thr3ads.net - dovecot - Postfix sendmail cannot be called from Sieve redirect [Apr 2018]

If this information is useful, please help other people find it:
Share via:

Ulrich Zehl

2018-Apr-17 17:00 UTC

Postfix sendmail cannot be called from Sieve redirect

Sending (in my case: forwarding) messages from Sieve via sendmail does not
work with version 2.3.1.

I have narrowed it down to this simple test case:


# dovecot -n
# 2.3.1 (c5a5c0c82): /etc/dovecot/dovecot.conf
# OS: Linux 4.4.0-119-generic x86_64 Ubuntu 16.04.4 LTS
# Hostname: tuxi.topfen.net
first_valid_gid = 200
first_valid_uid = 200
mail_location = mbox:~/mail
passdb {
  args = password=secret
  driver = static
}
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
}
protocols = lmtp
service lmtp {
  inet_listener lmtp {
    address = 127.0.0.1
    port = 24
  }
}
userdb {
  args = uid=200 gid=200 home=/home/vmail
  driver = static
}
protocol lmtp {
  mail_plugins = sieve
}

# cat /home/vmail/.dovecot.sieve
redirect "test at example.invalid";
stop;


$ swaks --protocol lmtp -s 127.0.0.1 -f ulrich at topfen.net -t ulrich at
topfen.net
=== Trying 127.0.0.1:24...
=== Connected to 127.0.0.1.
<-  220 tuxi.topfen.net Dovecot ready.
 -> LHLO tuxi.topfen.net
<-  250-tuxi.topfen.net
<-  250-8BITMIME
<-  250-CHUNKING
<-  250-ENHANCEDSTATUSCODES
<-  250-PIPELINING
<-  250 VRFY
 -> MAIL FROM:<ulrich at topfen.net>
<-  250 2.1.0 OK
 -> RCPT TO:<ulrich at topfen.net>
<-  250 2.1.5 OK
 -> DATA
<-  354 OK
 -> Date: Tue, 17 Apr 2018 18:44:42 +0200
 -> To: ulrich at topfen.net
 -> From: ulrich at topfen.net
 -> Subject: test Tue, 17 Apr 2018 18:44:42 +0200
 -> X-Mailer: swaks v20130209.0 jetmore.org/john/code/swaks/
 ->
 -> This is a test mailing
 ->
 -> .
<** 451 4.3.0 <ulrich at topfen.net> Temporary internal error
 -> QUIT
<-  221 2.0.0 Bye
=== Connection closed with remote host.


$ tail -n 10 /var/log/mail.log
Apr 17 18:45:36 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create
file maildrop/421882.22643: Permission denied
Apr 17 18:45:36 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter:
create file maildrop/421882.22643: Permission denied
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at
topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: program
`/usr/sbin/sendmail' was forcibly terminated with signal 15
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at
topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: sieve:
msgid=unspecified: failed to redirect message to <test at test.at>: Failed
to execute sendmail (temporary failure)
Apr 17 18:45:36 tuxi dovecot: lmtp(ulrich at
topfen.net)<22639><dtJZGJIk1lpvWAAAcdhj4Q>: Error: sieve: Execution
of script /home/vmail/.dovecot.sieve was aborted due to temporary failure (user
logfile /home/vmail/.dovecot.sieve.log may reveal additional details)
Apr 17 18:45:36 tuxi dovecot: lmtp(22639): Disconnect from 127.0.0.1: Client has
quit the connection (state = READY)
Apr 17 18:45:46 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create
file maildrop/422091.22643: Permission denied
Apr 17 18:45:46 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter:
create file maildrop/422091.22643: Permission denied
Apr 17 18:45:56 tuxi postfix/postdrop[22643]: warning: mail_queue_enter: create
file maildrop/422227.22643: Permission denied
Apr 17 18:45:56 tuxi dovecot: lmtp: Error: postdrop: warning: mail_queue_enter:
create file maildrop/422227.22643: Permission denied


As far as I can tell, this is because Dovecot somehow does not allow suid
programs to run (Postfix' postdrop(1), which is invoked by sendmail(1),
requires set-gid to write the queue file).

What can I do to change this (besides using SMTP from Dovecot directly)?

I am using Ubuntu 16.04 and the Dovecot packages from the community
repository:

~$ dpkg -l dovecot* | grep ^ii
ii  dovecot-core          2:2.3.1-1    amd64        secure POP3/IMAP server -
core files
ii  dovecot-lmtpd         2:2.3.1-1    amd64        secure POP3/IMAP server -
LMTP server
ii  dovecot-sieve         2:2.3.1-1    amd64        secure POP3/IMAP server -
Sieve filters support


Ulrich

Alexander Dalloz

2018-Apr-17 17:04 UTC

head link

Postfix sendmail cannot be called from Sieve redirect

Am 17.04.2018 um 19:00 schrieb Ulrich Zehl:> Sending (in my case: forwarding) messages from Sieve via sendmail does not
> work with version 2.3.1.
https://dovecot.org/pipermail/dovecot/2018-April/111482.html

[ ... ]
> Ulrich
Alexander

Ulrich Zehl

2018-Apr-17 17:19 UTC

head link

Postfix sendmail cannot be called from Sieve redirect

On Tue, Apr 17, 2018 at 07:04:56PM +0200, Alexander Dalloz
wrote:> Am 17.04.2018 um 19:00 schrieb Ulrich Zehl:
> > Sending (in my case: forwarding) messages from Sieve via sendmail does
not
> > work with version 2.3.1.
>
> https://dovecot.org/pipermail/dovecot/2018-April/111482.html
Thanks, Alexander. I apologize for the noise; I somehow did not think of
searching the archive for "forwarding."

For the archive: Removing NoNewPrivileges from the systemd unit makes it
work fine.

Ulrich

Seemingly Similar Threads

Search for more apparently analagous threads

dovecot - Apr 2018 - Postfix sendmail cannot be called from Sieve redirect

Postfix sendmail cannot be called from Sieve redirect

Postfix sendmail cannot be called from Sieve redirect

Postfix sendmail cannot be called from Sieve redirect

Seemingly Similar Threads