This documentation is for Dovecot v1.x, see wiki2 for v2.x documentation.

Dovecot Sieve plugin


The Dovecot Sieve plugin provides mail filtering facilities at time of final message delivery using the Sieve (RFC 5228) language. By writing Sieve scripts, users can customize how messages are delivered, e.g. whether they are forwarded or stored in special folders. The Sieve language is meant to be simple, extensible and system independent. And, unlike most other mail filtering script languages, it does not allow users to execute arbitrary programs. This is particularly useful to prevent virtual users from having full access to the mail store. The intention of the language is to make it impossible for users to do anything more complex (and dangerous) than write simple mail filters.

The bottom of this page provides a few specific Sieve script examples. See Sieve wiki for more comprehensive information about the Sieve language itself.

Installation and configuration

Sieve is implemented as a plugin to deliver. Currently, two concurrent implementations of the Sieve plugin are available. See their pages for specific instructions:


Both Sieve implementations support various extensions to the Sieve language. You can find more information about the extensions from the Sieve Mail Filtering Language Charter or the wiki page.

Note that Sieve doesn't support running external programs.

The supported Sieve features are:

Note that the CMU Sieve plugin implements an older specification of the enotify extension which was called notify. Something similar is true for the imap4flags extension, which was known as imapflags for CMU Sieve. For backwards compatibility, Dovecot Sieve plugin also supports the old imapflags extension. The most valuable extension that the new Sieve implementation adds to the list is the variables extension. As the name implies, this adds support for variables to the language.

ManageSieve server

To give users the ability to upload their own Sieve scripts to your server, i.e. without the need for shell or FTP access, you can use the ManageSieve protocol. Two alternatives are available for Dovecot:

Validate your script

Use the following page to validate your sieve rules:

Mailbox names with fileinto

With Dovecot v1.1+ you need to give mailbox names to fileinto commands the same way as IMAP clients see them. For example if you want to deliver mail to "Customers" mailbox which exists under "Work" mailbox:

Dovecot v1.0's deliver doesn't support namespaces, so if you have a namespace prefix you must not add it to fileinto and you must use the default separator. This also means that delivering mails to multiple namespaces isn't possible with v1.0.

Vacation auto-reply

Vacation uses envelope sender and envelope recipient. They're taken from:

The vacation replies are sent to the envelope sender.

List of autoreplied senders is stored in .dovecot.lda-dupes file in user's home directory. When you're testing the vacation feature, it's easy to forget that the reply is sent only once in the number of configured days. If you've problems getting the vacation reply, try deleting this file. If that didn't help, make sure the problem isn't related to sending mails in general by trying the "reject" Sieve command.

The automatic replies aren't sent if any of the following is true:

A bare username without a domain gets canonicalised by the libsieve code to "<username>@unspecified-domain", which means it is highly unlikely to pass the last two tests in the list above.

Example scripts

Below are some simple Sieve code examples, more can be found from and

SpamAssassin/Amavis tagged mail filtering

Redirect !SpamAssassin/Amavis tagged mails into mail folder "INBOX.junk":

require "fileinto";
  if exists "X-Spam-Flag" {
          if header :contains "X-Spam-Flag" "NO" {
          } else {
          fileinto "INBOX.junk";

Discard SpamAssassin tagged mails:

  if exists "X-Spam-Flag" {
          if header :contains "X-Spam-Flag" "NO" {
          } else {

Plus Addressed mail filtering

This is useful when you don't want just any +tag to create a directory, but you want to use tagged addresses such as with amavisd-new. This example would place email addressed to into user's Spam folder.

require ["fileinto", "envelope", "subaddress"];
if envelope :detail "to" "spam"{
  fileinto "Spam";

To work with Postfix, this requires that the envelope "to" still contains the full address, so pass it with the -a flag.

dovecot unix    -       n       n       -       -      pipe
  flags=DRhu user=mail:mail argv=/usr/local/libexec/dovecot/deliver
  -f ${sender} -d ${user}@${nexthop} -a ${recipient}


mailbox_command = /usr/lib/dovecot/deliver -a "$RECIPIENT"

Mail filtering by various headers

Use if/elsif/else to store messages into various folders/subfolders:

Forward mails with "order" or "buy" in their subject to another address:

Message-ID and recipient of forwarded message are stored in a .dovecot.lda-dupes at users home directory to prevent mail loops.

Flagging or Highlighting your mail

Some mail readers use these flags:

# CMUsieve
require "imapflags";
# dovecot 1.2
# require "imap4flags";
require "regex";
if anyof (exists "X-Cron-Env",
          header :regex    ["subject"] [".* security run output",
                                        ".* monthly run output",
                                        ".* daily run output",
                                        ".* weekly run output"]) {
  addflag "$label1"; # ie 'Important'/red label within Thunderbird

# Other flags:
# addflag "$label1";  # Important: #ff0000 => red
# addflag "$label2";  # Work:      #ff9900 => orange
# addflag "$label3";  # personal:  #009900 => green
# addflag "$label4";  # todo:      #3333ff => blue
# addflag "$label5";  # later:     #993399 => violet

Local copy of your emails:

if address ["Return-Path"] [""]
   setflag "\\seen";

Useful, when you want sieve to manage your incoming and outgoing email (you must ask your mail reader to Bcc your mail to your dovecot in this case).

More flags fun can be found here:

Vacation auto-reply

require ["fileinto", "vacation"];
# Move spam to spam folder
if header :contains "X-Spam-Flag" "YES" {
  fileinto "spam";
  # Stop here so that we do not reply on spams
  # Reply at most once a day to a same sender
  :days 1
  :subject "Out of office reply"
  # List of additional recipient addresses which are included in the auto replying.
  # If a mail's recipient is not the envelope recipient and it's not on this list,
  # no vacation reply is sent for it.
  :addresses ["j.doe@company.dom", "john.doe@company.dom"]
"I'm out of office, please contact Joan Doe instead.
Best regards
John Doe";

Include scripts

With v1.1 it's possible to include other Sieve scripts in your script:

require ["include"];
include :global "global-spam";
include :personal "my-own-spam";

The lookup directories can be specified with:

plugin {
  # Directory for :personal include scripts. The default is to use home directory.
  sieve_dir = %h/sieve

  # Directory for :global include scripts (not to be confused with sieve_global_path).
  # If unset, the include fails.
  sieve_global_dir = /etc/dovecot/sieve/

With v1.1 sieve_dir should match the sieve_storage setting in the protocol managesieve section. ManageSieve v1.2+ uses sieve_dir directly.

Both sieve_dir and sieve_global_dir may also be overridden by userdb extra fields.

It's not currently possible to use subdirectories for the scripts. Having a '/' character in the script name always fails the include. This is just an extra check to avoid potential problems with including scripts within mail directories.

Also the included file must end with .sieve, e.g. using include ["foo"] would actually access foo.sieve.

French Howtoôté_serveur

Migration from Procmail

There exists a script which attempts to translate simple Procmail rules into Sieve rules: ( mirror)

Here's the original post announcing it:

None: LDA/Sieve (last edited 2013-06-18 22:38:46 by cpe-72-182-66-138)