init commit

4 files changed, 391 insertions, 0 deletions

diff --git a/dovecot/90-sieve.conf b/dovecot/90-sieve.conf
new file mode 100644
index 0000000..8c0c244
--- /dev/null
+++ b/dovecot/90-sieve.conf
@@ -0,0 +1,206 @@
+##
+## Settings for the Sieve interpreter
+##
+
+# Do not forget to enable the Sieve plugin in 15-lda.conf and 20-lmtp.conf
+# by adding it to the respective mail_plugins= settings.
+
+# The Sieve interpreter can retrieve Sieve scripts from several types of
+# locations. The default `file' location type is a local filesystem path
+# pointing to a Sieve script file or a directory containing multiple Sieve
+# script files. More complex setups can use other location types such as
+# `ldap' or `dict' to fetch Sieve scripts from remote databases.
+#
+# All settings that specify the location of one ore more Sieve scripts accept
+# the following syntax:
+#
+# location = [<type>:]path[;<option>[=<value>][;...]]
+#
+# If the type prefix is omitted, the script location type is 'file' and the 
+# location is interpreted as a local filesystem path pointing to a Sieve script
+# file or directory. Refer to Pigeonhole wiki or INSTALL file for more
+# information.
+
+plugin {
+  # The location of the user's main Sieve script or script storage. The LDA
+  # Sieve plugin uses this to find the active script for Sieve filtering at
+  # delivery. The "include" extension uses this location for retrieving
+  # :personal" scripts. This is also where the  ManageSieve service will store
+  # the user's scripts, if supported.
+  # 
+  # Currently only the 'file:' location type supports ManageSieve operation.
+  # Other location types like 'dict:' and 'ldap:' can currently only
+  # be used as a read-only script source ().
+  #
+  # For the 'file:' type: use the ';active=' parameter to specify where the
+  # active script symlink is located.
+  # For other types: use the ';name=' parameter to specify the name of the
+  # default/active script.
+  sieve = file:~/sieve;active=~/.dovecot.sieve
+
+  # The default Sieve script when the user has none. This is the location of a
+  # global sieve script file, which gets executed ONLY if user's personal Sieve
+  # script doesn't exist. Be sure to pre-compile this script manually using the
+  # sievec command line tool if the binary is not stored in a global location.
+  # --> See sieve_before for executing scripts before the user's personal
+  #     script.
+  #sieve_default = /var/lib/dovecot/sieve/default.sieve
+
+  # The name by which the default Sieve script (as configured by the 
+  # sieve_default setting) is visible to the user through ManageSieve. 
+  #sieve_default_name = 
+
+  # Location for ":global" include scripts as used by the "include" extension.
+  #sieve_global =
+
+  # The location of a Sieve script that is run for any message that is about to
+  # be discarded; i.e., it is not delivered anywhere by the normal Sieve
+  # execution. This only happens when the "implicit keep" is canceled, by e.g.
+  # the "discard" action, and no actions that deliver the message are executed.
+  # This "discard script" can prevent discarding the message, by executing
+  # alternative actions. If the discard script does nothing, the message is
+        # still discarded as it would be when no discard script is configured.
+  #sieve_discard =
+
+  # Location Sieve of scripts that need to be executed before the user's
+  # personal script. If a 'file' location path points to a directory, all the 
+  # Sieve scripts contained therein (with the proper `.sieve' extension) are
+  # executed. The order of execution within that directory is determined by the
+  # file names, using a normal 8bit per-character comparison.
+  #
+  # Multiple script locations can be specified by appending an increasing number
+  # to the setting name. The Sieve scripts found from these locations are added
+  # to the script execution sequence in the specified order. Reading the
+  # numbered sieve_before settings stops at the first missing setting, so no
+  # numbers may be skipped.
+  #sieve_before = /var/lib/dovecot/sieve.d/
+  #sieve_before2 = ldap:/etc/sieve-ldap.conf;name=ldap-domain
+  #sieve_before3 = (etc...)
