Adding sieve scripts via ManageSieve protocol crash-loops Dovecot voiding mail

[Unkn0wnCat]

Contribution guidelines

• [X] I've read the contribution guidelines and wholeheartedly agree

I've found a bug and checked that ...

• [X] ... I understand that not following the below instructions will result in immediate closure and/or deletion of my issue.
• [X] ... I have understood that this bug report is dedicated for bugs, and not for support-related inquiries.
• [X] ... I have understood that answers are voluntary and community-driven, and not commercial support.
• [X] ... I have verified that my issue has not been already answered in the past. I also checked previous issues.

Description

After the newest update my mail server did not come back up fully. Dovecot was caught in a crash loop due to not being able to compile my sieve scripts. The sieve scripts were all uploaded using the ManageSieve protocol as a normal user.

I needed to mount the vmail directory and manually remove the sieve scripts to get Dovecot to start again. Unfortunately when Dovecot was crash-looping, all incoming mail was voided for almost 24 hours.

I tried re-adding the scripts afterwards one-by-one over ManageSieve, but even though no errors were displayed anywhere, Dovecot once again started voiding my mail.

Logs

sadly not available, due to me frantically restarting docker containers when I found out my mail is getting voided.

Steps to reproduce

1. Create a mailbox
2. Connect to the mailbox using ManageSieve
3. Upload the following script (Newssorter.sieve)
4. Wait a few hours
5. Try receiving any mail

System information

Question	Answer
My operating system	Ubuntu 20.04.4 LTS x86_64
Is Apparmor, SELinux or similar active?	No
Virtualization technology (KVM, VMware, Xen, etc - LXC and OpenVZ are not supported	KVM
Server/VM specifications (Memory, CPU Cores)	Intel Xeon Gold 6140 (2) @ 2.294GHz / 7957MiB RAM / 314G Disk (SSD)
Docker version (docker version)	20.10.17
docker-compose version (docker-compose version)	v2.6.0
mailcow version (git describe --tags `git rev-list --tags --max-count=1`)	2022-08a
Reverse proxy (custom solution)	Nginx

Output of git diff origin/master, any other changes to the code? If so, please post them:

Just certificates.

All third-party firewalls and custom iptables rules are unsupported. Please check the Docker docs about how to use Docker with your own ruleset. Nevertheless, iptabels output can help us to help you: iptables -L -vn:

There are a bunch of rules here, but due to this server having a lot of docker containers running the output of the iptables commands is too long and GitHub won't let me send.

I don't think you'd find anything in there anyways, as mail delivery works, just not if I add the sieve script.

ip6tables -L -vn:

See above.

iptables -L -vn -t nat:

See above.

ip6tables -L -vn -t nat:

See above.

DNS problems? Please run docker exec -it $(docker ps -qf name=acme-mailcow) dig +short stackoverflow.com @172.22.1.254 (set the IP accordingly, if you changed the internal mailcow network) and post the output:

151.101.1.69
151.101.193.69
151.101.65.69
151.101.129.69

[DerLinkman]

Is it fixed with 2022-08b?

[Unkn0wnCat]

@DerLinkman

I've got good news, and I've got bad news. Bad News: It's not fixed. Good news: I got a log this time!

mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: connect from mail-lf1-x130.google.com[2a00:1450:4864:20::130]
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: Anonymous TLS connection established from mail-lf1-x130.google.com[2a00:1450:4864:20::130] to mailcow.1in9.net: TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:55 c7a4b538881b postfix/smtpd[449]: B15F920A944: client=mail-lf1-x130.google.com[2a00:1450:4864:20::130]
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:55 c7a4b538881b postfix/cleanup[451]: B15F920A944: message-id=<CA+rbFwuRJWaR_Ke0RMErL-j8PY0LCT8p2SDvdAQsEPameN1Z5g@mail.gmail.com>
mailcowdockerized-clamd-mailcow-1      | Sat Sep 10 01:16:55 2022 -> instream(172.22.1.13@35506): OK
mailcowdockerized-php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::e -  10/Sep/2022:01:16:56 +0200 "HEAD /settings.php" 304
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:56 +0200] "HEAD /settings.php HTTP/1.1" 304 0 "-" "rspamd-3.2"
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:57 c7a4b538881b postfix/smtps/smtpd[394]: connect from unknown[5.34.207.172]
mailcowdockerized-php-fpm-mailcow-1    | 172.22.1.11 -  10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::e -  10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1    | 172.22.1.11 -  10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1    | 172.22.1.11 -  10/Sep/2022:01:16:59 +0200 "GET /bcc.php" 200
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "GET /bcc.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-php-fpm-mailcow-1    | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: query kevin@kevink.dev as username from mailbox"
mailcowdockerized-php-fpm-mailcow-1    | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: mailbox found: kevin@kevink.dev"
mailcowdockerized-php-fpm-mailcow-1    | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: RCPT RESOVLER: http pipe: goto array count on loop #1 is 0"
mailcowdockerized-php-fpm-mailcow-1    | [10-Sep-2022 01:16:59] WARNING: [pool system-worker] child 62 said into stderr: "NOTICE: PHP message: NOTIFY: pushover pipe: processing pushover message for rcpt kevin@kevink.dev"
mailcowdockerized-nginx-mailcow-1      | 2022/09/10 01:16:59 [error] 24#24: *122 FastCGI sent in stderr: "PHP message: RCPT RESOVLER: http pipe: query kevin@kevink.dev as username from mailbox
mailcowdockerized-php-fpm-mailcow-1    | fd4d:6169:6c63:6f77::e -  10/Sep/2022:01:16:59 +0200 "POST /pushover.php" 200
mailcowdockerized-nginx-mailcow-1      | PHP message: RCPT RESOVLER: http pipe: mailbox found: kevin@kevink.dev
mailcowdockerized-nginx-mailcow-1      | PHP message: RCPT RESOVLER: http pipe: goto array count on loop #1 is 0
mailcowdockerized-nginx-mailcow-1      | PHP message: NOTIFY: pushover pipe: processing pushover message for rcpt kevin@kevink.dev" while reading response header from upstream, client: 172.22.1.13, server: _, request: "POST /pushover.php HTTP/1.1", upstream: "fastcgi://[fd4d:6169:6c63:6f77::b]:9001", host: "nginx"
mailcowdockerized-nginx-mailcow-1      | 172.22.1.13 - - [10/Sep/2022:01:16:59 +0200] "POST /pushover.php HTTP/1.1" 200 5 "-" "rspamd-3.2"
mailcowdockerized-rspamd-mailcow-1     | 2022-09-10 01:16:59 #44(normal) <54c62e>; task; rspamd_task_write_log: id: <CA+rbFwuRJWaR_Ke0RMErL-j8PY0LCT8p2SDvdAQsEPameN1Z5g@mail.gmail.com>, qid: <B15F920A944>, ip: 2a00:1450:4864:20::130, from: <kevinkandlbinder@gmail.com>, (default: F (no action): [2.61/475.00] [IP_REPUTATION_SPAM(3.62){asn: 15169(-0.08), country: US(-0.01), ip: 2a00:1450:4864:20::(1.00);},DMARC_POLICY_ALLOW(-0.50){gmail.com;none;},R_DKIM_ALLOW(-0.20){gmail.com:s=20210112;},R_SPF_ALLOW(-0.20){+ip6:2a00:1450:4000::/36;},MIME_GOOD(-0.10){multipart/alternative;text/plain;},MX_GOOD(-0.01){},ARC_NA(0.00){},ARC_SIGNED(0.00){kevink.dev:s=dkim:i=1;},ASN(0.00){asn:15169, ipnet:2a00:1450::/32, country:US;},BCC(0.00){},DKIM_TRACE(0.00){gmail.com:+;},DWL_DNSWL_NONE(0.00){gmail.com:dkim;},FREEMAIL_ENVFROM(0.00){gmail.com;},FREEMAIL_FROM(0.00){gmail.com;},FROM_EQ_ENVFROM(0.00){},FROM_HAS_DN(0.00){},MID_RHS_MATCH_FROMTLD(0.00){},MIME_TRACE(0.00){0:+;1:+;2:~;},PREVIOUSLY_DELIVERED(0.00){kevin@kevink.dev;},RCPT_COUNT_ONE(0.00){1;},RCPT_MAILCOW_DOMAIN(0.00){kevink.dev;},RCVD_COUNT_TWO(0.00){2;},RCVD_IN_DNSWL_NONE(0.00){2a00:1450:4864:20::130:from;},RCVD_TLS_LAST(0.00){},TO_DN_EQ_ADDR_ALL(0.00){},TO_MATCH_ENVRCPT_ALL(0.00){}]), len: 2918, time: 3954.771ms, dns req: 34, digest: <aa79db6514ecbed850c161311d664014>, rcpts: <kevin@kevink.dev>, mime_rcpts: <kevin@kevink.dev>
