diff options
Diffstat (limited to 'pigeonhole/INSTALL')
-rw-r--r-- | pigeonhole/INSTALL | 903 |
1 files changed, 903 insertions, 0 deletions
diff --git a/pigeonhole/INSTALL b/pigeonhole/INSTALL new file mode 100644 index 0000000..eca1360 --- /dev/null +++ b/pigeonhole/INSTALL @@ -0,0 +1,903 @@ +Compiling +========= + +If you downloaded the sources using Mercurial, you will need to execute +./autogen.sh first to build the automake structure in your source tree. This +process requires autotools and libtool to be installed. + +If you installed Dovecot from sources, Pigeonhole's configure script should be +able to find the installed dovecot-config automatically: + +./configure +make +sudo make install + +If your system uses a $prefix different than the default /usr/local, the +configure script can still find the installed dovecot-config automatically when +supplied with the proper --prefix argument: + +./configure --prefix=/usr +make +sudo make install + +If this doesn't work, you can use --with-dovecot=<path> configure option, where +the path points to a directory containing dovecot-config file. This can point to +an installed file: + +./configure --with-dovecot=/usr/local/lib/dovecot +make +sudo make install + +or to a Dovecot source directory that is already compiled: + +./configure --with-dovecot=../dovecot-2.1.0 +make +sudo make install + +The following additional parameters may be of interest for the configuration of +the Pigeonhole build: + + --with-managesieve=yes + Controls whether Pigeonhole ManageSieve is compiled and installed, which is + the default. + + --with-unfinished-features=no + Controls whether unfinished features and extensions are built. Enabling this + will enable the compilation of code that is considered unfinished and highly + experimental and may therefore introduce bugs and unexpected behavior. + In fact, it may not compile at all. Enable this only when you are eager to + test some of the new development functionality. + + --with-ldap=no + Controls wether Sieve LDAP support is built. This allows retrieving Sieve + scripts from an LDAP database. When set to `yes', support is built in. When + set to `plugin', LDAP support is compiled into a Sieve plugin called + `sieve_storage_ldap'. + +Configuration +============= + +The Pigeonhole package provides the following items: + + - The Sieve interpreter plugin for Dovecot's Local Delivery Agent (LDA): This + facilitates the actual Sieve filtering upon delivery. + + - The ManageSieve Service: This implements the ManageSieve protocol through + which users can remotely manage Sieve scripts on the server. + +The functionality of these items is described in more detail in the README file. +In this file and in this section their configuration is described. Example +configuration files are provided in the doc/example-config directory of this +package. + +Sieve Interpreter - Script Locations +------------------------------------ + +The Sieve interpreter can retrieve Sieve scripts from several types of +locations. The default `file' location type is a local filesystem path pointing +to a Sieve script file or a directory containing multiple Sieve script files. +More complex setups can use other location types such as `ldap' or `dict' to +fetch Sieve scripts from remote databases. + +All settings that specify the location of one ore more Sieve scripts accept the +following syntax: + +location = [<type>:]path[;<option>[=<value>][;...]] + +The following script location types are implemented by default: + + file - The location path is a file system path pointing to the script file + or a directory containing script files with names structured as + `<script-name>.sieve'. Read doc/locations/file.txt for more + information and examples. + + dict - The location path is a Dovecot dict uri. Read doc/locations/dict.txt + for more information and examples. + + ldap - LDAP database lookup. The location path is a configuration file with + LDAP options. Read doc/locations/ldap.txt for more information + and examples. + +If the type prefix is omitted, the script location type is 'file' and the +location is interpreted as a local filesystem path pointing to a Sieve script +file or directory. + +The following options are defined for all location types: + + name=<script-name> + Set the name of the Sieve script that this location points to. If the name + of the Sieve script is not contained in the location path and the + location of a single script is specified, this option is required + (e.g. for dict locations that must point to a particular script). + If the name of the script is contained in the location path, the value of + the name option overrides the name retrieved from the location. If the Sieve + interpreter explicitly queries for a specific name (e.g. to let the Sieve + "include" extension retrieve a script from the sieve_global= location), + this option has no effect. + + bindir=<dirpath> + Points to the directory where the compiled binaries for this script location + are stored. This directory is created automatically if possible. If this + option is omitted, the behavior depends on the location type. For `file' + type locations, the binary is then