+
+  # Identical to sieve_before, only the specified scripts are executed after the
+  # user's script (only when keep is still in effect!). Multiple script
+  # locations can be specified by appending an increasing number.
+  #sieve_after =
+  #sieve_after2 =
+  #sieve_after2 = (etc...)
+
+  # Which Sieve language extensions are available to users. By default, all
+  # supported extensions are available, except for deprecated extensions or
+  # those that are still under development. Some system administrators may want
+  # to disable certain Sieve extensions or enable those that are not available
+  # by default. This setting can use '+' and '-' to specify differences relative
+  # to the default. For example `sieve_extensions = +imapflags' will enable the
+  # deprecated imapflags extension in addition to all extensions were already
+  # enabled by default.
+  sieve_extensions = +variables +editheader
+  sieve_editheader_max_header_size = 1k
+
+  # Which Sieve language extensions are ONLY available in global scripts. This
+  # can be used to restrict the use of certain Sieve extensions to administrator
+  # control, for instance when these extensions can cause security concerns.
+  # This setting has higher precedence than the `sieve_extensions' setting
+  # (above), meaning that the extensions enabled with this setting are never
+  # available to the user's personal script no matter what is specified for the
+  # `sieve_extensions' setting. The syntax of this setting is similar to the
+  # `sieve_extensions' setting, with the difference that extensions are
+  # enabled or disabled for exclusive use in global scripts. Currently, no
+  # extensions are marked as such by default.
+  #sieve_global_extensions =
+
+  # The Pigeonhole Sieve interpreter can have plugins of its own. Using this
+  # setting, the used plugins can be specified. Check the Dovecot wiki
+  # (wiki2.dovecot.org) or the pigeonhole website
+  # (http://pigeonhole.dovecot.org) for available plugins.
+  # The sieve_extprograms plugin is included in this release.
+  #sieve_plugins =
+
+  # The maximum size of a Sieve script. The compiler will refuse to compile any
+  # script larger than this limit. If set to 0, no limit on the script size is
+  # enforced.
+  #sieve_max_script_size = 1M
+
+  # The maximum number of actions that can be performed during a single script
+  # execution. If set to 0, no limit on the total number of actions is enforced.
+  #sieve_max_actions = 32
+
+  # The maximum number of redirect actions that can be performed during a single
+  # script execution. If set to 0, no redirect actions are allowed.
+  #sieve_max_redirects = 4
+
+  # The maximum number of personal Sieve scripts a single user can have. If set
+  # to 0, no limit on the number of scripts is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_scripts = 0
+
+  # The maximum amount of disk storage a single user's scripts may occupy. If
+  # set to 0, no limit on the used amount of disk storage is enforced.
+  # (Currently only relevant for ManageSieve)
+  #sieve_quota_max_storage = 0
+
+  # The primary e-mail address for the user. This is used as a default when no
+  # other appropriate address is available for sending messages. If this setting
+  # is not configured, either the postmaster or null "<>" address is used as a
+  # sender, depending on the action involved. This setting is important when
+  # there is no message envelope to extract addresses from, such as when the
+  # script is executed in IMAP.
+  #sieve_user_email =
+
+  # The path to the file where the user log is written. If not configured, a
+  # default location is used. If the main user's personal Sieve (as configured
+  # with sieve=) is a file, the logfile is set to <filename>.log by default. If
+  # it is not a file, the default user log file is ~/.dovecot.sieve.log.
+  #sieve_user_log =
+
+  # Specifies what envelope sender address is used for redirected messages.
+  # The following values are supported for this setting:
+  #
+  #   "sender"         - The sender address is used (default).
+  #   "recipient"      - The final recipient address is used.
+  #   "orig_recipient" - The original recipient is used.
+  #   "user_email"     - The user's primary address is used. This is
+  #                      configured with the "sieve_user_email" setting. If
+  #                      that setting is unconfigured, "user_mail" is equal to
+  #                      "recipient".
