Unterschiede

Hier werden die Unterschiede zwischen zwei Versionen angezeigt.

Link zu dieser Vergleichsansicht

Beide Seiten der vorigen Revision Vorhergehende Überarbeitung
Nächste Überarbeitung
Vorhergehende Überarbeitung
centos:mail_c6:sieve [13.03.2012 15:57. ]
django Dokumentation aus CentOS 5.x übernommen, an CentOS 6.x angepasst und Dokumentation freigegeben
centos:mail_c6:sieve [20.04.2018 10:44. ] (aktuell)
Zeile 1: Zeile 1:
 +====== Mailfilterung mit SIEVE auf dem Cyrus-IMAP-Server unter CentOS 6.x ======
 +Zur Filtern von E-Mails auf IMAP-Server wurde die Programmiersprache **SIEVE** konzipiert - die genaue Spezifikationen erfolgten hierzu im RFC 5228. Das Hauptaugenmerk von **SIEVE** liegt auf Einfachheit,​ Erweiterbarkeit,​ sowie auf Unabhängigkeit von der verwendeten Zugriffsart und Architektur wie auch dem verwendeten Betriebssystem. Sieve wurde spezifiziert,​ um den Usern die Möglichkeit zu beiten, bereits serverseitig auf einfache Art eigene Regeln zur Filterung von E-Mails zu definieren. Sieve-Scripte werden bereits während der Zustellung der eMail am IMAP-Server ausgeführt.
 +
 +Weitere Hintergrundinformationen finden man unter anderem in dem [[http://​de.wikipedia.org/​wiki/​Sieve|Wikipedia-Artikel zu SIEVE]].
 +
 +===== sieveshell =====
 +Mit Hilf der //​**sieveshell**//,​ aus dem Paket **cyrus-imapd-utils**,​ kann der versierte, technisch begabte Nutzer, seine eigenen Filterregeln einspielen, verwalten und/oder löschen.
 +
 +Möchte man zum Beispiel automatisch generierte Nachrichten,​ von **sieve** bereits beim Einliefern bei unserem Cyrus-IMAP-Server vorsortieren lassen, so gehen wir wie folgt vor:
 +
 +==== Script erstellen ====
 +Mit dem Editor unserer Wahl erstellen wir uns ein einfaches Textfile, mit den entsprechenden Filterregeln. So sollen Nachrichten von der Adresse //​logwatch@nausch.org//​ in den Unterordner // /​root/​logwatch//,​ Nachrichten,​ die im Betreff das Schlüsselwort "​FaxMaster"​ und die mit dem Schlüsselwort "​PostMaster"​ in den Ordner // /​root/​FaxMaster//​ bzw. // /​root/​PostMaster//​ einsortiert werden.
 +
 +   $ vim eigene_Filterregel
 +<code bash>​require ["​fileinto"​];​
 +if header :contains "​from"​ ["​logwatch@nausch.org"​] { fileinto "​INBOX/​root/​logwatch";​ }
 +elsif header :contains "​subject"​ "​FaxMaster"​ { fileinto "​INBOX/​root/​FaxMaster";​ }
 +elsif header :contains "​subject"​ "​PostMaster"​ { fileinto "​INBOX/​root/​PostMaster";​ }
 +else { fileinto "​INBOX";​ }
 +</​code>​
 +
 +==== Script hochladen ====
 +Damit wir unser selbst definiertes Script auch nutzen können, müssen wir es auf unseren IMAP-Server hochladen. Hierzu melden wir uns von unserem Nutzer-Login mittels **//​cyradm//​** an unserem IMAP-Server an. Dank unserer **saslauth** Konfiguration,​ erfolgt die Authentifizierung gegen unseren LDAP-Server und wir müssen uns kein weiteres Passwort merken.
 +   ​[django@mpl010010 ~]$ sieveshell --user=django --authname=django imap.dmz.nausch.org
 +<​code>​connecting to imap.dmz.nausch.org
 +Please enter your password: ​
 +
 +</​code>​
 +
 +Nach dem Prompt der **sieveshell** können wir uns mittels des "​**?​**"​ den Befehlsumfang anzeigen lassen.
 +
 +<​code>>​ ?
 +Usage:
 +  sieveshell [-u username] [-a authname] [-r realm] <​server>​
 +
 +help             - this screen
 +list             - list scripts on server
 +put <​filename>​ [<target name>]
 +                 - upload script to server
 +get <​name>​ [<​filename>​]
 +                 - get script. if no filename display to stdout
 +delete <​name> ​   - delete script.