stored in the same directory as where the + script file was found if possible. For `dict' type locations, the binary is + not stored at all in that case. Don't specify the same directory for + different script locations, as this will result in undefined behavior. + Multiple mail users can share a single script directory if the script + location is the same and all users share the same system credentials (uid, + gid). + +Sieve Interpreter - Basic Configuration +--------------------------------------- + +To use Sieve, you will first need to make sure you are using Dovecot LDA +or Dovecot LMTP for delivering incoming mail to users' mailboxes. Then, you need +to enable the Sieve interpreter plugin for LDA/LMTP in your dovecot.conf: + +protocol lda { +.. + mail_plugins = sieve # ... other plugins like quota +} + +protocol lmtp { +.. + mail_plugins = sieve # ... other plugins like quota +} + +The Sieve interpreter recognizes the following configuration options in the +plugin section of the config file (default values are shown if applicable): + + sieve = file:~/sieve;active=~/.dovecot.sieve + The location of the user's main Sieve script or script storage. The LDA + Sieve plugin uses this to find the active script for Sieve filtering at + delivery. The "include" extension uses this location for retrieving + :personal" scripts. + + This location is also where the ManageSieve service will store the user's + scripts, if supported by the location type. For the 'file' location type, the + location will then be the path to the storage directory for all the user's + personal Sieve scripts. ManageSieve maintains a symbolic link pointing to + the currently active script (the script executed at delivery). The location + of this symbolic link can be configured using the `;active=<path>' option. + + sieve_default = + The location of the default personal sieve script file, which gets executed + ONLY if user's private Sieve script does not exist, e.g. + /var/lib/dovecot/default.sieve. This is usually a global script, so be sure + to pre-compile this script manually using the sievec command line tool, as + explained in the README file. This setting used to be called + `sieve_global_path', but that name is now deprecated. + + sieve_default_name = + The name by which the default Sieve script is visible to ManageSieve + clients. Normally, it is not visible at all. See "Visible Default Script" + section below for more information. + + sieve_global = + Location for :global include scripts for the Sieve include extension. This + setting used to be called `sieve_global_dir', but that name is now + deprecated. + + sieve_discard = + The location of a Sieve script that is run for any message that is about to + be discarded; i.e., it is not delivered anywhere by the normal Sieve + execution. This only happens when the "implicit keep" is canceled, by e.g. + the "discard" action, and no actions that deliver the message are executed. + This "discard script" can prevent discarding the message, by executing + alternative actions. If the discard script does nothing, the message is still + discarded as it would be when no discard script is configured. + + sieve_extensions = + Which Sieve language extensions are available to users. By default, all + supported extensions are available, except for deprecated extensions or those + that are still under development. Some system administrators may want to + disable certain Sieve extensions or enable those that are not available by + default. This setting can use '+' and '-' to specify differences relative to + the default. For example `sieve_extensions = +imapflags' will enable the + deprecated imapflags extension in addition to all extensions were already + enabled by default. + + sieve_global_extensions = + Which Sieve language extensions are ONLY avalable in global scripts. This can + be used to restrict the use of certain Sieve extensions to administrator + control, for instance when these extensions can cause security concerns. This + setting has higher precedence than the `sieve_extensions' setting (above), + meaning that the extensions enabled with this setting are never available to + the user's personal script no matter what is specified for the + `sieve_extensions' setting. The syntax of this setting is similar to + the `sieve_extensions' setting, with the difference that extensions are + enabled or disabled for exclusive use in global scripts. Currently, no + extensions are marked as such by default. + + sieve_implicit_extensions = + Which Sieve language extensions are implicitly available to users. The + extensions listed in this setting do not need to be enabled explicitly using + the Sieve "require" command. This behavior directly violates the Sieve + standard, but can be necessary for compatibility with some existing + implementations of Sieve (notably jSieve). Do not use this setting unless you + really need to! The syntax and semantics of this setting are otherwise + identical to the `sieve_extensions' setting + + sieve_plugins = + The Pigeonhole Sieve interpreter can have plugins of its own. Using this + setting, the used plugins can be specified. Check the Dovecot wiki + (wiki2.dovecot.org) or the pigeonhole website (http://pigeonhole.dovecot.org) + for available plugins. The `sieve_extprograms' plugin is included in this + release. LDAP support may also be compiled as a plugin called + `sieve_storage_ldap'. + + sieve_user_email = + The primary e-mail address for the user. This is used as a default when no + other appropriate address is available for sending messages. If this setting + is not configured, either the postmaster or null "<>" address is used as a + sender, depending on the action involved. This setting is important when + there is no message envelope to extract addresses from, such as when the + script is executed in IMAP. + + sieve_user_log = + The path to the file where the user log file is written. If not configured, a + default location is used. If the main user's personal Sieve (as configured + with sieve=) is a file, the logfile is set to <filename>.log by default. If + it is not a file, the default user log file is ~/.dovecot.sieve.log. + + recipient_delimiter = + + The separator that is expected between the :user and :detail address parts + introduced by the subaddress extension. This may also be a sequence of + characters (e.g. '--'). The current implementation looks for the separator + from the left of the localpart and uses the first one encountered. The :user + part is left of the separator and the :detail part is right. This setting is + also used by Dovecot's LMTP service. + + sieve_redirect_envelope_from = sender + Specifies what envelope sender address is used for redirected messages. + Normally, the Sieve "redirect" command copies the sender address for the + redirected message from the processed message. So, the redirected message + appears to originate from the original sender. The following values are + supported for this setting: + + "sender" - The sender address is used (default). + "recipient" - The final recipient address is used. + "orig_recipient" - The original recipient is used. + "user_email" - The user's primary address is used. This is + configured with the "sieve_user_email" setting. If + that setting is unconfigured, "user_mail" is equal to + "sender" (the default). + "postmaster" - The postmaster_address configured for the LDA. + "<user@domain>" - Redirected messages are always sent from user@domain. + The angle brackets are mandatory. The null "<>" address + is also supported. + + When the envelope sender of the processed message is the null address "<>", + the envelope sender of the redirected message is also always "<>", + irrespective of what is configured for this setting. + + sieve_redirect_duplicate_period = 12h + In an effort to halt potential mail loops, the Sieve redirect action records + identifying information for messages it has forwarded. If a duplicate message + is seen, it is not redirected and the message is discarded; i.e., the + implicit keep is canceled. This setting configures the period during which + the identifying information is recorded. If an account forwards many + messages, it may be necessary to lower this setting to prevent the + ~/.dovecot.lda-dupes database file (in which these are recorded) from growing + to an impractical size. + +For example: + +plugin { +... + # The include extension fetches the :personal scripts from this + # directory. When ManageSieve is used, this is also where scripts + # are uploaded. + sieve = file:~/sieve + + # If the user has no personal active script (i.e. if the location + # indicated in sieve= settings does have and active script or does not exist), + # use this one: + sieve_default = /var/lib/dovecot/sieve/default.sieve + + # The include extension fetches the :global scripts from this + # directory. + sieve_global = /var/lib/dovecot/sieve/global/ +} + +Sieve Interpreter - Configurable Limits +--------------------------------------- + +The settings that specify a period are specified in s(econds), unless followed +by a d(ay), h(our), or m(inute) specifier character. + + sieve_max_script_size = 1M + The maximum size of a Sieve script. The compiler will refuse to compile any + script larger than this limit. If set to 0, no limit on the script size is + enforced. + + sieve_max_actions = 32 + The maximum number of actions that can be performed during a single script + execution. If set to 0, no limit on the total number of actions is enforced. + + sieve_max_redirects = 4 + The maximum number of redirect actions that can be performed during a single + script execution. If set to 0, no redirect actions are allowed. + + sieve_max_cpu_time = 30s + The maximum amount of CPU time that a Sieve script is allowed to use while + executing. If the execution exceeds this resource limit, the script ends with + an error, causing the implicit "keep" action to be executed. This limit is + not only enforced for a single script execution, but also cumulatively for + the last executions within a configurable timeout + (see sieve_resource_usage_timeout). + + sieve_resource_usage_timeout = 1h + To prevent abuse, the Sieve interpreter can record resource usage of a Sieve + script execution in the compiled binary if it is significant. Currently, this + happens when CPU system + user