Sieve

Sieve is a language for filtering e-mail messages. It is designed to be implementable on either a mail client or mail server. It is meant to be extensible, simple, and independent of access protocol, mail architecture, and operating system.

The Dovecot IMAP server has Sieve support via a plugin provided by the Pigeonhole Project

Installation
Download the latest source from the Pigeonhole download page:

cd /extra/src
wget http://pigeonhole.dovecot.org/releases/2.2/dovecot-2.2-pigeonhole-0.4.9.tar.gz
tar zxf dovecot-2.2-pigeonhole-0.4.9.tar.gz
cd dovecot-2.2-pigeonhole-0.4.9

Since we installed Dovecot from source, the configure script should find the installed dovecot-config automatically:

./configure
make
make install

IMPORTANT: You need to recompile Pigeonhole when you upgrade Dovecot to a new version, because otherwise the Sieve interpreter plugin will fail to load with a version error.
A set of sample config files are installed to/usr/local/share/doc/dovecot/example-config/conf.d, which you'll have to move to /usr/local/etc/dovecot/conf.d:

cp /usr/local/share/doc/dovecot/example-config/conf.d/20-managesieve.conf /usr/local/etc/dovecot/conf.d/
cp /usr/local/share/doc/dovecot/example-config/conf.d/90-sieve.conf /usr/local/etc/dovecot/conf.d/

Edit /usr/local/etc/dovecot/conf.d/20-managesieve.conf and uncomment a couple lines:

protocols = $protocols sieve

service managesieve-login {
  inet_listener sieve {
    port = 4190
  }

  service_count = 1

  vsz_limit = 64M
}

Enable the proper extension address delimiter in /usr/local/etc/dovecot/conf.d/90-sieve.conf:

recipient_delimiter = -

Enable the Sieve plugin for Dovecot's LDA in /usr/local/etc/dovecot/conf.d/15-lda.conf:

protocol lda {
  # Space separated list of plugins to load (default is global mail_plugins).
  mail_plugins = $mail_plugins sieve
}

Skipped these steps and seems to work fine...
Edit /usr/local/etc/dovecot/conf.d/10-master.conf and give the vpopmail user and group some access privileges:

default_login_user = vpopmail
default_internal_user = vpopmail

service auth {
  # auth_socket_path points to this userdb socket by default. It''s typically
  # used by dovecot-lda, doveadm, possibly imap process, etc. Its default
  # permissions make it readable only by root, but you may need to relax these
  # permissions. Users that have access to this socket are able to get a list
  # of all usernames and get results of everyone''s userdb lookups.
  unix_listener auth-userdb {
    mode = 0600
    user = vpopmail
    group = vchkpw
  }

  # Postfix smtp-auth
  #unix_listener /var/spool/postfix/private/auth {
  #  mode = 0666
  #}

  # Auth process is run as this user.
  user = $default_internal_user
}

service auth-worker {
  # Auth worker process is run as root by default, so that it can access
  # /etc/shadow. If this isn''t necessary, the user should be changed to
  # $default_internal_user.
  user = $default_internal_user
}


Restart Dovecot:

svc -t /service/dovecot-imap

To enable Sieve filtering for a:

  • single-user - you can edit/create that user's .qmail file to use Dovecot's LDA:

    | DTLINE=${DTLINE/$USER-} /var/qmail/bin/preline -f /usr/libexec/dovecot/deliver -d ${EXT/-*}@$USER -a $EXT@$USER
    # This one does not work with user-ext@domain addresses
    #|/var/qmail/bin/preline -f /usr/local/libexec/dovecot/deliver -d $EXT@$USER
  • domain - must edit that domain's .qmail-default file to use Dovecot's LDA instead of vdelivermail:
    | DTLINE=${DTLINE/$USER-} /var/qmail/bin/preline -f /usr/libexec/dovecot/deliver -d ${EXT/-*}@$USER -a $EXT@$USER

FIXED NOTE! Interferes with extension (-ext) addresses.
NOTE! Using Dovecot's LDA conflicts with using Qmailadmin to create vacation autoresponders!!!
NOTE! The change to .qmail-default conflicts with mkauth script - line 398 - where it checks for vdelivermail.

Credits

Various bits of code, scripts, and procedures were put together with information from John Simpson's qmail.jms1.net website. It's an excellent resource on managing and setting up a Qmail server.

Recent Updates

  • 11 months 3 weeks ago
  • 11 months 3 weeks ago
    Removed original versions of ucspi-tcp and ucspi-ssl and replaced them with upgraded versions. The old ones were failing PCI compliance tests by Security Metrics. ucspi-ssl also had issues installing on CentOS 7 - new version installed without issues.
  • 11 months 3 weeks ago
    1.3.7 update
  • 11 months 3 weeks ago
  • 1 year 1 hour ago
    MariaDB