ManageSieve
by BenV on Dec.08, 2009, under Software
Time to continue our adventure into Sieve land from yesterday.
Yesterday the result was that Sieve scripts could be put in place by the system administrator and they work. Needless to say that’s cumbersome and we want users to handle it themselves.
To avoid all possible issues with opening up FTP / DAV / whatever, the clowns at Dovecot and the ietf have decided to create a new protocol for it. Currently still a draft, but it will be an official protocol called ManageSieve.
For Dovecot 1.2 it is still required to patch dovecot and then install the managesieve service. Feeling adventurous I’m going for the bleeding edge version again 😉
First the patch:
root@black:/usr/src/dovecot-sieve$ hg clone http://hg.rename-it.nl/dovecot-1.2-managesieve-patch/ dovecot-1.2-managesieve-patch-hg
*leech leech*
# Next we create a copy of our installed dovecot that we can mess with
root@black:/usr/src/dovecot-sieve$ cd .. ; cp -ax dovecot-1.2.8 dovecot-1.2.8-patched
root@black:/usr/src$ cd dovecot-1.2.8-patched
# Apply the patch
root@black:/usr/src/dovecot-1.2.8-patched$ patch -p1 < ../dovecot-sieve/dovecot-1.2-managesieve-patch-hg/managesieve.patch
patching file README.managesieve
patching file dovecot-example.conf
patching file src/master/child-process.c
patching file src/master/child-process.h
patching file src/master/listener.c
patching file src/master/login-process.c
patching file src/master/mail-process.c
patching file src/master/main.c
patching file src/master/master-settings-defs.c
patching file src/master/master-settings.c
Hunk #8 succeeded at 1066 (offset 8 lines).
Hunk #10 succeeded at 1372 (offset 8 lines).
Hunk #12 succeeded at 1397 (offset 8 lines).
Hunk #14 succeeded at 1470 (offset 8 lines).
Hunk #16 succeeded at 1605 (offset 8 lines).
Hunk #18 succeeded at 1654 (offset 8 lines).
Hunk #20 succeeded at 1696 (offset 8 lines).
Hunk #22 succeeded at 1958 (offset 8 lines).
patching file src/master/master-settings.h
# Seems like it applied cleanly. Let's recompile it! (pick your own configure string here)
root@black:/usr/src/dovecot-1.2.8-patched$ ./configure --prefix=/usr --with-vpopmail --with-zlib --with-bzlib --without-passwd --without-passwd-file --without-shadow --without-pam --without-checkpassword --without-bsdauth --without-ldap --without-sia --without-static-userdb --without-prefetch-userdb --without-sql --without-pgsql --without-mysql --without-sqlite --without-nss
* heaps of configure output *
# Clean up stuff from the old build, we want a clean build
root@black:/usr/src/dovecot-1.2.8-patched$ make clean
root@black:/usr/src/dovecot-1.2.8-patched$ make
# Drink a cup of coffee, this could take a while
root@black:/usr/src/dovecot-1.2.8-patched$ mkdir /tmp/pkg ; make DESTDIR=/tmp/pkg install ; cd /tmp/pkg ; makepkg /usr/src/packages/dovecot-1.2.8-managesieve-i386-1.tgz
After upgrading to the new dovecot package we still have to put the managesieve service into place. Which we have to build first.
root@black:~$ cd /usr/src/dovecot-sieve
root@black:/usr/src/dovecot-sieve$ hg clone http://hg.rename-it.nl/dovecot-1.2-managesieve/ dovecot-1.2-managesieve-hg
# Leech leech
root@black:/usr/src/dovecot-sieve$ cd dovecot-1.2-managesieve-hg ; ./autogen.sh
root@black:/usr/src/dovecot-sieve/dovecot-1.2-managesieve-hg$ ./configure --prefix=/usr --with-dovecot=/usr/src/dovecot-1.2.8-patched --with-dovecot-sieve=/usr/src/dovecot-sieve/dovecot-1.2-sieve-hg
# Now to compile it
root@black:/usr/src/dovecot-sieve/dovecot-1.2-managesieve-hg$ make && mkdir pkg && make DESTDIR=`pwd`/pkg install
# And create a package
root@black:/usr/src/dovecot-sieve/dovecot-1.2-managesieve-hg$ cd pkg ; makepkg /usr/src/packages/dovecot-1.2-managesieve-i386-1.tgz
Install the package and we're almost done. All that's left now is some configuration and kicking of services.
