Dovecot+Sieve : move spam to spam folder - doesn't work

Hi all,
I’m trying to setting up an automatic rule for dovecot+sieve for moving spam to user’s spam folder but I’m unable to achieve requested result.
I send an email with Gtube spam-test, from root to user :

sendmail myuser@srvoreal < /home/myuser/Documenti/GTUBE_SpamTest.txt

Amavis correctly identify it as spam and add ‘X-Spam-Flag: YES’ to email
Email arrive at user (myuser) but dovecot+sieve doesn’t move it in folder Spam
This is the output of doveconf -n

# 2.2.27 (c0f36b0): /etc/dovecot/dovecot.conf
# Pigeonhole version 0.4.16 (fed8554)
# OS: Linux 4.4.46-11-default x86_64 openSUSE 42.2 (x86_64) 
disable_plaintext_auth = no
hostname =
listen = *
log_path = /var/log/dovecot/dovecot.log
mail_debug = yes
mail_location = maildir:~/Maildir
managesieve_notify_capability = mailto
managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date index ihave duplicate mime foreverypart extracttext
namespace inbox {
  inbox = yes
  location = 
  mailbox Drafts {
    special_use = \Drafts
  mailbox Junk {
    special_use = \Junk
  mailbox Sent {
    special_use = \Sent
  mailbox "Sent Messages" {
    special_use = \Sent
  mailbox Trash {
    special_use = \Trash
  prefix = 
passdb {
  driver = pam
plugin {
  sieve = file:~/sieve;active=~/.dovecot.sieve
postmaster_address =
protocols = imap pop3 lmtp sieve
service managesieve-login {
  inet_listener sieve {
    port = 4190
ssl = no
ssl_cipher_list = ALL:!aNULL:!eNULL:!EXPORT:!DES:!3DES:!MD5:!PSK:!RC4:!ADH:!LOW@STRENGTH
ssl_dh_parameters_length = 2048
ssl_options = no_compression
ssl_prefer_server_ciphers = yes
ssl_protocols = !SSLv2 !SSLv3
userdb {
  driver = passwd
protocol lmtp {
  info_log_path = /var/log/dovecot/lmtp.log
  log_path = /var/log/dovecot/lmtp-errors.log
  mail_plugins = " sieve"
protocol lda {
  info_log_path = /var/log7dovecot/lda.log
  log_path = /var/log/dovecot/lda-errors.log
  mail_plugins = " sieve"
protocol imap {
  info_log_path = /var/log/dovecot/imap.log
  log_path = /var/log/dovecot/imap-errors.log
protocol sieve {
  info_log_path = /var/log/dovecot/sieve.log
  log_path = /var/log/dovecot/sieve-errors.log
  managesieve_implementation_string = Dovecot Pigeonhole

Under /home/imas/Maildir exists the Spam subfolder
I’ve created this personal sieve rule with KMail / roundcube :

require "fileinto"];
# rule:[MuoviSpam_User]
if header :contains "X-Spam-Flag" "YES"
    fileinto "Spam";

and saved it into /home/myuser/sieve/managesieve.sieve
I’ve checked it with sievec -d command (there is no errors) and I’ve compiled it with sievec command
I’ve also tried to use this rule as general rule for all users inserting it in /var/lib/dovecot/sieve/default.sieve (file ownership/permission 644 dovecot:dovecot)
and enabling it in file 90-sieve.conf with directive sieve_default but nothing happens.

Other (maybe) useful info :
I use postfix with amavis (postifix to amavis with inet:localhost:10024 and back to postfix with inet:localhost:10025)

It’s seem that sieve is simply ignored …


I had this too.
In my case execution was blocked by AppArmor. Saw that by executing

systemctl status dovecot -l

Disabled AppArmor at first to test and than it worked.
Eventually I was able to get a AppArmor rule to allow this.

By the way. My sieve looks like this:

require "fileinto","mailbox"];
if header :contains "X-Spam-Flag" "YES" {
 fileinto :create "INBOX/Junk";

thank for your reply.
In my case AppArmor is not the problem : the service is not enabled and not running.

At the end I solved the problem(s)
There were 2 differents issues :
1- Postfix delivered emails directly to users’ mailbox without passing for dovecot (so sieve filter coldn’t be called)
2- Wrong permissions on /var/lib/dovecot folder (so sieve filter coulden’t be executed)

This is what I did for solving issues …

Enabled Dovecot to receive email through unix socket
File /etc/dovecot/conf.d/10-master added unix socket :

**service lmtp** {

         unix_listener **/var/spool/postfix/private/dovecot-lmtp** {

                 group = postfix

                 mode = 0600

                 user = postfix



File /etc/dovecot/conf.d/10-auth added :

**auth_username_format = %Ln** (used to remove @domainname to recipient - this solve lmtp error 'user not found')

Enabled Postfix to send email to unix socket with lmtp protocol, file /etc/postfix/

[FONT=Liberation Serif][FONT=arial]mailbox_transport = **lmtp:unix:private/dovecot-lmtp** (default setting is empty)

[size=2][FONT=Liberation Serif][FONT=arial]
Changed permissions on folder /var/lib/dovecot from 744 to 755 (it is mandatory to have execute flag for everyone)

That’s all