Sieve redirect not sending ( permission denied duplicate check )

Community Support Mail
1

Hello,

im new to hestia but worked with some CPs before.

Today i wanted to redirect some emails, but i ran into this problem:

cat /var/log/dovecot.log | grep lda

Sep 21 17:08:09 lda([email protected])<2152843><F4WTOvkHDGWL2SAAVFq5Zw>: Error: duplicate db: transaction: file_dotlock_open(/home/USER/.dovecot.lda-dupes) failed: Permission denied
Sep 21 17:08:09 lda([email protected])<2152843><F4WTOvkHDGWL2SAAVFq5Zw>: Error: duplicate db: transaction: Failed to lock /home/USER/.dovecot.lda-dupes.locks/duplicate.lock.39cb82ee4d3213cbcb3ba98ffc06a61a: mkdir_parents(/home/USER/.dovecot.lda-dupes.locks) failed: Permission denied
Sep 21 17:08:09 lda([email protected])<2152843><F4WTOvkHDGWL2SAAVFq5Zw>: Error: sieve: msgid=<[email protected]>: redirect action: failed to check for duplicate forward to <[email protected]>
Sep 21 17:08:10 lda([email protected])<2152843><F4WTOvkHDGWL2SAAVFq5Zw>: Info: sieve: msgid=<[email protected]>: stored mail into mailbox 'INBOX'
Sep 21 17:08:10 lda([email protected])<2152843><F4WTOvkHDGWL2SAAVFq5Zw>: Info: sieve: Execution of script /home/USER/mail/DOMAIN.com/contact/dovecot.sieve failed, but implicit keep was successful (user logfile /home/USER/mail/DOMAIN.com/contact/dovecot.sieve.log may reveal additional details)

Because hestiacp seems to do otherwise a perfect job i don’t just wanna throw around with permissions.

Its a fresh install on debian 12 with hestiacp 1.8.8

Thanks for the help and im kind of in love with hestiacp!
Cheers
Mark

2

Hello @Mark,

I have the same issue and I don’t know how to solve it. Don’t know the reason pigeonhole (sieve) is trying to use user’s home instead of virtual user’s home.

The “fix” should be to modify /home/user/ dir perms but that is a security hole and Hestia could recreate the perms in a rebuild or update, so, as a workaround you could create the file and dir that sieve is trying to use.

touch /home/user/.dovecot.lda-dupes
mkdir /home/user/.dovecot.lda-dupes.locks
chown user:user /home/user/.dovecot.lda-dupes*

You will still receive errors in dovecot and sieve logs but sieve redirection… vacation, etc. should work (well, it can’t check for duplicated messages but…).

Cheers,
sahsanu

3

Yes that would also be my workaround, and because hestiacp is not my production system yet its not that urgent.

I could even manipulate the folder where it creates the files for the duplicate check, but most likely it gets overwritten with an update.

Lets see, i guess there are much smarter people out there then me :slightly_smiling_face:

Cheers,
Mark

4

I asked the question in dovecot’s mail list and seems the “issue” is the home defined in userdb/passdb:

# cat /etc/dovecot/conf.d/auth-passwdfile.conf.ext
passdb {
  driver = passwd-file
  args = scheme=MD5-CRYPT username_format=%n /etc/exim4/domains/%d/passwd
}

userdb {
  driver = passwd-file
  args = username_format=%n /etc/exim4/domains/%d/passwd
}

So I’ve been “researching” and Hestia uses /etc/exim4/domains/%d/passwd (%d is the domain name) for each domain and inside this file you have something like this:

In this example I use postmaster as mail user, admin as system user and example.com as the domain:

postmaster:{BLF-CRYPT}$2y$05$QyYhGv/LRssiexi//S19OhG9Ntma6Wiu:admin:mail::/home/admin:0:userdb_quota_rule=*:storage=0M

And /home/admin is the defined home. To be able to use sieve vacation, redirection extensions, the right home should be /home/admin/mail/example.com/postmaster where the user has write perms.

If we modify the home in passwd file:
postmaster:{BLF-CRYPT}$2y$05$QyYhGv/LRssiexi//S19OhG9Ntma6Wiu:admin:mail::/home/admin/mail/example.com/postmaster:0:userdb_quota_rule=*:storage=0M

Then we should also modify dovecot conf to use the right path for maildir_location and sieve directives:

We must edit /etc/dovecot/conf.d/10-mail.conf and replace
mail_location = maildir:%h/mail/%d/%n
by
mail_location = maildir:%h

Also edit file /etc/dovecot/conf.d/90-sieve.conf and replace
sieve = file:~/mail/%d/%n/sieve;active=~/mail/%d/%n/dovecot.sieve
by
sieve = file:~/sieve;active=~/dovecot.sieve

And the other problem is that Hestia’s commands will use /home/USER as home every time you add a new mail user, change the pass of the mail user, etc. and that means to modify at least 5 scripts:

v-add-mail-account
v-change-mail-account-password
v-change-mail-account-quota
v-suspend-mail-account
v-unsuspend-mail-account

Also sieve installation and conf, exim4 conf, etc. so I think it isn’t worth to do it because these changes could cause a lot of problems.

We can still use the workaround:

touch /home/user/.dovecot.lda-dupes
mkdir /home/user/.dovecot.lda-dupes.locks
chown user:user /home/user/.dovecot.lda-dupes*

It won’t be able to check for duplicated messages but at least vacation and redirection extensions will work.

I needed to know what was going on… now I can sleep :stuck_out_tongue:

Cheers,
sahsanu

5

I shocked about your depth knowledge of hestiacp.

In an hour I take off for a vacation, but as soon im back i take a deeper look into it.
But what i see, you figured already out everything, in detail.

Thank you very much, sahsanu.
Cheers,
Mark