Sieve
=---------
Mailserver With Postfix, Dovecot, And Sieve On CentOS 7
tutorial will show you how to get a simple mailserver on CentOS 7, with Postfix as MTA, Dovecot as MDA and Sieve for sorting mail - all over an encrypted connection for improved security.
In order to configure everything, you will first need to install these packages:
yum install postfix dovecot dovecot-pigeonhole mailx
The first configuration step is done in /etc/dovecot/conf.d/15-lda.conf, by adding a postmaster address. This allows people to contact you in case of a failure.
We will also be allowing auto-creation of folders and auto-subscription of said folders to avoid an inconsistent state between your mail client and the server:
postmaster_address = yourname@yourdomain.tld lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes
The next step is to assign the correct path for your users' mailboxes in /etc/dovecot/conf.d/10-mail.conf:
mail_location = maildir:~/Maildir
Make sure that there is only one mention of "mail_location" in the file to avoid problems. The last step for ensuring basic functionality is to tell Postfix to deliver the mails via Dovecot. Add the following line to /etc/postfix/main.cf:
mailbox_command = /usr/libexec/dovecot/deliver
Restart both services and you can send the first test mail:
systemctl restart postfix systemctl restart dovecot
Since it is considered rude to use the root-account for mailing, you should create a separate user for your mailing needs:
useradd -m youruser passwd youruser
Now, you can test the mail functionality with the following command:
echo "TEST" | mail -s "testmail" youruser@localhost && tail -f /var/log/maillog
If your log files contain a line similar to the following one (The last part is the important) ..
postfix/local[27114]: 3F63C5B71: to=<youruser@localhost>, orig_to=<youruser@localhost>, relay=local, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/libexec/dovecot/deliver)
.. then everything is working properly.
At this point, there are two important things missing - encryption and mail sorting.
The first can be configured, for Dovecot, in /etc/dovecot/conf.d/10-ssl.conf, assuming you already have a certificate at hand:
ssl = require ssl_cert = </path/to/your/certificate ssl_key = </path/to/your/key
For sieve to work, edit the protocol section in /etc/dovecot/conf.d/15-lda.conf to look like this:
protocol lda { mail_plugins = $mail_plugins sieve }
Restart the service:
systemctl restart dovecot
And that's it. You can now log in via IMAP or POP3 in a secure way, send transport encrypted mails, and write filters with Sieve.
It is also important to allow the IMAP, SMTP, and POP3 ports in firewalld as follows
firewall-cmd --permanent --add-service=smtp firewall-cmd --permanent --add-service=pop3 firewall-cmd --permanent --add-service=imap firewall-cmd --permanent --add-service=smtps firewall-cmd --permanent --add-service=pop3s firewall-cmd --permanent --add-service=imaps firewall-cmd --reload
--------------------------X-----------------------------------------------------
postfix : 2.9.6
dovecot with sieve embedded : 2.1.7
Use dovecot as LDA
Modify /etc/postfix/main.cf file to change mailbox_command to dovecot deliver
mailbox_command=/usr/lib/dovecot/deliver
Configure dovecot to enable sieve
The first step is to configure where sieve should be reading the rules configuration files. This is done by modifying /etc/dovecot/conf.d/90-sieve.conf and adapting sieve_default location.
The result is that the behavior will be the same for all users for which a local mail delivery is made. If your MTA is configured to redirect emails to external mailboxes then the spams emails won't be moved to a junk folder.
sieve_default = /etc/dovecot/default.sieve
Enable dovecot user to read the file :
chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf
Next step is to enable sieve plugin for LDA (local delivery agent) in /etc/dovecot/conf.d/15-lda.conf declare sieve as a plugin :
mail_plugins = sieve
Now how can sieve move spams to 'Junk' folders ? This is done by configuring the /etc/dovecot/default.sieve file with this content :
require ["fileinto"];
# Move spam to Junk
folderif header :contains "X-spam-flag" ["YES"] {
fileinto "Spam";
stop;
}
This file must be binary compiled by sieve compiler
cd /etc/dovecot
sievec default.sieve
A new file default.svbin is created and it must be readable by dovecot user
chgrp dovecot /etc/dovecot/default.svbin
There are some permission problems with /var/mail/<<user>> INBOX with dovecot on Debian. The email can be delivered directly to ~/Maildir with a configuration of /etc/dovecot/10-mail.conf.
#mail_location = mbox:~/mail:INBOX=/var/mail/%u
mail_location = maildir:~/Maildir
You can now restart dovecot and test a specially crafted spam email ;)
service dovecot restart
mail -s "Product for you" an-account-existing@your-server.tld
---------