Inhaltsverzeichnis

Mailfilterung mit SIEVE auf dem Cyrus-IMAP-Server unter CentOS 6.x

Zur Filtern von E-Mails auf IMAP-Server wurde die Programmiersprache SIEVE konzipiert - die genaue Spezifikationen erfolgten hierzu im RFC 5228. Das Hauptaugenmerk von SIEVE liegt auf Einfachheit, Erweiterbarkeit, sowie auf Unabhängigkeit von der verwendeten Zugriffsart und Architektur wie auch dem verwendeten Betriebssystem. Sieve wurde spezifiziert, um den Usern die Möglichkeit zu beiten, bereits serverseitig auf einfache Art eigene Regeln zur Filterung von E-Mails zu definieren. Sieve-Scripte werden bereits während der Zustellung der eMail am IMAP-Server ausgeführt.

Weitere Hintergrundinformationen finden man unter anderem in dem Wikipedia-Artikel zu SIEVE.

sieveshell

Mit Hilf der sieveshell, aus dem Paket cyrus-imapd-utils, kann der versierte, technisch begabte Nutzer, seine eigenen Filterregeln einspielen, verwalten und/oder löschen.

Möchte man zum Beispiel automatisch generierte Nachrichten, von sieve bereits beim Einliefern bei unserem Cyrus-IMAP-Server vorsortieren lassen, so gehen wir wie folgt vor:

Script erstellen

Mit dem Editor unserer Wahl erstellen wir uns ein einfaches Textfile, mit den entsprechenden Filterregeln. So sollen Nachrichten von der Adresse logwatch@nausch.org in den Unterordner /root/logwatch, Nachrichten, die im Betreff das Schlüsselwort „FaxMaster“ und die mit dem Schlüsselwort „PostMaster“ in den Ordner /root/FaxMaster bzw. /root/PostMaster einsortiert werden.

 $ vim eigene_Filterregel
require ["fileinto"];
if header :contains "from" ["logwatch@nausch.org"] { fileinto "INBOX/root/logwatch"; }
elsif header :contains "subject" "FaxMaster" { fileinto "INBOX/root/FaxMaster"; }
elsif header :contains "subject" "PostMaster" { fileinto "INBOX/root/PostMaster"; }
else { fileinto "INBOX"; }

Script hochladen

Damit wir unser selbst definiertes Script auch nutzen können, müssen wir es auf unseren IMAP-Server hochladen. Hierzu melden wir uns von unserem Nutzer-Login mittels cyradm an unserem IMAP-Server an. Dank unserer saslauth Konfiguration, erfolgt die Authentifizierung gegen unseren LDAP-Server und wir müssen uns kein weiteres Passwort merken.

 [django@mpl010010 ~]$ sieveshell --user=django --authname=django imap.dmz.nausch.org
connecting to imap.dmz.nausch.org
Please enter your password: 
> 

Nach dem Prompt der sieveshell können wir uns mittels des „?“ den Befehlsumfang anzeigen lassen.

> ?
Usage:
  sieveshell [-u username] [-a authname] [-r realm] <server>

help             - this screen
list             - list scripts on server
put <filename> [<target name>]
                 - upload script to server
get <name> [<filename>]
                 - get script. if no filename display to stdout
delete <name>    - delete script.
activate <name>  - set a script as the active script
deactivate       - deactivate all scripts
quit             - quit

Mittels put laden wir unser zuvor erstelle Textfile auf den Server hoch.

 > put eigene_Filterregel

Mittel List bekommen wir all unsere hinterlegten Scripte anzeigen lassen. Auf dem Server können durchwegs mehrere Scripte hinterlegt sein, aber nur eines ist aktiv!

> list
erster_Versuch 
eigene_Filterregel
smartsieve  <- active script

Mittels activate <Scriptname> aktivieren wir dann unser neues Script; ein list zeigt uns unsere Änderung entsprechend an.

