Il servizio sieve permette di creare filtri email direttamente lato server. Ciò permette un uso-servizio ottimale con le webmail e/o con il protocollo IMAP. La combinazione Dovecot-Roundcube-ISPconfig-CentOS non prevede questo servizio attivato automaticamente ed è necessario un intervento manuale. In questo howto, redatto in stile cookbook, si descrivono le personalizzazioni necessarie per attivare il servizio. Inoltre la guida può essere applicata a diversi scenari dove sia sempre impiegato Dovecot e si necessiti di un servizio sieve e managesieve. Clicca qui per scaricare l'howto in formato DOC, ODT e PDF. 1. Premessa Questa descrizione, realizzata in stile cookbook, presume la seguente situazione: ContOS 6.3 (o RedHat 6.3 derivata), Dovecot 2.0.9, Roundcube 0.8.4, ISPconfig 3.0.4.6. Dato l'impiego di ISPconfig l'autenticazione e la configurazione delle mailbox è archiviata in un DBMS MySQL. Tutte le operazioni riportate vanno fatte come utente root. I file di Roundcube sono nel path /srv/www/apps/webmail. Infine può essere utili tener presente che l'attivazione e configurazione di sieve può essere applicata in altri scenari a patto che si adotti sempre Dovecot. In questo caso sarà necessario un attento studio e approfondimento per le specifiche configurazioni richieste dalle altre parti software. 2. Obiettivi 1 / 15
Vogliamo ottenere l'abilitazione dei filtri email, lato server, gestibili direttamente dalla webmail Roundcube. Inoltre vogliamo che i filtri serverside siamo usabili da qualsiasi altro client email compliant con gli standard sieve e managesieve. Per ottenere tutto ciò sarà necessario solamente configurare Dovecot e Roundcube. 3. Setting di Dovecot L'intervento su Dovecot consiste nell'aggiornamento della configurazione e nel riavvio di Dovecot stesso. 1. Installiamo il pacchetto-plugin sieve e managesieve per Dovecot # yum install dovecot-pigeonhole 2. copiamo il file di configurazione/attivazione sieve dagli esempi della documentazione: # cp /usr/share/doc/dovecot-2.0.9/example-config/conf.d/90-sieve.conf /etc/dovecot/conf.d/ 3. editiamo il file /etc/dovecot/conf.d/15-lda.conf # vi /etc/dovecot/conf.d/15-lda.conf 4. 2 / 15
modifichiamo il contenuto come segue: LDA specific settings (also used by LMTP) # Address to use when sending rejection mails. # Default is postmaster@<your domain>. postmaster_address = postmaster@example.com # Hostname to use in various parts of sent mails, eg. in Message-Id. # Default is the system's real hostname. #hostname = # If user is over quota, return with temporary failure instead of # bouncing the mail. #quota_full_tempfail = no # Binary to use for sending mails. #sendmail_path = /usr/sbin/sendmail # Subject: header to use for rejection mails. You can use the same variables # as for rejection_reason below. #rejection_subject = Rejected: %s # Human readable error message for rejection mails. You can use variables: # %n = CRLF, %r = reason, %s = original subject, %t = recipient #rejection_reason = Your message to <%t> was automatically rejected:%n%r # Delimiter character between local-part and detail in email address. #recipient_delimiter = + # Header where the original recipient address (SMTP's RCPT TO: address) is taken # from if not available elsewhere. With dovecot-lda -a parameter overrides this. 3 / 15
# A commonly used header for this is X-Original-To. #lda_original_recipient_header = # Should saving a mail to a nonexistent mailbox automatically create it? #lda_mailbox_autocreate = no # Should automatically created mailboxes be also automatically subscribed? #lda_mailbox_autosubscribe = no protocol lda { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins 5. editare il file /etc/dovecot/conf.d/20-lmtp.conf # vi /etc/dovecot/conf.d/20-lmtp.conf 6. modifichiamo il contenuto come segue: LMTP specific settings # Support proxying to other LMTP/SMTP servers by performing passdb lookups. #lmtp_proxy = no save # When recipient address includes the detail (e.g. user+detail), try to 4 / 15
# the mail to the detail mailbox. See also recipient_delimiter and # lda_mailbox_autocreate settings. #lmtp_save_to_detail_mailbox = no protocol lmtp { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins 7. editiamo il file /etc/dovecot/conf.d/20-managesieve.conf # vi /etc/dovecot/conf.d/20-managesieve.conf 8. modifichiamo il contenuto come segue: ManageSieve specific settings # Uncomment to enable managesieve protocol: protocols = $protocols sieve # Service definitions service