diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index f29495c005f1cb70825624a36da61d09fc6214b0..d4f36021ef42c36bc00492517ddd9b92802a4acc 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -20,6 +20,8 @@
- { src: 'templates/conf.d/10-mail.conf.j2', dest: '/etc/dovecot/conf.d/10-mail.conf' }
- { src: 'templates/conf.d/10-master.conf.j2', dest: '/etc/dovecot/conf.d/10-master.conf' }
- { src: 'templates/conf.d/10-ssl.conf.j2', dest: '/etc/dovecot/conf.d/10-ssl.conf' }
+ - { src: 'templates/conf.d/20-managesieve.conf.j2', dest: '/etc/dovecot/conf.d/10-managesieve.conf' }
+ - { src: 'templates/conf.d/90-sieve.conf.j2', dest: '/etc/dovecot/conf.d/90-sieve.conf' }
- { src: 'templates/conf.d/auth-passwdfile.conf.ext.j2', dest: '/etc/dovecot/conf.d/auth-passwdfile.conf.ext' }
notify:
- restart dovecot
diff --git a/dovecot/templates/conf.d/20-managesieve.conf.j2 b/dovecot/templates/conf.d/20-managesieve.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..d549e70ec9a623839277c5f7bc4d2efe16dd9104
--- /dev/null
+++ b/dovecot/templates/conf.d/20-managesieve.conf.j2
@@ -0,0 +1,76 @@
+##
+## ManageSieve specific settings
+##
+
+# Uncomment to enable managesieve protocol:
+protocols = $protocols sieve
+
+# Service definitions
+
+service managesieve-login {
+ inet_listener sieve {
+ port = 4190
+ }
+
+ #inet_listener sieve_deprecated {
+ # port = 2000
+ #}
+
+ # Number of connections to handle before starting a new process. Typically
+ # the only useful values are 0 (unlimited) or 1. 1 is more secure, but 0
+ # is faster. <doc/wiki/LoginProcess.txt>
+ #service_count = 1
+
+ # Number of processes to always keep waiting for more connections.
+ #process_min_avail = 0
+
+ # If you set service_count=0, you probably need to grow this.
+ #vsz_limit = 64M
+}
+
+service managesieve {
+ # Max. number of ManageSieve processes (connections)
+ process_limit = 1024
+}
+
+# Service configuration
+
+protocol sieve {
+ # Maximum ManageSieve command line length in bytes. ManageSieve usually does
+ # not involve overly long command lines, so this setting will not normally
+ # need adjustment
+ #managesieve_max_line_length = 65536
+
+ # Maximum number of ManageSieve connections allowed for a user from each IP
+ # address.
+ # NOTE: The username is compared case-sensitively.
+ #mail_max_userip_connections = 10
+
+ # Space separated list of plugins to load (none known to be useful so far).
+ # Do NOT try to load IMAP plugins here.
+ #mail_plugins =
+
+ # MANAGESIEVE logout format string:
+ # %i - total number of bytes read from client
+ # %o - total number of bytes sent to client
+ #managesieve_logout_format = bytes=%i/%o
+
+ # To fool ManageSieve clients that are focused on CMU's timesieved you can
+ # specify the IMPLEMENTATION capability that Dovecot reports to clients.
+ # For example: 'Cyrus timsieved v2.2.13'
+ managesieve_implementation_string = Dovecot Pigeonhole
+
+ # Explicitly specify the SIEVE and NOTIFY capability reported by the server
+ # before login. If left unassigned these will be reported dynamically
+ # according to what the Sieve interpreter supports by default (after login
+ # this may differ depending on the user).
+ #managesieve_sieve_capability =
+ #managesieve_notify_capability =
+
+ # The maximum number of compile errors that are returned to the client upon
+ # script upload or script verification.
+ #managesieve_max_compile_errors = 5
+
+ # Refer to 90-sieve.conf for script quota configuration and configuration of
+ # Sieve execution limits.