> activate eigene_Filterregel
> list
erster_Versuch 
eigene_Filterregel <- active script
smartsieve

Dass diese Vorgehensweise, wie Eingangs schon erwähnt, nur für den versierten technischen Nutzer geeignet ist und den WAF1) nicht sonderlich hebt, ist selbstredent. Es muss also eine komfortablere Möglichkeit geschaffen werden. Somit sind wir beim nächsten Thema smart-sieve angelangt.

smart-sieve

SmartSieve ist eine sieve Filter-GUI bzw. Web-Basierte Management-Client. Es ist eine grafische Benutzeroberfläche zum Erstellung und zum Verwaltung von sieve-Skripten auf einem Cyrus-IMAP Mailserver. Hiermit haben auch nicht technisch versierte Nutzer unseres Cyrus-IMAP-Servers die Möglichkeit, Regeln für sieve zu erstellen um e-Mails und Abwesenheitsnachrichten, ohne Vorkenntnisse über die sieve-Script-Sprache, zu definieren und zu verändern.

SmartSieve Administration

Installation

Paketabhängigkeiten

Vor der eigentlichen Installation von SmartSive installieren wir noch drei notwendige PHP-Komponenten (php-imap, php-mcrypt, php-pecl-idn, php-pear und php-pear-Log ).

 # yum install php-imap php-mcrypt php-pecl-idn php-pear php-pear-Log -y

Download

Von der Projektseite auf SourceForge.net laden wir uns die aktuelle Version, hier weiter beschrieben smartsieve-1.0-RC2.tar.gz, herunter.

 # wget http://downloads.sourceforge.net/project/smartsieve/smartsieve/smartsieve-1.0-RC2/smartsieve-1.0-RC2.tar.gz

Installation

Im nächsten Schritt machen wir uns nun an die Installation.

  1. Als erstes entpacken wir das zuvor heruntergeladene Programmarchiv.
     # tar xvfz smartsieve-1.0-RC2.tar.gz
  2. Anschließend passen wir die User- und Gruppenberechtigungen an.
     # chown apache:apache smartsieve-1.0-rc2 -R
  3. Abschließend verschieben wir noch das Archiv an Ort und Stelle, an dem es später unser Apache-Webserver abholen wird.
     # # mv /usr/local/src/packages/smartsieve-1.0-rc2/ /var/www/smartsieve/

VHost-Definition

Für unsere Nutzer legen wir einen eigenen V-Host an, über dessen später die Userzugriffe erfolgen sollen. Mit dem Editor unserer Wahl bearbeiten wir also unsere Apache-Konfigdatei /etc/httpd/conf.d/vhosts.conf.

# vim /etc/httpd/conf.d/vhosts.conf
vhosts.conf
#
# smartsieve.nausch.org
#
<VirtualHost *:80>
        ServerAdmin webmaster@nausch.org
        ServerName smartsieve.nausch.org:80
        ServerAlias smartsieve.nausch.org *.smartsieve.nausch.org
        ServerPath /
        DocumentRoot "/var/www/smartsieve"
        <Directory "/var/www/smartsieve">
                Options FollowSymLinks
                AllowOverride AuthConfig
                Order allow,deny
                Allow from all
        </Directory>
        AddType application/x-httpd-php .php
        DirectoryIndex index.php
        ErrorLog logs/smartsieve_error.log
        CustomLog logs/smartsieve_access.log combined
</VirtualHost>

Mittels eines anschließende Reload geben wir unseren neu definierten VHost dem System bekannt.

 # service httpd restart

Konfiguration

servers.php

Im Verzeichnis ../smartsieve/conf/ befindet sich die Serverdefinition in dem PHP-Script servers.php. Diese passen wir unseren Gegebenheiten entsprechend an, so dass nur noch unser IMAP-Server aktiv ist. Den Rest löschen, bzw. kommentieren diesen einfach aus.

