On 19-10-11 17:33, Daniele Nicolodi wrote: > On 19/10/11 16:01, Kris Deugau wrote: >> Daniele Nicolodi wrote: >>> Sieve can not call external programs, therefore I do not know ho to hook >>> Spamassassin there, and, furthermore, I would like to avoid to have to >>> setup things for each user. >> >> O_o News to me. Maybe there's some option to do this in dovecot-lda? >> Is there a global sieve configuration similar to /etc/procmailrc? I >> don't use either so I can't really suggest anything else that wouldn't >> be a big change in your mail processing. > > This is actually a selling point for Sieve: you can make untrusted users > to upload their filtering rules, without worring about security. > > Dovecot sieve implementation have the possibility to call some global > filtering rules, but those can not pipe the received messages through > external programs, similarly to the user defined ones. > that allows pipe
Actually, there is an experimental extension for dovecot sieve that allows piping to external commands, but with a quite secure design (sysadmin controls which commands are available to the pipe extension). It works quite nice in the current state, and will probably be included some day by the dovecot sieve implementation. See http://wiki2.dovecot.org/Pigeonhole/Sieve/Plugins/Pipe Mailutils sieve also has a pipe implementation, which I did not test but looks (from the documentation) less secure because it allows the user to call arbitrary commands. I never checked courier or others. Anyway, the administrator can always simply remove support for the extension, something that probably lacks when using procmail. You'd still be better off feeding messages to SA from the MTA, and let sieve just move messages around based on added headers. -- Tom