mailcowdockerized-rspamd-mailcow-1     | 2022-09-10 01:16:59 #44(normal) <54c62e>; task; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 3 regexps matched, 3254 regexps total, 2992 regexps cached, 0B scanned using pcre, 1.76KiB scanned total
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:59 c7a4b538881b postfix/qmgr[379]: B15F920A944: from=<kevinkandlbinder@gmail.com>, size=3383, nrcpt=1 (queue active)
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(508): Connect from fd4d:6169:6c63:6f77::f
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Panic: file hash.c: line 252 (hash_table_insert_node): assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:16:59 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7f212e0d9582] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7f212e0d969e] -> /usr/lib/dovecot/libdovecot.so.0(+0x1022fb) [0x7f212e0e62fb] -> /usr/lib/dovecot/libdovecot.so.0(+0x102391) [0x7f212e0e6391] -> /usr/lib/dovecot/libdovecot.so.0(+0x55589) [0x7f212e039589] -> /usr/lib/dovecot/libdovecot.so.0(+0x563bf) [0x7f212e03a3bf] -> /usr/lib/dovecot/libdovecot-sieve.so.0(ext_include_binary_script_include+0x83) [0x7f212d322453] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x6d693) [0x7f212d322693] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_binary_open+0x35d) [0x7f212d2f1f7d] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_open_script+0x72) [0x7f212d3122d2] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x2ddd) [0x7f212d381ddd] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3931) [0x7f212d382931] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x179) [0x7f212e3288d9] -> dovecot/lmtp(lmtp_local_default_deliver+0x1d4) [0x5648bdf95724] -> dovecot/lmtp(lmtp_local_data+0x5ac) [0x5648bdf95e7c] -> dovecot/lmtp(client_default_cmd_data+0x18d) [0x5648bdf9483d] -> dovecot/lmtp(cmd_data_continue+0x180) [0x5648bdf945d0] -> /usr/lib/dovecot/libdovecot.so.0(+0x74ebb) [0x7f212e058ebb] -> /usr/lib/dovecot/libdovecot.so.0(+0x756fd) [0x7f212e0596fd] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_call_hooks+0xbe) [0x7f212e05d5be] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_next_to_reply+0x55) [0x7f212e05d685] -> /usr/lib/dovecot/libdovecot.so.0(+0x7e3ba) [0x7f212e0623ba] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f212e0fc529] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x96) [0x7f212e0fc616] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f212e0fc790] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f212e06f353] -> dovecot/lmtp(main+0x22a) [0x5648bdf9327a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f212de41d0a] -> dovecot/lmtp(_start+0x2a) [0x5648bdf9338a]
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:16:59 c7a4b538881b postfix/smtps/smtpd[394]: Anonymous TLS connection established from unknown[5.34.207.172]: TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:17:00 c7a4b538881b postfix/lmtp[452]: B15F920A944: lost connection with dovecot[fd4d:6169:6c63:6f77::10] while sending end of data -- message may be sent more than once
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<508><uOGBKmvJG2P8AQAAY0Dptw>: Fatal: master: service(lmtp): child 508 killed with signal 6 (core dumped)
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(546): Connect from 172.22.1.253
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Panic: file hash.c: line 252 (hash_table_insert_node): assertion failed: (opcode == HASH_TABLE_OP_UPDATE)