 # vim /var/www/smartsieve/conf/servers.php
/var/www/smartsieve/conf/servers.php
<?php
/**
 * servers.php: this file contains the configurations for 
 * the cyrus servers we can connect to. If you have set the 
 * $default->user_select_server option in conf.php to true, 
 * each of the servers below will appear in a select box on 
 * the login page. If you've set this to false, then the 
 * first entry below will be used as the default and no 
 * select box will appear on the login page.
 *
 * display: the name to be displayed in the drop-down list of 
 * servers on the login page (if $default->user_select_server 
 * is set to true in conf/conf.php).
 *
 * use_starttls: by default, SmartSieve will try to use TLS 
 * to protect the connection to the managesieve server. This will 
 * only work with PHP-5.1 and above built with OpenSSL support, 
 * and where the server supports it. Set this to false if you want
 * to disable TLS.
 *
 * imapport: port to connect to imapd; usually 143. If you
 * want to do imap-ssl set this to '993/imap/ssl', or even 
 * '143/imap/tls'. Note that if you are using a self-signed 
 * certificate on your imap server, you sould set this to 
 * '993/imap/ssl/novalidate-cert'. Also, if you have compiled 
 * the c-client libraries with ssl support and you are using 
 * php-4.1.2 or later with imap-ssl enabled, you will need to 
 * set this to '143/imap/notls' if you do not want imap-ssl.
 *
 * maildomain: If your users have email addresses of the form
 * username@yourdomain and you want to suggest this as a vacation
 * address to your users when they create a new vacation rule, set
 * this to your mail domain. Do not include the '@' character.
 * Note: you can also suggest vacation addresses to your users via
 * the get_email_addresses_hook option in config.php.
 *
 * auth_domain: You can use this option to set a domain value 
 * which will be appended to usernames to make them fully-qualified. 
 * This is useful if your server supports virtual domains but can 
 * only determine the domain from the username, and you want to save 
 * your users the trouble of typing their fully-qualified username 
 * themselves.
 *
 * $Id: servers.php,v 1.11 2007/09/25 15:12:23 stephengrier Exp $
 */
 
/* Django : 2012-03-09
 * Default-Musterbeispiele
 *  
$servers['example'] = array(
    'display' => 'My Example Server',
    'server' => '127.0.0.1',
    'sieveport' => '2000',
    'imapport' => '143/imap/notls',
    'maildomain' => 'localhost'
);
 
$servers['example2'] = array(
    'display' => 'Example2',
    'server' => 'imap.example.co.uk',
    'sieveport' => '2000',
    'imapport' => '143',
    'maildomain' => ''
);
 */
 
$servers['cyrus'] = array(
    'display' => 'Cyrus IMAP Server',
    'server' => 'imap.dmz.nausch.org',
    'sieveport' => '2000',
    'use_starttls' => false,
    'imapport' => '143/imap/notls',
    'maildomain' => 'nausch.org'
);
 
?>

config.php

Die eigentliche Konfiguration von SmartSieve erfolgt dann über die Konfigurationsdatei config.php, welche ebenfalls im Verzeichnis ../smartsieve/conf/ liegt. Auch diese bearbeiten wir mittels vi.

 # vim /usr/share/smartsieve/conf/config.php
/usr/share/smartsieve/conf/config.php
<?php
/**
 * This is the SmartSieve configuration file.
 * You should edit the global settings in this file to suit
 * your installation.
 *
 * Mail server settings can be found in conf/servers.php.
 *
 * $Id: config.php,v 1.43 2007/09/07 16:31:07 stephengrier Exp $
 */
 
/**
 * Language options.
 */
 
// Default language to use if we don't allow the users to choose.
// This must be one of the languages in conf/locales.php.
//$default->language = "en_GB";
$default->language = "de_DE";
 
// Default character set to use. This will only be used if there is no
// charset set for the selected language in conf/locales.php.
//$default->charset = "ISO-8859-1";
$default->charset = "ISO-8859-1";
 
/**
 * Login options.
 */
 
// Cyrus allows certain users to authenticate as themselves, but authorize to
// act as other users. This is called proxy authorization. Usually, only admins
// and sieve_admins can do this. The following array should contain a list of
// users who you want to see the authz box visible on the login page. Set this
// to array('all') to make it visible to all users.
//$default->proxy_authz_users = array();
$default->proxy_authz_users = array();
 
