Differences

This shows you the differences between two versions of the page.

--- doc:appunti:linux:sa:postfix_spamassassin_clamav_dovecot [2023/02/17 18:53] – [Error Command output: Aborted] niccolo
+++ doc:appunti:linux:sa:postfix_spamassassin_clamav_dovecot [2026/06/09 10:33] (current) – [Postfix, SpamAssassin, ClamAV and Dovecot] niccolo
@@ Line 2: / Line 2: @@
 Tested on **Debian 9 Stretch**.
+:!: **WARNING**: The configuration of **Dovecot 2.2.27** (Debian 9 Stretch) is still valid in Dovecot 2.3.19 (Debian 12 Bookworm), but **it changes in Dovecot 2.4.1** (Debian 13 Trixie), requiring several **changes to the configuration files**. You can find some of the adjustments required in this page: **[[debian_upgrade_12_13#dovecot|Aggiornamento da Debian 12 a 13: Dovecot]]**.
 ===== Postfix on Port 587/TCP (submission) =====
@@ Line 176: / Line 178: @@
 Once restarted the **dovecot.service**, we will find the services listening on the well known ports, and we can check the SSL certificates.
+==== Client connections are being dropped ====
+You may encounter wanring messages like these into the mail log:
+<code>
+dovecot: master: Warning: service(imap-login): process_limit (100) reached, client connections are being dropped
+</code>
+To increase the number of process that are allowed to spawn, edit the **/etc/dovecot/conf.d/10-master.conf** file and set
+<file>
+default_process_limit = 200
+</file>
 ===== SpamAssassin Filter =====
@@ Line 209: / Line 226: @@
   * **clamdscan**
   * **clamav-freshclam**
+  * **libclamunrar9** (non-free package to scan inside RAR archives)
 Periodic download (update) of viruses database is performed by the **clamav-freshclam.service**, you can check the **/var/log/clamav/freshclam.log**.
@@ Line 287: / Line 305: @@
 postfix/local[1615363]: E85037D1C6: to=<user@domain.tld>, ...
     status=bounced (Command died with status 134:
-    "/usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"". Command output: Aborted )
+    "/usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"".
+    Command output: Aborted )
 </code>
@@ Line 316: / Line 335: @@
 </code>
-There was a problem with **the filter program responding too slowly**. It is possible to change the **exec timeout**, in this case for the **filter** extension, just add the following in **/etc/dovecot/conf.d/90-sieve-extprograms.conf**:
+There was a problem with **the filter program responding too slowly**. It is possible to change the **exec timeout**, in this case for the **filter** extension, just add the following in **/etc/dovecot/conf.d/90-sieve-extprograms.conf** (notice that you can configure ''sieve_pipe_exec_timeout'', ''sieve_filter_exec_timeout'' and ''sieve_execute_exec_timeout''):
 <file>
@@ Line 322: / Line 341: @@
   ...
   # Change the default timeout (10 seconds) for the filter extension.
-  sieve_filter_exec_timeout = 20s
+  sieve_filter_exec_timeout = 60s
+  # Change the default timeout (10 seconds) for the execute extension.
+  sieve_execute_exec_timeout = 60s
 }
 </file>
+==== Error Unable to flush stdout ====
+FIXME This error message has an unwknown origin.
+<code>
+postfix/local[1485291]: 5BDBD7D1C6: to=<user@domain.tld>, ...
+    status=bounced (Command died with status 134:
+    "/usr/lib/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT"".
+    Command output: Aborted Unable to flush stdout: Broken pipe )
+</code>
 ===== Sieve filtering =====
@@ Line 385: / Line 418: @@
 <code bash>
 #!/bin/sh
-/usr/bin/spamc
+/usr/bin/spamc --connect-timeout=5 --timeout=15
 </code>
+Notice that we set two timeouts on spamassassin client, one to connect to the daemon and one to get the result. If the daemon does not respond timely, the message is passed unchanged. Beware that **the timeouts should be lower** than the one specified into the **Dovecot LDA Sieve Extprograms plugin** configuration.
 ==== How to Test an User's Sieve Filter File ====