time exceeds 1.5 seconds for one execution. + Such high resource usage is summed over time in the binary and once that + cumulative resource usage exceeds the limits (sieve_max_cpu_time), the Sieve + script is disabled in the binary for future execution, even if an individual + execution exceeded no limits. If the last time high resource usage was + recorded is older than sieve_resource_usage_timeout, the resource usage in + the binary is reset. This means that the Sieve script is only disabled when + the limits are cumulatively exceeded within this timeout. With the default + configuration this means that the Sieve script is only disabled when the + total CPU time of Sieve executions that lasted more than 1.5 seconds exceeds + 30 seconds in the last hour. A disabled Sieve script can be reactivated by + the user by uploading a new version of the Sieve script after the excessive + resource usage times out. An administrator can force reactivation by forcing + a script compile (e.g. using the sievec command line tool). + +Sieve Interpreter - Per-user Sieve Script Location +-------------------------------------------------- + +By default, the Pigeonhole LDA Sieve plugin looks for the user's Sieve script +file in the user's home directory (~/.dovecot.sieve). This requires that the +home directory is set for the user. + +If you want to store the script elsewhere, you can override the default using +the sieve= setting, which specifies the location of the user's script file. This +can be done in two ways: + + 1. Define the sieve setting in the plugin section of dovecot.conf. + 2. Return sieve extra field from userdb extra fields. + +For example, to use a Sieve script file named <username>.sieve in +/var/sieve-scripts, use: + +plugin { +... + + sieve = /var/sieve-scripts/%u.sieve +} + +You may use templates like %u, as shown in the example. Refer to +http://wiki.dovecot.org/Variables for more information. + +A relative path (or just a filename) will be interpreted to point under the +user's home directory. + +Sieve Interpreter - Executing Multiple Scripts Sequentially +----------------------------------------------------------- + +Pigeonhole's Sieve interpreter allows executing multiple Sieve scripts +sequentially. The extra scripts can be executed before and after the user's +private script. For example, this allows executing global Sieve policies before +the user's script. The following settings in the plugin section of the Dovecot +config file control the execution sequence: + + sieve_before = + sieve_before2 = + sieve_before3 = (etc..) + Location Sieve of scripts that need to be executed before the user's personal + script. If a 'file' location path points to a directory, all the Sieve + scripts contained therein (with the proper `.sieve' extension) are executed. + The order of execution within that directory is determined by the file names, + using a normal 8bit per-character comparison. + + Multiple script locations can be specified by appending an increasing number + to the setting name. The Sieve scripts found from these locations are added + to the script execution sequence in the specified order. Reading the numbered + sieve_before settings stops at the first missing setting, so no numbers may + be skipped. + + sieve_after = + sieve_after2 = + sieve_after3 = (etc..) + Identical to sieve_before, but the specified scripts are executed after the + user's script (only when keep is still in effect, as explained below). + +The script execution ends when the currently executing script in the sequence +does not yield a "keep" result: when the script terminates, the next script is +only executed if an implicit or explicit "keep" is in effect. Thus, to end all +script execution, a script must not execute keep and it must cancel the implicit +keep, e.g. by executing "discard; stop;". This means that the command "keep;" +has different semantics when used in a sequence of scripts. For normal Sieve +execution, "keep;" is equivalent to "fileinto "INBOX";", because both cause the +message to be stored in INBOX. However, in sequential script execution, it only +controls whether the next script is executed. Storing the message into INBOX +(the default folder) is not done until the last script in the sequence executes +(implicit) keep. To force storing the message into INBOX earlier in the +sequence, the fileinto command can be used (with ":copy" or together with +"keep;"). + +Apart from the keep action, all actions triggered in a script in the sequence +are executed before continuing to the next script. This means that when a script +in the sequence encounters an error, actions from earlier executed scripts are +not affected. The sequence is broken however, meaning that the script execution +of the offending script is aborted and no further scripts are executed. An +implicit keep is executed instead if necessary, meaning that the interpreter +makes sure that the message is at least stored in the default folder (INBOX). + +Just as for executing a single script the normal way, the Pigeonhole LDA Sieve +plugin takes care never to duplicate deliveries, forwards or responses. When +vacation actions are executed multiple