// Should we allow users to select which language they wish to view 
// SmartSieve in? If false $default->language will always be used.
//$default->user_select_lang = true;
$default->user_select_lang = false;
 
// Should we allow the user to choose from a list of servers? The list 
// itself is in servers.php. If this is false, the first entry in 
// servers.php will be used.
//$default->user_select_server = true;
$default->user_select_server = false;
 
// Should we provide a box on the login page for users to specify which 
// script to edit? This is ignored if allow_multi_scripts is false.
//$default->user_supply_scriptfile = false;
$default->user_supply_scriptfile = false;
 
/**
 * Usability options.
 */
 
// Will we allow the user to access multiple scripts?
// If true, the user will be able to create and modify multiple scripts 
// on the server. If false, the user will only be able to access the 
// script $default->scriptfile.
//$default->allow_multi_scripts = true;
$default->allow_multi_scripts = false;
 
// Default script to use on the server. This is only used if the user has no 
// existing scripts, or if $default->allow_multi_scripts is set to false. Note 
// that timsieved will add a '.script' extension to the file name on the server.
//$default->scriptfile = 'smartsieve';
$default->scriptfile = 'smartsieve';
 
// If SmartSieve does not recognise the encoding on a Sieve script, it 
// will allow the user to edit it's content in a direct edit mode. If, 
// however, you do not want users to be able to modify scripts which were 
// not created using SmartSieve or Websieve, set this to false.
//$default->allow_write_unrecognised_scripts = true;
$default->allow_write_unrecognised_scripts = true;
 
// Should we allow users to switch between GUI mode into the direct edit mode? 
// Note, this is generally a bad idea because any changes made in direct edit 
// mode will be lost if the user reverts to GUI mode.
//$default->allow_change_mode = false;
$default->allow_change_mode = false;
 
// Should we allow regular expression matching in sieve rules?
// FIXME: note, this currently doesn't work.
//$default->allow_regex = true;
$default->allow_regex = false;
 
// Should we allow users to create custom sieve rules?
// Note: existing custom rules will always be handled.
//$default->allow_custom = true;
$default->allow_custom = true;
 
// Notification methods to allow. This should be an array containing valid notify 
// methods, of which only 'mailto' and 'sms' are supported. Note, the server must 
// support the "notify" extension, and have notifyd configured to send notifications.
// The notify action is disabled by default.
//$default->notify_methods = array('mailto', 'sms');
$default->notify_methods = array('mailto', 'sms');
 
// What IMAP flags should we allow users to set via the "addflag" action? The default 
// list appears below. Setting this to an empty array will disable the addflag action.
//$default->imap_flags = array('\\\\Seen', '\\\\Deleted', '\\\\Answered', '\\\\Flagged', 'Junk', 'NotJunk', '$Label1', '$Label2', '$Label3', '$Label4', '$Label5');
 
// Should we enable the "Forward Mail" interface? This is enabled by default.
//$default->use_forward_mail_interface = true;
$default->use_forward_mail_interface = true;
 
// Should we enable the vacation interface? This is enabled by default.
//$default->use_vacation_interface = true;
$default->use_vacation_interface = true;
 
// Should we enable the "Whitelist" interface? This is enabled by default.
//$default->use_whitelist = true;
$default->use_whitelist = false;
 
// The following array provides a mechanism for specifying a site-specific 
// spam filtering policy. If your mail domain adds a particular message 
// header to mail either indicating that the message is spam, or holding 
// some sort of spam score (like those added by SpamAssissin for example) 
// you can specify those here. The user will then see a "Filter spam" menu 
// item which will link to a simple GUI asking them what they want to do 
// with such messages.
// $default->spam_filter = array('header'=>'X-Spam-Score',
//                               'matchStr'=>'^[0-9]',
//                               'matchType'=>':regex',
//                               'not'=>false);
 
/**
 * Compatibility options.
 */
 
// Websieve 0.61 included a feature which automatically used the ':matches' 
// comparator where the match string contains the special wildcard characters 
// ? or *. Versions of SmartSieve up to 1.0-RC1 maintained this feature if the 
// following option was enabled. The rule format has changed and this option
// now only affects the conversion of legacy scripts, but if you have scripts
// created by either of the above cases you can enable the following option to
// maintain the match type of legacy rules.
//$default->websieve_auto_matches = false;
$default->websieve_auto_matches = false;
 