 +activate <​name> ​ - set a script as the active script
 +deactivate ​      - deactivate all scripts
 +quit             - quit
 +</​code>​
 +
 +Mittels put laden wir unser zuvor erstelle Textfile auf den Server hoch.
 +   > put eigene_Filterregel
 +Mittel List bekommen wir all unsere hinterlegten Scripte anzeigen lassen. Auf dem Server können durchwegs mehrere Scripte hinterlegt sein, aber nur **__eines__** ist **aktiv**!
 +<​code>>​ list
 +erster_Versuch ​
 +eigene_Filterregel
 +smartsieve ​ <- active script</​code>​
 +Mittels **activate <​Scriptname>​** aktivieren wir dann unser neues Script; ein **list** zeigt uns unsere Änderung entsprechend an.
 +<​code>>​ activate eigene_Filterregel
 +> list
 +erster_Versuch ​
 +eigene_Filterregel <- active script
 +smartsieve</​code>​
 +Dass diese Vorgehensweise,​ wie Eingangs schon erwähnt, nur für den versierten technischen Nutzer geeignet ist und den **WAF**((**W**oman **A**cceptance **F**actor)) nicht sonderlich hebt, ist selbstredent. Es muss also eine komfortablere Möglichkeit geschaffen werden. Somit sind wir beim nächsten Thema **smart-sieve** angelangt.
 +===== smart-sieve =====
 +[[http://​smartsieve.sourceforge.net/​|SmartSieve]] ist eine sieve Filter-GUI bzw. Web-Basierte Management-Client. Es ist eine grafische Benutzeroberfläche zum Erstellung und zum Verwaltung von sieve-Skripten auf einem [[http://​cyrusimap.web.cmu.edu/​|Cyrus-IMAP Mailserver]]. Hiermit haben auch nicht technisch versierte Nutzer unseres Cyrus-IMAP-Servers die Möglichkeit,​ Regeln für sieve zu erstellen um e-Mails und Abwesenheitsnachrichten,​ ohne Vorkenntnisse über die sieve-Script-Sprache,​ zu definieren und zu verändern.\\
 +\\
 +{{ :​centos:​smartsieve.png?​nolink&​600 |SmartSieve Administration }}
 +\\
 +==== Installation ====
 +=== Paketabhängigkeiten ===
 +Vor der eigentlichen Installation von **SmartSive** installieren wir noch drei notwendige PHP-Komponenten (**php-imap**,​ **php-mcrypt**,​ **php-pecl-idn**,​ **php-pear** und **php-pear-Log** ).
 +   # yum install php-imap php-mcrypt php-pecl-idn php-pear php-pear-Log -y
 +=== Download ===
 +Von der [[http://​sourceforge.net/​project/​showfiles.php?​group_id=62641&​package_id=59336|Projektseite]] auf **//​SourceForge.net//​** laden wir uns die aktuelle Version, hier weiter beschrieben **smartsieve-1.0-RC2.tar.gz**,​ herunter.
 +   # wget http://​downloads.sourceforge.net/​project/​smartsieve/​smartsieve/​smartsieve-1.0-RC2/​smartsieve-1.0-RC2.tar.gz
 +=== Installation ===
 +Im nächsten Schritt machen wir uns nun an die Installation. ​
 +  - Als erstes entpacken wir das zuvor heruntergeladene Programmarchiv.<​code>​ # tar xvfz smartsieve-1.0-RC2.tar.gz</​code>​
 +  - Anschließend passen wir die User- und Gruppenberechtigungen an. <​code>​ # chown apache:​apache smartsieve-1.0-rc2 -R</​code>​
 +  - Abschließend verschieben wir noch das Archiv an Ort und Stelle, an dem es später unser Apache-Webserver abholen wird. <​code>​ # # mv /​usr/​local/​src/​packages/​smartsieve-1.0-rc2/​ /​var/​www/​smartsieve/</​code>​
 +
 +==== VHost-Definition ====
 +Für unsere Nutzer legen wir einen eigenen V-Host an, über dessen später die Userzugriffe erfolgen sollen. Mit dem Editor unserer Wahl bearbeiten wir also unsere Apache-Konfigdatei **/​etc/​httpd/​conf.d/​vhosts.conf**.
