Hugh Guiney's questions

• Arch Linux
• Linux 内核 4.9.36（64 位）
• 鸽舍 2.2.31 (65cde28)
• 在 Perl 版本 5.26.0 上运行的 SpamAssassin 版本 3.4.1
• 鸽巢 0.4.19-1

尝试按照 Arch Linux Wiki 的Sieve 教程（我从遵循虚拟用户邮件系统教程结束）来为第一批人设置邮件服务器。

这应该启用spamtest和spamtestplus。逐字记录 Wiki 所要求的内容，但sieve_trace_debug为了便于阅读并删除了文档注释。

/etc/dovecot/conf.d/90-sieve.conf：

plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve

  # Start Arch Linux Wiki Config <https://wiki.archlinux.org/index.php/Dovecot#Sieve>
  sieve_extensions = +spamtest +spamtestplus

  sieve_spamtest_status_type = score
  sieve_spamtest_status_header = \
    X-Spam_score: (-?[[:digit:]]+\.[[:digit:]]).*
  sieve_spamtest_max_value = 5.0

  sieve_before = /var/lib/dovecot/sieve/global_sieves/move_to_spam_folder.sieve
  # End Arch Linux Wiki Config

  sieve_trace_debug = yes
}

这应该将垃圾邮件路由到垃圾文件夹。

/var/lib/dovecot/sieve/global_sieves/move_to_spam_folder.sieve：

require "spamtestplus";
require "fileinto";
require "relational";
require "comparator-i;ascii-numeric";

if spamtest :value "ge" :comparator "i;ascii-numeric" "5" {
  fileinto "Junk";
}

试图编译上面的。

$ sudo sievec /var/lib/dovecot/sieve/global_sieves/move_to_spam_folder.sieve：

move_to_spam_folder: line 1: error: require command: unknown Sieve capability `spamtestplus'.
move_to_spam_folder: line 6: error: unknown test 'spamtest' (only reported once at first occurrence).
move_to_spam_folder: error: validation failed.
sievec(foo): Error: failed to compile sieve script '/var/lib/dovecot/sieve/global_sieves/move_to_spam_folder.sieve’

没有工作，因为它找不到spamtestand spamtestplus。所以我测试了配置。

sudo sieve-test -t - -Tlevel=matching /etc/dovecot/conf.d/90-sieve.conf /home/foo/test.eml：

90-sieve.conf: line 2: error: unexpected character(s) starting with '='.
90-sieve.conf: line 2: error: expected end of command ';' or the beginning of a compound block '{', but found unknown characters.
90-sieve.conf: line 2: error: unexpected character(s) starting with '~'.
90-sieve.conf: line 2: error: unexpected character(s) starting with '='.
90-sieve.conf: line 2: error: expected end of command ';' or the beginning of a compound block '{', but found unknown characters.
90-sieve.conf: line 2: error: unexpected character(s) starting with '.'.
90-sieve.conf: line 2: error: unexpected character(s) starting with '.'.
90-sieve.conf: line 5: error: unexpected character(s) starting with '='.
90-sieve.conf: line 5: error: unexpected character(s) starting with '+'.
90-sieve.conf: line 5: error: unexpected character(s) starting with '+'.
90-sieve.conf: line 7: error: unexpected character(s) starting with '='.
90-sieve.conf: line 8: error: unexpected character(s) starting with '='.
90-sieve.conf: line 8: error: unexpected character(s) starting with '\'.
90-sieve.conf: line 9: error: unexpected character(s) starting with '-'.
90-sieve.conf: line 9: error: unexpected character(s) starting with '-'.
90-sieve.conf: line 9: error: unexpected character(s) starting with '+'.
90-sieve.conf: line 9: error: unexpected character(s) starting with '.'.
90-sieve.conf: line 10: error: unexpected character(s) starting with '='.
90-sieve.conf: line 10: error: unexpected character(s) starting with '.'.
90-sieve.conf: line 12: error: unexpected character(s) starting with '='.
90-sieve.conf: line 12: error: unexpected character(s) starting with '.'.
90-sieve.conf: line 15: error: unexpected character(s) starting with '='.
90-sieve.conf: error: parse failed.

