Quick installing eBox 1.2 with managesieve and custom spam filtering under Ubuntu 8.04

eBox platform is a Perl-based web administration console for a linux small business server. When you own one or not too many servers, and not only redneck linux sysadmins for the tasks, eBox is a free choice over Microsoft solution. You can read a lot more about it in forum, on it's site or Wikipedia.

Although eBox has it's own distribution, I wanted to get it work on Ubuntu 8.04 - but the version in the repo is only 1.0, and I really needed 1.2. Fortunatelly, eBox has a PPA site¹, so it can be inserted into Hardy. Open /etc/apt/sources.list with your favourite editor (vim, vim, emacs, etc.) and add the following lines:

deb http://ppa.launchpad.net/ebox/1.2/ubuntu hardy main
deb-src http://ppa.launchpad.net/ebox/1.2/ubuntu hardy main

You'll also need an apt-key for this to get it work:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 342D17AC

There's another PPA, published by Molnár Károly, a fellow Hungarian. It's very important to put it in the begining of the file, before the ubuntu standards! That is because the installed version by apt is the first possibility on the list.

deb http://ppa.launchpad.net/karoly-molnar/dovecot-managesieve/ubuntu hardy main
deb-src http://ppa.launchpad.net/karoly-molnar/dovecot-managesieve/ubuntu hardy main

and the key:

apt-key adv --keyserver keyserver.ubuntu.com --recv-keys 3B498A2C

We're going to need this for Dovecot with Sieve, read on.

Updates repos,

apt-get update

and eBox is ready for install. I didn't need everything, so I just gave the following command:

apt-get install ebox-antivirus ebox-firewall ebox-mail ebox-network ebox-objects ebox-services ebox-usersandgroups

This is going to install a lot of software, so be patient, and prepare with enough bandwidth. After all, you can access your eBox platform on https://%5Byour ip]. I didn't install ebox-mailfilter for reason. First of all, I don't really like amavisd, and second, it is going to fail, and the whole mail system will going to stop because of an error in the eBox stub naming related to amavisd: amavisd does not read /etc/amavisd/amavisd.conf as it's conf file. If you rename it, it'll work, but eBox keeps naming it back. So I looked for something else as a solution. I needed to:

1. install spamassassin
2. add clamav plugin to it
3. get a version of dovecot with sieve patch for local delivery
4. change ebox settings about to use all of this.

We already added Károly Molnár's dovecot with sieve and a security patch, so Dovecot with Managsieve is installed. The next thing is spamassassin and it's clamav plugin.²

apt-get install spamassassin spamc

cpan

CPAN will ask some questions at first run, just hit Enter, usually that's enough. When the promt is ready, install

cpan> install File::Scan::ClamAV
cpan> exit

When it is complete, save the two files (clamav.cf, clamav.pm) from http://wiki.apache.org/spamassassin/ClamAVPlugin%5B%5E3%5D into /etc/mail/spamassassin

Now, nearly everything is complete, the last step is to modify the stubs of eBox. This is not the best solution; an update could overwrite all changes, the perfect solution would be to place regex patterned scripts into /etc/ebox/, but that was too much for my taste. So I opened the configuration templates from /usr/share/ebox/stubs/mail/and modified what I needed.

vim /usr/share/ebox/stubs/mail/dovecot.conf.mas

Find the line started with protocols = and add managesieve after %> Managesieve listens on port 2000, you'll have to open this in eBox firewall.

After protocol POP3, add the following:

##
## MANAGESIEVE specific settings
##

protocol managesieve {
# Login executable location.
login_executable = /usr/lib/dovecot/managesieve-login

# MANAGESIEVE executable location. See IMAP's mail_executable above for
# examples how this could be changed.
mail_executable = /usr/lib/dovecot/managesieve

# Maximum MANAGESIEVE command line length in bytes. This setting is
# directly borrowed from IMAP. But, since long command lines are very
# unlikely with MANAGESIEVE, changing this will not be very useful.
#managesieve_max_line_length = 65536

# Specifies the location of the symlink pointing to the active script in
# the sieve storage directory. This must match the SIEVE setting used by
# deliver (refer to http://wiki.dovecot.org/LDA/Sieve#location for more
# info). Variable substitution with % is recognized.
sieve=~/.dovecot.sieve

# This specifies the path to the directory where the uploaded scripts must
# be stored. In terms of '%' variable substitution it is identical to
# dovecot's mail_location setting used by the mail protocol daemons.
sieve_storage=~/sieve

# If, for some inobvious reason, the sieve_storage remains unset, the
# managesieve daemon uses the specification of the mail_location to find out
# where to store the sieve files (see explaination in README.managesieve).
# The example below, when uncommented, overrides any global mail_location
# specification and stores all the scripts in '~/mail/sieve' if sieve_storage
# is unset. However, you should always use the sieve_storage setting.
# mail_location = mbox:~/mail

# To fool managesieve clients that are focused on timesieved you can
# specify the IMPLEMENTATION capability that the dovecot reports to clients
# (default: dovecot).
#managesieve_implementation_string = Cyrus timsieved v2.2.13
}

##
## LDA specific settings
##

protocol lda {
# Address to use when sending rejection mails.
# postmaster_address = mail@domain

log_path = /var/log/dovecot.log
info_log_path = /var/log/dovecot.log

# Hostname to use in various parts of sent mails, eg. in Message-Id.
# Default is the system's real hostname.
#hostname =

# Support for dynamically loadable plugins. mail_plugins is a space separated
# list of plugins to load.
#mail_plugins =
#mail_plugin_dir = /usr/lib/dovecot/modules/lda

# Binary to use for sending mails.
#sendmail_path = /usr/lib/sendmail

# UNIX socket path to master authentication server to find users.
#auth_socket_path = /var/run/dovecot/auth-master

# Enabling Sieve plugin for server-side mail filtering
mail_plugins = cmusieve
}

And in plugin {} part insert

sieve

sieve_global_path = [your path]

The given path should be writeable by dovecot.

Save the file, and open the next one:

vim /usr/share/ebox/stubs/mail/main.cf.mas

Find the lines

virtual_transport = virtual
mailbox_transport = virtual

and replace virtual with dovecot so it would look like this:

mailbox_transport = dovecot
virtual_transport = dovecot

Save the file, and open the next:

vim /usr/share/ebox/stubs/mail/master.cf.mas

Search for the line:

dovecot   unix  -       n       n        -      -       pipe

and add this after:

 flags=DRhu user=ebox:ebox argv=/usr/bin/spamc -e /usr/lib/dovecot/deliver -d ${recipient} -f {sendder}

If there's something similar, replace it with this.

The system is now ready to use. What we've done now: the mail is recieved by Postfix, than given to spamassassin (and clamav, with the plugin), which adds the X-Spam and X-Spam-Virus headers, and then Dovecot's Local Delivery Agent delivers it to the users maildir.

The only thing left is to create a default sieve filter, so create a file named sieve.default, save it to the [path] you've given in the dovecot.conf.mas as global sieve path, and add the following content to it:

require "fileinto";

    if header :contains "X-Spam-Virus" "Yes" {
        fileinto "Virus";
        stop;
    }
    if header :contains "X-Spam-Flag" "YES" {
        fileinto "Junk";
        stop;
    }

Enjoy. Roundcube³ has a perfect plugin to configure sieve filters per user.

UPDATE: According to Dovecot Prebuild binaries page⁴, all Ubuntu releases are built with managesieve, so the additional apt source can be skipped. I tested it; I seems to be true.

(Oh, by the way: this entry was written by Peter Molnar, and originally posted on petermolnar dot net.)