docker-mailserver: [BUG] Get user-defined sieve working (global sieve is OK)

Can’t get sieve rules working

Context

Working with the latest docker-mailserver container. Trying to get sieve rule working (simple rule moving mails with a from address to another folder)

Expected Behavior

mail gets moved

Actual Behavior

mail gets to inbox

Possible Fix

none found

Steps to Reproduce

created .dovecot.sieve within /var/mail/domain/user

require ["fileinto"];

if header :contains ["From"] "mail@domain.net" {
   fileinto "Archive";
} else {
     keep;
}

mail still is delivered to inbox. Archive folder exists

tried rainloop with Managed Sieve. First error message:

mail dovecot: managesieve(xxx)<29434><BYcCTuqTwpqsEgAL>: Error: sieve: file storage: mkdir_parents_chgrp(/home/users/xxx/sieve/tmp) failed: Permission denied (euid=5000(docker) egid=5000(docker) missing +w perm: /home, dir owned by 0:0 mode=0755)
Oct  2 11:43:44 mail dovecot: managesieve(xxx)<29434><BYcCTuqTwpqsEgAL>: Fatal: Failed to open Sieve storage.

If I change permissions within the docker container I can get sieve working with rainloop but that is not really a solution (after every update I’d have to set permissions again or redirect folder to host)

Your Environment

mailserver: latest tag config:

mail:
  cap_add:
   - NET_ADMIN # needed by fail2ban inside container
   #- SYS_PTRACE # not clear if needed https://github.com/tomav/docker-mailserver/issues/1057
  container_name: mail
  depends_on:
   - openldap
  domainname: ${hostname}
  env_file: /opt/.env
  environment:
   - DMS_DEBUG=0
   - ENABLE_CLAMAV=1
   - ONE_DIR=1
   - ENABLE_POP3=1
   - ENABLE_FAIL2BAN=1
   - SSL_TYPE=manual
   - SSL_CERT_PATH=${mail_SSL_CERT_PATH}
   - SSL_KEY_PATH=${mail_SSL_KEY_PATH}
   - TLS_LEVEL=modern
   - SPOOF_PROTECTION=1
   - ENABLE_SRS=0
   - PERMIT_DOCKER=network   
   - POSTFIX_MESSAGE_SIZE_LIMIT=30720000
   - ENABLE_MANAGESIEVE=1
   - OVERRIDE_HOSTNAME=${mail_OVERRIDE_HOSTNAME}
   - PFLOGSUMM_TRIGGER=daily_cron
   #- PFLOGSUMM_RECIPIENT=${mail_PFLOGSUMM_RECIPIENT}
   - LOGWATCH_INTERVAL=daily
   - ENABLE_SPAMASSASSIN=1
   - ENABLE_LDAP=1
   - LDAP_START_TLS=no
   - LDAP_SERVER_HOST=${mail_LDAP_SERVER_HOST}
   - LDAP_SEARCH_BASE=${mail_LDAP_SEARCH_BASE}
   - LDAP_BIND_DN=${mail_LDAP_BIND_DN}
   - LDAP_BIND_PW=${mail_LDAP_BIND_PW}
   - LDAP_QUERY_FILTER_USER=${mail_LDAP_QUERY_FILTER_USER}
   - LDAP_QUERY_FILTER_GROUP=${mail_LDAP_QUERY_FILTER_GROUP}
   - LDAP_QUERY_FILTER_ALIAS=${mail_LDAP_QUERY_FILTER_ALIAS}
   - LDAP_QUERY_FILTER_DOMAIN=${mail_LDAP_QUERY_FILTER_DOMAIN}
   - DOVECOT_USER_FILTER=${mail_DOVECOT_USER_FILTER}
   - DOVECOT_PASS_FILTER=${mail_DOVECOT_PASS_FILTER}
   - ENABLE_POSTGREY=0
   - ENABLE_SASLAUTHD=1
   - SASLAUTHD_MECHANISMS=ldap
   - SASLAUTHD_LDAP_SERVER=${mail_SASLAUTHD_LDAP_SERVER}
   - SASLAUTHD_LDAP_SSL=0
   - SASLAUTHD_LDAP_BIND_DN=${mail_SASLAUTHD_LDAP_BIND_DN}
   - SASLAUTHD_LDAP_PASSWORD=${mail_SASLAUTHD_LDAP_PASSWORD}
   - SASLAUTHD_LDAP_SEARCH_BASE=${mail_SASLAUTHD_LDAP_SEARCH_BASE}
   - SASLAUTHD_LDAP_FILTER=${mail_SASLAUTHD_LDAP_FILTER}
  hostname: ${mail_hostname}
  image: tvial/docker-mailserver
  labels:
   - ${ouro_true}
  networks:
   compose:
    # fixed ip to use it from the host machine
    ipv4_address: 172.18.1.1
  ports:
   - "25:25"
   - "587:587"
   - "993:993"
   - "995:995"
   #- "4190:4190"
  restart: always
  volumes:
   - ${timezone}
   - ${localtime}
   - /opt/_ssl:/tmp/ssl:ro
   - /opt/mail/var:/var/mail
   - /opt/mail/state:/var/mail-state
   - /opt/mail/config:/tmp/docker-mailserver
   - /opt/mail/log:/var/log/mail
   - /opt/mail/opendmarc:/etc/opendmarc