 +  # vim /​etc/​httpd/​conf.d/​vhosts.conf
 +<code apache vhosts.conf>​
 +#
 +# smartsieve.nausch.org
 +#
 +<​VirtualHost *:80>
 +        ServerAdmin webmaster@nausch.org
 +        ServerName smartsieve.nausch.org:​80
 +        ServerAlias smartsieve.nausch.org *.smartsieve.nausch.org
 +        ServerPath /
 +        DocumentRoot "/​var/​www/​smartsieve"​
 +        <​Directory "/​var/​www/​smartsieve">​
 +                Options FollowSymLinks
 +                AllowOverride AuthConfig
 +                Order allow,deny
 +                Allow from all
 +        </​Directory>​
 +        AddType application/​x-httpd-php .php
 +        DirectoryIndex index.php
 +        ErrorLog logs/​smartsieve_error.log
 +        CustomLog logs/​smartsieve_access.log combined
 +</​VirtualHost>​
 +</​code>​
 +Mittels eines anschließende **Reload** geben wir unseren neu definierten VHost dem System bekannt.
 +   # service httpd restart
 +==== Konfiguration ====
 +=== servers.php ===
 +Im Verzeichnis **../​smartsieve/​conf/​** befindet sich die Serverdefinition in dem PHP-Script **servers.php**. Diese passen wir unseren Gegebenheiten entsprechend an, so dass nur noch unser IMAP-Server aktiv ist. Den Rest löschen, bzw. kommentieren diesen einfach aus.
 +   # vim /​var/​www/​smartsieve/​conf/​servers.php
 +<file php /​var/​www/​smartsieve/​conf/​servers.php>​
 +<?php
 +/**
 + * servers.php:​ this file contains the configurations for 
 + * the cyrus servers we can connect to. If you have set the 
 + * $default->​user_select_server option in conf.php to true, 
 + * each of the servers below will appear in a select box on 
 + * the login page. If you've set this to false, then the 
 + * first entry below will be used as the default and no 
 + * select box will appear on the login page.
 + *
 + * display: the name to be displayed in the drop-down list of 
 + * servers on the login page (if $default->​user_select_server ​
 + * is set to true in conf/​conf.php).
 + *
 + * use_starttls:​ by default, SmartSieve will try to use TLS 
 + * to protect the connection to the managesieve server. This will 
 + * only work with PHP-5.1 and above built with OpenSSL support, ​
 + * and where the server supports it. Set this to false if you want
 + * to disable TLS.
 + *
 + * imapport: port to connect to imapd; usually 143. If you
 + * want to do imap-ssl set this to '​993/​imap/​ssl',​ or even 
 + * '​143/​imap/​tls'​. Note that if you are using a self-signed ​
 + * certificate on your imap server, you sould set this to 
 + * '​993/​imap/​ssl/​novalidate-cert'​. Also, if you have compiled ​
 + * the c-client libraries with ssl support and you are using 
 + * php-4.1.2 or later with imap-ssl enabled, you will need to 
 + * set this to '​143/​imap/​notls'​ if you do not want imap-ssl.
 + *
 + * maildomain: If your users have email addresses of the form
 + * username@yourdomain and you want to suggest this as a vacation
 + * address to your users when they create a new vacation rule, set
 + * this to your mail domain. Do not include the '​@'​ character.
 + * Note: you can also suggest vacation addresses to your users via
 + * the get_email_addresses_hook option in config.php.
 + *
 + * auth_domain:​ You can use this option to set a domain value 
 + * which will be appended to usernames to make them fully-qualified. ​
 + * This is useful if your server supports virtual domains but can 
 + * only determine the domain from the username, and you want to save 
 + * your users the trouble of typing their fully-qualified username ​
 + * themselves.
 + *
 + * $Id: servers.php,​v 1.11 2007/09/25 15:12:23 stephengrier Exp $
 + */
 +
 +/* Django : 2012-03-09
 + * Default-Musterbeispiele
 + ​*  ​
 +$servers['​example'​] = array(
 +    '​display'​ => 'My Example Server',​
 +    '​server'​ => '​127.0.0.1',​
 +    '​sieveport'​ => '​2000',​
 +    '​imapport'​ => '​143/​imap/​notls',​
 +    '​maildomain'​ => '​localhost'​
 +);
 +
 +$servers['​example2'​] = array(
 +    '​display'​ => '​Example2',​
 +    '​server'​ => '​imap.example.co.uk',​
 +    '​sieveport'​ => '​2000',​
 +    '​imapport'​ => '​143',​
 +    '​maildomain'​ => ''​
 +);
 + */
 +
 +$servers['​cyrus'​] = array(
 +    '​display'​ => 'Cyrus IMAP Server',​
 +    '​server'​ => '​imap.dmz.nausch.org',​
 +    '​sieveport'​ => '​2000',​
 +    '​use_starttls'​ => false,
 +    '​imapport'​ => '​143/​imap/​notls',​
 +    '​maildomain'​ => '​nausch.org'​
 +);
 +
 +?>
 +</​file>​
 +
 +=== config.php ===
 +Die eigentliche Konfiguration von SmartSieve erfolgt dann über die Konfigurationsdatei **config.php**,​ welche ebenfalls im Verzeichnis **../​smartsieve/​conf/​** liegt. Auch diese bearbeiten wir mittels **vi**.
