tachtler:cyrus_smartsieve
Inhaltsverzeichnis
Cyrus SmartSieve
SmartSieve ist eine Web-Basierte Management-Client und sieve Filter-GUI. Es ist eine grafische Benutzeroberfläche zum Erstellung und zur Verwaltung von sieve-Skripten auf einem Cyrus-IMAP Mailserver. Es stellt eine Möglichkeit dar, für nicht technisch versierte Benutzer von Cyrus, Regeln für sieve zu erstellen um e-Mails und Abwesenheitsnachrichten, ohne Vorkenntnisse über die sieve-Script-Sprache zu haben.
sieve ist eine einfach gehaltene Filtersprache für IMAP-Server. Cyrus bringt die Unterstützung dafür von Haus aus mit, genau genommen stammt die Einreichung des Standards von den Machern von Cyrus. sieve ist nicht so mächtig wie z.B. procmail, so erlaubt es nicht einmal die Definition von Variablen.
Hintergrund ist, dass man den Benutzern des IMAP-Servers zwar Möglichkeiten zur automatischen Behandlung ihrer e-Mails geben möchte, dabei aber keine Abstriche in der Sicherheit des Servers machen muss.
Cyrus SmartSieve herunterladen
Bevor mit der Installation von SmartSieve begonnen werden kann, sollte die „trunk“ Version von SmartSieve - SourceForge.net - Trunk 426 heruntergeladen werden.
Die hier verwendete und besprochene Version ist die Version smartsieve-trunk.tar.gz.
Cyrus SmartSieve installieren
Nach dem herunterladen einer Version von SmartSieve in z.B. das Verzeichnis /tmp auf den lokalen Rechner, sollte sich folgende Datei
smartsieve-trunk.tar.gz
im Verzeichnis /tmp befinden.
Das heruntergeladene Archiv mit dem Namen smartsieve-trunk.tar.gz kann mit folgendem Befehl entpackt werden:
$ tar xvfz smartsieve-trunk.tar.gz
Anschließend sollte sich ein Verzeichnis mit dem Namen smartsieve-1.0-RC2.tar.gz im Verzeichnis /tmp befinden:
# ll /tmp/ ... drwxr-xr-x 7 root root 4096 Oct 2 2007 trunk -rw-r--r-- 1 root root 94266 Oct 2 2007 smartsieve-trunk.tar.gz ...
Abschliessend kann das heruntergeladene Archiv smartsieve-trunk.tar.gz mit folgendem Befehl gelöscht werden:
$ rm /tmp/smartsieve-trunk.tar.gz
Ab hier werden root-Rechte zur Ausführung der nachfolgenden Befehle benötigt. Um root zu werden geben Sie bitte folgenden Befehl ein:
$ su - Password:
WICHTIG - Die eigentliche Installation, kann erst nach entsprechender Konfiguration des zugrunde liegenden Webservers durchgeführt werden!
Cyrus SmartSieve Konfiguration Webserver
Hier soll die Konfiguration eines virtuellen Host für den Apache HTTP Server beschrieben werden. Der Aufruf von SmartSieve soll über die URL
ermöglicht werden.
Falls Sie noch keine Erfahrungen mit virtuellen Hosts in Verbindung mit dem Apache HTTP Server haben sollten, lesen Sie bitte die Dokumentation des Apache HTTP Server Projektes, da hier nur die grundlegenden Schritte erläutert werden.
