sieve_extprograms: how to filter original message twice?

N0T3P4D n0t3p4d.opensource at gmail.com
Wed Jun 15 16:12:52 UTC 2016 

On 06/13/16 19:09, Stephan Bosch wrote:
> 
> 
> Op 10-6-2016 om 0:57 schreef N0T3P4D:
>> Hi,
>>
>> I use dovecot and sieve_extprograms to encrypt all incoming messages with the help of a Python script.
>> Now, I want to process the _original_ message a second time. However, as expected, the second filter is applied to the already filtered message.
>>
>> For reference, here's a copy of the sieve script in question:
>>
>> if address :matches "To" "X at Y.Z" {
>>      fileinto "INBOX";
>>      filter "gpgit.py" ["X at Y.Z", "--encrypt"];
>>      fileinto "encrypted";
>>      filter "gpgit.py" ["X at Y.Z", "--wrap"]; # Should be applied to the original message but uses the result of the first filter command
>>      fileinto "wrapped";
>>      stop;
>> }
>>
>> Does anyone have an idea how to modify the script to get the intended result?
>>
>> Please cc me, as I'm not subscribed.
> 
> The Sieve language currently has no means to manage several modified versions of a message in parallel; there is no means to revert back to an older version of a modified message.
> So, unfortunately, I see no way to implement a Sieve script like this at this time :/.
> 
> The only (ugly) solution I see is to use a pipe program rather than a filter program. The pipe program will then fork and filter the e-mail twice and store it into the required
> folders using doveadm.
> 
> Regards,
> 
> Stephan.

Hi Stephan,

thanks for the suggestion - I've implemented it and it seems to works as expected! As I couldn't find out how to store the message using doveadm, I use LMTP. If anyone is
interested, see [1].

In contrast to other solutions such as [2], the message gets encrypted twice. Once in the usual way as in [2], which may break DKIM and possibly other things like signatures, but
is compatible with normal mail clients such as K-9 Mail, which now supports PGP/MIME in the alpha version. The second time, the whole message is encrypted as-is (including headers
and so on) and then stored in the body of the original message, replacing it. When fetching the message with getmail to my local dovecot inbox, the original message gets decrypted
and restored, preserving the DKIM signature and so on (of course, you could also use sieve). This is especially useful if you use a plugin like DKIM verifier for Thunderbird [3]
(thanks to Robert Schetterer for the hint in the sys4.de blog).

Regards
Jeremias


[1] https://github.com/N0T3P4D/gpg-filter
[2] https://perot.me/encrypt-specific-incoming-emails-using-dovecot-and-sieve
[3] https://addons.mozilla.org/de/thunderbird/addon/dkim-verifier/

More information about the dovecot mailing list