+  #   "postmaster"     - The postmaster_address configured for the LDA.
+  #   "<user@domain>"  - Redirected messages are always sent from user@domain.
+  #                      The angle brackets are mandatory. The null "<>" address
+  #                      is also supported.
+  #
+  # This setting is ignored when the envelope sender is "<>". In that case the
+  # sender of the redirected message is also always "<>".
+  #sieve_redirect_envelope_from = sender
+
+  ## TRACE DEBUGGING
+  # Trace debugging provides detailed insight in the operations performed by
+  # the Sieve script. These settings apply to both the LDA Sieve plugin and the
+  # IMAPSIEVE plugin. 
+  #
+  # WARNING: On a busy server, this functionality can quickly fill up the trace
+  # directory with a lot of trace files. Enable this only temporarily and as
+  # selective as possible.
+  
+  # The directory where trace files are written. Trace debugging is disabled if
+  # this setting is not configured or if the directory does not exist. If the 
+  # path is relative or it starts with "~/" it is interpreted relative to the
+  # current user's home directory.
+  #sieve_trace_dir =
+  
+  # The verbosity level of the trace messages. Trace debugging is disabled if
+  # this setting is not configured. Possible values are:
+  #
+  #   "actions"        - Only print executed action commands, like keep,
+  #                      fileinto, reject and redirect.
+  #   "commands"       - Print any executed command, excluding test commands.
+  #   "tests"          - Print all executed commands and performed tests.
+  #   "matching"       - Print all executed commands, performed tests and the
+  #                      values matched in those tests.
+  #sieve_trace_level =
+  
+  # Enables highly verbose debugging messages that are usually only useful for
+  # developers.
+  #sieve_trace_debug = no
+  
+  # Enables showing byte code addresses in the trace output, rather than only
+  # the source line numbers.
+  #sieve_trace_addresses = no 
+}
diff --git a/dovecot/Makefile b/dovecot/Makefile
new file mode 100644
index 0000000..5d80849
--- /dev/null
+++ b/dovecot/Makefile
@@ -0,0 +1,2 @@
+all:
+        ln -f `pwd`/sieve ~/sieve
diff --git a/dovecot/dovecot.conf b/dovecot/dovecot.conf
new file mode 100644
index 0000000..e98b281
--- /dev/null
+++ b/dovecot/dovecot.conf
@@ -0,0 +1,34 @@
+listen = *
+
+ssl = required
+
+ssl_cert = </etc/mail/ssl/fullchain.cer
+ssl_key = </etc/mail/ssl/mail.topo.tw.key
+ssl_dh = </etc/ssl/dh.pem
+
+mail_location = maildir:~/Maildir
+
+passdb {
+    # This is where you define your password scheme.
+    # If you have used blowfish it needs to be 'BLF-CRYPT'.
+    args = scheme=sha512-crypt /etc/mail/passwd
+    driver = passwd-file
+}
+
+userdb {
+    args = uid=pham gid=pham home=/home/pham
+    driver = static
+}
+
+protocols = imap lmtp
+
+service imap-login {
+  inet_listener imaps {
+    port = 993
+    ssl = yes
+  }
+  # Disable imap
+  inet_listener imap {
+    port = 0
+  }
+}
diff --git a/dovecot/sieve b/dovecot/sieve
new file mode 100644
index 0000000..b11f1cc
--- /dev/null
+++ b/dovecot/sieve
@@ -0,0 +1,149 @@
+# Sieve filter
+
+# Declare the extensions used by this script.
+require ["fileinto", "reject", "variables", "editheader"];
+
+# If transport is not encrypted, add warning emoji at the beginning of the subject
+if header :contains "Received" ["by topo.tw (Postfix) with ESMTP "]
+{
+  # Match the entire subject
+  if header :matches "Subject" "*" {
+    # Stored in a variable:
+    set "subject" "${1}";
+  }
+  deleteheader "Subject";
+  addheader :last "Subject" "⚠ ${subject}";
+}
+
+# Edit header for test
+if header :contains "From" ["typebrook@gmail.com"] {
+  # Match the entire subject ...
