Sieve

=---------

Mailserver With Postfix, Dovecot, And Sieve On CentOS 7

tutorial will show you how to get a simple mailserver on CentOS 7, with Postfix as MTA, Dovecot as MDA and Sieve for sorting mail - all over an encrypted connection for improved security.

In order to configure everything, you will first need to install these packages:

yum install postfix dovecot dovecot-pigeonhole mailx

The first configuration step is done in /etc/dovecot/conf.d/15-lda.conf, by adding a postmaster address. This allows people to contact you in case of a failure.

We will also be allowing auto-creation of folders and auto-subscription of said folders to avoid an inconsistent state between your mail client and the server:

postmaster_address = yourname@yourdomain.tld lda_mailbox_autocreate = yes lda_mailbox_autosubscribe = yes

The next step is to assign the correct path for your users' mailboxes in /etc/dovecot/conf.d/10-mail.conf:

mail_location = maildir:~/Maildir

Make sure that there is only one mention of "mail_location" in the file to avoid problems. The last step for ensuring basic functionality is to tell Postfix to deliver the mails via Dovecot. Add the following line to /etc/postfix/main.cf:

mailbox_command = /usr/libexec/dovecot/deliver

Restart both services and you can send the first test mail:

systemctl restart postfix systemctl restart dovecot

Since it is considered rude to use the root-account for mailing, you should create a separate user for your mailing needs:

useradd -m youruser  passwd youruser

Now, you can test the mail functionality with the following command:

echo "TEST" | mail -s "testmail" youruser@localhost && tail -f /var/log/maillog

If your log files contain a line similar to the following one (The last part is the important) ..

postfix/local[27114]: 3F63C5B71: to=<youruser@localhost>, orig_to=<youruser@localhost>, relay=local, delay=0.01, delays=0/0/0/0.01, dsn=2.0.0, status=sent (delivered to command: /usr/libexec/dovecot/deliver)

.. then everything is working properly.

At this point, there are two important things missing - encryption and mail sorting.

The first can be configured, for Dovecot, in /etc/dovecot/conf.d/10-ssl.conf, assuming you already have a certificate at hand:

ssl = require ssl_cert = </path/to/your/certificate ssl_key = </path/to/your/key

For sieve to work, edit the protocol section in /etc/dovecot/conf.d/15-lda.conf to look like this:

protocol lda {   mail_plugins = $mail_plugins sieve }

Restart the service:

systemctl restart dovecot

And that's it. You can now log in via IMAP or POP3 in a secure way, send transport encrypted mails, and write filters with Sieve.

It is also important to allow the IMAP, SMTP, and POP3 ports in firewalld as follows

firewall-cmd --permanent --add-service=smtp firewall-cmd --permanent --add-service=pop3 firewall-cmd --permanent --add-service=imap firewall-cmd --permanent --add-service=smtps firewall-cmd --permanent --add-service=pop3s firewall-cmd --permanent --add-service=imaps firewall-cmd --reload

--------------------------X-----------------------------------------------------

• • postfix : 2.9.6

  • dovecot with sieve embedded : 2.1.7

Use dovecot as LDA

Modify /etc/postfix/main.cf file to change mailbox_command to dovecot deliver

mailbox_command=/usr/lib/dovecot/deliver

Configure dovecot to enable sieve

The first step is to configure where sieve should be reading the rules configuration files. This is done by modifying /etc/dovecot/conf.d/90-sieve.conf and adapting sieve_default location.

The result is that the behavior will be the same for all users for which a local mail delivery is made. If your MTA is configured to redirect emails to external mailboxes then the spams emails won't be moved to a junk folder.

sieve_default = /etc/dovecot/default.sieve

Enable dovecot user to read the file :

chgrp dovecot /etc/dovecot/conf.d/90-sieve.conf

Next step is to enable sieve plugin for LDA (local delivery agent) in /etc/dovecot/conf.d/15-lda.conf declare sieve as a plugin :

mail_plugins = sieve

Now how can sieve move spams to 'Junk' folders ? This is done by configuring the /etc/dovecot/default.sieve file with this content :

require ["fileinto"];

# Move spam to Junk

folderif header :contains "X-spam-flag" ["YES"] {

  fileinto "Spam";

  stop;

}

This file must be binary compiled by sieve compiler

cd /etc/dovecot

sievec default.sieve

A new file default.svbin is created and it must be readable by dovecot user

chgrp dovecot /etc/dovecot/default.svbin

There are some permission problems with /var/mail/<<user>> INBOX with dovecot on Debian. The email can be delivered directly to ~/Maildir with a configuration of /etc/dovecot/10-mail.conf. 

#mail_location = mbox:~/mail:INBOX=/var/mail/%u

mail_location = maildir:~/Maildir

You can now restart dovecot and test a specially crafted spam email ;)

service dovecot restart

mail -s "Product for you" an-account-existing@your-server.tld

---------