Hello,

Thank's for your work.

I try learning rspamd with sieve but I don't seem to have any action

Installation ok (make install), no error

I then activated debug on rspamd to see if it had an action (debug_modules = ["bayes"]) but I had nothing visible in the log when I moved a message to the Junk folder

So I activated the debug on dovecot:

+ mail_debug = yes
- sieve_global_extensions = + vnd.dovecot.pipe + vnd.dovecot.environment
+ sieve_global_extensions = + vnd.dovecot.pipe + vnd.dovecot.environment + vnd.dovecot.debug

I added debug_logs everywhere but I never see the messages ...

In my log if i move email to junk folter :

Jun 7 23:54:42 srvweb dovecot: imap(david@aaaaa.fr): Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Seen)
Jun 7 23:54:45 srvweb dovecot: imap(david@aaaaa.fr): Debug: imapsieve: mailbox INBOX: FLAG event (changed flags: \Seen)
Jun 7 23:54:52 srvweb dovecot: imap(david@aaaaa.fr): Debug: imapsieve: mailbox Junk: MOVE event
Jun 7 23:54:53 srvweb dovecot: imap(david@aaaaa.fr): Debug: Mailbox Junk: Opened mail UID=5084 because: 8/14 headers not cached (first=BCC) (Mail has other cached fields, reset_id=1337580643)

I tried to modify the script "pipe" (write a date in a file just to know if the script is launched)

File /usr/lib/dovecot/sieve-pipe/learn-spam.rspamd.script

#!/bin/bash
+ date > /tmp/spam.txt
[...]

But the file was never created ...

My dovecot.conf : https://pastebin.zici.fr/?3b10340ac848d54e#/2y5X11awYKXXyHuP4pebJU8TVApM5FUgOgDh+/XfOQ=
Debian 9 (with ispconfig)
Dovecot 2.2.27
Rspamd 2.5

If you have a job lead for me I will be happy ....

Thanks in advance

make sure the scripts are in the directory configured with sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe

and with the mail_log enabled you should actually see the script being called (from journalctl -b --no-tail)

Jun 08 01:50:02 mail vmail[26246]: Using socket connection to rspamd
Jun 08 01:50:02 mail rspamd[1204]: 2020-06-08 01:50:02 #1338(controller) <b33fc1>; csession; rspamd_controller_check_password: allow unauthorized connection from a unix socket
[SNIP]
Jun 08 01:50:02 mail dovecot[9013]: imap(...)<26241><hjm+JoenwuggAwDjfxGmETaX9v/+MYA0>: copy from INBOX: box=INBOX/Spam, uid=40275, msgid=<...>

Also check your apparmor/selinux settings. (/var/log/audit/audit.log)

make sure the scripts are in the directory configured with sieve_pipe_bin_dir = /usr/lib/dovecot/sieve-pipe

root@srvweb:~# ls -la /usr/lib/dovecot/sieve-pipe
total 24
drwxr-xr-x 2 root root  4096 juin   7 23:01 .
drwxr-xr-x 5 root root 12288 juin   7 22:51 ..
-rwxr-xr-x 1 root root  2579 juin   7 22:51 learn-ham.rspamd.script
-rwxr-xr-x 1 root root  2600 juin   7 23:01 learn-spam.rspamd.script

Also check your apparmor/selinux settings. (/var/log/audit/audit.log)

I am under debian 9 and apparmor is not installed:

root@srvweb:~# aptitude search apparmor
p   apparmor                     

I have no line added to my log regarding rspamd when I move a message.

I suspect that it is dovecot which does not send / which does not read sieve scripts well but I do not know how to make sure ...

Debug mod for sieve in my log : https://pastebin.zici.fr/?a465828c5d99f13f#WH2YP05E/Z52EkTTg2vfgrK2AlBC9v2vhGqFfNsjaXw=

Debug mod for sieve in my log if i move message in Junk : https://pastebin.zici.fr/?ec5489af0b3d6340#O+w9aK4IfmfLlFE9y4v9uHEyaDolBVaee8yVVAsEfyE=

It says "marked in lu" but it doesn't ... maybe a lead?

Debug mod for sieve in my log if i move message in Inbox (from Junk) : https://pastebin.zici.fr/?39b6978c38174bfa#3vQbjMkOW/WFJUteZm5dnq6kJa2BRxTjQ8OATtua0ZU=