Dovecot & Sieve Message Filtering

Sieve support for Dovecot allows users to filter incoming messages by writing scripts specified in the Sieve language (RFC 5228).

The ManageSieve service on Dovecot is used to manage a user’s Sieve script collection. It has the following advantages over doing it directly via filesystem:
1. No need to let users log in via FTP/SFTP/etc, which could be difficult especially with virtual users.
2. ManageSieve is a standard protocol, so users can manage their scripts using (hopefully) user-friendly ManageSieve clients. Many webmails already include a ManageSieve client.
3. Scripts are compiled before they are installed, which guarantees that the uploaded script is valid. This prevents a user from inadvertently installing a broken Sieve script.

The part of the Sieve interpreter configuration that is relevant for ManageSieve mainly consists of the settings that specify where the user’s scripts are stored and where the active script is located.
The ManageSieve service primarily uses the following Sieve interpreter settings in the plugin section of the Dovecot configuration:

sieve_dir = ~/sieve
sieve = ~/.dovecot.sieve

Line No. 1:
This specifies the path to the directory where the uploaded scripts are stored.
Scripts are stored as separate files with extension ‘.sieve’. All other files are ignored when scripts are listed by a ManageSieve client.
The Sieve interpreter also uses this setting to locate the user’s personal scripts for use with the Sieve include extension.
A storage location specified by sieve_dir is always generated automatically if it does not exist.

Line No. 2:
This specifies the location of the symbolic link pointing to the active script in the Sieve storage directory.
The Sieve interpreter uses this setting to locate the main script file that needs to be executed upon delivery.
ManageSieve thereby determines which script (if any) in the sieve_dir directory is executed for incoming messages.


In order to enable Managesieve support in Dovecot, managesieve has to be added to the protocols setting.

protocols = imap imaps pop3 pop3s managesieve

(imap imaps pop3 pop3s protocols are written as example of other possible configurations)


The managesieve daemon will listen on TCP port 2000 by default.

Sieve can be enabled on Dovecot LDA, by enabling the plugin sieve on mail_plugins section. An LDA is being passed messages from an MTA and delivers it to a real or virtual mailbox.

mail_plugins = quota sieve

(quota is written as example of other possible configurations)


Below are some simple Sieve Code Examples, more can be found online easily.

Redirect SpamAssassin tagged mails into mbox folder “spam”:

require "fileinto";
if header :contains "X-Spam-Flag" "YES" {
  fileinto "spam";

Discard SpamAssassin tagged mails:

if header :contains "X-Spam-Flag" "YES" {

In the following page Sieve Rules can be validated:

Common eMail (including WebMail) Clients, have Sieve support or installable plugins and can easily manage Sieve Filters via the managesieve protocol (connecting to TCP port 2000).

Comments are closed.