As described here the biggest thing we need to do is add managesieve to the protocols line in /etc/dovecot.conf. Like this:
protocols = imap imaps pop3 pop3s managesieve
By default this will steal port 2000 for incoming managesieve connections, but you can change that and a few other things in the dovecot.conf file if you like. Just add a section like this:
##
## ManageSieve settings
##
protocol managesieve {
# listen = *:2000
# login_executable = /usr/libexec/dovecot/managesieve-login
# mail_executable = /usr/libexec/dovecot/managesieve
# managesieve_max_line_length = 65536
managesieve_logout_format = bytes ( in=%i : out=%o )
# managesieve_implementation_string = dovecot
}
And obviously you need to uncomment and change whatever you want to have broken ;). I decided to stick to the defaults except for the log string.
After these changes give a good hard kick to your dovecot daemon (since the binary changed with the patch I'm sure a HUP won't cut it) and see what happens.
Don't forget to open up the managesieve port (2000 by default) in your firewall!
Let's see if it works:
root@black:~$ telnet localhost 2000
Trying 127.0.0.1...
Connected to localhost.
Escape character is '^]'.
"IMPLEMENTATION" "dovecot"
"SIEVE" "comparator-i;octet comparator-i;ascii-casemap fileinto reject envelope encoded-character vacation subaddress comparator-i;ascii-numeric relational regex imap4flags copy include variables body enotify environment mailbox date"
"SASL" "PLAIN"
"STARTTLS"
"NOTIFY" "mailto"
"VERSION" "1.0"
OK "Dovecot ready."
Looks good! Time to let users have some fun with molesting their stuff through Sieve 🙂
A quick test with the thunderbird sieve addon:
Note that it required me to set the TLS to 'Strict RFC style handshake' on the Sieve Options Compatibility page, otherwise it wouldn't login.
We can even molest our scripts with syntax checking, how nice:
And underwater our log shows this:
managesieve-login: Info: Login: user=, method=PLAIN, rip=43.121.244.637, lip=280.649.21.50, TLS
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: Effective uid=89, gid=89, home=/home/vpopmail/domains/benv.junerules.com/benv
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: sieve-storage: using active sieve script path: /home/vpopmail/domains/benv.junerules.com/benv/.sieve/dovecot.sieve
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: sieve-storage: using sieve script storage directory: /home/vpopmail/domains/benv.junerules.com/benv/.sieve
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: sieve-storage: relative path to sieve storage in active link:
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Warning: sieve-storage: Active sieve script symlink /home/vpopmail/domains/benv.junerules.com/benv/.sieve/dovecot.sieve is
no symlink.
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: sieve-storage: Moved active sieve script file '/home/vpopmail/domains/benv.junerules.com/benv/.sieve/dovecot.sieve'
to script storage as '/home/vpopmail/domains/benv.junerules.com/benv/.sieve/dovecot.orig.sieve'
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: sieve-storage: nothing to rescue /home/vpopmail/domains/benv.junerules.com/benv/.sieve/dovecot.sieve.
MANAGESIEVE(benv-jemoeder@benv.junerules.com): Info: Disconnected: Logged out bytes ( in=746 : out=1068 )
Works like a charm. And yeah, those warnings can be ignored, they're there because of my meddling with scripts yesterday. How should I know it had to be a symlink :-p
(after this session it was indeed a symlink, hitting the 'active' button made it so).