MANAGESIEVE implementation for Dovecot (1.2)

Compile
-------

Refer to INSTALL file.
 
Configure
---------

IMPORTANT: 
    If you have used the Sieve plugin before and you have .dovecot.sieve files 
    in user directories, you are advised to make a backup first. Although the
    ManageSieve daemon takes care to move these files to the Sieve directory 
    before it is substituted with a symbolic link, this is not a very well 
    tested operation, meaning that there is a possibility that existing Sieve 
    scripts get lost.

Along with all other binaries that Dovecot uses, the managesieve and 
managesieve-login binaries are installed during make install. The only thing you 
need to do to activate the ManageSieve support in Dovecot is to add managesieve 
to the protocols= configuration line in your dovecot.conf. 

The ManageSieve daemon will listen on all interfaces at port 2000 by default. 
Because the implementation of the ManageSieve daemon is largely based on the 
original IMAP implementation, it is very similar in terms of configuration. 
The following settings can be configured in the 'protocol managesieve' section:

listen = *:2000
    Interface and port on which the daemon listens for incoming connections.

login_executable = /usr/libexec/dovecot/managesieve-login
    Login executable location. 

mail_executable = /usr/libexec/dovecot/managesieve
    The managesieve executable location. For examples how this could be applied,
    refer to the explanation of the mail_executable setting for IMAP. 
    
managesieve_max_line_length = 65536
    The maximum managesieve command line length in bytes. This setting is 
    directly borrowed from IMAP. But, since long command lines are very unlikely 
    with ManageSieve, changing this will not be very useful. 

managesieve_logout_format = bytes=%i/%o
    Specifies the string pattern used to compose the logout message of an
    authenticated session. The following substitutions are available:
        %i - total number of bytes read from client
        %o - total number of bytes sent to client

managesieve_implementation_string = dovecot
    To fool ManageSieve clients that are focused on CMU's timesieved you can 
    specify the IMPLEMENTATION capability that the Dovecot reports to clients 
    (e.g. 'Cyrus timsieved v2.2.13'). 

Additionally, the ManageSieve service uses the following settings from the 
plugin section of the config file. These settings are the ones used by the Sieve 
plugin.

sieve_dir = 
    This specifies the path to the directory where the uploaded scripts are 
    stored. Scripts are stored as separate files with extension '.sieve'. All 
    other files are ignored when scripts are listed by a ManageSieve client. If
    this setting remains unspecified, the mail_location setting is used as 
    explained above. The now deprecated sieve_storage setting is still accepted.

sieve = ~/.dovecot.sieve
    Specifies the location of the symbolic link pointing to the active script in
    the Sieve storage directory. If a regular file exists at this location, it is 
    moved to the sieve_dir location before the symbolic link is installed. It is 
    renamed to dovecot.orig.sieve and therefore listed as dovecot.orig by a 
    ManageSieve client. 

Scripts are stored in a special directory at the location specified by the 
sieve_dir setting. The active Sieve script is managed as a symbolic link 
pointing to the active script in the script directory. The location of this 
symlink is specified with the 'sieve' setting. The default location is 
~/.dovecot.sieve. Note that if a file starting with '.' is placed inside a 
Maildir, it will be recognized as a folder, so try to avoid that.

If no 'sieve_dir' is specified, the ManageSieve daemon expects the script 
directory to reside in the mail folder as specified by the 'mail_location' 
setting. More precisely, it is placed in the CONTROL= directory of 
'mail_location' if specified, otherwise the script directory is placed in the 
root of the mail location. In such a mail or mail control directory, scripts are 
always stored in a sub-directory called 'sieve'. Using this implicit manner to 
specify the Sieve script directory is depricated. Also note that for some mail 
storage types (e.g. mbox) the 'sieve' sub-directory is listed as a mail folder, 
so be sure to put the Sieve scripts somewhere else if you can.

A storage location specified by 'sieve_dir' is always generated automatically 
if it does not exist (as far as the system permits the user to do so; no root 
privileges are used). This is similar to the behaviour of the mail daemons. Note 
that when 'mail_location' is used to specify the script storage location, only 
the 'sieve' subdirectory is generated automatically.

The following provides an example configuration for ManageSieve in dovecot.conf. 
Only sections relevant to ManageSieve are shown. Refer to dovecot-example.conf 
in your patched Dovecot tree for a full example with comments, but don't forget 
to add managesieve to the 'protocols = ...' setting if you use it.

# Start imap, pop3 and managesieve services
protocols = imap pop3 managesieve

protocol managesieve {
  # Specify an alternative address:port the daemon must listen on
  # (default: *:2000)
  #listen = localhost:2000
}

plugin {
  sieve=~/.dovecot.sieve
  sieve_dir=~/sieve
}

Proxying
--------

Like Dovecot's imapd, the ManageSieve login daemon supports proxying to multiple
backend servers. Although the underlying code is copied from the imapd sources
for the most part, it has some ManageSieve-specifics that have not seen much
testing. 

The proxy configuration wiki page for POP3 and IMAP should apply to ManageSieve 
as well:

http://wiki.dovecot.org/PasswordDatabase/ExtraFields/Proxy

Known Issues
------------

* Although this ManageSieve server should comply with the draft specification of 
  the ManageSieve protocol, quite a few clients don't. This is particularly true 
  for the TLS support. However, now that Cyrus' Timsieved has changed its 
  behavior towards protocol compliance, all those clients will follow 
  eventually. 

  Clients known to have TLS issues:
	- Thunderbird Sieve add-on: fixed as per version 0.1.5
	- AvelSieve: patch on the wiki:	http://wiki.dovecot.org/ManageSieve
	- KMail + kio_sieve: TLS broken for old versions. This issue is fixed at 
	  least in kmail 1.9.9 / kde 3.5.9. 

  Unfortunately, there is no reliable way to provide a workaround for this
  problem. We will have to wait for the authors of these clients to make the
  proper adjustments. 
  
* Other client issues:

	- SmartSieve, WebSieve: 
	  These clients are specifically written for Cyrus timsieved and fail on 
	  multiple stages of the protocol when connected to Dovecot ManageSieve.
	    
* The current implementation of the daemon does not have quota enforcement as
  recommended in the specification. So keep in mind that malicious users could
  fill your filesystem with loads of spurious scriptfiles.
  
* The ANONYMOUS authentication mechanism is currently not supported and 
  explicitly denied. 

Contact Info
------------

Stephan Bosch <stephan at rename-it dot nl>
IRC: Freenode, #dovecot, S[r]us

Please use the Dovecot mailing list <dovecot at dovecot.org> for questions about 
this package. You can post to the list without subscribing, the mail then waits 
in a moderator queue for a while. See http://dovecot.org/mailinglists.html

