Issue with Sieve Filters on postfix?

I was wondering if someone could shed some light on the issue im having, Currently i have a simple postfix server and in front it has a PMG gateway. Because PMG gateway has the spam filters i need to redirect the spam to go to the users junk folder. I have already accomplished this zimbra but on postfix i think im missing something. These were the steps i took

1. install the package and Modify adding this at the bottom of main.cf

sudo apt-get install dovecot-sieve dovecot-managesieved



mailbox_command=/usr/lib/dovecot/deliver

3. then edit

   /etc/dovecot/conf.d/90-sieve.conf
   

and added this line to configure the default location

sieve_default = /etc/dovecot/default.sieve

then make dovecot user to read the file

chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf

4. go the plugin of lda and uncomment

   /etc/dovecot/conf.d/15-lda.conf
   mail_plugins = sieve
   

5. create file sieve and compile it

         root@mail:/etc/dovecot# cat /etc/dovecot/default.sieve
      require "fileinto";
      #Filter email based on a subject
      if header :contains "X-Spam-Flag" "YES" {
      fileinto "Junk";
     }

then

cd /etc/dovecot

sievec default.sieve

and give dovecot the permissions

chgrp dovecot /etc/dovecot/default.svbin

6. restart postfix and dovecot

i send a test spam email from [email protected]

and its marking the xspam flag to yes but it keeps going to inbox instead of Junk folder

i checked the protocols

root@mail:/etc/dovecot# doveconf | grep protocols
protocols = " imap sieve pop3"
ssl_protocols = !SSLv2 !SSLv3

Return-Path: <[email protected]>
X-Original-To: [email protected]
Delivered-To: [email protected]
Received: from mail.mydomain.com (unknown [192.168.1.248])
    (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.mydomain.com (Postfix) with ESMTPS id CB3162033C
    for <[email protected]>; Sun, 25 Jul 2021 10:54:03 -0500 (COT)
Received: from mail.mydomain.com (localhost.localdomain [127.0.0.1])
    by mail.mydomain.com (Proxmox) with ESMTP id 3DC215C2F3E
    for <[email protected]>; Sun, 25 Jul 2021 10:48:19 -0500 (-05)
Received-SPF: softfail (gmail.com ... _spf.google.com: Sender is not authorized by default to use '[email protected]' in 'mfrom' identity, however domain is not currently prepared for false failures (mechanism '~all' matched)) receiver=mail.mydomain.com; identity=mailfrom; envelope-from="[email protected]"; helo=emkei.cz; client-ip=101.99.94.155
Authentication-Results: mail.mydomain.com; dmarc=fail (p=none dis=none) header.from=gmail.com
Authentication-Results: mail.mydomain.com; dkim=none; dkim-atps=neutral
Received: from emkei.cz (emkei.cz [101.99.94.155])
    (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits))
    (No client certificate requested)
    by mail.mydomain.com (Proxmox) with ESMTPS id 6003D5C0F66
    for <[email protected]>; Sun, 25 Jul 2021 10:48:16 -0500 (-05)
Received: by emkei.cz (Postfix, from userid 33)
    id B52D62413E; Sun, 25 Jul 2021 17:48:13 +0200 (CEST)
To: [email protected]
subject: SPAM: test
From: "test" <[email protected]>
X-Priority: 3 (Normal)
Importance: Normal
Errors-To: [email protected]
Reply-To: [email protected]
Content-Type: text/plain; charset=utf-8
Message-Id: <[email protected]>
Date: Sun, 25 Jul 2021 17:48:13 +0200 (CEST)
X-SPAM-LEVEL: Spam detection results:  6
    BAYES_50                  0.8 Bayes spam probability is 40 to 60%
    DKIM_ADSP_CUSTOM_MED    0.001 No valid author signature, adsp_override is CUSTOM_MED
    FORGED_GMAIL_RCVD           1 'From' gmail.com does not match 'Received' headers
    FREEMAIL_FROM           0.001 Sender email is commonly abused enduser mail provider (vhfgyut[at]hotmail.com) (test[at]gmail.com) (test[at]gmail.com) (test[at]gmail.com) (test[at]gmail.com) (test[at]gmail.com)
    NML_ADSP_CUSTOM_MED       0.9 ADSP custom_med hit, and not from a mailing list
    SPF_HELO_PASS          -0.001 SPF: HELO matches SPF record
    SPF_SOFTFAIL            0.665 SPF: sender does not match SPF record (softfail)
    SPOOFED_FREEMAIL        1.224 -
    SPOOF_GMAIL_MID         1.498 From Gmail but it doesn't seem to be...
X-Spam-Flag: Yes

test

Check the Dovecot configuration sieve_default= to confirm you have configured the intended path of your default sieve script.

# doveconf | grep sieve_default
 sieve_default = /var/lib/dovecot/sieve/default.sieve

Also, sieve filter evaluation do not stop on all actions. It is perfectly valid to file an item into multiple folders. If you want to have a mail in one folder, and that folder only, add a stop command before the end of the {} block

# cat /etc/dovecot/default.sieve
require "fileinto";
# filter email based on a header added by proxmox mail gateway
if header :contains "X-Spam-Flag" "YES" {
   fileinto "Junk";
   stop;
}

By default, reaching the end of a sieve script executes an implicit keep action, so that every invocation not ending (at an action such as stop) will be kept even when this not spelled out.

Thank you so much for the reply, i had to change on the default location to this and did the trick thank ouy

##
## Settings for the Sieve interpreter
##

# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
# by adding it to the respective mail_plugins= settings.

plugin {
  # The path to the user's main active script. If ManageSieve is used, this the
  # location of the symbolic link controlled by ManageSieve.
 # sieve = ~/.dovecot.sieve

  # The default Sieve script when the user has none. This is a path to a global
  # sieve script file, which gets executed ONLY if user's private Sieve script
  # doesn't exist. Be sure to pre-compile this script manually using the sievec
  # command line tool.
  # --> See sieve_before fore executing scripts before the user's personal
  #     script.
  #sieve_default = /var/lib/dovecot/sieve/default.sieve
 sieve_default = /etc/dovecot/default.sieve