> > Debug-enabled log give me: > > Apr 27 04:11:36 mail dovecot: lmtp(test at example.com): Debug: > > qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running > > program: test.sh > > Apr 27 04:11:36 mail dovecot: lmtp(test at example.com): Debug: > > waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' > > to finish after 0 seconds > > > > So I guess it thinks it is running my script? But simple test script > > does nothing. Here it is: > > > > #!/bin/sh > > read INPUT > > INPUT="Hello world: $INPUT" > > echo "$INPUT" >> /tmp/hello > > echo "---------------------------" >> /tmp/hello > > > > Permissions on this script file for now are rwxrwxrwx > > But nothing goes to /tmp/hello at all. Script works when I run it > > manually. I also tried without the "read" but I think that's required > > isn't it? Anyway, what else can I do to debug this? > > Well, first try with a script that cannot fail (well most likely), e.g.:I tried your script for fun, same result. Log showing the script was called, but no output from the script. I also deleted the script and made sure that debug log showed that sieve could not find the script. Is it chrooted or something weird? I have confirmed it is being run by calling "exit 3" and seeing in the log that "program ... terminated with non-zero exit code 3" so problem is in commands accessing the filesystem I guess. I added this: echo "HELLO WORLD" 1>&2 And log shows "Error: HELLO WORLD" So it's working but no filesystem access. Calling from sieve script with: execute :input "myinput" "test.sh"; Also tried execute "test.sh";
Am 27.04.2015 um 20:55 schrieb E.B.:>>> So I guess it thinks it is running my script? But simple test script >>> does nothing. Here it is: >>> >>> #!/bin/sh >>> read INPUT >>> INPUT="Hello world: $INPUT" >>> echo "$INPUT" >> /tmp/hello >>> echo "---------------------------" >> /tmp/hello >>> >>> Permissions on this script file for now are rwxrwxrwx >>> But nothing goes to /tmp/hello at all. Script works when I run it >>> manually. I also tried without the "read" but I think that's required >>> isn't it? Anyway, what else can I do to debug this? >> >> Well, first try with a script that cannot fail (well most likely), e.g.: > > I tried your script for fun, same result. Log showing > the script was called, but no output from the script. > > I also deleted the script and made sure that debug > log showed that sieve could not find the script. Is it > chrooted or something weird?In another thread you said you are running CentOS. So I strongly guess it is SELinux interfering. Check your auditd log grep -i AVC /var/log/audit/audit.log You can test whether your setup works after "setenforce 0". That sets SELinux into permissive mode, loggging AVCs but not blocking actions. Alexander
> In another thread you said you are running CentOS. So I strongly guess > it is SELinux interfering. Check your auditd log > > grep -i AVC /var/log/audit/audit.log > > You can test whether your setup works after "setenforce 0". That sets > SELinux into permissive mode, loggging AVCs but not blocking actions.Good idea, but there are no AVC reports so I guess that's not it. In the meantime I switched to calling the script using a dovecot service and now the script isn't run at all ------ see my new thread on that.
>>> Debug-enabled log give me: >>> Apr 27 04:11:36 mail dovecot: lmtp(test at example.com): Debug: >>> qOGyA0DePHVaOyHEM/SpMA: sieve: action execute: running >>> program: test.sh >>> Apr 27 04:11:36 mail dovecot: lmtp(test at example.com): Debug: >>> waiting for program `/usr/local/etc/dovecot/sieve_globals/test.sh' >>> to finish after 0 seconds >>> >>> So I guess it thinks it is running my script? But simple test script >>> does nothing. Here it is: >>> >>> #!/bin/sh >>> read INPUT >>> INPUT="Hello world: $INPUT" >>> echo "$INPUT" >> /tmp/hello >>> echo "---------------------------" >> /tmp/hello >>> >>> Permissions on this script file for now are rwxrwxrwx >>> But nothing goes to /tmp/hello at all. Script works when I run it >>> manually. I also tried without the "read" but I think that's required >>> isn't it? Anyway, what else can I do to debug this? >> >> Well, first try with a script that cannot fail (well most likely), e.g.: > > I tried your script for fun, same result. Log showing > the script was called, but no output from the script. > > I also deleted the script and made sure that debug > log showed that sieve could not find the script. Is it > chrooted or something weird? > > I have confirmed it is being run by calling "exit 3" and > seeing in the log that "program ... terminated with > non-zero exit code 3" so problem is in commands > accessing the filesystem I guess. I added this: > > echo "HELLO WORLD" 1>&2 > > And log shows "Error: HELLO WORLD" > > So it's working but no filesystem access.I just tried this too: touch /tmp/hello-world And nothing. I tried to *read* from the filesystem: TEST=$(cat /tmp/test) echo "TEST: $TEST" 1>&2 Nothing. I found that the script can do other things like connect to network or other services, but any way I try to do something with the filesystem come up empty. Dont' know if calling the script via dovecot socket service would make this different because there is a bug that prevents extprograms execute via socket broken (see other thread). Is this on purpose no filesystem access allowed? why?> Calling from sieve script with: > > execute :input "myinput" "test.sh"; > > Also tried > > execute "test.sh";