+}
diff --git a/dovecot/templates/conf.d/90-sieve.conf.j2 b/dovecot/templates/conf.d/90-sieve.conf.j2
new file mode 100644
index 0000000000000000000000000000000000000000..ca494b065ecc3ba50e63bf72d78004850a280c65
--- /dev/null
+++ b/dovecot/templates/conf.d/90-sieve.conf.j2
@@ -0,0 +1,214 @@
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
+plugin {
+ # The location of the user's main Sieve script or script storage. The LDA
+ # Sieve plugin uses this to find the active script for Sieve filtering at
+ # delivery. The "include" extension uses this location for retrieving
+ # :personal" scripts. This is also where the ManageSieve service will store
+ # the user's scripts, if supported.
+ #
+ # Currently only the 'file:' location type supports ManageSieve operation.
+ # Other location types like 'dict:' and 'ldap:' can currently only
+ # be used as a read-only script source ().
+ #
+ # For the 'file:' type: use the ';active=' parameter to specify where the
+ # active script symlink is located.
+ # For other types: use the ';name=' parameter to specify the name of the
+ # default/active script.
+ sieve = file:~/sieve;active=~/.dovecot.sieve
+
+ # The default Sieve script when the user has none. This is the location of a
+ # global sieve script file, which gets executed ONLY if user's personal Sieve
+ # script doesn't exist. Be sure to pre-compile this script manually using the
+ # sievec command line tool if the binary is not stored in a global location.
+ # --> See sieve_before for executing scripts before the user's personal
+ # script.
+ #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+ # The name by which the default Sieve script (as configured by the
+ # sieve_default setting) is visible to the user through ManageSieve.
+ #sieve_default_name =
+
+ # Location for ":global" include scripts as used by the "include" extension.
+ #sieve_global =
+
+ # The location of a Sieve script that is run for any message that is about to
+ # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+ # execution. This only happens when the "implicit keep" is canceled, by e.g.
+ # the "discard" action, and no actions that deliver the message are executed.
+ # This "discard script" can prevent discarding the message, by executing
+ # alternative actions. If the discard script does nothing, the message is
+ # still discarded as it would be when no discard script is configured.
+ #sieve_discard =
+
+ # Location Sieve of scripts that need to be executed before the user's
+ # personal script. If a 'file' location path points to a directory, all the
+ # Sieve scripts contained therein (with the proper `.sieve' extension) are
+ # executed. The order of execution within that directory is determined by the
+ # file names, using a normal 8bit per-character comparison.
+ #
+ # Multiple script locations can be specified by appending an increasing number
+ # to the setting name. The Sieve scripts found from these locations are added
+ # to the script execution sequence in the specified order. Reading the
+ # numbered sieve_before settings stops at the first missing setting, so no
+ # numbers may be skipped.
+ #sieve_before = /var/lib/dovecot/sieve.d/
+ #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
+ #sieve_before3 = (etc...)
+
+ # Identical to sieve_before, only the specified scripts are executed after the
+ # user's script (only when keep is still in effect!). Multiple script
+ # locations can be specified by appending an increasing number.
+ #sieve_after =
+ #sieve_after2 =
+ #sieve_after2 = (etc...)
+
+ # Which Sieve language extensions are available to users. By default, all
+ # supported extensions are available, except for deprecated extensions or
+ # those that are still under development. Some system administrators may want
+ # to disable certain Sieve extensions or enable those that are not available
+ # by default. This setting can use '+' and '-' to specify differences relative
+ # to the default. For example `sieve_extensions = +imapflags' will enable the
+ # deprecated imapflags extension in addition to all extensions were already
+ # enabled by default.
+ #sieve_extensions = +notify +imapflags
+
+ # Which Sieve language extensions are ONLY available in global scripts. This
+ # can be used to restrict the use of certain Sieve extensions to administrator
+ # control, for instance when these extensions can cause security concerns.
+ # This setting has higher precedence than the `sieve_extensions' setting
+ # (above), meaning that the extensions enabled with this setting are never
+ # available to the user's personal script no matter what is specified for the
+ # `sieve_extensions' setting. The syntax of this setting is similar to the
+ # `sieve_extensions' setting, with the difference that extensions are
+ # enabled or disabled for exclusive use in global scripts. Currently, no
+ # extensions are marked as such by default.
+ #sieve_global_extensions =
+
+ # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+ # setting, the used plugins can be specified. Check the Dovecot wiki
+ # (wiki2.dovecot.org) or the pigeonhole website
+ # (http://pigeonhole.dovecot.org) for available plugins.
