[How-To] Exim + Dovecot + Sieve + Roundcube + ManageSieve

Error: sieve: failed to stat sieve

Hello zEitEr, thanks for posting how-to and followed it to dot. Just checked my dovecot-lda-errors.log and its full of this error:

Error: sieve: failed to stat sieve script: stat(/var/lib/dovecot/sieve/default.sieve) failed: Permission denied (euid=515(baani) egid=12(mail) missing +x perm: /var/lib/dovecot, we're not in group 0(root), dir owned by 0:0 mode=0750)
On googling found out that i need alias for root email but i do have that in my /etc/alias for root and diradmin.

dovecot-lda.log has lot of entries with "saved mail to INBOX" i guess thats a good thing and other logs are empty.

Any suggestions how to fix this. Thanks
 
Dovecot conf
## Dovecot 2.0 configuration file

#IPv4
#listen = *

#IPv4 and IPv6:
#listen = *, ::
protocols = imap pop3 lmtp sieve
########### SSL ###########
service imap-login {
inet_listener imap {
address = *, ::
port = 143
}
inet_listener imaps {
address = *
port = 993
ssl = yes
}
service_count = 1
}

service pop3-login {
inet_listener pop3 {
address = *
port = 110
}
inet_listener pop3s {
address = *
port = 995
ssl = yes
}
}

######### End #################
auth_username_chars = abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ01234567890.-_@&
auth_verbose = yes
disable_plaintext_auth = yes
login_greeting = Dovecot DA ready.
mail_access_groups = mail
default_login_user = dovecot
mail_location = maildir:~/Maildir
passdb {
driver = shadow
}
passdb {
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}

service auth {
user = root
unix_listener auth-master {
user = mail
group = mail
mode = 0664
}
}
service imap-login {
process_min_avail = 16
user = dovecot
}
service pop3-login {
process_min_avail = 16
user = dovecot
}

# default namespace
namespace {
separator = .
prefix = INBOX.
inbox = yes
type = private
list = yes
subscriptions = yes
######### Auto create folders and subscribe ##########
mailbox Drafts {
auto = subscribe
special_use = \Drafts
}
mailbox Junk {
auto = subscribe
special_use = \Junk
}
mailbox Sent {
auto = subscribe
special_use = \Sent
}
mailbox Trash {
auto = subscribe
special_use = \Trash
}
mailbox name {
special_use = \Drafts \Junk \Sent \Trash
}
######### End ########################################
}

#ssl = yes
ssl_cert = </etc/httpd/conf/ssl.crt/server.crt
ssl_cipher_list = ALL:!ADH:RC4+RSA:+HIGH:+MEDIUM:-LOW:-SSLv2:-EXP
ssl_key = </etc/httpd/conf/ssl.key/server.key
userdb {
driver = passwd
}
userdb {
args = username_format=%n /etc/virtual/%d/passwd
driver = passwd-file
}
verbose_proctitle = yes
protocol pop3 {
pop3_uidl_format = %08Xu%08Xv
pop3_logout_format = top=%t/%p, retr=%r/%b, del=%d/%m, size=%s, bytes=%i/%o
}

protocol imap {
mail_max_userip_connections = 1024
}

service managesieve-login {
inet_listener sieve {
port = 4190
}
service_count = 1
process_min_avail = 1
vsz_limit = 64M
}
service managesieve {
process_limit = 10
}
protocol sieve {
managesieve_max_line_length = 65536
managesieve_implementation_string = dovecot
log_path = /var/log/dovecot-sieve-errors.log
info_log_path = /var/log/dovecot-sieve.log
}
plugin {
sieve = ~/.dovecot.sieve
sieve_global_path = /var/lib/dovecot/sieve/default.sieve
sieve_dir = ~/sieve
sieve_global_dir = /var/lib/dovecot/sieve/global/