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Error: Raw backtrace: /usr/lib/dovecot/libdovecot.so.0(backtrace_append+0x42) [0x7f34b1f6d582] -> /usr/lib/dovecot/libdovecot.so.0(backtrace_get+0x1e) [0x7f34b1f6d69e] -> /usr/lib/dovecot/libdovecot.so.0(+0x1022fb) [0x7f34b1f7a2fb] -> /usr/lib/dovecot/libdovecot.so.0(+0x102391) [0x7f34b1f7a391] -> /usr/lib/dovecot/libdovecot.so.0(+0x55589) [0x7f34b1ecd589] -> /usr/lib/dovecot/libdovecot.so.0(+0x563bf) [0x7f34b1ece3bf] -> /usr/lib/dovecot/libdovecot-sieve.so.0(ext_include_binary_script_include+0x83) [0x7f34b11b6453] -> /usr/lib/dovecot/libdovecot-sieve.so.0(+0x6d693) [0x7f34b11b6693] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_binary_open+0x35d) [0x7f34b1185f7d] -> /usr/lib/dovecot/libdovecot-sieve.so.0(sieve_open_script+0x72) [0x7f34b11a62d2] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x2ddd) [0x7f34b1215ddd] -> /usr/lib/dovecot/modules/lib90_sieve_plugin.so(+0x3931) [0x7f34b1216931] -> /usr/lib/dovecot/libdovecot-lda.so.0(mail_deliver+0x179) [0x7f34b21bc8d9] -> dovecot/lmtp(lmtp_local_default_deliver+0x1d4) [0x556ac3b74724] -> dovecot/lmtp(lmtp_local_data+0x5ac) [0x556ac3b74e7c] -> dovecot/lmtp(client_default_cmd_data+0x18d) [0x556ac3b7383d] -> dovecot/lmtp(cmd_data_continue+0x180) [0x556ac3b735d0] -> /usr/lib/dovecot/libdovecot.so.0(+0x74ebb) [0x7f34b1eecebb] -> /usr/lib/dovecot/libdovecot.so.0(+0x756fd) [0x7f34b1eed6fd] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_call_hooks+0xbe) [0x7f34b1ef15be] -> /usr/lib/dovecot/libdovecot.so.0(smtp_server_command_next_to_reply+0x55) [0x7f34b1ef1685] -> /usr/lib/dovecot/libdovecot.so.0(+0x7e3ba) [0x7f34b1ef63ba] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_call_io+0x69) [0x7f34b1f90529] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_handler_run+0x96) [0x7f34b1f90616] -> /usr/lib/dovecot/libdovecot.so.0(io_loop_run+0x40) [0x7f34b1f90790] -> /usr/lib/dovecot/libdovecot.so.0(master_service_run+0x13) [0x7f34b1f03353] -> dovecot/lmtp(main+0x22a) [0x556ac3b7227a] -> /lib/x86_64-linux-gnu/libc.so.6(__libc_start_main+0xea) [0x7f34b1cd5d0a] -> dovecot/lmtp(_start+0x2a) [0x556ac3b7238a]
mailcowdockerized-dovecot-mailcow-1    | Sep 10 01:17:00 3a9b0a0efb57 dovecot: lmtp(kevin@kevink.dev)<546><tAUvCWzJG2MiAgAAY0Dptw>: Fatal: master: service(lmtp): child 546 killed with signal 6 (core dumped)
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:17:00 c7a4b538881b postfix/lmtp[452]: B15F920A944: to=<kevin@kevink.dev>, relay=dovecot[172.22.1.250]:24, delay=4.9, delays=4.1/0.02/0.45/0.37, dsn=4.4.2, status=deferred (lost connection with dovecot[172.22.1.250] while sending end of data -- message may be sent more than once)
mailcowdockerized-watchdog-mailcow-1   | Sat Sep 10 01:17:02 CEST 2022 Dovecot replication health level: 100% (20/20), health trend: 0
mailcowdockerized-watchdog-mailcow-1   | Sat Sep 10 01:17:03 CEST 2022 Fail2ban health level: 100% (1/1), health trend: 0
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:17:06 c7a4b538881b postfix/smtps/smtpd[394]: warning: unknown[5.34.207.172]: SASL LOGIN authentication failed: UGFzc3dvcmQ6
mailcowdockerized-netfilter-mailcow-1  | 5.34.207.172 matched rule id 1 (warning: unknown[5.34.207.172]: SASL LOGIN authentication failed: UGFzc3dvcmQ6)
mailcowdockerized-netfilter-mailcow-1  | 1 more attempts in the next 600 seconds until 5.34.207.0/24 is banned
mailcowdockerized-watchdog-mailcow-1   | Sat Sep 10 01:17:06 CEST 2022 Unbound health level: 100% (5/5), health trend: 0
mailcowdockerized-rspamd-mailcow-1     | 2022-09-10 01:17:07 #43(controller) <6bf684>; csession; rspamd_protocol_http_reply: regexp statistics: 0 pcre regexps scanned, 0 regexps matched, 3254 regexps total, 2444 regexps cached, 0B scanned using pcre, 102B scanned total
mailcowdockerized-watchdog-mailcow-1   | Sat Sep 10 01:17:07 CEST 2022 Rspamd health level: 100% (5/5), health trend: 0
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:17:08 c7a4b538881b postfix/smtps/smtpd[394]: lost connection after AUTH from unknown[5.34.207.172]
mailcowdockerized-postfix-mailcow-1    | Sep 10 01:17:08 c7a4b538881b postfix/smtps/smtpd[394]: disconnect from unknown[5.34.207.172] ehlo=1 auth=0/1 rset=1 commands=2/3
mailcowdockerized-watchdog-mailcow-1   | Sat Sep 10 01:17:09 CEST 2022 Olefy health level: 100% (5/5), health trend: 0