Possible answers to you issue

none found

About this issue

  • Original URL
  • State: closed
  • Created 5 years ago
  • Comments: 43 (21 by maintainers)

Most upvoted comments

Glad to help and happy that everything works now. LDAP setups are tricky. One of my managed instances is also connected to LDAP and most of the wiki information doesn’t fit my usecase. But with LDAP every setup is so special that it’s hard to generalize (like you said - it starts that everyone can use different schema which will affect the whole further process)

+3
wernerfred on Feb 21, 2021

I had the same problem and I could solve it by putting the following in the docker-compose.yml

  • DOVECOT_USER_ATTRS==home=/var/mail/%n,=mail=maildir:/var/mail/%n/Maildir,=uid=5000,=gid=5000
+2
SebaFerraro on Jul 7, 2021

Finally: Breakthrough! I’m using this image for quite some time now and my LDAP was set up with the “postfix-book.schema” There is an LDAP field called “mailHomeDirectory” which was set to “/home/users/USER”. Changing this to “/var/mail/TLD/USER” and now user sieve rule and Managesieve is working out of the box.

Thanks for all contributions and I’m more than happy to close the current oldest issue 😉

+2
cybermcm on Feb 21, 2021

But isn’t case 3 the case I mentioned in my comment? It places a /var/mail/domain.tld/user/.dovecot_sieve which works flawless since almost 2 years now. Maybe we should compare the content and permissions. For me it seems like some weird behavior/configuration happened on your side as I have multiple instances of docker-mailserver in production and all work with sieve.

Which version are you using right now and did you change anything manually (through user-patches.sh or config/?

+2
wernerfred on Feb 20, 2021

@williamdes: thx for your answer but the rule itself works, from my post above:

working? Putting a "before.dovecot.sieve" or "after.dovecot.sieve" in the config folder
not working? Putting a ".dovecot.sieve" in the user folder is still ignored and nothing happens...

Did you try a “user sieve rule”?

+2
cybermcm on Feb 20, 2021

I’ll keep the bot occupied 😉

+2
cybermcm on Jan 19, 2021

current = latest in my case

  1. sieve/ is empty
  2. I think there is a difference between the managed sieve service (you described in your comment) and simply put a sieve file in the /var/mail/TLD/USER folder
  3. didn’t try this because my user was already setup (I’m working with a LDAP connection, maybe this is a difference?)
  4. tried your suggestions, both not working
  5. root@mail:/# doveconf -f service=lda mail_plugins mail_plugins = sieve
+1
cybermcm on Feb 20, 2021

This thread is already long, just to summarize: Sieve rules are working but only in 2 of 3 possible cases. Case 1+2 working: global sieve rule (“before.dovecot.sieve” or “after.dovecot.sieve” in the config folder) Case 3 not working: user sieve rule (.dovecot.sieve within /var/mail/domain/user)

+1
cybermcm on Feb 20, 2021

I can confirm Sieve filters works !

But I also found that this

if header :contains ["From"] "mail@domain.net" {
   fileinto "Archive";
} else {
     keep;
}

is not the same that

if allof (address :is "From" "mail@domain.net")
{
   fileinto "Archive";
} else {
   keep;
}

because if you send an email with the header From: mail@domain.net your rule will work, but not if it is sent as From: Foo Bar <mail@domain.net>

+1
williamdes on Feb 20, 2021

No problem:) Just as a reminder: There’s now an action that labels and closed stale issues - just so you’re not worried when the bot kicks in.

+1
georglauterbach on Jan 19, 2021

Thanks for the clarification. Sadly, I do not have the slightest clue…

I’ll flag this a higher tier priority, maybe someone comes across.

+1
georglauterbach on Sep 13, 2020
Read more comments on GitHub
← docker-mailserver: [BUG] fresh bare-domain installation, not able to auth - dovecot
docker-mailserver: [BUG] LDAP CONFIG: Cannot receive any email with error User unknown in virtual alias table →