On 2018-03-03 21:28, Stephan Bosch wrote:> Op 3/2/2018 om 3:35 PM schreef Karol Augustin: >> Hi, >> >> I am using Dovecot LDA as LMTP renders envelope extension unusable. >> >> The problem I have noticed is that when user has multiple aliases sieve >> responds to all of them, not only to :addresses specified. >> >> From testing it seems that :addresses only adds addresses to the list of >> "known" emails to check against. It is not limiting it. >> >> As I understand, sieve should check if To: header is consistent with >> addresses known to be users. But how Dovecot knows about aliases >> assigned to the user? >> >> From my testing if header To: address is consistent with envelope To: >> address the reply is fired. I have sieve_vacation_use_original_recipient >> left at it's default value (no), so that shouldn't be the case. Now if >> user address at example.com has alias alias at example.com specified, the >> vacation reply will be sent to email addressed to alias at example.com, >> which is weird, because this behavior should be enabled by switching >> sieve_vacation_use_original_recipient to yes. >> >> When user receives an email that was originally sent to his gmail >> account (forwarded) there is no reply. If I add gmail address to >> :addresses reply is generated as expected. >> >> So my main question is if this is expected? I would like to enable only >> delivery to primary address and to + extensions to that address by >> default. >> >> I think that it might be that Postfix is expanding aliases and passing >> the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that >> address to check for explicit delivery, but something fails, as this >> address is obviously not in To: header. So it looks like orig_to has to >> be used as well which should be disabled by >> sieve_vacation_use_original_recipient? >> >> >> My address is: karol at augustin.pl, alias is: carol at augustin.pl >> >> >> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve: >> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: sent vacation >> response to <sender at example.com> >> Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, >> size=732, nrcpt=1 (queue active) >> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve: >> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: stored mail into >> mailbox 'INBOX' >> Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: >> to=<karol at augustin.pl>, orig_to=<carol at augustin.pl>, relay=dovecot, >> delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via >> dovecot service) >> >> >> Forward from from gmail: >> >> Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: >> from=<karolaug+caf_=karol=augustin.pl at gmail.com>, size=5831, nrcpt=1 >> (queue active) >> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve: >> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: discarding vacation >> response for implicitly delivered message; no known (envelope) recipient >> address found in message headers (recipient=<karol at augustin.pl>, and >> additional `:addresses' are specified) >> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve: >> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: stored mail into >> mailbox 'INBOX' >> Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: >> to=<karol at augustin.pl>, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, >> dsn=2.0.0, status=sent (delivered via dovecot service) >> >> >> from my master.cf: >> dovecot unix - n n - - pipe >> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f >> ${sender} -a ${original_recipient} -d ${user}@${nexthop} > > What is your configuration. Please provide output from `dovecot -n`. > > Regards, > > Stephan.To clarify the problem. After more testing I figured that the vacation works as specified in RFC, taking known address from envelope recipient and comparing it with To and Cc. If it matches, which is true also for aliases, the reply is generated. My problem is that from documentation I understand that this behavior (RFC5230 point 4.5 par 2.) is controlled by sieve_vacation_use_original_recipient parameter, which doesn't disable envelope address check if set at default "no" and also if explicitly set in the config. dovecot -n as requested: # 2.2.33.2 (d6601f4ec): /etc/dovecot/dovecot.conf # Pigeonhole version 0.4.21 (92477967) # OS: Linux 4.14.0-3-amd64 x86_64 Debian buster/sid ext4 auth_cache_negative_ttl = 1 mins auth_cache_size = 3000 B auth_master_user_separator = * auth_mechanisms = plain login auth_username_chars abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_ at + auth_verbose = yes dict { expire = mysql:/etc/dovecot/dovecot-dict-expire.conf quota = mysql:/etc/dovecot/dovecot-dict-sql.conf } hostname = mail.nimitz.pl imap_idle_notify_interval = 29 mins listen = *, [::] log_timestamp = "%Y-%m-%d %H:%M:%S " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l %c %k mail_attribute_dict = file:%h/Maildir/dovecot-attributes mail_fsync = always mail_gid = 5000 mail_home = /var/vmail/mails/%d/%n mail_location maildir:/var/vmail/mails/%d/%n/Maildir:INDEX=/var/vmail/indexes/%d/%n mail_plugins = quota zlib fts fts_lucene expire mail_privileged_group = vmail mail_uid = 5000 