944 Key fingerprint = 8A55 70C1 BD85 D34E ADBC 386C 1723 80A0 11EF 4944 /* Thou shalt not follow the NULL pointer for chaos and madness await thee at its end. */
Christos Chatzaras
2018-Apr-04 09:02 UTC
issue with sieve forwarding after upgrade to 0.5.1
Thank you for your reply. I use FreeBSD so no changes on the OS before and after the dovecot/pigeonhole updates.> On 4 Apr 2018, at 08:54, B. Reino <reinob at bbmk.org> wrote: > > Hello, > > The new systemd service file has NoNewPrivileges set to true. You need to override that to false and then it should work again. > > (if you need help with that ask again.. I'm on the train now so I can't write much comfortably..) > > Cheers. > > On April 3, 2018 10:25:22 PM GMT+02:00, Christos Chatzaras <chris at cretaforce.gr> wrote: > Hello, > > After I upgrade dovecot 2.2.35 to 2.3.1 and pigeonhole 0.4.23 to 0.5.1 when I use sieve to forward a message to other address using "redirect :copy" I get this: > > (host server1.myserver.com <http://server1.myserver.com/>[private/dovecot-lmtp] said: 451 4.2.0 <chris at mydomain.com <mailto:chris at mydomain.com>> Execution of Sieve filters was aborted due to temporary failure (in reply to end of DATA command)) > > And in sieve log I see: failed to redirect message to <chris at mydomain.com <mailto:chris at mydomain.com>>: Sendmail program returned error (temporary failure). > > Any idea what is wrong? > > Kind regards, > Christos Chatzaras-------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180404/42250cc4/attachment.html>