Re: Can dovecot sieve query a database file?

On October 10, 2025 9:18:35 AM GMT+03:00, "Kamil Jońca via dovecot" <dovecot@dovecot.org> wrote:

Hadmut Danisch via dovecot <dovecot@dovecot.org> writes:

...

Hi,

can dovecot sieve query any external database ( berkeley database file, rest api, whatever) to determine the target folder by sender address?

dovecot alone cannot do this.

But I believe that you can do in your sieve file:

--8<---------------cut here---------------start------------->8--- require [ "vnd.dovecot.execute", "vnd.dovecot.pipe" ,"vnd.dovecot.filter", "fileinto" ] // I do not know if all vnd.* are really needed execute :pipe :output "calculated_mailbox" "fancy_script.sh" [ "parameter1" , "parameter2" , ... ] ; fileinto "${calculated_mailbox}"; --8<---------------cut here---------------end--------------->8---

and your "fancy_script" can do anything you want. Be aware, that dovecot enforces timeout for script.

KJ

i heard he doesn't want it. but sieve can't possibly include everything and also a kitchen sink directly inside it

i use it in mail monitoring so i know that mail enters via smtp and it also goes thru sieve

require [ "variables", "regex", "fileinto", "mailbox", "imap4flags", "vnd.dovecot.execute" ];

and in the end, just before

fileinto :create "yyy/${aaa}";

i have this

if string :is "${bbb}" "xxx" { execute :pipe "zzz.sh"; discard; stop; }

while script does this

#!/bin/sh -Cefu

set -Cefu

file=/ddd/fff.eee

temp_file="$file.tmp"

umask 022

rm -f "$temp_file"

( cat; printf 'ts=%d\r\n' "date +%s" ) > "$temp_file"

mv -f "$temp_file" "$file"

for completeness, other end is

#!/bin/sh -Cefu

set -Cefu

cd /000 || exit 1

to=111

dst_file=222

status_file=tmp/status

debug=

_fail() { echo "$0: fail: $1" | wall }

if [ ! -t 0 ] then sleep "jot -r 1 0 10" fi

rm -f "$status_file"

str="env LANG=C tr -cd '[:alnum:]' < /dev/urandom | head -c 128"

ts_start="date +%s"

echo "$str" | mail "$to"

timeout -k 40 30 tail -0 -F "$dst_file" | tr -u -d '\r'
| egrep --line-buffered "^$str$" | while read line do ts_end_remote="grep -m 1 ^ts= \"$dst_file\" | cut -d = -f 2 \ | tr -d '\r'"

if echo "$ts_end_remote" | egrep -q '^[0-9]+$'
then
	echo ok > "$status_file"
	
	
	if [ "$debug" ]
	then
		echo "ok in ~$((ts_end_remote - ts_start))s"
	fi
else
	echo fail > "$status_file"
	
	
	_fail "invalid ts_end_remote"
fi


pkill -P "$$" timeout

done

if [ ! -f "$status_file" ] then _fail timeout fi

rm -f "$status_file"

note, can contain fbsd specifics

i don't think external programs are bad, but you need to verify they are secure and they don't consume too many resources

querying a database is expensive enough

just don't self-ddos it with every-mail-script that performs 10s long unoptimized sql queries

or, worse

yolo-pipe bobby-tables content from the internet into your non-input-checked utility

both issues can be mitigated by proper techniques!