Headlines | Linux | Apps | Coding | BSD | Admin | News
Information for Linux System Administration 

Guide to SIEVE Language for Mail Filtering


What is SIEVE?

SIEVE is a language created and used for mail filtering that broadens the filtering options generally provided by mail servers or Antispam/Antivirus applications. They work basically by comparing different keys using different comparators and comparison methods, against headers of a mail message. Based on the result of the comparison, you can apply different actions to the corresponding mail message, i.e. reject, discard, redirect, etc.

This language provides an extremely flexible filtering methodology, as users can define any number of script filters according to their needs. Designed to be easily implemented on either a mail client or mail server (such as Sendmail, Qmail, Axigen and so on), using SIEVE scripts does not depend on access protocol, mail architecture, and operating system.

SIEVE is designed as a proposed Internet Standard, as a result of a multi-vendor effort that has been discussed in various technical and standards-oriented public and private meetings since at least 1994

Why Use SIEVE Filters

Mail traffic for most users has been increasing due to increased usage of e-mail, the emergence of unsolicited email as a form of advertising, and increased usage of mailing lists.

There are a number of reasons to use the SIEVE filtering system:
  • You can create efficient and flexible rules. Scripts written in SIEVE are executed during final delivery, when the message is moved to the user-accessible mailbox. Therefore, it is reasonable to sort when the MTA deposits mail into the user's mailbox.
  • SIEVE scripts are a safe filtering method since they do not operate on the mail content but only extract information from the mail header and take actions according to the pre-defined rules.
  • As and addition to Antispam and Antivirus applications, you can use SIEVE scripts to also filter all legitimate emails, thus gaining speed and efficiency when using email communication.

The SIEVE Language

1. General aspects
SIEVE has a fixed form described as a standard but in can be improved by using extensions. The extension mechanism works if the system implements those extensions. In order to use an extension, it must be advertised at the beginning of the file (script) with a require clause.

require "extension_name"  
require ["extension_name1", "extension_name2"]

The structure of SIEVE as described in the standard defines 5 actions: keep, fileinto, reject, discard, redirect which are self-explanatory. It also defines 3 control commands:
  • - which stops the processing to that point
  • structure
  • require command - which defines an extension of the language.

The if structure has the form:
where a block is a block of commands (actions and control commands - including other ifs)

In the standard form, without any extensions, the test can be one of the following:
  • address - tests a set of the address headers against a set of keys using different comparison methods;
  • envelope - optional test;
  • header - tests a set of the headers against a set of keys using different comparison methods;
  • true, false constants;
  • allof - logic and between several tests;
  • anyof - logic or between several tests;
  • not - negation of a test;
  • exists - test if a set of headers exist;
  • size - test against the size of a message;
A test can take 2 values: true or false.

2. Examples
A simple example of a SIEVE script that will move all mails that have "Spam" in the subject or are received from "", in the Spam folder can be written as follows:
require "fileinto"

if anyof(address :is ["From", "Sender"] "", header :matches "Subject" "Spam")
fileinto "Spam";
Another, more complex example is a filter that will reject all mails that have a virus and are outgoing mails and not incoming mails. This latter example uses several extensions that need to be implemented.
require ["envelope","virustest","relational","comparator-i;ascii-numeric","reject"];

if allof(virustest :value "eq" :comparator "i;ascii-numeric" "5",
envelope :contains "From" ["", ""],
not envelope :contains "To" ["", ""]) {
reject "This mail is from to the world and contains a virus";
For a more detailed presentation of the SIEVE language we also advise you to read the dedicated RFC 3028.

SIEVE filters in the AXIGEN Mail Server

Currently, AXIGEN uses SIEVE language for script filter definition. Different user-defined SIEVE scripts can be included in any AXIGEN Filtering System. When activated in AXIGEN, each filter is assigned a priority value. The notion of priority is used to define the order of filters in the filtering chain. This means that filters with higher priority will be applied first. All SIEVE filters can be activated at multiple levels: server, domain or account/mail list.

AXIGEN also implements the vacation SIEVE extension. This means that SIEVE script files can be created and applied for generating out-of-office type automatic replies. Thus, auto-generated messages can be send when the user of the account for which the vacation applies, is on vacation, out of office or in general away for an extended period of time. Although it is not a security function, vacation extension is an extra functionality available via script files. For an easy out-of-the office implementation in our mail server, please see this example available in our Knowledgebase.

For detailed instructions on SIEVE language and scripts implementation in AXIGEN, please see our online documentation.
 read more | mail this link | score:9282 | -Kayla Vincent, November 9, 2006
More Sysadmin articles...

Buy Large Wall Art Prints

admin headlines

Installing Debian testing On GPT HDDs From A Grml Live Linux

Tutorial: Running CS-Cart on Nginx on Debian 7/Ubuntu 13.04

Encrypt your data with EncFS (Debian 7)

Tutorial: Installing Lighttpd, PHP5, PHP-FPM, MySQL on Debian 7

How to install ajenti (like Webmin) on ubuntu 13.04 server

Back up Route53 To S3

Virtual Users and Domains with Postfix, Courier, MySQL, SquirrelMail (Fedora 18)

Tutorial: Percona Server 5.5 on Ubuntu 12.10

Tutorial: Automated File Replication on 2 Storage Servers with GlusterFS on CentOS 6.3

Track down wasted disk space

Monitor hard drive usage in Ubuntu with the Visual Philesight CGI Script

Tutorial: Build an OpenSUSE 12.2 x86_64 Server

LVM and full disk encryption configuration in Ubuntu Ubiquity

Tutorial: Install Nginx with PHP5, PHP-FPM, MySQL on CentOS 6.3

VBoxHeadless: Run Headless VirtualBox 4.1 on CentOS 6.2

RHEL Speed up NFS Access

Dual-boot Ubuntu 12.04 and Windows 7

Tutorial: Apache2 with mod_fcgid, PHP5 on Ubuntu 11.10

Run Linux Mint Debian Cinnamon in VirtualBox

AVG Antivirus For Linux/FreeBSD Plus Postfix Mail Server

Tutorial: Enable Compiz on Xubuntu 11.10

Stunnel: SSL tunnel for network daemons

Tutorial: Build an Ubuntu 11.10 server


Firefox sidebar

Site map

Site info

News feed


(to post)


Articles are owned by their authors.   © 2000-2012 Ray Yeargin