times in different scripts, the usual +error is not triggered: the subsequent duplicate vacation actions are simply +discarded. + +For example: + +plugin { +... + # Global scripts executed before the user's personal script. + # E.g. handling messages marked as dangerous + sieve_before = /var/lib/dovecot/sieve/discard-virusses.sieve + + # Domain-level scripts retrieved from LDAP + sieve_before2 = ldap:/etc/dovecot/sieve-ldap.conf;name=ldap-domain + + # User-specific scripts executed before the user's personal script. + # E.g. a vacation script managed through a non-ManageSieve GUI. + sieve_before3 = /var/vmail/%d/%n/sieve-before + + # User-specific scripts executed after the user's personal script. + # (if keep is still in effect) + # E.g. user-specific default mail filing rules + sieve_after = /var/vmail/%d/%n/sieve-after + + # Global scripts executed after the user's personal script + # (if keep is still in effect) + # E.g. default mail filing rules. + sieve_after2 = /var/lib/dovecot/sieve/after.d/ +} + +IMPORTANT: The scripts specified by sieve_before and sieve_after are often +located in global locations to which the Sieve interpreter has no write access +to store the compiled binaries. In that case, be sure to manually pre-compile +those scripts using the sievec tool, as explained in the README file. + +Sieve Interpreter - Visible Default Script +------------------------------------------ + +The `sieve_default=' setting specifies the location of a default script that +is executed when the user has no active personal script. Normally, this +default script is invisible to the user; i.e., it is not listed in ManageSieve. +To give the user the ability to see and read the default script, it is possible +to make it visible under a specific configurable name using the +`sieve_default_name' setting. + +ManageSieve will magically list the default script under that name, even though +it does not actually exist in the user's normal script storage location. This +way, the ManageSieve client can see that it exists and it can retrieve its +contents. If no normal script is active, the default is always listed as active. +The user can replace the default with a custom script, by uploading it under the +default script's name. If that custom script is ever deleted, the default script +will reappear from the shadows implicitly. + +This way, ManageSieve clients will not need any special handling for this +feature. If the name of the default script is equal to the name the client uses +for the main script, it will initially see and read the default script when the +user account is freshly created. The user can edit the script, and when the +edited script is saved through the ManageSieve client, it will will override the +default script. If the user ever wants to revert to the default, the user only +needs to delete the edited script and the default will reappear. + +The name by which the default script will be known is configured using the +`sieve_default_name' setting. Of course, the `sieve_default' setting needs to +point to a valid script location as well for this to work. If the default script +does not exist at the indicated location, it is not shown. + +For example: + +plugin { +... + sieve = file:~/sieve;active=~/.dovecot.sieve + + sieve_default = /var/lib/dovecot/sieve/default.sieve + sieve_default_name = roundcube +} + +Sieve Interpreter - Extension Configuration +------------------------------------------- + +- Editheader extension: + + The editheader extension [RFC5293] enables sieve scripts to interact with + other components that consume or produce header fields by allowing the script + to delete and add header fields. + + The editheader extension requires explicit configuration and is not enabled + for use by default. Refer to doc/extensions/editheader.txt for configuration + information. + +- Vacation extension: + + The Sieve vacation extension [RFC5230] defines a mechanism to generate + automatic replies to incoming email messages. + + The vacation extension is available by default, but it has its own specific + configuration options. Refer to doc/extensions/vacation.txt for settings + specific to the vacation extension. + +- Variables extension: + + The Sieve variables extension [RFC5229] adds the concept of variables to the + Sieve language. + + The variables extension is available by default, but it has its own specific + configuration options. Refer to doc/extensions/variables.txt for settings + specific to the variables extension. + +- Include extension: + + The Sieve include extension (draft) permits users to include one Sieve script + into another. + + The include extension is available by default, but it has its own specific + configuration options. Refer to doc/extensions/include.txt for settings + specific to the include extension. + +- Spamtest and virustest extensions: + + Using the spamtest and virustest extensions (RFC 5235), the Sieve language + provides a uniform and standardized command interface for evaluating spam and + virus tests performed on the message. Users no longer need to know what headers + need to be checked and how the scanner's verdict is represented in the header + field value. They only need to know how to use the spamtest (spamtestplus) and + virustest extensions. This also gives GUI-based Sieve editors the means to + provide a portable and easy to install interface for spam and virus filter + configuration. + + The spamtest, spamtestplus and virustest extensions require explicit + configuration and are not enabled for use by default. Refer to + doc/extensions/spamtest-virustest.txt for configuration information. + +- Duplicate extension: + + The duplicate extension augments the Sieve filtering implementation with a + test that facilitates detecting and handling duplicate message deliveries, + e.g. as caused by mailinglists when people reply both to the mailinglist and + the user directly. + + Refer to doc/extensions/vnd.dovecot.duplicate.txt for configuration + information. + +- Dovecot environment extension: + + The vnd.dovecot.environment extension builds on the standard environment + extension. It adds a few extra environment items that are useful for Sieve + scripts used by Dovecot. + + Refer to doc/extensions/vnd.dovecot.environment.txt for more information. + +- Extprograms plugin; + vnd.dovovecot.pipe, vnd.dovecot.filter, vnd.dovecot.execute extensions: + + The "sieve_extprograms" plugin provides extensions to the Sieve filtering + language adding new action commands for invoking a predefined set of external + programs. Messages can be piped to or filtered through those programs and + string data can be input to and retrieved from those programs. + + This plugin and the extensions it provides require explicit configuration and + are not enabled for use by default. Refer to doc/plugins/sieve_extprograms.txt + for more information. + +- Imapsieve plugins + + The "sieve_imapsieve" Sieve plugin and the "imap_sieve" IMAP plugin add Sieve + support to IMAP. + + Refer to doc/plugins/imapsieve.txt for more information. + +- IMAP Filter Sieve plugin + + The "imap_filter_sieve" plugin adds the ability to manually invoke Sieve + filtering in IMAP. + + Refer to doc/plugins/imap_filter_sieve.txt for more information. + +Sieve Interpreter - Trace Debugging +----------------------------------- + +Trace debugging provides detailed insight in the operations performed by +the Sieve script. Messages about what the Sieve script is doing are written +to the specified directory. + +WARNING: On a busy server, this functionality can quickly fill up the trace +directory with a lot of trace files. Enable this only temporarily and as +selective as possible. + +The following settings apply to both the LDA Sieve plugin and the IMAPSIEVE +plugin: + + sieve_trace_dir = + The directory where trace files are written. Trace debugging is disabled if + this setting is not configured or if the directory does not exist. If the + path is relative or it starts with "~/" it is interpreted relative to the + current user's home directory. + + sieve_trace_level = + The verbosity level of the trace messages. Trace debugging is disabled if + this setting is not configured. Possible values are: + + "actions" - Only print executed action commands, like keep, fileinto, + reject and redirect. + "commands" - Print any executed command, excluding test commands. + "tests" - Print all executed commands and performed tests. + "matching" - Print all executed commands, performed tests and the values + matched in those tests. + + sieve_trace_debug = no + Enables highly verbose debugging messages that are usually only useful for + developers. + + sieve_trace_addresses = no + Enables showing byte code addresses in the trace output, rather than only + the source line numbers. + +Sieve Interpreter - Migration from CMUSieve (Dovecot v1.0/v1.1) +--------------------------------------------------------------- + +For the most part, migration from CMUSieve to the Pigeonhole LDA Sieve plugin is +just a matter of changing the used plugin name from 'cmusieve' to 'sieve' in the +mail_plugins option in the protocol lda section of the config file (as explained +above). However, there are a few important differences: + + * The imapflags extension is now called imap4flags. The CMUSieve implementation + is based on an old draft specification that is not completely compatible. + Particularly, the mark and unmark commands were removed from the new + specification. For backwards compatibility, support for the old imapflags + extension can be enabled using the sieve_extensions setting (as explained + above). This is disabled by default. + + * The notify extension is now called enotify. The CMUSieve implementation is + based on an old draft specification that is not completely compatible. + Particularly, the denotify command and $text$ substitutions were removed from + the new specification. For backwards compatibility, support for the old + imapflags extension can be enabled using the sieve_extensions setting (as + explained above). This is disabled by default. + + * The include extension now requires your script file names to end with + ".sieve". This means that ` include :personal "myscript"; ' won't work unless + you rename "myscript" to "myscript.sieve" + +Sieve Interpreter - Migration from Dovecot Sieve v0.1.x (Dovecot