doc:appunti:linux:sa:postfix_spamassassin_clamav_dovecot
Differences
This shows you the differences between two versions of the page.
Both sides previous revisionPrevious revisionNext revision | Previous revisionNext revisionBoth sides next revision | ||
doc:appunti:linux:sa:postfix_spamassassin_clamav_dovecot [2021/03/01 17:42] – [Dovecot Authentication] niccolo | doc:appunti:linux:sa:postfix_spamassassin_clamav_dovecot [2023/02/24 16:18] – [Sanitizer/ClamAV Filter] niccolo | ||
---|---|---|---|
Line 209: | Line 209: | ||
* **clamdscan** | * **clamdscan** | ||
* **clamav-freshclam** | * **clamav-freshclam** | ||
+ | * **libclamunrar9** (non-free package to scan inside RAR archives) | ||
Periodic download (update) of viruses database is performed by the **clamav-freshclam.service**, | Periodic download (update) of viruses database is performed by the **clamav-freshclam.service**, | ||
Line 251: | Line 252: | ||
mailbox_command = / | mailbox_command = / | ||
</ | </ | ||
+ | |||
+ | ==== Error stats-writer Broken pipe ==== | ||
+ | |||
+ | **WARNING**: | ||
+ | |||
+ | < | ||
+ | postfix/ | ||
+ | status=bounced (Command died with status 134: | ||
+ | "/ | ||
+ | Command output: lda(lica-marilena): | ||
+ | Error: net_connect_unix(/ | ||
+ | Permission denied Aborted Unable to flush stdout: Broken pipe ) | ||
+ | </ | ||
+ | |||
+ | It seems that the quickest and simplest solution is to make the socket **0666 mode** (which will risk the stats service to be abused). Add the following snippet to **/ | ||
+ | |||
+ | < | ||
+ | service stats { | ||
+ | unix_listener stats-writer { | ||
+ | mode = 0666 | ||
+ | } | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | See the following posts about the problem: | ||
+ | |||
+ | * [[https:// | ||
+ | * [[https:// | ||
+ | |||
+ | ==== Error Command output: Aborted ==== | ||
+ | |||
+ | Another subtle error with Dovecot LDA can be reported generically into the Postfix log as: | ||
+ | |||
+ | < | ||
+ | postfix/ | ||
+ | status=bounced (Command died with status 134: | ||
+ | "/ | ||
+ | Command output: Aborted ) | ||
+ | </ | ||
+ | |||
+ | To get some hints about the problem you can enable logging in Dovecot LDA; you can add the following in **/ | ||
+ | |||
+ | < | ||
+ | protocol lda { | ||
+ | ... | ||
+ | log_path = / | ||
+ | info_log_path = / | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | and create the log files with suitable permissions (in my case the LDA is executed with user's privileges, so I made it world-writable). | ||
+ | |||
+ | < | ||
+ | lda(username)< | ||
+ | exec:/ | ||
+ | Execution timed out (> 10000 msecs) | ||
+ | lda(username)< | ||
+ | exec:/ | ||
+ | Forcibly terminated with signal 15 | ||
+ | lda(username)< | ||
+ | output stream (temp iostream in / | ||
+ | for (program client seekable output)) is missing error handling | ||
+ | lda(username)< | ||
+ | Raw backtrace: / | ||
+ | </ | ||
+ | |||
+ | There was a problem with **the filter program responding too slowly**. It is possible to change the **exec timeout**, in this case for the **filter** extension, just add the following in **/ | ||
+ | |||
+ | < | ||
+ | plugin { | ||
+ | ... | ||
+ | # Change the default timeout (10 seconds) for the filter extension. | ||
+ | sieve_filter_exec_timeout = 20s | ||
+ | } | ||
+ | </ | ||
+ | |||
+ | ==== Error Unable to flush stdout ==== | ||
+ | |||
+ | FIXME This error message has an unwknown origin. | ||
+ | |||