 +   # vim /​usr/​share/​smartsieve/​conf/​config.php
 +
 +<file php /​usr/​share/​smartsieve/​conf/​config.php>​
 +<?php
 +/**
 + * This is the SmartSieve configuration file.
 + * You should edit the global settings in this file to suit
 + * your installation.
 + *
 + * Mail server settings can be found in conf/​servers.php.
 + *
 + * $Id: config.php,​v 1.43 2007/09/07 16:31:07 stephengrier Exp $
 + */
 +
 +/**
 + * Language options.
 + */
 +
 +// Default language to use if we don't allow the users to choose.
 +// This must be one of the languages in conf/​locales.php.
 +//​$default->​language = "​en_GB";​
 +$default->​language = "​de_DE";​
 +
 +// Default character set to use. This will only be used if there is no
 +// charset set for the selected language in conf/​locales.php.
 +//​$default->​charset = "​ISO-8859-1";​
 +$default->​charset = "​ISO-8859-1";​
 +
 +/**
 + * Login options.
 + */
 +
 +// Cyrus allows certain users to authenticate as themselves, but authorize to
 +// act as other users. This is called proxy authorization. Usually, only admins
 +// and sieve_admins can do this. The following array should contain a list of
 +// users who you want to see the authz box visible on the login page. Set this
 +// to array('​all'​) to make it visible to all users.
 +//​$default->​proxy_authz_users = array();
 +$default->​proxy_authz_users = array();
 +
 +// Should we allow users to select which language they wish to view 
 +// SmartSieve in? If false $default->​language will always be used.
 +//​$default->​user_select_lang = true;
 +$default->​user_select_lang = false;
 +
 +// Should we allow the user to choose from a list of servers? The list 
 +// itself is in servers.php. If this is false, the first entry in 
 +// servers.php will be used.
 +//​$default->​user_select_server = true;
 +$default->​user_select_server = false;
 +
 +// Should we provide a box on the login page for users to specify which 
 +// script to edit? This is ignored if allow_multi_scripts is false.
 +//​$default->​user_supply_scriptfile = false;
 +$default->​user_supply_scriptfile = false;
 +
 +/**
 + * Usability options.
 + */
 +
 +// Will we allow the user to access multiple scripts?
 +// If true, the user will be able to create and modify multiple scripts ​
 +// on the server. If false, the user will only be able to access the 
 +// script $default->​scriptfile.
 +//​$default->​allow_multi_scripts = true;
 +$default->​allow_multi_scripts = false;
 +
 +// Default script to use on the server. This is only used if the user has no 
 +// existing scripts, or if $default->​allow_multi_scripts is set to false. Note 
 +// that timsieved will add a '​.script'​ extension to the file name on the server.
 +//​$default->​scriptfile = '​smartsieve';​
 +$default->​scriptfile = '​smartsieve';​
 +
 +// If SmartSieve does not recognise the encoding on a Sieve script, it 
 +// will allow the user to edit it's content in a direct edit mode. If, 
 +// however, you do not want users to be able to modify scripts which were 
 +// not created using SmartSieve or Websieve, set this to false.
 +//​$default->​allow_write_unrecognised_scripts = true;
 +$default->​allow_write_unrecognised_scripts = true;
 +
 +// Should we allow users to switch between GUI mode into the direct edit mode? 
 +// Note, this is generally a bad idea because any changes made in direct edit 
 +// mode will be lost if the user reverts to GUI mode.
 +//​$default->​allow_change_mode = false;
 +$default->​allow_change_mode = false;
 +
 +// Should we allow regular expression matching in sieve rules?
 +// FIXME: note, this currently doesn'​t work.
 +//​$default->​allow_regex = true;
 +$default->​allow_regex = false;
 +
 +// Should we allow users to create custom sieve rules?
 +// Note: existing custom rules will always be handled.
 +//​$default->​allow_custom = true;
 +$default->​allow_custom = true;
 +
 +// Notification methods to allow. This should be an array containing valid notify ​
 +// methods, of which only '​mailto'​ and '​sms'​ are supported. Note, the server must 
 +// support the "​notify"​ extension, and have notifyd configured to send notifications.