# Which Sieve language extensions are available to users. By default,
# all supported extensions are available, except for deprecated
# extensions or those that are still under development. Some system
# administrators may want to disable certain Sieve extensions or
# enable those that are not available by default. This setting can
# use '+' and '-' to specify differences relative to the default.
# For example `sieve_extensions = +imapflags'' will enable the
# deprecated imapflags extension in addition to all extensions
# enabled by default.
sieve_extensions = +spamtest +spamtestplus

sieve_spamtest_status_type = text
sieve_spamtest_status_header = X-Spam-Status
sieve_spamtest_text_value1 = No
sieve_spamtest_text_value10 = Yes


}
protocol lda {
mail_plugins = $mail_plugins sieve
postmaster_address = [email protected]
hostname = server.hostname.com
auth_socket_path = /var/run/dovecot/auth-master
log_path = /var/log/dovecot-lda-errors.log
info_log_path = /var/log/dovecot-lda.log
}
protocol lmtp {
mail_plugins = $mail_plugins sieve
log_path = /var/log/dovecot-lmtp-errors.log
info_log_path = /var/log/dovecot-lmtp.log
}
 
Latest upgrade of dovecot from 2.1.8 to 2.1.9 failed due to managesieve module incompatibility. Dovecot will not start after custombuld upgrade. Simple solution for that is just recompile pigeonhole once agail with new dovecot:

Code:
cd /usr/local/src
wget http://www.rename-it.nl/dovecot/2.1/dovecot-2.1-pigeonhole-0.3.0.tar.gz
tar -zxvf dovecot-2.1-pigeonhole-0.3.0.tar.gz
cd dovecot-2.1-pigeonhole-0.3.0
./configure --prefix=/usr
make && make install
 
Hello zEitEr, thanks for posting how-to and followed it to dot. Just checked my dovecot-lda-errors.log and its full of this error:

For some reasons dovecot when dealing with emails (it's my guess only) for user baani which has no it's own sieve rules in homedir can not get access into /var/lib/dovecot/sieve/default.sieve. Is it so? In what particular situation do you get such a error message? Is my guess right? If your default.sieve rules are empty and it does not affect mail delivering to user baani, then it might ignored I guess, otherwise we need to debug it, as I was not able to repeat it on my server.
 
zEitEr, thank you for this very helpful how-to. It's working great for me.

Code:
Error: sieve: failed to stat sieve script: stat(/var/lib/dovecot/sieve/default.sieve) failed: Permission denied (euid=515(baani) egid=12(mail) missing +x perm: /var/lib/dovecot, we're not in group 0(root), dir owned by 0:0 mode=0750)

I had this problem, too. In my case it was because I had been experimenting with a more restrictive umask for root, so when I installed pigeonhole from source the o+x perm was not set on /var/lib/dovecot/ and/or /var/lib/dovecot/sieve/ There were other permissions errors, too, but the dovecot and exim logs were helpful about pointing out exactly which permissions were missing.
 
awesome ;).

I've implemented this for my premium customers as well ;).

one thing i cannot manage seems to forward mails to domains not handled by the server...
the sieve is doing it's thing though:
dovecot-lda.log:
Code:
Oct 24 15:40:59 lda([email protected]): Info: sieve: msgid=<[email protected]>: forwarded to <[email protected]>
Oct 24 15:40:59 lda([email protected]): Info: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
but it just does not arrive at my gmail... When I apply a rule to forward to a mailbox on the same server it arrives...

anyone who has an idea? (I folowed this exact howto) ;)


---------------------------------
edited:

After further testing it seems it's just gmail (and maybe other extreme providers) that do not accept the mails...

i'm searching for more info ;)
 