+ | < | ||
+ | postfix/ | ||
+ | status=bounced (Command died with status 134: | ||
+ | "/ | ||
+ | Command output: Aborted Unable to flush stdout: Broken pipe ) | ||
+ | </ | ||
===== Sieve filtering ===== | ===== Sieve filtering ===== | ||
Line 360: | Line 447: | ||
terminated with non-zero exit code 127 | terminated with non-zero exit code 127 | ||
</ | </ | ||
+ | |||
+ | FIXME How to handle errors in filter external commands? The default action is to send a **non-delivery notification**, | ||
==== Multiple Sieve Scripts ==== | ==== Multiple Sieve Scripts ==== | ||
Line 403: | Line 492: | ||
The files (with the .sieve extension) will be searched into the proper directory. | The files (with the .sieve extension) will be searched into the proper directory. | ||
+ | |||
+ | ==== Using Sieve to decode winmail.dat attachments ==== | ||
+ | |||
+ | Microsoft Outlook uses the infamous **winmail.dat** attachment to forward emails: it is the proprietary **TNEF** format. In this article you can find a recipe to filter that attachments using a Sieve filter: **[[sieve_filtering_tnef]]**. | ||
+ | |||
===== Roundcube with MySQL ===== | ===== Roundcube with MySQL ===== | ||
Line 771: | Line 865: | ||
</ | </ | ||
+ | **NOTICE**: The Dovecot' | ||
==== Dovecot quota status service for Postfix ==== | ==== Dovecot quota status service for Postfix ==== | ||
Line 800: | Line 895: | ||
< | < | ||
+ | # === WARNING === | ||
+ | # Both " | ||
+ | # required, otherwise the Postfix quota-status check will always | ||
+ | # return DUNNO (i.e. user is under quota). This is because | ||
+ | # without those two parameters the quota check is skipped | ||
+ | # completely, as seen in the mail_debug = yes log: | ||
+ | # Debug: quota: quota_over_flag check: quota_over_script unset - skipping | ||
+ | # | ||
+ | # Actually we don't have a " | ||
+ | # when quota-status service is called by Postfix, the value | ||
+ | # quota_over_flag=0(*dummy*) is assumed due the config values | ||
+ | # below. Current quota status for the user is then checked by | ||
+ | # querying the filesystem and it will be 1 for overquota, 0 | ||
+ | # otherwise. | ||
+ | # | ||
+ | # As a side effect, the quota-warning script is executed at | ||
+ | # every check if the user is overquota because 0 mismatches 1. | ||
plugin { | plugin { | ||
quota_over_flag_value = FALSE | quota_over_flag_value = FALSE | ||
Line 855: | Line 967: | ||
Subject: Attenzione: mailbox quasi piena | Subject: Attenzione: mailbox quasi piena | ||
Date: $DATE | Date: $DATE | ||
+ | Content-Type: | ||
+ | Content-Transfer-Encoding: | ||
La tua mailbox è quasi piena; lo spazio occupato ha superato il ${ARG1}%. | La tua mailbox è quasi piena; lo spazio occupato ha superato il ${ARG1}%. | ||
Line 873: | Line 987: | ||
action=554 5.2.2 Quota exceeded (mailbox for user is full) | action=554 5.2.2 Quota exceeded (mailbox for user is full) | ||
</ | </ | ||
+ | |||
+ | The **554 Quota exceeded error** should be returned when the **actual user's quota** plus the announced **size** will exceed the filesystem **soft quota** plus the **quota_grace** percentage. | ||
+ | |||
+ | Another way to check the service using a single command line is using **netcat**: | ||
+ | |||
+ | < | ||
+ | printf " | ||
+ | </ | ||
In Postfix configuration **/ | In Postfix configuration **/ |
doc/appunti/linux/sa/postfix_spamassassin_clamav_dovecot.txt · Last modified: 2023/10/30 11:09 by niccolo