[DerLinkman]

Have you tried to insert this script via the mailcow UI?

You can click on validate and see if this one works with mailcow.

[Unkn0wnCat]

@DerLinkman

I've added it via the web-UI now, and that forced me to remove the require "include"; statement at the top and all return; statements. It works now, but still kinda weird it's possible for any user to essentially perform a Denial of Service against the mailcow stack by uploading a Sievescript which includes include and then receiving mail.

Although my personal issue is somewhat fixed / worked around, I still think the root issue needs to be addressed urgently!

[DerLinkman]

That's definitely critical and has to been tracked down!

But for clarification does it worked before?

[Unkn0wnCat]

It did not let me save without rewriting it

[DerLinkman]

Understood and reproduceable.

But I was asking: Was it working before the August update?

[Unkn0wnCat]

Jup it broke right post-update, unfortunately I can't 100% say from which version I updated.

All I can say is it was working, I ran ./update.sh and it stopped working instantly with me realizing the next day when no mail came in for 20 hours 😛

By the way, for me it could also only be fixed by mounting the mail directory and manually removing the sieve script files, so if anyone else is stuck at any point past return:

1. Run docker run --rm -i -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim bash
2. cd to /vmail and find the offending sieve scripts
3. mv them to /backup (or delete them if you have copies elsewhere)

At least that's how I did it

[nigelterry]

I have the same issue. This fix worked for me, although I needed to allocate a pseudo-tty using the command:

docker run --rm -it -v $(docker inspect --format '{{ range .Mounts }}{{ if eq .Destination "/var/vmail" }}{{ .Name }}{{ end }}{{ end }}' $(docker compose ps -q dovecot-mailcow)):/vmail -v ${PWD}:/backup debian:stretch-slim bash

[milkmaker]

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs.