How to use Dovecot LMTP and Pigeonhole Sieve on a Flurdy Postfix email server Debian postfix Dovecot Sieve

A step by step guide

I learned to set up and administer mail services using the two excellent guides provided by Ivar Abrahamsen and Jon Jerome, explaining in step by step tutorials how to setup postfix and dovecot as a robust and secure mail server.

After many spam-free years, one of my users reported that he was bothered by many spam messages appearing in his inbox. I decided that I need to modify the existing setup to be able to deliver incoming mails tagged as spam into a dedicated folder like Spam or Junk. On our mail server at my workplace, we use postfix and dovecot as well, including dovecot's plugin sieve for mail filtering. The adoption turned out to be painless, with just a few modifications to the existing setup.

What follows is a detailed guide for how to switch local mail delivery to Dovecot's LMTP service and mail filtering using Dovecot's Pigeonhole Sieve plugin, in a format Flurdy users may find familiar.

Author: Sven Mäder, based on the work of Ivar Abrahamsen and Jon Jerome
Dated: 2019-04-13 - Initial release.


Introductory Notes

This guide assumes you are already familiar with the Linux shell, how to use sudo, a text editor like vi (or vim). All commands shown in this guide need to be entered as the root user. It is up to you to use sudo for that or to open a root shell. I am used to log in as root, because most of the systems I manage as a sysadmin, including my Flurdy mail server, don't even have any users allowed to log in, except for root.

Like the Flurdy guide it supplements, this guide assumes your server's focus is on IMAP and not the outmoded POP3.

This guide was developed on Debian (Stretch), not Ubuntu as in the Flurdy instructions. This shouldn't make a whole lot of difference, but it's possible some configuration files may be in different places than shown here, so don't freak out.

Before you continue, you should already have a working mail server using Postfix and Dovecot up and running. Please follow the guides listed below should you not already have done that.


Return to top.

Dovecot LMTP

Dovecot LMTP configuration

Edit the following 3 configuration files to enable Dovecot LMTP mail delivery

edit /etc/dovecot/conf.d/10-master.conf

Change the lmtp service section from:

service lmtp { #unix_listener lmtp { # #mode = 0666 #} ... }

to this, providing the dovecot-lmtp socket for postfix:

service lmtp { unix_listener /var/spool/postfix/private/dovecot-lmtp { mode = 0600 user = postfix group = postfix } user = virtual group = virtual ... } edit /etc/dovecot/conf.d/auth-sql.conf.ext

Uncomment the following lines:

userdb { driver = sql args = /etc/dovecot/dovecot-sql.conf.ext } edit /etc/dovecot/dovecot-sql.conf.ext

It should already contain these lines:

driver = mysql connect = host= dbname=maildb user=maildb password=secret default_pass_scheme = CRYPT password_query = SELECT id AS user, crypt AS password, CONCAT(home,'/',maildir) AS userdb_home, \ uid AS userdb_uid, gid AS userdb_gid, CONCAT(home,'/',maildir) AS userdb_mail FROM users WHERE id='%u'

Add the following lines:

user_query = SELECT CONCAT(home,'/',maildir) AS home, uid, gid, CONCAT(home,'/',maildir) AS mail \ FROM users WHERE id = '%u'

This will prepare dovecot-lmtp to know where our user mail directories are located and provide the socket for postfix, to deliver mail via dovecot-lmtp. Now we need to tell postfix to do just that.

edit /etc/postfix/

Add the following line:

virtual_transport = lmtp:unix:private/dovecot-lmtp

Restart Dovecot and Postfix:

service dovecot restart service postfix restart

At this point it might be a good idea to test the new setup.

Return to top.