Last edited:
hereby logs:
mainlog.conf
Code:
2012-10-24 17:44:14 1TR37t-00008I-MC <= [email protected] H=cluster-a.mailcontrol.com [85.115.52.190] P=esmtps X=TLSv1:DHE-RSA-AES256-SHA:256 S=9590 id=0304BA8C52772F40B3BD18E56C1A015137ED4EE101@srv-uther.lwwk.local T="test" from <[email protected]> for [email protected]
2012-10-24 17:44:14 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TR37t-00008I-MC
2012-10-24 17:44:14 cwd=/tmp 4 args: /usr/sbin/exim -oMr spam-scanned -bS
2012-10-24 17:44:25 1TR37u-00008Q-3T <= [email protected] U=mail P=spam-scanned S=10234 id=0304BA8C52772F40B3BD18E56C1A015137ED4EE101@srv-uther.lwwk.local T="test" from <[email protected]> for [email protected]
2012-10-24 17:44:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TR37u-00008Q-3T
2012-10-24 17:44:25 cwd=/home/breeze/imap/breeze.be/rein.vantveer 6 args: /usr/sbin/sendmail -i -f [email protected] -- [email protected]
2012-10-24 17:44:25 1TR385-00009X-Tu <= [email protected] U=breeze P=local S=10501 id=0304BA8C52772F40B3BD18E56C1A015137ED4EE101@srv-uther.lwwk.local T="test" from <[email protected]> for [email protected]
2012-10-24 17:44:25 cwd=/var/spool/exim 3 args: /usr/sbin/exim -Mc 1TR385-00009X-Tu
2012-10-24 17:44:25 1TR385-00009X-Tu gmail-smtp-in.l.google.com [2a00:1450:4001:c02::1b] Network is unreachable
2012-10-24 17:44:26 1TR37u-00008Q-3T => rein.vantveer <[email protected]> F=<[email protected]> R=virtual_user T=dovecot_virtual_delivery S=10359
2012-10-24 17:44:26 1TR37u-00008Q-3T Completed
2012-10-24 17:44:26 1TR37t-00008I-MC => rein.vantveer <[email protected]> F=<[email protected]> R=spamcheck_director T=spamcheck S=10118
2012-10-24 17:44:26 1TR37t-00008I-MC Completed
2012-10-24 17:44:27 1TR385-00009X-Tu => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=10708 H=gmail-smtp-in.l.google.com [173.194.70.27] X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1351093466 q10si2750031weo.106"
2012-10-24 17:44:27 1TR385-00009X-Tu Completed
So: incoming mail from @liedekerke.com to exim, processed and delivered
to google (thx for the egrep, I should have done that as well)
Network is unreachable gmail-smtp-in.l.google.com
--> only ipv6 network is unavailable :)

telnet
Code:
[root@digel lib]# telnet gmail-smtp-in.l.google.com 25
Trying 173.194.70.27...
Connected to gmail-smtp-in.l.google.com.
Escape character is '^]'.
220 mx.google.com ESMTP fl3si5258911wib.25
quit
221 2.0.0 closing connection fl3si5258911wib.25
Connection closed by foreign host.
 
Last edited:
As I see the email was accepted for delivery by Gmail:

Code:
2012-10-24 17:44:27 1TR385-00009X-Tu => [email protected] F=<[email protected]> R=lookuphost T=remote_smtp S=10708 H=gmail-smtp-in.l.google.com [173.194.70.27] X=TLSv1:RC4-SHA:128 C="250 2.0.0 OK 1351093466 q10si2750031weo.106"

So you should check inbox and spam folders on Google Mail.
 
omg, I just found all the messages in my spam folder... dammit gmail... (probably something to do with the headers would be my first guess)
 
Or SPF check failed, as forwarded email goes from your server, which is not allowed to send emails for that domain from which you got the email.
 
Trying to rebuild dovecot-2.1-pigeonhole-0.3.3 for the new dovecot 2.1.11 I get these errors:

Code:
cmd-vacation.c:4:17: error: lib.h: No such file or directory
cmd-vacation.c:5:17: error: str.h: No such file or directory
cmd-vacation.c:6:22: error: strfuncs.h: No such file or directory
cmd-vacation.c:7:17: error: md5.h: No such file or directory
cmd-vacation.c:8:21: error: hostpid.h: No such file or directory
cmd-vacation.c:9:26: error: str-sanitize.h: No such file or directory
cmd-vacation.c:10:29: error: message-address.h: No such file or directory
cmd-vacation.c:11:26: error: message-date.h: No such file or directory
cmd-vacation.c:12:20: error: ioloop.h: No such file or directory

Those files are all in /usr/include/dovecot, so I tried

Code:
make -I /usr/include/dovecot/

But I still get the same errors.
 