Falls noch nicht geschehen wird im Verzeichnis /etc/httpd/conf.d eine Datei mit dem Namen vhosts.conf erstellt. Der Inhalt dieser Datei sollte minimal für einen virtuellen Host für SmartSieve wie folgt aussehen:
# This configuration file enables the vhosts to this # Server # NameVirtualHost *:80 # # smartsieve.tachtler.net # <VirtualHost *:80> ServerAdmin webmaster@tachtler.net ServerName smartsieve.tachtler.net ServerAlias www.smartsieve.tachtler.net ServerPath / DocumentRoot "/var/www/html/smartsieve" <Directory "/var/www/html/smartsieve"> AllowOverride AuthConfig Order allow,deny Allow from all </Directory> DirectoryIndex index.php ErrorLog logs/smartsieve_error.log CustomLog logs/smartsieve_access.log combined </VirtualHost>
Anschließend wird das Verzeichnis /tmp/smartsieve-1.0-rc2 nach /var/www/html/smartsieve mit folgendem Befehl kopiert und gleichzeitig umbenannt:
# mv /tmp/trunk /var/www/html/smartsieve
Die Besitzrechte für das Verzeichnis /var/www/html/smartsieve müssen noch korrigiert werden, was mit folgendem Befehl durchgeführt wird:
# chown -R root.apache /var/www/html/smartsieve
Die Zugriffsrechte müssen ebenfalls noch für das Verzeichnis /var/www/html/smartsieve noch korrigiert werden, was mit folgenden Befehlen durchgeführt wird:
# chmod -R o-rx /var/www/html/smartsieve
Ein erneuter oder erster Start des Apache HTTP Server mit folgenden Befehl für eine erstmaligen Start
# service httpd start
oder einen erneuten Start des Apache HTTP Server mit folgendem Befehl
# service httpd restart
macht die oben beschriebenen Konfigurationen für den Apache HTTP Server wirksam.
Cyrus SmartSieve konfigurieren
/var/www/html/smartsieve/conf/config.php
Die relevanten Änderung gegenüber der Standard-Konfigurationsdatei, sind mit folgendem Kommentar
// Tachtler
versehen.
Hier die komplette Konfigurationsdatei /var/www/html/smartsieve/conf/config.php:
<?php /** * This is the SmartSieve configuration file. * You should edit the global settings in this file to suit * your installation. * * Mail server settings can be found in conf/servers.php. * * $Id: config.php,v 1.43 2007/09/07 16:31:07 stephengrier Exp $ */ /** * Language options. */ // Default language to use if we don't allow the users to choose. // This must be one of the languages in conf/locales.php. //$default->language = "en_GB"; // Tachtler $default->language = "de_DE"; // Default character set to use. This will only be used if there is no // charset set for the selected language in conf/locales.php. //$default->charset = "ISO-8859-1"; // Tachtler $default->charset = "ISO-8859-1"; /** * Login options. */ // Cyrus allows certain users to authenticate as themselves, but authorize to // act as other users. This is called proxy authorization. Usually, only admins // and sieve_admins can do this. The following array should contain a list of // users who you want to see the authz box visible on the login page. Set this // to array('all') to make it visible to all users. //$default->proxy_authz_users = array(); // Tachtler $default->proxy_authz_users = array(); // Should we allow users to select which language they wish to view // SmartSieve in? If false $default->language will always be used. //$default->user_select_lang = true; // Tachtler $default->user_select_lang = true; // Should we allow the user to choose from a list of servers? The list // itself is in servers.php. If this is false, the first entry in // servers.php will be used. //$default->user_select_server = true; // Tachtler $default->user_select_server = false; // Should we provide a box on the login page for users to specify which // script to edit? This is ignored if allow_multi_scripts is false. //$default->user_supply_scriptfile = false; // Tachtler $default->user_supply_scriptfile = false; /** * Usability options. */ // Will we allow the user to access multiple scripts? // If true, the user will be able to create and modify multiple scripts // on the server. If false, the user will only be able to access the // script $default->scriptfile. //$default->allow_multi_scripts = true; // Tachtler $default->allow_multi_scripts = false; // Default script to use on the server. This is only used if the user has no // existing scripts, or if $default->allow_multi_scripts is set to false. Note // that timsieved will add a '.script' extension to the file name on the server. //$default->scriptfile = 'smartsieve'; // Tachtler $default->scriptfile = 'smartsieve'; // If SmartSieve does not recognise the encoding on a Sieve script, it // will allow the user to edit