 +// The notify action is disabled by default.
 +//​$default->​notify_methods = array('​mailto',​ '​sms'​);​
 +$default->​notify_methods = array('​mailto',​ '​sms'​);​
 +
 +// What IMAP flags should we allow users to set via the "​addflag"​ action? The default ​
 +// list appears below. Setting this to an empty array will disable the addflag action.
 +//​$default->​imap_flags = array('​\\\\Seen',​ '​\\\\Deleted',​ '​\\\\Answered',​ '​\\\\Flagged',​ '​Junk',​ '​NotJunk',​ '​$Label1',​ '​$Label2',​ '​$Label3',​ '​$Label4',​ '​$Label5'​);​
 +
 +// Should we enable the "​Forward Mail" interface? This is enabled by default.
 +//​$default->​use_forward_mail_interface = true;
 +$default->​use_forward_mail_interface = true;
 +
 +// Should we enable the vacation interface? This is enabled by default.
 +//​$default->​use_vacation_interface = true;
 +$default->​use_vacation_interface = true;
 +
 +// Should we enable the "​Whitelist"​ interface? This is enabled by default.
 +//​$default->​use_whitelist = true;
 +$default->​use_whitelist = false;
 +
 +// The following array provides a mechanism for specifying a site-specific ​
 +// spam filtering policy. If your mail domain adds a particular message ​
 +// header to mail either indicating that the message is spam, or holding ​
 +// some sort of spam score (like those added by SpamAssissin for example) ​
 +// you can specify those here. The user will then see a "​Filter spam" menu 
 +// item which will link to a simple GUI asking them what they want to do 
 +// with such messages.
 +// $default->​spam_filter = array('​header'​=>'​X-Spam-Score',​
 +//                               '​matchStr'​=>'​^[0-9]',​
 +//                               '​matchType'​=>':​regex',​
 +//                               '​not'​=>​false);​
 +
 +/**
 + * Compatibility options.
 + */
 +
 +// Websieve 0.61 included a feature which automatically used the ':​matches' ​
 +// comparator where the match string contains the special wildcard characters ​
 +// ? or *. Versions of SmartSieve up to 1.0-RC1 maintained this feature if the 
 +// following option was enabled. The rule format has changed and this option
 +// now only affects the conversion of legacy scripts, but if you have scripts
 +// created by either of the above cases you can enable the following option to
 +// maintain the match type of legacy rules.
 +//​$default->​websieve_auto_matches = false;
 +$default->​websieve_auto_matches = false;
 +
 +/**
 + * Site-specific options.
 + */
 +
 +// The base url for SmartSieve. If you make SmartSieve the web root,
 +// set this (and cookie_path) to '/'​.
 +//​$default->​baseurl = '/​smartsieve/';​
 +$default->​baseurl = '/';​
 +
 +// Location of include files.
 +//​$default->​include_dir = '​./​include';​
 +$default->​include_dir = '​./​include';​
 +
 +// Location of config files.
 +//​$default->​config_dir = '​./​conf';​
 +$default->​config_dir = '​./​conf';​
 +
 +// Location of language files.
 +//​$default->​lang_dir = '​./​conf/​locale';​
 +$default->​lang_dir = '​./​conf/​locale';​
 +
 +// Location of library files. Warning: don't change this.
 +//​$default->​lib_dir = '​./​lib';​
 +$default->​lib_dir = '​./​lib';​
 +
 +// Location of images.
 +//​$default->​image_dir = '​./​images';​
 +$default->​image_dir = '​./​images';​
 +
 +// What name should we use for the PHP session?
 +//​$default->​session_name = '​SmartSieve';​
 +$default->​session_name = '​SmartSieve';​
 +
 +// Cookie domain. This should be the name of the server SmartSieve is running ​
 +// on. If the domain of your site is different to the web servcer'​s server name
 +// you should set your site's domain here. If all else fails, set this to an 
 +// empty string, but beware that doing so is a security risk as cookies will
 +// be sent to other websites as well.
 +//​$default->​cookie_domain = $_SERVER['​SERVER_NAME'​];​
 +$default->​cookie_domain = $_SERVER['​SERVER_NAME'​];​
 +
 +// Cookie path. This should be the location of SmartSieve under your web root.
 +// If you leave this empty, all scripts on the server will have access to the 
 +// cookie data. This should match the value of baseurl above.
 +//​$default->​cookie_path = '/​smartsieve';​
 +$default->​cookie_path = '/';​
 +
 +// Title of each page
 +//​$default->​page_title = '​SmartSieve';​
 +$default->​page_title = '​SmartSieve';​
 +
 +// Welcome message on the login page.