managesieve-login { inet_listener sieve { port = 4190 inet_listener sieve_deprecated { port = 2000 5 / 15
# Number of connections to handle before starting a new process. Typically # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0 # is faster. <doc/wiki/loginprocess.txt> #service_count = 1 # Number of processes to always keep waiting for more connections. #process_min_avail = 0 # If you set service_count=0, you probably need to grow this. vsz_limit = 64M service managesieve { # Max. number of ManageSieve processes (connections) #process_count = 1024 # Service configuration protocol sieve { # Maximum ManageSieve command line length in bytes. ManageSieve usually does # not involve overly long command lines, so this setting will not normally need # adjustment managesieve_max_line_length = 65536 # Maximum number of ManageSieve connections allowed for a user from each IP address. # NOTE: The username is compared case-sensitively. #mail_max_userip_connections = 10 # Space separated list of plugins to load (none known to be useful so far). Do NOT # try to load IMAP plugins here. #mail_plugins = 6 / 15
# MANAGESIEVE logout format string: # %i - total number of bytes read from client # %o - total number of bytes sent to client #managesieve_logout_format = bytes=%i/%o # To fool ManageSieve clients that are focused on CMU's timesieved you can specify # the IMPLEMENTATION capability that the dovecot reports to clients. # For example: 'Cyrus timsieved v2.2.13' #managesieve_implementation_string = Dovecot Pigeonhole # Explicitly specify the SIEVE and NOTIFY capability reported by the server before # login. If left unassigned these will be reported dynamically according to what # the Sieve interpreter supports by default (after login this may differ depending # on the user). #managesieve_sieve_capability = #managesieve_notify_capability = # The maximum number of compile errors that are returned to the client upon script # upload or script verification. #managesieve_max_compile_errors = 5 of # Refer to 90-sieve.conf for script quota configuration and configuration # Sieve execution limits. 9. editiamo il file /etc/dovecot/conf.d/90-sieve.conf # vi /etc/dovecot/conf.d/90-sieve.conf 10. 7 / 15
modifichiamo il contenuto come segue: Settings for the Sieve interpreter # Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf # by adding it to the respective mail_plugins= settings. plugin { # The path to the user's main active script. sieve = ~/.dovecot.sieve # A path to a global sieve script file, which gets executed ONLY # if user's private Sieve script doesn't exist. Be sure to # pre-compile this script manually using the sievec command line # tool. #sieve_global_path = /var/lib/dovecot/sieve/default.sieve # Directory for :personal include scripts for the include extension. sieve_dir = ~/sieve # Directory for :global include scripts for the include extension. #sieve_global_dir = # Which Sieve language extensions are available to users. By default, # all supported extensions are available, except for deprecated # extensions or those that are still under development. Some system # administrators may want to disable certain Sieve extensions or # enable those that are not available by default. This setting can # use '+' and '-' to specify differences relative to the default. # For example `sieve_extensions = +imapflags' will enable the # deprecated imapflags extension in addition to all extensions # enabled by default. sieve_extensions = +notify +imapflags # The separator that is expected between the :user and :detail 8 / 15
# address parts introduced by the subaddress extension. This may # also be a sequence of characters (e.g. '--'). The current # implementation looks for the separator from the left of the # localpart and uses the first one encountered. The :user part is # left of the separator and the :detail part is right. This setting # is also used by Dovecot's LMTP service. #recipient_delimiter = + # The maximum size of a Sieve script. The compiler will refuse to # compile any script larger than this limit. sieve_max_script_size = 1M single during have. occupy. # The maximum number of actions that can be performed during a # script execution. #sieve_max_actions = 32 # The maximum number of redirect actions that can be performed # a single script execution. #sieve_max_redirects = 4 # The maximum number of personal Sieve scripts a single user can # (Currently only relevant for ManageSieve) #sieve_quota_max_scripts = 0 # The maximum