+ # The sieve_extprograms plugin is included in this release.
+ #sieve_plugins =
+
+ # The separator that is expected between the :user and :detail
+ # address parts introduced by the subaddress extension. This may
+ # also be a sequence of characters (e.g. '--'). The current
+ # implementation looks for the separator from the left of the
+ # localpart and uses the first one encountered. The :user part is
+ # left of the separator and the :detail part is right. This setting
+ # is also used by Dovecot's LMTP service.
+ recipient_delimiter = +
+
+ # The maximum size of a Sieve script. The compiler will refuse to compile any
+ # script larger than this limit. If set to 0, no limit on the script size is
+ # enforced.
+ #sieve_max_script_size = 1M
+
+ # The maximum number of actions that can be performed during a single script
+ # execution. If set to 0, no limit on the total number of actions is enforced.
+ #sieve_max_actions = 32
+
+ # The maximum number of redirect actions that can be performed during a single
+ # script execution. If set to 0, no redirect actions are allowed.
+ #sieve_max_redirects = 4
+
+ # The maximum number of personal Sieve scripts a single user can have. If set
+ # to 0, no limit on the number of scripts is enforced.
+ # (Currently only relevant for ManageSieve)
+ #sieve_quota_max_scripts = 0
+
+ # The maximum amount of disk storage a single user's scripts may occupy. If
+ # set to 0, no limit on the used amount of disk storage is enforced.
+ # (Currently only relevant for ManageSieve)
+ #sieve_quota_max_storage = 0
+
+ # The primary e-mail address for the user. This is used as a default when no
+ # other appropriate address is available for sending messages. If this setting
+ # is not configured, either the postmaster or null "<>" address is used as a
+ # sender, depending on the action involved. This setting is important when
+ # there is no message envelope to extract addresses from, such as when the
+ # script is executed in IMAP.
+ #sieve_user_email =
+
+ # The path to the file where the user log is written. If not configured, a
+ # default location is used. If the main user's personal Sieve (as configured
+ # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+ # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+ #sieve_user_log =
+
+ # Specifies what envelope sender address is used for redirected messages.
+ # The following values are supported for this setting:
+ #
+ # "sender" - The sender address is used (default).
+ # "recipient" - The final recipient address is used.
+ # "orig_recipient" - The original recipient is used.
+ # "user_email" - The user's primary address is used. This is
+ # configured with the "sieve_user_email" setting. If
+ # that setting is unconfigured, "user_mail" is equal to
+ # "recipient".
+ # "postmaster" - The postmaster_address configured for the LDA.
+ # "<user@domain>" - Redirected messages are always sent from user@domain.
+ # The angle brackets are mandatory. The null "<>" address
+ # is also supported.
+ #
+ # This setting is ignored when the envelope sender is "<>". In that case the
+ # sender of the redirected message is also always "<>".
+ #sieve_redirect_envelope_from = sender
+
+ ## TRACE DEBUGGING
+ # Trace debugging provides detailed insight in the operations performed by
+ # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+ # IMAPSIEVE plugin.
+ #
+ # WARNING: On a busy server, this functionality can quickly fill up the trace
+ # directory with a lot of trace files. Enable this only temporarily and as
+ # selective as possible.
+
+ # The directory where trace files are written. Trace debugging is disabled if
+ # this setting is not configured or if the directory does not exist. If the
+ # path is relative or it starts with "~/" it is interpreted relative to the
+ # current user's home directory.
+ #sieve_trace_dir =
+
+ # The verbosity level of the trace messages. Trace debugging is disabled if
+ # this setting is not configured. Possible values are:
+ #
+ # "actions" - Only print executed action commands, like keep,
+ # fileinto, reject and redirect.
+ # "commands" - Print any executed command, excluding test commands.
+ # "tests" - Print all executed commands and performed tests.
+ # "matching" - Print all executed commands, performed tests and the
+ # values matched in those tests.
+ #sieve_trace_level =
+
+ # Enables highly verbose debugging messages that are usually only useful for
+ # developers.
+ #sieve_trace_debug = no
+
+ # Enables showing byte code addresses in the trace output, rather than only
+ # the source line numbers.
+ #sieve_trace_addresses = no
+}