it's content in a direct edit mode. If, // however, you do not want users to be able to modify scripts which were // not created using SmartSieve or Websieve, set this to false. //$default->allow_write_unrecognised_scripts = true; // Tachtler $default->allow_write_unrecognised_scripts = true; // Should we allow users to switch between GUI mode into the direct edit mode? // Note, this is generally a bad idea because any changes made in direct edit // mode will be lost if the user reverts to GUI mode. //$default->allow_change_mode = false; // Tachtler $default->allow_change_mode = false; // Should we allow regular expression matching in sieve rules? // FIXME: note, this currently doesn't work. //$default->allow_regex = true; // Tachtler $default->allow_regex = false; // Should we allow users to create custom sieve rules? // Note: existing custom rules will always be handled. //$default->allow_custom = true; // Tachtler $default->allow_custom = true; // Notification methods to allow. This should be an array containing valid notify // methods, of which only 'mailto' and 'sms' are supported. Note, the server must // support the "notify" extension, and have notifyd configured to send notifications. // The notify action is disabled by default. //$default->notify_methods = array('mailto', 'sms'); // Tachtler $default->notify_methods = array('mailto', 'sms'); // What IMAP flags should we allow users to set via the "addflag" action? The default // list appears below. Setting this to an empty array will disable the addflag action. //$default->imap_flags = array('\\\\Seen', '\\\\Deleted', '\\\\Answered', '\\\\Flagged', 'Junk', 'NotJunk', '$Label1', '$Label2', '$Label3', '$Label4', '$Label5'); // Tachtler //$default->imap_flags = array('\\\\Seen', '\\\\Deleted', '\\\\Answered', '\\\\Flagged', 'Junk', 'NotJunk'); // Should we enable the "Forward Mail" interface? This is enabled by default. //$default->use_forward_mail_interface = true; // Tachtler $default->use_forward_mail_interface = true; // Should we enable the vacation interface? This is enabled by default. //$default->use_vacation_interface = true; // Tachtler $default->use_vacation_interface = true; // Should we enable the "Whitelist" interface? This is enabled by default. //$default->use_whitelist = true; // Tachtler $default->use_whitelist = true; // The following array provides a mechanism for specifying a site-specific // spam filtering policy. If your mail domain adds a particular message // header to mail either indicating that the message is spam, or holding // some sort of spam score (like those added by SpamAssissin for example) // you can specify those here. The user will then see a "Filter spam" menu // item which will link to a simple GUI asking them what they want to do // with such messages. // $default->spam_filter = array('header'=>'X-Spam-Score', // 'matchStr'=>'^[0-9]', // 'matchType'=>':regex', // 'not'=>false); // Tachtler $default->spam_filter = array('header'=>'X-Spam-Score', 'matchStr'=>'^[0-9]', 'matchType'=>':regex', 'not'=>false); /** * Compatibility options. */ // Websieve 0.61 included a feature which automatically used the ':matches' // comparator where the match string contains the special wildcard characters // ? or *. Versions of SmartSieve up to 1.0-RC1 maintained this feature if the // following option was enabled. The rule format has changed and this option // now only affects the conversion of legacy scripts, but if you have scripts // created by either of the above cases you can enable the following option to // maintain the match type of legacy rules. //$default->websieve_auto_matches = false; // Tachtler $default->websieve_auto_matches = false; /** * Site-specific options. */ // The base url for SmartSieve. If you make SmartSieve the web root, // set this (and cookie_path) to '/'. //$default->baseurl = '/smartsieve/'; // Tachtler $default->baseurl = '/'; // Location of include files. //$default->include_dir = './include'; // Tachtler $default->include_dir = './include'; // Location of config files. //$default->config_dir = './conf'; // Tachtler $default->config_dir = './conf'; // Location of language files. //$default->lang_dir = './conf/locale'; // Tachtler $default->lang_dir = './conf/locale'; // Location of library files. Warning: don't change this. //$default->lib_dir = './lib'; // Tachtler $default->lib_dir = './lib'; // Location of images. //$default->image_dir = './images'; // Tachtler $default->image_dir = './images'; // What name should we use for the PHP session? //$default->session_name = 'SmartSieve'; // Tachtler $default->session_name = 'SmartSieve'; // Cookie domain. This should be the name of the server SmartSieve is running // on. If the domain of your site is different to the web servcer's server name // you should set your site's domain here. If all else fails, set this to an // empty string, but beware that doing so is a security risk as cookies will // be sent to other websites as well. //$default->cookie_domain = $_SERVER['SERVER_NAME']; // Tachtler $default->cookie_domain = $_SERVER['SERVER_NAME']; // Cookie path. This should be the location of SmartSieve under your web root. // If you leave this empty, all scripts on the server will have access to the // cookie data. This should match the value of baseurl above. //$default->cookie_path = '/smartsieve'; // Tachtler $default->cookie_path = '/'; // Title of each page //$default->page_title = 'SmartSieve'; // Tachtler $default->page_title = 'SmartSieve'; // Welcome message on the login page. //$default->login_page_heading = 'Welcome to SmartSieve'; // Tachtler $default->login_page_heading = 'Welcome to SmartSieve'; // Which page should users see following login? //$default->initial_page = 'main.php'; // Tachtler $default->initial_page = 'main.php'; // The default number of vacation days for a new vacation action. //$default->vacation_days = '7'; // Tachtler $default->vacation_days = '1'; // The maximum number of vacation days the user can choose from. //$default->max_vacation_days = '30'; // Tachtler $default->max_vacation_days = '365'; // What is the maximum number of characters an input field should accept? //$default->max_field_chars = 500; // Tachtler $default->max_field_chars = 500; // What is the maximum number of characters a text box should accept? // e.g. the reject message on the rule page. //$default->max_textbox_chars = 50000; // Tachtler $default->max_textbox_chars = 50000; // Should we set the working script as the active script when saving? Note that // the working script will always be set as the active script if there are no // other scripts, or if allow_multi_scripts is false. //$default->update_activate_script = false; // Tachtler $default->update_activate_script = false; // Following logout, users will be redirected to the login page. If you // prefer to have them redirected elsewhere you can specify this here. // Note, this should be a complete URI including the scheme and hostname. // $default->logout_redirect = 'http://my.logout.message.com'; // Should we return to the View Rules page following rule changes? //$default->return_after_update = false; // Tachtler $default->return_after_update = false; // What format should we use for the date on the script head? // See http://www.php.net/manual/en/function.date.php //$default->script_date_format = 'Y/m/d H:i:s'; // Tachtler $default->script_date_format = 'Y/m/d H:i:s'; // The timeout (in seconds) to use when reading from the socket. Increase // this if you are experiencing empty bad response errors. //$default->socket_timeout = 2; // Tachtler $default->socket_timeout = 2; // SmartSieve will select a cryptography library to use for encryption. You // can override the one it chooses by setting this option. Choices are // 'MCRYPT', 'RC4', 'HCEMD5', and ''. //$default->crypt_lib = null; // Tachtler $default->crypt_lib = null; // An array containing any values needed by the Crypt object. //$default->crypt_args = array(); // Tachtler $default->crypt_args = array(); // SmartSieve will auto negotiate which SASL mechanism to use to authenticate. // If you want to specify a mechanism instead set this to something other // than an empty string. Currently, 'plain' and 'digest-md5' are supported. //$default->sasl_mech = null; // Tachtler $default->sasl_mech = 'plain'; /** * Logging options. */ // Should we log messages? //$default->logging = false; // Tachtler $default->logging = true; // At what level should we log? Can be LOG_EMERG, LOG_ALERT, LOG_CRIT, LOG_ERR, // LOG_WARNING, LOG_NOTICE, LOG_INFO, and LOG_DEBUG. //$default->logging_level = LOG_INFO; // Tachtler $default->logging_level = LOG_INFO; // Logging method. Can be 'file', 'syslog' //$default->logging_method = 'syslog'; // Tachtler $default->logging_method = 'syslog'; // This should either be a filename if logging_method = 'file', or // a syslog facility (eg. LOG_LOCAL4) if logging_method = 'syslog' //$default->logging_facility = LOG_LOCAL4; // Tachtler $default->logging_facility = LOG_MAIL; // What identifier should we use to identify log messages in the