mailbox_list_index = yes maildir_very_dirty_syncs = yes managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body environment mailbox date index ihave mime foreverypart extracttext namespace { inbox = yes location = mailbox Archive { auto = subscribe special_use = \Archive } mailbox Drafts { auto = subscribe special_use = \Drafts } mailbox Sent { auto = subscribe special_use = \Sent } mailbox Spam { auto = subscribe special_use = \Junk } mailbox Trash { auto = subscribe special_use = \Trash } prefix = separator = . type = private } passdb { args = /etc/dovecot/passwd.masterusers driver = passwd-file master = yes pass = yes } passdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } plugin { antispam_backend = pipe antispam_pipe_program = /etc/dovecot/sa-learn.sh antispam_pipe_program_notspam_arg = ham antispam_pipe_program_spam_arg = spam antispam_pipe_tmpdir = /tmp antispam_spam_pattern_ignorecase = Spam;Spam.*;Junk* antispam_trash_pattern_ignorecase = Trash;Deleted Items;Deleted Messages;Kosz expire = Trash expire2 = Trash.* expire3 = Spam expire4 = Spam.* expire5 = Kosz expire6 = Kosz.* expire_cache = yes expire_dict = proxy::expire fts = lucene fts_autoindex = yes fts_decoder = decode2text fts_lucene = whitespace_chars=@. quota = dict:User quota::proxy::quota quota_grace = 500M quota_rule2 = Trash:storage=+100M quota_rule3 = Spam:storage=+100M quota_vsizes = yes sieve = /var/vmail/mails/%d/%n/.dovecot.sieve sieve_before = /var/vmail/mails/global-spam sieve_dir = /var/vmail/mails/%d/%n/sieve sieve_extensions = -enotify sieve_global_extensions = duplicate sieve_vacation_default_period = 1d sieve_vacation_max_period = 10d sieve_vacation_min_period = 1d zlib_save = bz2 zlib_save_level = 9 } protocols = imap sieve lmtp recipient_delimiter = - service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0666 user = postfix } unix_listener auth-master { group = vmail mode = 0600 user = vmail } user = root } service decode2text { executable = script /usr/local/sbin/decode2text.sh unix_listener decode2text { mode = 0666 } user = dovecot } service dict { unix_listener dict { group = vmail mode = 0660 user = dovecot } } service imap-login { process_limit = 600 process_min_avail = 10 service_count = 1 vsz_limit = 64 M } service lmtp { inet_listener lmtp { address = 127.0.0.1 ::1 port = 24 } process_min_avail = 2 user = vmail } service managesieve-login { inet_listener sieve { port = 2000 } } ssl_ca = </etc/dehydrated/certs/mail/chain.pem ssl_cert = </etc/dehydrated/certs/mail/cert.pem ssl_cipher_list = ALL:!LOW:!SSLv2:!SSLv3:!ADH:!aNULL:!EXP ssl_dh_parameters_length = 2048 ssl_key = # hidden, use -P to show it ssl_parameters_regenerate = 1 days userdb { args = /etc/dovecot/dovecot-sql.conf driver = sql } protocol imap { imap_capability = +SPECIAL-USE imap_idle_notify_interval = 29 mins imap_metadata = yes mail_max_userip_connections = 100 mail_plugins = quota zlib fts fts_lucene expire imap_quota antispam imap_zlib } protocol lda { auth_socket_path = /run/dovecot/auth-master mail_plugins = quota zlib fts fts_lucene expire sieve postmaster_address = postmaster at mail.nimitz.pl quota_full_tempfail = no } protocol lmtp { mail_plugins = quota zlib fts fts_lucene expire sieve postmaster_address = postmaster at mail.nimitz.pl } -- Karol Augustin karol at augustin.pl http://karolaugustin.pl/ +353 85 775 5312
On 2018-03-03 21:47, Karol Augustin wrote:> On 2018-03-03 21:28, Stephan Bosch wrote: >> Op 3/2/2018 om 3:35 PM schreef Karol Augustin: >>> Hi, >>> >>> I am using Dovecot LDA as LMTP renders envelope extension unusable. >>> >>> The problem I have noticed is that when user has multiple aliases sieve >>> responds to all of them, not only to :addresses specified. >>> >>> From testing it seems that :addresses only adds addresses to the list of >>> "known" emails to check against. It is not limiting it. >>> >>> As I understand, sieve should check if To: header is consistent with >>> addresses known to be users. But how Dovecot knows about aliases >>> assigned to the user? >>> >>> From my testing if header To: address is consistent with envelope To: >>> address the reply is fired. I have sieve_vacation_use_original_recipient >>> left at it's default value (no), so that shouldn't be the case. Now if >>> user address at example.com has alias alias at example.com specified, the >>> vacation reply will be sent to email addressed to alias at example.com, >>> which is weird, because this behavior should be enabled by switching >>> sieve_vacation_use_original_recipient to yes. >>> >>> When user receives an email that was originally sent to his gmail >>> account (forwarded) there is no reply. If I add gmail address to >>> :addresses reply is generated as expected. >>> >>> So my main question is if this is expected? I would like to enable only >>> delivery to primary address and to + extensions to that address by >>> default. >>> >>> I think that it might be that Postfix is expanding aliases and passing >>> the final recipient (as to=<XXX>) to dovecot. Then dovecot is using that >>> address to check for explicit delivery, but something fails, as this >>> address is obviously not in To: header. So it looks like orig_to has to >>> be used