v1.2) +---------------------------------------------------------------------- + + * Dovecot v2.0 adds support for LMTP. Much like the Dovecot LDA, it can make + use of the Pigeonhole Sieve plugin. Since the LMTP service has its own + prototocol lmtp section in the config file, you need to add the Sieve plugin + to the mail_plugins setting there too when you decide to use LMTP. + * The 'sieve_subaddress_sep' setting for the Sieve subaddress extension is now + known as 'recipient_delimiter'. Although sieve_subaddress_sep is still + recognized for backwards compatibility, it is recommended to update the + setting to the new name, since the LMTP service also uses the + recipient_delimiter setting. + +ManageSieve Service - Basic Configuration +----------------------------------------- + +IMPORTANT: + + If you have used the LDA Sieve plugin without ManageSieve before and you have + .dovecot.sieve files in user directories, you are advised to make a backup + before installing ManageSieve. Although the ManageSieve service takes care to + move these files to the Sieve directory before it is substituted with a + symbolic link, this is not a very well tested operation, meaning that there is + a slim possibility that existing Sieve scripts get lost. + +Just like all other binaries that Dovecot uses, the managesieve and +managesieve-login binaries are installed during make install. + +There are two things that have be done to activate the ManageSieve support in +Dovecot: + + * The first step is to add `sieve' to the protocols= configuration line in + your dovecot.conf. + + * The next step is specifying an additional service type for the ManageSieve + service. This could be done in Dovecot's conf.d/master.conf or you can use + the 20-managesieve.conf file from the doc/example-config/conf.d directory of + this package. + + For example: + + service managesieve-login { + inet_listener sieve { + port = 4190 + } + } + +Because the implementation of the ManageSieve daemon is largely based on the +original IMAP implementation, it is very similar in terms of configuration. The +following settings can be configured in the 'protocol sieve' section: + + managesieve_max_line_length = 65536 + The maximum ManageSieve command line length in bytes. This setting is + directly borrowed from IMAP. But, since long command lines are very unlikely + with ManageSieve, changing this will not be very useful. + + managesieve_logout_format = bytes=%i/%o + Specifies the string pattern used to compose the logout message of an + authenticated session. The following substitutions are available: + + %i - total number of bytes read from client + %o - total number of bytes sent to client + + managesieve_implementation_string = Dovecot Pigeonhole + To fool ManageSieve clients that are focused on CMU's timesieved, you can + specify the IMPLEMENTATION capability that the Dovecot reports to clients + (e.g. 'Cyrus timsieved v2.2.13'). + + managesieve_max_compile_errors = 5 + The maximum number of compile errors that are returned to the client upon + script upload or script verification. + + managesieve_sieve_capability = + managesieve_notify_capability = + Respectively the SIEVE and NOTIFY capabilities reported by the ManageSieve + service before authentication. If left unassigned these will be assigned + dynamically according to what the Sieve interpreter supports by default + (after login this may differ depending on the authenticated user). + +Additionally, the ManageSieve service uses the following settings from the +plugin section of the config file. These settings are the same ones used by +the LDA Sieve plugin. + + sieve = file:~/sieve;active=~/.dovecot.sieve + This specifies the location where the scripts that are uploaded through + ManageSieve are stored. During delivery, the LDA Sieve plugin uses this + location setting to find the active script for Sieve filtering. The Sieve + "include" extension uses this location for retrieving ":personal" scripts. + If the location type does not allow uploading scripts, the ManageSieve + service cannot be used. Currently, only the 'file' location type supports + ManageSieve. + + For the 'file' location type: + + * The location is the path to the storage directory for all the user's + personal Sieve scripts. Scripts are stored as separate files with + extension .sieve. All other files are ignored when scripts are listed + by a ManageSieve client. The storage directory is always generated + automatically if it does not exist (as far as the system permits the + user to do so; no root privileges are used). This is similar to the + behavior of the mail daemons regarding the mail_location configuration. + + * ManageSieve maintains a symbolic link pointing to the currently active + script (the script executed at delivery). The location of this symbolic + link can be configured using the ;active=<path> option. If a regular + file already exists at the location specified by in the ;active=<path> + location option, it is moved to the storage directory before the + symbolic link is installed. It is renamed to dovecot.orig.sieve and + therefore listed as dovecot.orig by a ManageSieve client. + + NOTE: It is not