log? //$default->logging_ident = 'smartsieve'; // Tachtler $default->logging_ident = 'smartsieve'; // An associative array contaning additional configuration information // needed by the PEAR Log class. //$default->logging_args = array(); // Tachtler $default->logging_args = array(); /** * Menu items. */ // If any of the following are set, a 'Help' menu item will be displayed // on the corresponding pages linked to the values set here. These should // be full URLs. // $default->main_help_url = 'http://example.co.uk/help.html'; //$default->main_help_url = ''; //$default->spam_help_url = ''; //$default->forward_help_url = ''; //$default->custom_help_url = ''; //$default->vacation_help_url = ''; //$default->whitelist_help_url = ''; //$default->rule_help_url = ''; //$default->scripts_help_url = ''; // The following should be an array containing extra items you want // to include in SmartSieve's menu. Each element should be an // associative array containing the keys 'uri' and 'label'. The anchor's // "target" attribute can be set via the optional 'target' value, and // the icon can be set via the optional 'img' value. // $default->menu_items = array( // array('uri'=>'http://mydomain.com/mypage.html', // 'label'=>'Menu Item', // 'img'=>'./images/item.gif', // 'target'=>'_blank')); /** * Custom function hooks. */ // If this is set to a function name, that function will be called to // retrieve login details for the user. Note, the details supplied when // the login page is submitted take precedence over this. The function // must return an array of the form expected by the SmartSieve::getLoginDetails // function. //$default->get_login_details_hook = null; // If you have an external source of email addresses you want your users // to see on the vacation settings page, set the following to the name // of a function that will retrieve these. SmartSieve will then include // these in the list of addresses the user might include in their vacation // addresses. The function should return an array of addresses. //$default->get_email_addresses_hook = null; // If you want to extend the sanity checking done prior to the user saving a // rule you can define a function and set the function name here. The function // must take a rule array as a parameter, and will be expected to return boolean // true to allow the rule to be saved, or false to disallow it. There is an // example isSaneHook() function below. //$default->is_sane_hook = null; /** * Example get_login_details_hook function. * * This example looks for credentials set by a single-sign-on * system. If set, the user will not need to log in again. * * @return array Login details */ //function getSSODetails() //{ // $details = array(); // if (isset($_SERVER['REMOTE_USER']) && isset($_SERVER['AUTH_TYPE']) && // $_SERVER['AUTH_TYPE'] == 'sso' && isset($_COOKIE['sso'])) { // $details['auth'] = $_SERVER['REMOTE_USER']; // $details['passwd'] = $_COOKIE['sso']; // $details['authz'] = ''; // $details['server'] = 'example'; // } // return $details; //} /** * Example get_email_addresses_hook function. * * @return array The list of email addresses */ //function getEmailAddresses() //{ // $addresses = array(); // if (extension_loaded('ldap')) { // $ds = ldap_connect('ldap.example.com'); // if ($ds) { // // Anonymous bind. // $r = ldap_bind($ds); // $sr = ldap_search($ds, "ou=people,dc=example,dc=com", // "uid=".$_SESSION['smartsieve']['authz']); // $entries = ldap_get_entries($ds, $sr); // for ($i=0; $i<$entries['count']; $i++) { // $addresses[] = $entries[$i]['mail'][0]; // } // } // ldap_close($ds); // } // return $addresses; //} /** * Example is_sane_hook function. * * This function will be called (if set via is_sane_hook above) prior to a user * saving a rule, and will be passed a rule array as a parameter. This allows * you to add custom sanity checks to those of isSane(). You must return boolean * true to allow the user to save the rule, or false to disallow it. * * @param array $rule The rule values * @return boolean True if rule values are acceptable, false if not */ //function isSaneHook($rule) //{ // foreach ($rule['actions'] as $action) { // if ($action['type'] == ACTION_REDIRECT && // !preg_match("/\@example.com\$/", $action['address'])) { // SmartSieve::setError(sprintf("Not allowed to forward mail to %s", $action['address'])); // return false; // } // } // return true; //} ?>
/var/www/html/smartsieve/conf/servers.php
Die relevanten Änderung gegenüber der Standard-Konfigurationsdatei, sind mit folgendem Kommentar
/* Tachtler
versehen.