as well which should be disabled by >>> sieve_vacation_use_original_recipient? >>> >>> >>> My address is: karol at augustin.pl, alias is: carol at augustin.pl >>> >>> >>> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve: >>> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: sent vacation >>> response to <sender at example.com> >>> Mar 2 12:37:32 mail postfix/qmgr[4744]: 3zt82h4CG4z2xlw: from=<>, >>> size=732, nrcpt=1 (queue active) >>> Mar 2 12:37:32 mail dovecot: lda(karol at augustin.pl): sieve: >>> msgid=<3ba0578a5f6b170e942b5bac1b19be36 at posteo.net>: stored mail into >>> mailbox 'INBOX' >>> Mar 2 12:37:32 mail postfix/pipe[8793]: 3zt82f3x4xz2xmw: >>> to=<karol at augustin.pl>, orig_to=<carol at augustin.pl>, relay=dovecot, >>> delay=2.2, delays=2.2/0/0/0.06, dsn=2.0.0, status=sent (delivered via >>> dovecot service) >>> >>> >>> Forward from from gmail: >>> >>> Mar 2 11:38:19 mail postfix/qmgr[4744]: 3zt6kL1yF7z2xgg: >>> from=<karolaug+caf_=karol=augustin.pl at gmail.com>, size=5831, nrcpt=1 >>> (queue active) >>> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve: >>> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: discarding vacation >>> response for implicitly delivered message; no known (envelope) recipient >>> address found in message headers (recipient=<karol at augustin.pl>, and >>> additional `:addresses' are specified) >>> Mar 2 11:38:19 mail dovecot: lda(karol at augustin.pl): sieve: >>> msgid=<e610a47934f9aabb31f833c025075cff at posteo.net>: stored mail into >>> mailbox 'INBOX' >>> Mar 2 11:38:19 mail postfix/pipe[5362]: 3zt6kL1yF7z2xgg: >>> to=<karol at augustin.pl>, relay=dovecot, delay=1.3, delays=1.2/0/0/0.05, >>> dsn=2.0.0, status=sent (delivered via dovecot service) >>> >>> >>> from my master.cf: >>> dovecot unix - n n - - pipe >>> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f >>> ${sender} -a ${original_recipient} -d ${user}@${nexthop} >> >> What is your configuration. Please provide output from `dovecot -n`. >> >> Regards, >> >> Stephan. > > To clarify the problem. After more testing I figured that the vacation > works as specified in RFC, taking known address from envelope recipient > and comparing it with To and Cc. If it matches, which is true also for > aliases, the reply is generated. > > My problem is that from documentation I understand that this behavior > (RFC5230 point 4.5 par 2.) is controlled by > sieve_vacation_use_original_recipient parameter, which doesn't disable > envelope address check if set at default "no" and also if explicitly set > in the config. >Sorry for causing problems and wasting time. The problem was with lacking -r parameter in LDA invocation: "-r <address>: Final envelope recipient address. Defaults to -a address, but may differ if e.g. aliases are used or when dropping the +ext part. (v2.0.3+)" So the final recipient that is used by vacation was always set to the original recipient value. With the following Postfix config everything works exactly as expected. Response is generated if mail is send to +exct address and is not generated if it is send to an alias unless the alias is configured in "addresses variable. Also the sieve_vacation_use_original_recipient parameter works as expected. dovecot unix - n n - - pipe flags=OXDRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f ${sender} -a ${original_recipient} -r ${recipient} -d ${user}@${nexthop} Thanks, Karol -- Karol Augustin karol at augustin.pl http://karolaugustin.pl/ +353 85 775 5312
Marcio Vogel Merlone dos Santos
2018-Mar-06 14:34 UTC
sieve vacation alias handling problem
Thank you for sharing your solution! That made my life easier. Regards. Em 04/03/2018 08:08, Karol Augustin escreveu:> On 2018-03-03 21:47, Karol Augustin wrote: >> On 2018-03-03 21:28, Stephan Bosch wrote: >>> Op 3/2/2018 om 3:35 PM schreef Karol Augustin: >>>> Hi, >>>> >>>> I am using Dovecot LDA as LMTP renders envelope extension unusable. >>>> (...) >>>> from my master.cf: >>>> dovecot unix - n n - - pipe >>>> flags=DRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f >>>> ${sender} -a ${original_recipient} -d ${user}@${nexthop} >>>> > Sorry for causing problems and wasting time. The problem was with > lacking -r parameter in LDA invocation: > > "-r <address>: Final envelope recipient address. Defaults to -a address, > but may differ if e.g. aliases are used or when dropping the +ext part. > (v2.0.3+)" > So the final recipient that is used by vacation was always set to the > original recipient value. > > With the following Postfix config everything works exactly as expected. > Response is generated if mail is send to +exct address and is not > generated if it is send to an alias unless the alias is configured in > "addresses variable. > > Also the sieve_vacation_use_original_recipient parameter works as > expected. > > dovecot unix - n n - - pipe > flags=OXDRhu user=vmail:vmail argv=/usr/lib/dovecot/dovecot-lda -f > ${sender} -a ${original_recipient} -r ${recipient} -d ${user}@${nexthop} > > > Thanks, > Karol-- *Marcio Merlone* -------------- next part -------------- An HTML attachment was scrubbed... URL: <https://dovecot.org/pipermail/dovecot/attachments/20180306/e0ab25b5/attachment.html>