amount of disk storage a single user's scripts may # (Currently only relevant for ManageSieve) #sieve_quota_max_storage = 0 11. editiamo il file /etc/dovecot/dovecot.conf 9 / 15
# vi /etc/dovecot/dovecot.conf 12. aggiungiamo, in coda al file, la seguente riga...!include conf.d/*.conf 13. riavviamo Dovecot # service dovecot restart Da ora il servizio sieve e managesieve è attivo. Per verificare la corretta configurazione di Dovecot riportiamo qui di seguito il dump della configurazione ottenuto con l'istruzione doveconf -n # 2.0.9: /etc/dovecot/dovecot.conf # OS: Linux 2.6.32-279.14.1.el6.x86_64 x86_64 CentOS release 6.3 (Final) disable_plaintext_auth = no log_timestamp = "%Y-%m-%d %H:%M:%S " mail_privileged_group = vmail managesieve_notify_capability = mailto managesieve_sieve_capability = fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date imapflags notify mbox_write_locks = fcntl passdb { 10 / 15
args = /etc/dovecot-sql.conf driver = sql passdb { driver = pam plugin { quota = dict:user::file:/var/vmail/%d/%n/.quotausage sieve = ~/.dovecot.sieve sieve_dir = ~/sieve sieve_extensions = +notify +imapflags sieve_max_script_size = 1M postmaster_address = postmaster@example.com protocols = imap pop3 sieve service auth { unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix unix_listener auth-userdb { group = vmail mode = 0600 user = vmail user = root service managesieve-login { inet_listener sieve { port = 4190 inet_listener sieve_deprecated { port = 2000 vsz_limit = 64 M ssl_cert = </etc/pki/dovecot/certs/dovecot.pem ssl_key = </etc/pki/dovecot/private/dovecot.pem userdb { args = /etc/dovecot-sql.conf driver = sql userdb { driver = passwd 11 / 15
protocol imap { mail_plugins = quota imap_quota protocol pop3 { mail_plugins = quota pop3_uidl_format = %08Xu%08Xv protocol lda { mail_plugins = sieve quota protocol lmtp { mail_plugins = protocol sieve { managesieve_max_line_length = 65536 4. Setting di Roundcube Roundcube, nell'installazione di default, integra il plugin per gestire i filtri sieve, ma non è attivo. Procediamo ad attivare questo plugin. Approfittiamo dell'intervento per attivare anche qualche altro plugin utile, ma opzionale. 2. Apriamo un terminale sul server, sempre come utenti root 3. posizioniamoci nella directory dove è installato Roundcube # cd /srv/www/apps/webmail 4. creiamo il file file di configurazione del plugin partendo dal file di esempio embedded 12 / 15
# cp -p plugins/managesieve/config.inc.php.dist plugins/managesieve/config.inc.php 5. apriamo l'editing del file plugins/managesieve/config.inc.php # vi plugins/managesieve/config.inc.php 6. assicuriamoci che non sia commentata la seguente riga... $rcmail_config['managesieve_port'] = 2000;... 7. attiviamo ora il caricamento del plugin. Apriamo l'editing del file config/main.inc.php # vi config/main.inc.php 8. aggiorniamo la seguente riga come riportato qui di seguito... $rcmail_config['plugins'] = array('managesieve');... 13 / 15
A questo punto il supporto managesieve è attivo in Roundcube. Possiamo approfittare dell'intervento per attivare alcuni altri plugin di Roundcube: 2. apriamo l'editing del file config/main.inc.php # vi config/main.inc.php 3. aggiorniamo la seguente riga come riportato qui di seguito $rcmail_config['plugins'] = array('managesieve', 'acl', 'vcard_attachments', 'emoticons', 'password', 'show_additional_headers', 'userinfo', 'subscriptions_option'); 5. Conclusione La trattazione è essenziale e segue l'idea di offrire un cookbook. Pertanto volutamente si tralasciano approfondimenti, spiegazione e si rimette allo studio personale. 6. Webgrafia [How-To] Exim + Dovecot + Sieve + Roundcube + ManageSieve, 14 / 15
http://forum.directadmin.com/showthread.php?t=43332&page=1 [Workaround.org] Roundcube and Managesieve Plugin HOWTO, http://workaround.org/pipermail/workaround-chitchat/2010-june/002055.html A Protocol for Remotely Managing Sieve Scripts, http://tools.ietf.org/html/rfc5804 Dovecot ManageSieve Server, http://wiki.dovecot.org/managesieve Error Invalid sieve credentials, https://forum.open-xchange.com/showthread.php?5590-error-invalid-sieve-credentials ISPConfig 3 + Dovecot + Squirrelmail + Sieve, http://www.howtoforge.com/forums/archive/index.php/t-45810.html Roundcube - open source webmail software, http://www.roundcube.net/ Sieve: A Mail Filtering Language, http://www.ietf.org/rfc/rfc3028.txt?number=3028 Sieve. A Mail Filtering Language, https://www.fastmail.fm/docs/sieve/ sieve.info, http://sieve.info/ 15 / 15