 +//​$default->​login_page_heading = '​Welcome to SmartSieve';​
 +$default->​login_page_heading = '​Willkommen beim SmartSieve-Server bei nausch.org';​
 +
 +// Which page should users see following login?
 +//​$default->​initial_page = '​main.php';​
 +$default->​initial_page = '​main.php';​
 +
 +// The default number of vacation days for a new vacation action.
 +//​$default->​vacation_days = '​7';​
 +$default->​vacation_days = '​1';​
 +
 +// The maximum number of vacation days the user can choose from.
 +//​$default->​max_vacation_days = '​30';​
 +$default->​max_vacation_days = '​365';​
 +
 +// What is the maximum number of characters an input field should accept?
 +//​$default->​max_field_chars = 500;
 +$default->​max_field_chars = 500;
 +
 +// What is the maximum number of characters a text box should accept?
 +// e.g. the reject message on the rule page.
 +//​$default->​max_textbox_chars = 50000;
 +$default->​max_textbox_chars = 50000;
 +
 +// Should we set the working script as the active script when saving? Note that 
 +// the working script will always be set as the active script if there are no 
 +// other scripts, or if allow_multi_scripts is false.
 +//​$default->​update_activate_script = false;
 +$default->​update_activate_script = false;
 +
 +// Following logout, users will be redirected to the login page. If you 
 +// prefer to have them redirected elsewhere you can specify this here.
 +// Note, this should be a complete URI including the scheme and hostname.
 +// $default->​logout_redirect = '​http://​my.logout.message.com';​
 +$default->​logout_redirect = '​https://​buero.nausch.org';​
 +
 +// Should we return to the View Rules page following rule changes?
 +//​$default->​return_after_update = false;
 +$default->​return_after_update = false;
 +
 +// What format should we use for the date on the script head?
 +// See http://​www.php.net/​manual/​en/​function.date.php
 +//​$default->​script_date_format = 'Y/m/d H:​i:​s';​
 +$default->​script_date_format = 'Y/m/d H:​i:​s';​
 +
 +// The timeout (in seconds) to use when reading from the socket. Increase ​
 +// this if you are experiencing empty bad response errors.
 +//​$default->​socket_timeout = 2;
 +$default->​socket_timeout = 4;
 +
 +// SmartSieve will select a cryptography library to use for encryption. You 
 +// can override the one it chooses by setting this option. Choices are 
 +// '​MCRYPT',​ '​RC4',​ '​HCEMD5',​ and ''​.
 +//​$default->​crypt_lib = null;
 +$default->​crypt_lib = '​null';​
 +
 +// An array containing any values needed by the Crypt object.
 +//​$default->​crypt_args = array();
 +$default->​crypt_args = array();
 +
 +// SmartSieve will auto negotiate which SASL mechanism to use to authenticate.
 +// If you want to specify a mechanism instead set this to something other 
 +// than an empty string. Currently, '​plain'​ and '​digest-md5'​ are supported.
 +//​$default->​sasl_mech = null;
 +$default->​sasl_mech = '​digest-md5';​
 +
 +/**
 + * Logging options.
 + */
 +
 +// Should we log messages?
 +//​$default->​logging = false;
 +$default->​logging = true;
 +
 +// At what level should we log? Can be LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, ​
 +// LOG_WARNING,​ LOG_NOTICE, LOG_INFO, and LOG_DEBUG.
 +//​$default->​logging_level = LOG_INFO;
 +$default->​logging_level = LOG_WARNING;​
 +
 +// Logging method. Can be '​file',​ '​syslog'​
 +//​$default->​logging_method = '​syslog';​
 +$default->​logging_method = '​syslog';​
 +
 +// This should either be a filename if logging_method = '​file',​ or 
 +// a syslog facility (eg. LOG_LOCAL4) if logging_method = '​syslog'​
 +//​$default->​logging_facility = LOG_LOCAL4;
 +$default->​logging_facility = '​syslog';​
 +
 +// What identifier should we use to identify log messages in the log?
 +//​$default->​logging_ident = '​smartsieve';​
 +$default->​logging_ident = '​smartsieve';​
 +
 +// An associative array contaning additional configuration information
 +// needed by the PEAR Log class.
 +//​$default->​logging_args = array();
 +$default->​logging_args = array();
 +
 +/**
 + * Menu items.
 + */
 +
 +// If any of the following are set, a '​Help'​ menu item will be displayed
 +// on the corresponding pages linked to the values set here. These should
 +// be full URLs.