wise to place this active symbolic link inside your + mail store, as it may be mistaken for a mail folder. Inside a + maildir for instance, the default .dovecot.sieve would show up + as phantom folder /dovecot/sieve in your IMAP tree. + + For Pigeonhole versions before v0.3.1, this setting can only be a + filesystem path pointing to a script file, or - when ManageSieve is used - + it is the location of the symbolic link pointing to the active script in + the storage directory. That storage directory is then configured using the + deprecated `sieve_dir' setting. + +The following provides an example configuration for Sieve and ManageSieve. Only +sections and settings relevant to ManageSieve are shown. Refer to +20-managesieve.conf in the doc/example-config/conf.d directory for a full +example with comments, but don't forget to configure Sieve and add sieve to the +'protocols = ...' setting if you use it. + +# *** conf.d/20-managesieve.conf *** + +service managesieve-login { + inet_listener sieve { + # Bind the daemon only to the specified address(es) + # (default: *, ::) + address = 127.0.0.1 + # Specify an alternative port the daemon must listen on + # (default: 4190) + port = 2000 + } +} + +protocol sieve { + managesieve_max_compile_errors = 10 +} + +# *** conf.d/90-sieve.conf *** + +plugin { + sieve=file:~/sieve;active=~/.dovecot.sieve +} + +# *** dovecot.conf *** + +# .... (other config items) + +# Start imap, pop3, lmtp and managesieve services +protocols = imap pop3 lmtp sieve + +# .... (other config items) + +ManageSieve Service - Quota Support +----------------------------------- + +By default, users can manage an unlimited number of Sieve scripts on the server +through ManageSieve. However, ManageSieve can be configured to enforce limits on +the number of personal Sieve scripts per user and/or the amount of disk storage +used by these scripts. The maximum size of individual uploaded scripts is +dictated by the configuration of the Sieve plugin. The limits are configured in +the plugin section of the Dovecot configuration as follows: + + sieve_max_script_size = 1M + The maximum size of a Sieve script. If set to 0, no limit on the script size + is enforced. + + sieve_quota_max_scripts = 0 + The maximum number of personal Sieve scripts a single user can have. If set + to 0, no limit on the number of scripts is enforced. + + sieve_quota_max_storage = 0 + The maximum amount of disk storage a single user's scripts may occupy. If set + to 0, no limit on the used amount of disk storage is enforced. + +ManageSieve Service - Proxying +------------------------------ + +Like Dovecot's imapd, the ManageSieve login daemon supports proxying to multiple +backend servers. Although the underlying code is copied from the imapd sources +for the most part, it has some ManageSieve-specifics that have not seen much +testing. + +The proxy configuration wiki page for POP3 and IMAP should apply to ManageSieve +as well: + +http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy + +ManageSieve Service - Migration +------------------------------- + +The following has changed since the ManageSieve releases for Dovecot v1.x: + + * For Dovecot v1.0 and v1.1, the sieve_dir setting used by ManageSieve was + called sieve_storage. Also, the sieve and sieve_storage settings were located + inside the 'protocol managesieve' section of the configuration. As per + Dovecot v1.2, these settings are shared with the Sieve plugin and located in + the 'plugin' section of the configuration. Make sure you have updated the + name of the sieve_dir setting and the location of both these settings if you + are upgrading from ManageSieve for Dovecot v1.0/v1.1. + * Pigeonhole ManageSieve does not use the mail_location configuration as a + fall-back anymore to determine a default location for storing Sieve scripts. + It always uses the sieve_dir setting, with default value ~/sieve. + * The Pigeonhole ManageSieve service now binds to TCP port 4190 by default due + to the IANA port assignment for the ManageSieve service. When upgrading from + v1.x, this should be taken into account. For a smooth transition, the service + can be configured manually to listen on both port 2000 and port 4190, as + demonstrated in the example above. + * The Dovecot configuration now calls the ManageSieve protocol 'sieve' instead + of 'managesieve' because it is registered as such with IANA. The binaries and + the services are still called 'managesieve' and 'managesieve-login'. The + example above demonstrates how this affects the configuration. + +Test Suite +========== + +This package includes a test suite to verify the basic processing of the Sieve +interpreter on your particular platform. Note that the test suite is not +available when this package is compiled against the Dovecot headers only. The +test suite executes a list of test cases and halts when one of them fails. If it +executes all test cases successfully, the test suite finishes. You can execute +the basic test suite using `make test`, which does not include the plugins. You +can test the plugins using `make test-plugins`. + +A failing test case is always a bug and a report is greatly appreciated. + + |