Hier die komplette Konfigurationsdatei /var/www/html/smartsieve/conf/servers.php:
<?php /** * servers.php: this file contains the configurations for * the cyrus servers we can connect to. If you have set the * $default->user_select_server option in conf.php to true, * each of the servers below will appear in a select box on * the login page. If you've set this to false, then the * first entry below will be used as the default and no * select box will appear on the login page. * * display: the name to be displayed in the drop-down list of * servers on the login page (if $default->user_select_server * is set to true in conf/conf.php). * * use_starttls: by default, SmartSieve will try to use TLS * to protect the connection to the managesieve server. This will * only work with PHP-5.1 and above built with OpenSSL support, * and where the server supports it. Set this to false if you want * to disable TLS. * * imapport: port to connect to imapd; usually 143. If you * want to do imap-ssl set this to '993/imap/ssl', or even * '143/imap/tls'. Note that if you are using a self-signed * certificate on your imap server, you sould set this to * '993/imap/ssl/novalidate-cert'. Also, if you have compiled * the c-client libraries with ssl support and you are using * php-4.1.2 or later with imap-ssl enabled, you will need to * set this to '143/imap/notls' if you do not want imap-ssl. * * maildomain: If your users have email addresses of the form * username@yourdomain and you want to suggest this as a vacation * address to your users when they create a new vacation rule, set * this to your mail domain. Do not include the '@' character. * Note: you can also suggest vacation addresses to your users via * the get_email_addresses_hook option in config.php. * * auth_domain: You can use this option to set a domain value * which will be appended to usernames to make them fully-qualified. * This is useful if your server supports virtual domains but can * only determine the domain from the username, and you want to save * your users the trouble of typing their fully-qualified username * themselves. * * $Id: servers.php,v 1.11 2007/09/25 15:12:23 stephengrier Exp $ */ $servers['cyrus'] = array( 'display' => 'Cyrus IMAP Server', 'server' => 'mx1.tachtler.net', 'sieveport' => '2000', 'imapport' => '143/imap/notls', 'maildomain' => 'tachtler.net' ); /* Tachtler - disabled - */ /* $servers['example'] = array( 'display' => 'My Example Server', 'server' => '127.0.0.1', 'sieveport' => '2000', 'imapport' => '143/imap/notls', 'maildomain' => 'localhost' ); */ /* Tachtler - disabled - */ /* $servers['example2'] = array( 'display' => 'Example2', 'server' => 'imap.example.co.uk', 'sieveport' => '2000', 'imapport' => '143', 'maildomain' => '' ); */ ?>
Cyrus SmartSieve Fehlerbehebung
Falls nachfolgende Fehler auftreten sollten (aus httpd –> error_log):
[Fri May 06 13:27:30 2011] [error] [client 127.0.0.1] PHP Fatal error: SmartSieve::require_once() [<a href='function.require'>function.require</a>]: Failed opening required 'conf/config.php' (include_path='/usr/share/pear/PEAR') in /var/www/html/smartsieve/lib/SmartSieve.lib on line 443 [Fri May 06 13:32:37 2011] [error] [client 127.0.0.1] PHP Warning: SmartSieve::require_once(conf/servers.php) [<a href='function.SmartSieve-require-once'>function.SmartSieve-require-once</a>]: failed to open stream: No such file or directory in /var/www/html/smartsieve/lib/SmartSieve.lib on line 461
muss der komplette Pfad zu den Konfigurationsdateien
conf/config.phpconf/server.php
angegeben werden!
Nachfolgende Zeilen im Programmcode von SmartSieve müssen wie nachfolgend dargestellt verändert werden:
Zeile 443 - /var/www/html/smartsieve/lib/SmartSieve.lib
ALT
require_once 'conf/config.php';
NEU
require_once '/var/www/html/smartsieve/conf/config.php';
Zeile 461 - /var/www/html/smartsieve/lib/SmartSieve.lib
ALT
require_once 'conf/server.php';
NEU
require_once '/var/www/html/smartsieve/conf/server.php';
Falls nachfolgende Fehler auftreten sollten (aus httpd –> error_log):
[Fri Dec 23 20:34:50 2011] [error] [client 127.0.0.1] PHP Warning: strftime(): It is not safe to rely on the system's timezone settings. You are *required* to use the date.timezone setting or the date_default_timezone_set() function. In case you used any of those methods and you are still getting this warning, you most likely misspelled the timezone identifier. We selected 'Europe/Berlin' for 'CET/1.0/no DST' instead in /usr/share/pear/Log/syslog.php on line 185, referer: http://smartsieve.tachtler.net/login.php?SmartSieve=jo0spqaefmbk6ab5nbs2ud4ia1
muss in der Datei
/usr/share/pear/Log/syslog.php
vor der Zeile 185 nachfolgende Anpassung durchgeführt werden:
/* Apply the configured line format to the message string. */ date_default_timezone_set('Europe/Berlin'); $message = $this->_format($this->_lineFormat, /* Tachtler */ /* strftime($this->_timeFormat), */ strftime($this->_timeFormat), $priority, $message);
tachtler/cyrus_smartsieve.txt · Zuletzt geändert: 2012/06/13 15:23 von klaus