Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

Guide to SIEVE Language for Mail Filtering


What is SIEVE?

SIEVE is a language created and used for mail filtering that broadens the filtering options generally provided by mail servers or Antispam/Antivirus applications. They work basically by comparing different keys using different comparators and comparison methods, against headers of a mail message. Based on the result of the comparison, you can apply different actions to the corresponding mail message, i.e. reject, discard, redirect, etc.

This language provides an extremely flexible filtering methodology, as users can define any number of script filters according to their needs. Designed to be easily implemented on either a mail client or mail server (such as Sendmail, Qmail, Axigen and so on), using SIEVE scripts does not depend on access protocol, mail architecture, and operating system.

SIEVE is designed as a proposed Internet Standard, as a result of a multi-vendor effort that has been discussed in various technical and standards-oriented public and private meetings since at least 1994

Why Use SIEVE Filters

Mail traffic for most users has been increasing due to increased usage of e-mail, the emergence of unsolicited email as a form of advertising, and increased usage of mailing lists.

There are a number of reasons to use the SIEVE filtering system:
  • You can create efficient and flexible rules. Scripts written in SIEVE are executed during final delivery, when the message is moved to the user-accessible mailbox. Therefore, it is reasonable to sort when the MTA deposits mail into the user's mailbox.
  • SIEVE scripts are a safe filtering method since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules.
  • As and addition to Antispam and Antivirus applications, you can use SIEVE scripts to also filter all legitimate emails, thus gaining speed and efficiency when using email communication.

The SIEVE Language

1. General aspects
SIEVE has a fixed form described as a standard but in can be improved by using extensions. The extension mechanism works if the system implements those extensions. In order to use an extension, it must be advertised at the beginning of the file (script) with a require clause.

require "extension_name"  
require ["extension_name1", "extension_name2"]

The structure of SIEVE as described in the standard defines 5 actions: keep, fileinto, reject, discard, redirect which are self-explanatory. It also defines 3 control commands:
  • - which stops the processing to that point
  • structure
  • require command - which defines an extension of the language.

The if structure has the form:
where a block is a block of commands (actions and control commands - including other ifs)

In the standard form, without any extensions, the test can be one of the following:
  • address - tests a set of the address headers against a set of keys using different comparison methods;
  • envelope - optional test;
  • header - tests a set of the headers against a set of keys using different comparison methods;
  • true, false constants;
  • allof - logic and between several tests;
  • anyof - logic or between several tests;
  • not - negation of a test;
  • exists - test if a set of headers exist;
  • size - test against the size of a message;
A test can take 2 values: true or false.

2. Examples
A simple example of a SIEVE script that will move all mails that have "Spam" in the subject or are received from "", in the Spam folder can be written as follows:
require "fileinto"

if anyof(address :is ["From", "Sender"] "", header :matches "Subject" "Spam")
fileinto "Spam";
Another, more complex example is a filter that will reject all mails that have a virus and are outgoing mails and not incoming mails. This latter example uses several extensions that need to be implemented.
require ["envelope","virustest","relational","comparator-i;ascii-numeric","reject"];

if allof(virustest :value "eq" :comparator "i;ascii-numeric" "5",
envelope :contains "From" ["", ""],
not envelope :contains "To" ["", ""]) {
reject "This mail is from to the world and contains a virus";
For a more detailed presentation of the SIEVE language we also advise you to read the dedicated RFC 3028.

SIEVE filters in the AXIGEN Mail Server

Currently, AXIGEN uses SIEVE language for script filter definition. Different user-defined SIEVE scripts can be included in any AXIGEN Filtering System. When activated in AXIGEN, each filter is assigned a priority value. The notion of priority is used to define the order of filters in the filtering chain. This means that filters with higher priority will be applied first. All SIEVE filters can be activated at multiple levels: server, domain or account/mail list.

AXIGEN also implements the vacation SIEVE extension. This means that SIEVE script files can be created and applied for generating out-of-office type automatic replies. Thus, auto-generated messages can be send when the user of the account for which the vacation applies, is on vacation, out of office or in general away for an extended period of time. Although it is not a security function, vacation extension is an extra functionality available via script files. For an easy out-of-the office implementation in our mail server, please see this example available in our Knowledgebase.

For detailed instructions on SIEVE language and scripts implementation in AXIGEN, please see our online documentation.
 read more | mail this link | score:9292 | -Kayla Vincent, November 9, 2006
More Sysadmin articles...

Fine Art Online Gallery

admin headlines

Quantum basic RDO setup (grizzly) to have original LAN as external on CentOS 6.4

Network Attached Storage (NAS) distributions

Setting up ProFTPd + TLS on Ubuntu 12.10

VirtualBox 4.2.10 released and ubuntu installation instructions included

Tutorial: Install Nagios 3.4.4 on CentOS 6.3

GlusterFS Tutorial: 4-node Distributed Replicated Storage on CentOS 6.3

Tutorial: Install DHCP server in Ubuntu 12.10

Tutorial: Install Nginx, PHP5, PHP-FPM, MySQL on OpenSUSE 12.2

Monitor hard drive usage in Ubuntu with the Visual Philesight CGI Script

ASRock OMG: parental control on the motherboard

Create Advanced MySQL-based Virtual Hosts on Lighttpd (Ubuntu 12.04)

SmartSim: GPL-ed digital logic circuit design and simulation package for Linux and Raspberry Pi

Tutorial: Build a CentOS 6.3 x86_64 Server

Tutorial: Install Nginx with PHP5, PHP-FPM, MySQL on CentOS 6.3

Quckly Install Scrollout F1 Anti-Spam Firewall on Ubuntu

OpenVZ Tutorial: Build virtual host with Web, MySQL, Email, DNS servers on Debian 6

Ubuntu 12.04 LAMP Server Setup

Set up WebDAV with MySQL Authentication on Apache2 (Debian 6)

Use ATA over Ethernet on Debian 6

Apache Module for OpenID Authentication

Tutorial: Install Repcached (memcached replication) for high-availability on 2 nodes on Ubuntu 11.04

Xtables-Addons on Centos 6 and Iptables GeoIP Filtering

Headless VirtualBox 4.0 on Debian Linux


Firefox sidebar

Site map

Site info

News feed


(to post)


Articles are owned by their authors.   © 2000-2012 Ray Yeargin