+  if header :matches "Subject" "*" {
+      # ... to get it in a match group that can then be stored in a variable:
+      set "subject" "${1}";
+  }
+  deleteheader "Subject";
+  addheader :last "Subject" "Warning: ${subject}";
+}
+
+# CAUTION!!
+# Put this block at the top so unwanted mail are discarded
+# Message which will trigger commands
+# Discard them so we only have message in Sent
+if allof (
+    address :is ["To"] "mastodon@topo.tw",
+    header :matches "X-Original-To" "mastodon@topo.tw"
+) {
+  discard;
+}
+
+elsif header :contains "From" [
+  "HANCHOR",
+  "info@members.netflix.com",
+  "Amazon Web Services",
+  "no-reply@wamazing.jp",
+  "info@join.netflix.com",
+  "noreply@steampowered.com"
+] {
+  fileinto "promotion";
+}
+
+elsif header :matches :comparator "i;ascii-casemap" "Subject" [
+  "*login*",
+  "*verify*",
+  "*sign-in*",
+  "*登入*",
+  "*密碼*",
+  "*安全性警示*",
+  "*new IP Address*"
+] {
+  fileinto "login";
+}
+
+elsif header :matches :comparator "i;ascii-casemap" "Subject" [
+  "*系統公告*"
+] {
+  fileinto "service";
+}
+
+elsif header :contains :comparator "i;ascii-casemap" "Subject" [
+  "帳單",
+  "付款",
+  "繳款",
+  "扣款",
+  "交易",
+  "費用",
+  "eGUI",
+  "Invoice",
+  "發票",
+  "Receipt",
+  "Billing",
+  "Expense"
+] {
+  fileinto "pay";
+}
+
+elsif header :matches :comparator "i;ascii-casemap" "Subject" ["*永豐*"] {
+  fileinto "STOCK";
+}
+
+elsif address :is ["From"] "no-reply@hackmd.io" {
+  fileinto "update";
+}
+
+elsif address :is ["From"] "notifications@github.com" {
+  fileinto "github";
+}
+
+elsif address :contains ["To", "Cc"] "arch-general@lists.archlinux.org" {
+  fileinto "mailing_list.arch-general";
+}
+
+elsif address :is ["From", "To", "Cc"] "mutt-users@mutt.org" {
+  fileinto "mailing_list.mutt-users";
+}
+
+elsif address :is ["From", "To", "Cc"] "help-bash@gnu.org" {
+  fileinto "mailing_list.bash";
+}
+
+elsif header :matches "Sender" "*~rjarry/aerc-discuss@lists.sr.ht*" {
+  fileinto "mailing_list.aerc";
+}
+
+elsif header :matches "Chat-Version" ["*"] {
+  fileinto "DeltaChat";
+}
+
+elsif header :matches "X-Original-To" ["cybersec@topo.tw"] {
+  fileinto "cybersec";
+}
+
+elsif address :is ["To"] "lay9412206@gmail.com" {
+  fileinto "hometeach";
+}
+
+# Spam Rule:
+# Message does not contain my address in "To", "CC" or "BCC"
+elsif anyof (
+    not header :contains ["To", "Cc", "Bcc", "X-Original-To"] "topo.tw",
+    header :contains "X-Original-To" "eocuk17"
+) {
+  fileinto "spam";
+}
+# Or fake header in "From"
+elsif allof (
+    header :matches "From" "*@topo.tw*",
+    not header :contains "Received" [
+      "from topo.tw",
+      "from PC",
+      "from [127.0.0.1]",
+      "by topo.tw"
+    ]
+) {
+  fileinto "spam";
+}
+
+else {
+  fileinto "INBOX";
+}