Upgrade to 2.12 its already been released. Try a ./build update on custombuild again.
 
When we went for sieve 2 years ago, lmtp wasn't available and then with 2.0 it was unreliable. It's only recently that it's become usable, but I don't see any advantages of switching, except for the fact that it's a daemon.

That means less loads and less CPU cycles (LMTP) + better logs.
 
To switch to LMTP from LDA one need to apply some changes:

You can configure LMTP to be listening on TCP or UNIX sockets (just one of the following sections into /etc/dovecot.conf):

Code:
service lmtp {
   inet_listener lmtp {
      address = 127.0.0.1
      port = 24024
   }
}

or

Code:
service lmtp {
   unix_listener lmtp {
      mode = 0666
   }
}

if you want to use UNIX sockets.

http://wiki2.dovecot.org/LMTP

and restart dovecot.

If you've chosen TCP, then check netstat output the following way:

Code:
# netstat -antpl | grep 24024
tcp        0      0 127.0.0.1:24024             0.0.0.0:*                   LISTEN      13744/dovecot

If you've chosen sockets, then you can check existence of /var/run/dovecot/lmtp the following way:

Code:
# stat /var/run/dovecot/lmtp
  File: `/var/run/dovecot/lmtp'
  Size: 0               Blocks: 0          IO Block: 4096   socket
Device: 32h/50d Inode: 58690646    Links: 1
Access: (0666/srw-rw-rw-)  Uid: (    0/    root)   Gid: (    0/    root)
Access: 2013-04-03 20:13:32.000000000 +0700
Modify: 2013-04-03 20:13:32.000000000 +0700
Change: 2013-04-03 20:13:32.000000000 +0700

Don't know what for, but you can denote the both variants in /etc/dovecot.conf

Now you should update your /etc/exim.conf:

Find a section in /etc/exim.conf

Code:
address_reply:
  driver = autoreply

and after that add the following lines:

Code:
dovecot_lmtp_tcp:
   driver = smtp
   protocol = lmtp
   port = 24024
   hosts = localhost
   allow_localhost
   return_path_add

dovecot_lmtp_udp:
   driver = lmtp
   socket = /var/run/dovecot/lmtp
   return_path_add

Depending on what you're going to use you should change

Code:
transport = virtual_localdelivery

either to

Code:
transport = dovecot_lmtp_tcp

for TCP, or to

Code:
transport = dovecot_lmtp_udp

for sockets in section

Code:
virtual_user:

of /etc/exim.conf

And restart exim.

p.s. UNIX sockets should be a quicker way to use the things.
 
Once question for those more familiar with DirectAdmin

Hi friends,

I have setup Exim + Dovecot + Sieve + Roundcube + ManageSieve. Everything seems to be working as expected, except for the fact that my default.sieve are not being loaded.

Here is my default.sieve /var/lib/dovecot/sieve/default.sieve

Code:
require ["fileinto", "vacation"];

# Sample rule of vacation message, disabled by default.
# rule:[Vacation]
if false # true
{
    vacation :days 1 "I'm on vacation.";
}

# rule:[Move Spam to Junk Folder]
if false # header :is "X-Spam-Flag" "YES"
{
    fileinto "Junk";
    stop;
}

In Rouncdube Webmail I can create new filter rules. Just the default ones do not show up. I also tried to copy the default.sieve into roundcube's config folder (permissions webapps:webapps) and edited ./plugins/managesieve/config.inc.php:

PHP:
// default contents of filters script (eg. default spam filter)
$rcmail_config['managesieve_default'] = "/var/www/html/roundcube/config/default.sieve";

Regardless, default sieve rules do not show up. I have checked dovecot logs and there is absolutely nothing that could hint me in the right direction to correct this problem. Please help me figure it out.
 
Back
Top