 +// $default->​main_help_url = '​http://​example.co.uk/​help.html';​
 +//​$default->​main_help_url = '';​
 +//​$default->​spam_help_url = '';​
 +//​$default->​forward_help_url = '';​
 +//​$default->​custom_help_url = '';​
 +//​$default->​vacation_help_url = '';​
 +//​$default->​whitelist_help_url = '';​
 +//​$default->​rule_help_url = '';​
 +//​$default->​scripts_help_url = '';​
 +
 +// The following should be an array containing extra items you want 
 +// to include in SmartSieve'​s menu. Each element should be an 
 +// associative array containing the keys '​uri'​ and '​label'​. The anchor'​s ​
 +// "​target"​ attribute can be set via the optional '​target'​ value, and
 +// the icon can be set via the optional '​img'​ value.
 +// $default->​menu_items = array(
 +//     ​array('​uri'​=>'​http://​mydomain.com/​mypage.html',​
 +//           '​label'​=>'​Menu Item',
 +//           '​img'​=>'​./​images/​item.gif',​
 +//           '​target'​=>'​_blank'​));​
 +
 +/**
 + * Custom function hooks.
 + */
 +
 +// If this is set to a function name, that function will be called to 
 +// retrieve login details for the user. Note, the details supplied when 
 +// the login page is submitted take precedence over this. The function ​
 +// must return an array of the form expected by the SmartSieve::​getLoginDetails
 +// function.
 +//​$default->​get_login_details_hook = null;
 +
 +// If you have an external source of email addresses you want your users 
 +// to see on the vacation settings page, set the following to the name 
 +// of a function that will retrieve these. SmartSieve will then include ​
 +// these in the list of addresses the user might include in their vacation ​
 +// addresses. The function should return an array of addresses.
 +//​$default->​get_email_addresses_hook = null;
 +
 +// If you want to extend the sanity checking done prior to the user saving a 
 +// rule you can define a function and set the function name here. The function
 +// must take a rule array as a parameter, and will be expected to return boolean ​
 +// true to allow the rule to be saved, or false to disallow it. There is an 
 +// example isSaneHook() function below.
 +//​$default->​is_sane_hook = null;
 +
 +/**
 + * Example get_login_details_hook function.
 + *
 + * This example looks for credentials set by a single-sign-on ​
 + * system. If set, the user will not need to log in again.
 + *
 + * @return array Login details
 + */
 +//function getSSODetails()
 +//{
 +//    $details = array();
 +//    if (isset($_SERVER['​REMOTE_USER'​]) && isset($_SERVER['​AUTH_TYPE'​]) &&
 +//        $_SERVER['​AUTH_TYPE'​] == '​sso'​ && isset($_COOKIE['​sso'​])) {
 +//        $details['​auth'​] = $_SERVER['​REMOTE_USER'​];​
 +//        $details['​passwd'​] = $_COOKIE['​sso'​];​
 +//        $details['​authz'​] = '';​
 +//        $details['​server'​] = '​example';​
 +//    }
 +//    return $details;
 +//}
 +
 +/**
 + * Example get_email_addresses_hook function.
 + *
 + * @return array The list of email addresses
 + */
 +//function getEmailAddresses()
 +//{
 +//    $addresses = array();
 +//    if (extension_loaded('​ldap'​)) {
 +//        $ds = ldap_connect('​ldap.example.com'​);​
 +//        if ($ds) {
 +//            // Anonymous bind.
 +//            $r = ldap_bind($ds);​
 +//            $sr = ldap_search($ds,​ "​ou=people,​dc=example,​dc=com", ​
 +//                              "​uid="​.$_SESSION['​smartsieve'​]['​authz'​]);​
 +//            $entries = ldap_get_entries($ds,​ $sr);
 +//            for ($i=0; $i<​$entries['​count'​];​ $i++) {
 +//                $addresses[] = $entries[$i]['​mail'​][0];​
 +//            }
 +//        }
 +//        ldap_close($ds);​
 +//    }
 +//    return $addresses;
 +//}
 +
 +/**
 + * Example is_sane_hook function.
 + *
 + * This function will be called (if set via is_sane_hook above) prior to a user
 + * saving a rule, and will be passed a rule array as a parameter. This allows
 + * you to add custom sanity checks to those of isSane(). You must return boolean
 + * true to allow the user to save the rule, or false to disallow it.