Dovecot Sieve

Dovecot Pigeonhole Sieve installation and configuration

As the next step we will install the sieve plugin:

apt-get install dovecot-sieve

Enable the sieve plugin for LMTP:

edit /etc/dovecot/conf.d/20-lmtp.conf

Add sieve to mail_plugins in the LMTP protocol section:

protocol lmtp { # Space separated list of plugins to load (default is global mail_plugins). mail_plugins = $mail_plugins sieve }

Adapt the path to the virtual mailbox directory:

edit /etc/dovecot/conf.d/90-sieve.conf

Change the sieve parameter from:

sieve = file:~/sieve;active=~/.dovecot.sieve


sieve = file:%h/sieve;active=%h/.dovecot.sieve

Create a sieve script to place all incoming spam messages into the Junk folder

mkdir /etc/dovecot/sieve edit /etc/dovecot/sieve/before.sieve # Sieve rules that are run before the user's filters. # # Messages flagged as spam are moved into the Junk folder. # The 'stop' prevents the execution of all other sieve # scripts (eg vacation auto-reply on spam messages). # require [ "fileinto", "mailbox" ]; if header :contains "X-Spam-Flag" "YES" { fileinto :create "INBOX.Junk"; stop; }

Now we need to compile the sieve script:

cd /etc/dovecot/sieve sievec before.sieve

This will create the file before.svbin.

Uncomment the sieve_before parameter in the sieve configuration and change the path to our script:

edit /etc/dovecot/conf.d/90-sieve.conf

Change the following line from:

#sieve_before = /var/lib/dovecot/sieve.d/


sieve_before = /etc/dovecot/sieve/before.sieve

Restart Dovecot:

service dovecot restart

At this point it might be a good ide to test the new setup.

Optionally, you can now disable adding ***SPAM*** to the mail subject header by modifying the amavis configuration. To do that we override the default setting from 20-debian_defaults in the the 50-user configuration.

edit /etc/amavis/conf.d/50-user

Add the following line somewhere in the middle, after the syslog_priority line:

$sa_spam_subject_tag = '';

Restart Amavis:

service amavis restart
Return to top.

Dovecot Managesieved

Dovecot Managesieved installation and configuration

As the next step we will also install managesieved and enable the sieve protocol on localhost to allow our users to create sieve rules in roundcube webmail. This assumes you have already set up roundcube as shown in the flurdy tutorial.

apt-get install dovecot-managesieved

Enable the managesieve protocol:

edit /etc/dovecot/conf.d/20-managesieve.conf

Uncomment the protocols parameter:

protocols = $protocols sieve

Uncomment the managesieve-login service section as follows, from:

#service managesieve-login { #inet_listener sieve { # port = 4190 #} ... #}


service managesieve-login { inet_listener sieve { port = 4190 address = localhost } ... }

Leave any other lines in the section commented out.

While testing, you may also add the following line to the protocol sieve section, to enable debug output in the mail log.

protocol sieve { mail_debug=yes ... }

Restart Dovecot:

service dovecot restart

When you are finished with testing, you should disable the mail_debug for optimal performance.

Enable managesieve in Roundcube

To enable managesieve in roundcube, add the managesieve plugin to the plugins array in the main roundcube configuration file.

edit /etc/roundcube/

Add or modify the plugins configuration parameter to include managesieve:

$config['plugins'] = array('managesieve');

The above assumes we did not have any other plugins enabled.

Now you should be able to create sieve filters in Roundcube. Look for the Filters section in the Roundcube Settings.

Return to top.



Testing your Dovecot setup is pretty much the same as testing Courier was in the Flurdy guide's Courier testing section. Do the check shown there, then fire up an actual email client and connect to a known good account. It helps to tail /var/log/ and /var/log/auth.log to troubleshoot any authentication problems.

For general testing procedures, see the testing section of the Flurdy guide.


Sven Mäder, lifelong Computer Enthusiast, Gamer and Linux Sysadmin. I spend my day at work trying to get all my applications running in dark mode. Otherwise you can find me underwater, diving in the Swiss lakes and rivers.

If you find an error in this guide, or have suggestions for making it better, you can contact me here.

Other Howtos

Coming soon

Return to top.