/**
 * Site-specific options.
 */
 
// The base url for SmartSieve. If you make SmartSieve the web root,
// set this (and cookie_path) to '/'.
//$default->baseurl = '/smartsieve/';
$default->baseurl = '/';
 
// Location of include files.
//$default->include_dir = './include';
$default->include_dir = './include';
 
// Location of config files.
//$default->config_dir = './conf';
$default->config_dir = './conf';
 
// Location of language files.
//$default->lang_dir = './conf/locale';
$default->lang_dir = './conf/locale';
 
// Location of library files. Warning: don't change this.
//$default->lib_dir = './lib';
$default->lib_dir = './lib';
 
// Location of images.
//$default->image_dir = './images';
$default->image_dir = './images';
 
// What name should we use for the PHP session?
//$default->session_name = 'SmartSieve';
$default->session_name = 'SmartSieve';
 
// Cookie domain. This should be the name of the server SmartSieve is running 
// on. If the domain of your site is different to the web servcer's server name
// you should set your site's domain here. If all else fails, set this to an 
// empty string, but beware that doing so is a security risk as cookies will
// be sent to other websites as well.
//$default->cookie_domain = $_SERVER['SERVER_NAME'];
$default->cookie_domain = $_SERVER['SERVER_NAME'];
 
// Cookie path. This should be the location of SmartSieve under your web root.
// If you leave this empty, all scripts on the server will have access to the 
// cookie data. This should match the value of baseurl above.
//$default->cookie_path = '/smartsieve';
$default->cookie_path = '/';
 
// Title of each page
//$default->page_title = 'SmartSieve';
$default->page_title = 'SmartSieve';
 
// Welcome message on the login page.
//$default->login_page_heading = 'Welcome to SmartSieve';
$default->login_page_heading = 'Willkommen beim SmartSieve-Server bei nausch.org';
 
// Which page should users see following login?
//$default->initial_page = 'main.php';
$default->initial_page = 'main.php';
 
// The default number of vacation days for a new vacation action.
//$default->vacation_days = '7';
$default->vacation_days = '1';
 
// The maximum number of vacation days the user can choose from.
//$default->max_vacation_days = '30';
$default->max_vacation_days = '365';
 
// What is the maximum number of characters an input field should accept?
//$default->max_field_chars = 500;
$default->max_field_chars = 500;
 
// What is the maximum number of characters a text box should accept?
// e.g. the reject message on the rule page.
//$default->max_textbox_chars = 50000;
$default->max_textbox_chars = 50000;
 
// Should we set the working script as the active script when saving? Note that 
// the working script will always be set as the active script if there are no 
// other scripts, or if allow_multi_scripts is false.
//$default->update_activate_script = false;
$default->update_activate_script = false;
 
// Following logout, users will be redirected to the login page. If you 
// prefer to have them redirected elsewhere you can specify this here.
// Note, this should be a complete URI including the scheme and hostname.
// $default->logout_redirect = 'http://my.logout.message.com';
$default->logout_redirect = 'https://buero.nausch.org';
 
// Should we return to the View Rules page following rule changes?
//$default->return_after_update = false;
$default->return_after_update = false;
 
// What format should we use for the date on the script head?
// See http://www.php.net/manual/en/function.date.php
//$default->script_date_format = 'Y/m/d H:i:s';
$default->script_date_format = 'Y/m/d H:i:s';
 
// The timeout (in seconds) to use when reading from the socket. Increase 
// this if you are experiencing empty bad response errors.
//$default->socket_timeout = 2;
$default->socket_timeout = 4;
 
// SmartSieve will select a cryptography library to use for encryption. You 
// can override the one it chooses by setting this option. Choices are 
// 'MCRYPT', 'RC4', 'HCEMD5', and ''.
//$default->crypt_lib = null;
$default->crypt_lib = 'null';
 