 + *
 + * @param array $rule The rule values
 + * @return boolean True if rule values are acceptable, false if not
 + */
 +//function isSaneHook($rule)
 +//{
 +//    foreach ($rule['​actions'​] as $action) {
 +//        if ($action['​type'​] == ACTION_REDIRECT &&
 +//            !preg_match("/​\@example.com\$/",​ $action['​address'​])) {
 +//            SmartSieve::​setError(sprintf("​Not allowed to forward mail to %s", $action['​address'​]));​
 +//            return false;
 +//        }
 +//    }
 +//    return true;
 +//}
 +
 +?>
 +</​file>​
 +=== php.ini ===
 +Folgende Fehlermeldung kann unter Umständen im Error-Log des vHosts am Webserver auftauchen:
 +<​code>​[Fri Mar 09 20:45:16 2012] [error] [client 192.168.10.51] PHP Warning: ​ strftime(): It is not safe to rely on the system'​s timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected '​Europe/​Berlin'​ for '​CET/​1.0/​no DST' instead in /​usr/​share/​pear/​Log/​syslog.php on line 183, referer: https://​smartsieve.nausch.org/​login.php
 +</​code>​
 +
 +Zum Abstellen dieses Fehlers tragen wir in der //​**/​etc/​php.ini**//​ einfach die richtige Zeitzone ein.
 +   # vim /​etc/​php.ini
 +<code php>...
 +;;;;;;;;;;;;;;;;;;;​
 +; Module Settings ;
 +;;;;;;;;;;;;;;;;;;;​
 +
 +[Date]
 +; Defines the default timezone used by the date functions
 +; http://​www.php.net/​manual/​en/​datetime.configuration.php#​ini.date.timezone
 +;​date.timezone =
 +; Django : 2012-03-11
 +; default : unset
 +date.timezone = Europe/​Berlin
 +</​code>​
 +
 +Anschließend starten wir einmal unseren Webserver durch.
 +   # service httpd condrestart
 +==== Programmstart ====
 +Mit dem Webbrowser unserer Wahl öffnen wir die [[http://​sieve.nausch.org|Eingangsseite]].
 +   $ firefox http://​smartsieve.nausch.org
 +
 +{{ :​centos:​mail_c6:​smartsieve_02.png?​nolink&​550 |SmartSieve-Anmeldeschirm}}
 +
 +Nach erfolgter Anmeldung befinden wir uns im Hauptbildschirm,​ in der wir nun unsere benutzerindividuellen Regeln anlegen, verwalten und löschen können. ​
 +
 +{{ :​centos:​mail_c6:​smartsieve_03.png?​nolink&​550 |SmartSieve-Hauptbildschirm}}
 +
 +Dies erfolgt hierbei Benutzerintuitiv und bedarf keiner großartigen Beschreibung mehr - der **WAF** ist somit gesichert! LOL 
 +
 +Da wir noch kein Script hochgeaden haben und auch noch keine Regel definiert hatten, ist natürlich das Default-Regelwerk **smartsieve** noch deaktiviert.
 +
 +Wir legen uns also eine Regel an. Als Beispiel nehmen wir mal an, dass wir selbst jede eMail verwerfen, die im Betreff die Zeichenkette **CSU** enthält.
 +
 +{{ :​centos:​mail_c6:​smartsieve_04.png?​nolink&​550 |SmartSieve-Regeldefinition}}
 +
 +Sobald wir unsere erste Regel definiert haben und die Schaltfläche **[Return to Filters]** angewählt haben, sehen wir dass:
 +  - die erstellte Regel angezeigt und
 +  - das Script **smartsieve** aktiviert ist.
 +
 +{{ :​centos:​mail_c6:​smartsieve_05.png?​nolink&​550 |SmartSieve-Hauptbildschirm mit aktivierter Regel}}
 +
 +Würde nun eine eMail mit der Zeichenfolge **CSU** vom **MTA**((**M**ail**T**ransport**A**gent)) an unseren IMAP-Server cyrus übergeben, würde diese die eMail gar nicht in das Konto des Users einstellen, sondern sofort nach der Entgegennahme löschen!
 +
 +====== Links ======
 +  * **[[centos:​mail_c6:​start|Zurück zum Kapitel >>​Mailserverinstallation unter CentOS 6<<​]]**
 +  * **[[wiki:​start|Zurück zu >>​Projekte und Themenkapitel<<​]]**
 +  * **[[http://​dokuwiki.nausch.org/​doku.php/​|Zurück zur Startseite]]**
 +
  
  • centos/mail_c6/sieve.txt
  • Zuletzt geändert: 20.04.2018 10:44.
  • (Externe Bearbeitung)