User Tools

Site Tools


Filtering with Sieve

The Debian 11 Bullseye GNU/Linux installs the Dovecot mail suite version 2.3.13, including the Pigeonhole Sieve extension v0.5.13 (via the dovecot-sieve package).

The Pigeonhole Sieve Interpreter provides the pipe, filter and execute commands, where the pipe was the older one implemented (starting from v0.2). Currently the more modern execute command can be used instead of the pipe one.

The following recipes were tested into a $HOME/.dovecot.sieve file, i.e. the users's Sieve filter applied by the Dovecot Local Delivery Agent.

FIXME Document the timeout options.


Storing messages in different folder upon (envelope) sender:

require ["fileinto", "envelope"];
if envelope "from" "" {
    fileinto "FromUser1";

Discard a message by sender:

if address :is "from" "" {

Same result, but use the generic header command instead of address:

if header :contains "From" "" {


Storing messages in different folder upon destination address:

require ["fileinto"];
if address :is "to" "" {
    fileinto "ToAlias1";

Forward and keep a local copy

The redirect built-in action can be modified by the :copy tag (which is a built-in extension, but it must enabled using the require statement). The :copy tag means that the message is not completed by the redirect action; eventually the keep action will be finally executed.

require ["copy"];
# Forward the messages unconditionally and continue processing.
redirect :copy "";

Forward with From rewrite (to pass SPF check)

Rewrite the From header before forwarding, to ensure to pass the SPF checks at destination. This does not work, beacuse it rewrites only the From header, not the envelope sender (which is generally reported as Return-Path).

require ["editheader"];
deleteheader "from";
addheader "From" "user1@forwarding.domain";
redirect "user2@forward.destination.domain";

NOTICE: To use the editheader plugin you must enable it into Dovecot configuration file (in Debian edit /etc/dovecot/conf.d/90-sieve.conf), adding it into the sieve_extensions list:

plugin {
  sieve_extensions = +vnd.dovecot.filter +editheader

Pipe a message to an external program

To enable the execute Sieve command using Debian 11 you have to edit some configuration files contained into the /etc/dovecot/conf.d/ directory. Set the sieve_extension option editing the file 90-sieve.conf; in this example both the filter and execute extensions are loaded:

plugin {
   sieve_extensions = +vnd.dovecot.filter +vnd.dovecot.execute

Then you have to edit the 90-sieve-extprograms.conf configuration file and define the sieve_execute_socket_dir and sieve_execute_bin_dir options:

plugin {
  sieve_execute_socket_dir = sieve-execute
  sieve_execute_bin_dir = /usr/local/lib/dovecot/sieve-execute

Only the executables contained into sieve_execute_bin_dir can be used as execute commands in sieve scripts.

The following example is used to pipe a received message to an external program, which acts as a gateway from the mail system to the SMS mobile network. Only messages originating from some addresses and containing a properly formatted subject are piped to the external program:

require ["vnd.dovecot.execute"];
# Specially crafted messages are piped to an SMS gateway.
if allof (
    anyof (
        address :is "from" "",
        address :is "from" ""),
    header :contains "Subject" "SMS" ) {
        execute :pipe "sms-gateway";

Here the execute command is called with the :pipe tag, this causes the execution of the external program much like the older pipe command.

The execute command is not considered a final action (which “consumes” the message), so the keep action is eventually taken, saving the message into the INBOX.

doc/appunti/linux/sa/sieve_filtering_examples.txt · Last modified: 2024/07/02 09:23 by niccolo