显然它甚至无法读取/etc/dovecot/conf.d/90-sieve.conf？它在等号上窒息？

似乎如果我修复了这个错误，我可以启用spamtestand spamtestplus，这反过来会[潜在地]修复sievec编译错误。

doveconf -n：

# 2.2.31 (65cde28): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.19 (e5c7051)
# OS: Linux 4.9.36-x86_64-linode85 x86_64 Arch Linux
mail_home = /home/vmail/%d/%n
mail_location = maildir:~
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
passdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}
protocols = imap pop3
service auth {
  unix_listener auth-client {
    group = postfix
    mode = 0660
    user = postfix
  }
  user = root
}
ssl_cert = </etc/ssl/private/vmail.crt
ssl_key =  # hidden, use -P to show it
userdb {
  args = /etc/dovecot/dovecot-sql.conf
  driver = sql
}

在 Arch Linux 上运行 Apache 2.4.10。

我试图限制 SFTP 用户只能访问他的主目录，public即虚拟主机目录下的文件夹，而无法访问该虚拟主机目录。现在，当我以用户身份登录时，我仍然可以遍历目录树，并浏览整个文件系统。以下是当前权限：

drwxr-xr--  6 vhostname vhostname 4096 Apr 23 19:17 .
drwxrwxr-x 25 root      root      4096 Apr 23 18:43 ..
-rw-r--r--  1 vhostname vhostname   21 Apr 23 18:43 .bash_logout
-rw-r--r--  1 vhostname vhostname   57 Apr 23 18:43 .bash_profile
-rw-r--r--  1 vhostname vhostname  141 Apr 23 18:43 .bashrc
drwx--x--x  2 vhostname vhostname 4096 Apr 23 18:43 fcgi-bin
drwx--x--x  3 vhostname vhostname 4096 Apr 23 18:43 logs
drwx--x--x  2 vhostname vhostname 4096 Apr 23 18:43 private
drwx--x--x  7 user      user      4096 Apr 23 19:25 public

如果 I chmod o-x .，那么我得到一个 403。似乎 Apache 需要执行权限才能为该站点提供服务。然而 suEXEC 将站点运行为vhostname:vhostname，那么为什么缺少外部用户/组的权限很重要？

虚拟主机配置：

<VirtualHost *:80>
  ServerAdmin admin@example.com
  DocumentRoot "/srv/www/vhostname/public/"
  ServerName vhostname.com
  ServerAlias *.vhostname.com
  SuexecUserGroup vhostname vhostname
  ErrorLog "/srv/www/vhostname/logs/error.log"
  LogLevel debug
  CustomLog "/srv/www/vhostname/logs/access.log" combined

  <Directory /srv/www/vhostname/public>
    AllowOverride All
    Options Indexes FollowSymLinks MultiViews
    Require all granted
  </Directory>

  # http://www.linode.com/forums/viewtopic.php?t=2982
  <IfModule !mod_php5.c>
  <IfModule !mod_php5_filter.c>
  <IfModule !mod_php5_hooks.c>
  <IfModule mod_actions.c>
  <IfModule mod_alias.c>
  <IfModule mod_mime.c>
  <IfModule mod_fcgid.c>
    AddHandler php-fcgi .php
    Action php-fcgi /fcgi-bin/php-fcgid-wrapper
    Alias /fcgi-bin/ /srv/www/vhostname/fcgi-bin/ 

    <Location /fcgi-bin/>
      SetHandler fcgid-script
      Options +ExecCGI
      Require all granted
    </Location>

    ReWriteEngine On
    ReWriteRule ^/fcgi-bin/[^/]*$ / [L,PT]
  </IfModule>
  </IfModule>
  </IfModule>
  </IfModule>
  </IfModule>
  </IfModule>
  </IfModule>
</VirtualHost>

• Arch Linux 2011.08.19 (Linux 3.4.2 i686)
• 带有 SuExec 的 Apache 2.2.22
• PHP 5.4.4 (cli) 通过 FastCGI

我的网站早些时候都运行良好......我不确定它是什么时候发生的，因为我在一个多星期后注意到它（我猜可能是在系统升级之后），但是我所有的 VirtualHosts 都因可怕的“脚本过早结束”而脱机标头：php-fcgid-wrapper” 500 错误。

SuExec 日志为每个站点提供了以下信息：

[2012-07-16 00:45:02]: uid: (1001/site) gid: (1001/site) cmd: php-fcgid-wrapper
[2012-07-16 00:45:02]: command not in docroot (/var/www/site/fcgi-bin/php-fcgid-wrapper)

这不是（或者至少不应该）是真的……我使用set自动编译 Apache--with-suexec-docroot=/srv/www。尽管如此，我还是尝试了完整性检查，看看 docroot SuExec 实际上认为它有什么：

$ suexec -V
suexec policy violation: see suexec log for more details

日志声称：

[2012-07-16 01:07:52]: too few arguments

也用 sudo 试过；一样。因此，即使这样也没有任何意义，并且使我无法正确诊断问题。

我尝试的另一件事是将所有内容从默认的 docroot 移动/srv/www到/var/www，以查看它是否在升级期间恢复为原始存储库版本。更新了我的 VirtealHosts，重新启动了 Apache，但仍然出现相同的 500 错误。

还有什么可能导致这个？