// An array containing any values needed by the Crypt object.
//$default->crypt_args = array();
$default->crypt_args = array();
 
// SmartSieve will auto negotiate which SASL mechanism to use to authenticate.
// If you want to specify a mechanism instead set this to something other 
// than an empty string. Currently, 'plain' and 'digest-md5' are supported.
//$default->sasl_mech = null;
$default->sasl_mech = 'digest-md5';
 
/**
 * Logging options.
 */
 
// Should we log messages?
//$default->logging = false;
$default->logging = true;
 
// At what level should we log? Can be LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, 
// LOG_WARNING, LOG_NOTICE, LOG_INFO, and LOG_DEBUG.
//$default->logging_level = LOG_INFO;
$default->logging_level = LOG_WARNING;
 
// Logging method. Can be 'file', 'syslog'
//$default->logging_method = 'syslog';
$default->logging_method = 'syslog';
 
// This should either be a filename if logging_method = 'file', or 
// a syslog facility (eg. LOG_LOCAL4) if logging_method = 'syslog'
//$default->logging_facility = LOG_LOCAL4;
$default->logging_facility = 'syslog';
 
// What identifier should we use to identify log messages in the log?
//$default->logging_ident = 'smartsieve';
$default->logging_ident = 'smartsieve';
 
// An associative array contaning additional configuration information
// needed by the PEAR Log class.
//$default->logging_args = array();
$default->logging_args = array();
 
/**
 * Menu items.
 */
 
// If any of the following are set, a 'Help' menu item will be displayed
// on the corresponding pages linked to the values set here. These should
// be full URLs.
// $default->main_help_url = 'http://example.co.uk/help.html';
//$default->main_help_url = '';
//$default->spam_help_url = '';
//$default->forward_help_url = '';
//$default->custom_help_url = '';
//$default->vacation_help_url = '';
//$default->whitelist_help_url = '';
//$default->rule_help_url = '';
//$default->scripts_help_url = '';
 
// The following should be an array containing extra items you want 
// to include in SmartSieve's menu. Each element should be an 
// associative array containing the keys 'uri' and 'label'. The anchor's 
// "target" attribute can be set via the optional 'target' value, and
// the icon can be set via the optional 'img' value.
// $default->menu_items = array(
//     array('uri'=>'http://mydomain.com/mypage.html',
//           'label'=>'Menu Item',
//           'img'=>'./images/item.gif',
//           'target'=>'_blank'));
 
/**
 * Custom function hooks.
 */
 
// If this is set to a function name, that function will be called to 
// retrieve login details for the user. Note, the details supplied when 
// the login page is submitted take precedence over this. The function 
// must return an array of the form expected by the SmartSieve::getLoginDetails
// function.
//$default->get_login_details_hook = null;
 
// If you have an external source of email addresses you want your users 
// to see on the vacation settings page, set the following to the name 
// of a function that will retrieve these. SmartSieve will then include 
// these in the list of addresses the user might include in their vacation 
// addresses. The function should return an array of addresses.
//$default->get_email_addresses_hook = null;
 
// If you want to extend the sanity checking done prior to the user saving a 
// rule you can define a function and set the function name here. The function
// must take a rule array as a parameter, and will be expected to return boolean 
// true to allow the rule to be saved, or false to disallow it. There is an 
// example isSaneHook() function below.
//$default->is_sane_hook = null;
 
/**
 * Example get_login_details_hook function.
 *
 * This example looks for credentials set by a single-sign-on 
 * system. If set, the user will not need to log in again.
 *
 * @return array Login details
 */
//function getSSODetails()
//{
//    $details = array();
//    if (isset($_SERVER['REMOTE_USER']) && isset($_SERVER['AUTH_TYPE']) &&
//        $_SERVER['AUTH_TYPE'] == 'sso' && isset($_COOKIE['sso'])) {
//        $details['auth'] = $_SERVER['REMOTE_USER'];
//        $details['passwd'] = $_COOKIE['sso'];
//        $details['authz'] = '';
//        $details['server'] = 'example';
//    }
//    return $details;
//}
 
