I learned to set up and administer mail services using the two excellent guides provided by Ivar Abrahamsen and Jon Jerome, explaining in step by step tutorials how to setup postfix and dovecot as a robust and secure mail server.
After many spam-free years, one of my users reported that he was bothered by many spam messages appearing in his inbox. I decided that I need to modify the existing setup to be able to deliver incoming mails tagged as spam into a dedicated folder like Spam or Junk. On our mail server at my workplace, we use postfix and dovecot as well, including dovecot's plugin sieve for mail filtering. The adoption turned out to be painless, with just a few modifications to the existing setup.
What follows is a detailed guide for how to switch local mail delivery to Dovecot's LMTP service and mail filtering using Dovecot's Pigeonhole Sieve plugin, in a format Flurdy users may find familiar.
This guide assumes you are already familiar with the Linux shell, how to use sudo, a text editor like vi (or vim). All commands shown in this guide need to be entered as the root user. It is up to you to use sudo for that or to open a root shell. I am used to log in as root, because most of the systems I manage as a sysadmin, including my Flurdy mail server, don't even have any users allowed to log in, except for root.
Like the Flurdy guide it supplements, this guide assumes your server's focus is on IMAP and not the outmoded POP3.
This guide was developed on Debian (Stretch), not Ubuntu as in the Flurdy instructions. This shouldn't make a whole lot of difference, but it's possible some configuration files may be in different places than shown here, so don't freak out.
Before you continue, you should already have a working mail server using Postfix and Dovecot up and running. Please follow the guides listed below should you not already have done that.
How to set up a mail server on a GNU / Linux system by Ivar Abrahamsen at flurdy.com
How to migrate from Courier IMAP to Dovecot IMAP on a Flurdy Postfix email server by Jon Jerome at xec.net
Optional: Roundcube webmail client by Ivar Abrahamsen at flurdy.com
Edit the following 3 configuration files to enable Dovecot LMTP mail delivery
edit /etc/dovecot/conf.d/10-master.conf
Change the lmtp service section from:
service lmtp {
#unix_listener lmtp {
# #mode = 0666
#}
...
}
to this, providing the dovecot-lmtp socket for postfix:
service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
mode = 0600
user = postfix
group = postfix
}
user = virtual
group = virtual
...
}
edit /etc/dovecot/conf.d/auth-sql.conf.ext
Uncomment the following lines:
userdb {
driver = sql
args = /etc/dovecot/dovecot-sql.conf.ext
}
edit /etc/dovecot/dovecot-sql.conf.ext
It should already contain these lines:
driver = mysql
connect = host=127.0.0.1 dbname=maildb user=maildb password=secret
default_pass_scheme = CRYPT
password_query = SELECT id AS user, crypt AS password, CONCAT(home,'/',maildir) AS userdb_home, \
uid AS userdb_uid, gid AS userdb_gid, CONCAT(home,'/',maildir) AS userdb_mail FROM users WHERE id='%u'
Add the following lines:
user_query = SELECT CONCAT(home,'/',maildir) AS home, uid, gid, CONCAT(home,'/',maildir) AS mail \
FROM users WHERE id = '%u'
This will prepare dovecot-lmtp to know where our user mail directories are located and provide the socket for postfix, to deliver mail via dovecot-lmtp. Now we need to tell postfix to do just that.
edit /etc/postfix/main.cf
Add the following line:
virtual_transport = lmtp:unix:private/dovecot-lmtp
Restart Dovecot and Postfix:
service dovecot restart
service postfix restart
At this point it might be a good idea to test the new setup.
As the next step we will install the sieve plugin:
apt-get install dovecot-sieve
Enable the sieve plugin for LMTP:
edit /etc/dovecot/conf.d/20-lmtp.conf
Add sieve to mail_plugins in the LMTP protocol section:
protocol lmtp {
# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve
}
Adapt the path to the virtual mailbox directory:
edit /etc/dovecot/conf.d/90-sieve.conf
Change the sieve parameter from:
sieve = file:~/sieve;active=~/.dovecot.sieve
to:
sieve = file:%h/sieve;active=%h/.dovecot.sieve
Create a sieve script to place all incoming spam messages into the Junk folder
mkdir /etc/dovecot/sieve
edit /etc/dovecot/sieve/before.sieve
# Sieve rules that are run before the user's filters.
#
# Messages flagged as spam are moved into the Junk folder.
# The 'stop' prevents the execution of all other sieve
# scripts (eg vacation auto-reply on spam messages).
#
require [ "fileinto", "mailbox" ];
if header :contains "X-Spam-Flag" "YES"
{
fileinto :create "INBOX.Junk";
stop;
}
Now we need to compile the sieve script:
cd /etc/dovecot/sieve
sievec before.sieve
This will create the file before.svbin.
Uncomment the sieve_before parameter in the sieve configuration and change the path to our script:
edit /etc/dovecot/conf.d/90-sieve.conf
Change the following line from:
#sieve_before = /var/lib/dovecot/sieve.d/
to:
sieve_before = /etc/dovecot/sieve/before.sieve
Restart Dovecot:
service dovecot restart
At this point it might be a good ide to test the new setup.
Optionally, you can now disable adding ***SPAM*** to the mail subject header by modifying the amavis configuration. To do that we override the default setting from 20-debian_defaults in the the 50-user configuration.
edit /etc/amavis/conf.d/50-user
Add the following line somewhere in the middle, after the syslog_priority line:
$sa_spam_subject_tag = '';
Restart Amavis:
service amavis restart
As the next step we will also install managesieved and enable the sieve protocol on localhost to allow our users to create sieve rules in roundcube webmail. This assumes you have already set up roundcube as shown in the flurdy tutorial.
apt-get install dovecot-managesieved
Enable the managesieve protocol:
edit /etc/dovecot/conf.d/20-managesieve.conf
Uncomment the protocols parameter:
protocols = $protocols sieve
Uncomment the managesieve-login service section as follows, from:
#service managesieve-login {
#inet_listener sieve {
# port = 4190
#}
...
#}
to:
service managesieve-login {
inet_listener sieve {
port = 4190
address = localhost
}
...
}
Leave any other lines in the section commented out.
While testing, you may also add the following line to the protocol sieve section, to enable debug output in the mail log.
protocol sieve {
mail_debug=yes
...
}
Restart Dovecot:
service dovecot restart
When you are finished with testing, you should disable the mail_debug for optimal performance.
To enable managesieve in roundcube, add the managesieve plugin to the plugins array in the main roundcube configuration file.
edit /etc/roundcube/main.inc.php
Add or modify the plugins configuration parameter to include managesieve:
$config['plugins'] = array('managesieve');
The above assumes we did not have any other plugins enabled.
Now you should be able to create sieve filters in Roundcube. Look for the Filters section in the Roundcube Settings.
Testing your Dovecot setup is pretty much the same as testing Courier was in the Flurdy guide's Courier testing section. Do the check shown there, then fire up an actual email client and connect to a known good account. It helps to tail /var/log/mail.info and /var/log/auth.log to troubleshoot any authentication problems.
For general testing procedures, see the testing section of the Flurdy guide.
Sven Mäder, lifelong Computer Enthusiast, Gamer and Linux Sysadmin. I spend my day at work trying to get all my applications running in dark mode. Otherwise you can find me underwater, diving in the Swiss lakes and rivers.
If you find an error in this guide, or have suggestions for making it better, you can contact me here.
Coming soon