/**
 * Example get_email_addresses_hook function.
 *
 * @return array The list of email addresses
 */
//function getEmailAddresses()
//{
//    $addresses = array();
//    if (extension_loaded('ldap')) {
//        $ds = ldap_connect('ldap.example.com');
//        if ($ds) {
//            // Anonymous bind.
//            $r = ldap_bind($ds);
//            $sr = ldap_search($ds, "ou=people,dc=example,dc=com", 
//                              "uid=".$_SESSION['smartsieve']['authz']);
//            $entries = ldap_get_entries($ds, $sr);
//            for ($i=0; $i<$entries['count']; $i++) {
//                $addresses[] = $entries[$i]['mail'][0];
//            }
//        }
//        ldap_close($ds);
//    }
//    return $addresses;
//}
 
/**
 * Example is_sane_hook function.
 *
 * This function will be called (if set via is_sane_hook above) prior to a user
 * saving a rule, and will be passed a rule array as a parameter. This allows
 * you to add custom sanity checks to those of isSane(). You must return boolean
 * true to allow the user to save the rule, or false to disallow it.
 *
 * @param array $rule The rule values
 * @return boolean True if rule values are acceptable, false if not
 */
//function isSaneHook($rule)
//{
//    foreach ($rule['actions'] as $action) {
//        if ($action['type'] == ACTION_REDIRECT &&
//            !preg_match("/\@example.com\$/", $action['address'])) {
//            SmartSieve::setError(sprintf("Not allowed to forward mail to %s", $action['address']));
//            return false;
//        }
//    }
//    return true;
//}
 
?>

php.ini

Folgende Fehlermeldung kann unter Umständen im Error-Log des vHosts am Webserver auftauchen:

[Fri Mar 09 20:45:16 2012] [error] [client 192.168.10.51] PHP Warning:  strftime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/share/pear/Log/syslog.php on line 183, referer: https://smartsieve.nausch.org/login.php

Zum Abstellen dieses Fehlers tragen wir in der /etc/php.ini einfach die richtige Zeitzone ein.

 # vim /etc/php.ini
...
;;;;;;;;;;;;;;;;;;;
; Module Settings ;
;;;;;;;;;;;;;;;;;;;
 
[Date]
; Defines the default timezone used by the date functions
; http://www.php.net/manual/en/datetime.configuration.php#ini.date.timezone
;date.timezone =
; Django : 2012-03-11
; default : unset
date.timezone = Europe/Berlin

Anschließend starten wir einmal unseren Webserver durch.

 # service httpd condrestart

Programmstart

Mit dem Webbrowser unserer Wahl öffnen wir die Eingangsseite.

 $ firefox http://smartsieve.nausch.org

SmartSieve-Anmeldeschirm

Nach erfolgter Anmeldung befinden wir uns im Hauptbildschirm, in der wir nun unsere benutzerindividuellen Regeln anlegen, verwalten und löschen können.

SmartSieve-Hauptbildschirm

Dies erfolgt hierbei Benutzerintuitiv und bedarf keiner großartigen Beschreibung mehr - der WAF ist somit gesichert! LOL

Da wir noch kein Script hochgeaden haben und auch noch keine Regel definiert hatten, ist natürlich das Default-Regelwerk smartsieve noch deaktiviert.

Wir legen uns also eine Regel an. Als Beispiel nehmen wir mal an, dass wir selbst jede eMail verwerfen, die im Betreff die Zeichenkette CSU enthält.

SmartSieve-Regeldefinition

Sobald wir unsere erste Regel definiert haben und die Schaltfläche [Return to Filters] angewählt haben, sehen wir dass:

  1. die erstellte Regel angezeigt und
  2. das Script smartsieve aktiviert ist.

SmartSieve-Hauptbildschirm mit aktivierter Regel

Würde nun eine eMail mit der Zeichenfolge CSU vom MTA2) an unseren IMAP-Server cyrus übergeben, würde diese die eMail gar nicht in das Konto des Users einstellen, sondern sofort nach der Entgegennahme löschen!

Links

1)
Woman Acceptance Factor
2)
MailTransportAgent