Dovecot
Содержание:
Options ☜
Global doveadm(1) options:
- -D
- Enables verbosity and debug messages.
- -f formatter
- Specifies the formatter for formatting the output. Supported formatters are:
-
- flow
- prints each line with key=value pairs.
- pager
- prints each key: value pair on its own line and separates records with form
feed character (^L). - tab
- prints a table header followed by tab separated value lines.
- table
- prints a table header followed by adjusted value lines.
-
- -o setting=value
- Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the
userdb with the given value. In order to override multiple settings, the -o option
may be specified multiple times. - -v
- Enables verbosity, including progress counter.
This command uses by default the output formatter flow (without the key=
prefix).
Command specific options:
- -a replicator_socket_path
- This option is used to specify an absolute path to an alternative UNIX domain socket.
By default doveadm(1) will use the socket
/var/run/dovecot/replicator-doveadm. The socket may be located in another directory, when
the default base_dir setting was overridden in /etc/dovecot/dovecot.conf.
Options ☜
Global doveadm(1) options:
- -D
- Enables verbosity and debug messages.
- -o setting=value
- Overrides the configuration setting from /etc/dovecot/dovecot.conf and from the
userdb with the given value. In order to override multiple settings, the -o option
may be specified multiple times. - -v
- Enables verbosity, including progress counter.
Command specific options:
- -a userdb_socket_path
- This option is used to specify an absolute path to an alternative UNIX domain socket.
By default doveadm(1) will use the socket
/var/run/dovecot/auth-userdb. The socket may be located in another directory, when the
default base_dir setting was overridden in /etc/dovecot/dovecot.conf. - -f field
- When this option and the name of a userdb field is given, doveadm(1) will show only the value of the specified field.
- -u
- When this option is given, doveadm(1) will only show values
from the userdb. Without -u parameter if any of the uid, gid, home or
mail fields are missing, their defaults are taken from configuration file. - -x auth_info
-
auth_info specifies additional conditions for the user command. The
auth_info option string has to be given as name=value pair. For
multiple conditions the -x option could be supplied multiple times.
Possible names for the auth_info are:-
- service
- The service for which the userdb lookup should be tested. The value may be the name of a
service, commonly used with Dovecot. For example: imap, pop3 or
smtp. - lip
- The local IP address (server) for the test.
- rip
- The remote IP address (client) for the test.
- lport
- The local port, e.g. 143
- rport
- The remote port, e.g. 24567
-
Options ☜
- -a
- Dump all configuration settings to stdout and exit successfully. The same as
doveconf -a. - -c config-file
- Start dovecot with an alternative configuration.
- -F
- Run dovecot in foreground, do not daemonize.
- -n
- Dump non-default settings to stdout and exit successfully. The same as
doveconf -n. - -p
- Prompt for the ssl key password for the configured ssl_key on startup.
- —build-options
- Show Dovecot’s build options and exit successfully.
- —help
- Print a usage message to stdout and exit successfully.
- —hostdomain
- Shows the current host.domain name of the system. If the domain lookup should
fail for some reason, only the hostname will be shown. - —version
- Show Dovecot’s version and exit successfully.
dovecot.conf
While still in /usr/local/etc, open dovecot.conf in a text editor.
base_dir = /var/run/dovecot/
This was created for you during installation.
protocols = imap
You can add other protocols if you want. This setup only uses IMAP.
protocol imap { listen = *:143 }
Dovecot listens on port 143 by default, so the port setting isn’t necessary unless you want to use a different port. According to the documentation, * causes Dovecot to listen on all available IP4 interfaces. If your IMAP box is also your Internet gateway, and you’re not offering mail services externally, then you probably don’t want that. If you specify your LAN interface, Dovecot may continue to listen at localhost, but you can’t count on it. If your host name isn’t exposed externally, then you can use
protocol imap { listen = wibblemailhost:143 }
Otherwise use
protocol imap { listen = 192.168.15.23:143 }
ssl_disable = yes
If you have this set to yes, you can ignore the SSL settings that follow in dovecot.conf.
login_dir = /var/run/dovecot/login login_chroot = yes login_user = dovecot verbose_proctitle = yes
The above are all part of the default conf file.
first_valid_uid = 3000 last_valid_uid = 3000
If you are assigning the postoffice UID number to all mail accounts, you can restrict access to only that UID number. See mention of mail_uid above.
first_valid_gid = 8 last_valid_gid = 8
mail_location = mbox:/var/mail/%u
or
mail_location = maildir:/var/mail/%u
client_workarounds = oe6-fetch-no-newmail outlook-idle
We don’t use Outlook or Outlook Express. However, someone may decide to use an MS mail client in the future, and leaving this in place does no harm.
mail_save_crlf = no
My IMAP box really doesn’t work very hard, so I don’t think it matters how this is set. If your mail server gets hammered regularly, you may want to play with this and see if it makes a difference in speed.
maildir_copy_with_hardlinks = yes
«yes» is supposed to be faster. See the comments in the config file for the tradeoffs.
mbox_read_locks = fcntl mbox_write_locks = fcntl
I also tried flock and dotlock, and they work FBSD. This is the preferred setting, if it works on your system. Locking should not be necessary for Maildir setups.
auth default { mechanisms = plain
«plain» seems more likely to work under more circumstances.
passdb ldap { args = /usr/local/etc/dovecot-ldap.conf } userdb ldap { args = /usr/local/etc/dovecot-ldap.conf }
If you need to switch to passwd authentication for testing, change this to
passdb passwd { } userdb passwd { }
user = dovecot-auth
If you need to switch to passwd authentication for testing, change this to
user = root
auth_verbose = yes
If you have to debug your configuration, you’ll want as much information as possible.
Ubuntu config files
These are two full config files used on Ubuntu —
# /etc/dovecot/dovecot.conf protocols = imap imaps log_timestamp = "%Y-%m-%d %H:%M:%S " first_valid_uid = 100 mail_debug = yes mail_location = /var/mail/%u/Maildir auth default { mechanisms = plain passdb ldap { args = /etc/dovecot/dovecot-ldap.conf } userdb ldap { args = /etc/dovecot/dovecot-ldap.conf } }
For LDAP configuration,
auth_bind = yes auth_bind_userdn = uid=%u,ou=People,dc=_WIZZY_HOSTNAME_,ou=wizzy ldap_version = 3 base = ou=People,dc=_WIZZY_HOSTNAME_,ou=wizzy scope = subtree user_attrs = homeDirectory=home user_filter = (&(objectClass=posixAccount)(uid=%u)) mail_uid = dovecot mail_gid = mail
Examples
Dynamic passwd-file locations
mail_location = maildir:/home/%d/%n/Maildir passdb { driver = passwd-file args = username_format=%n /home/%d/etc/shadow } userdb { driver = passwd-file args = username_format=%n /home/%d/etc/passwd }
In the above examples users are expected to log in as «user@domain». Their mail is kept in their home directory at /home/<domain>/<username>/Maildir.
The usernames in the passwd and shadow files are expected to contain only the user part, no domain. This is because the path itself already contained %d to specify the domain. If you want the files to contain full user@domain names, you can use username_format=%u.
static userdb
Many people store only usernames and passwords in their database and don’t want to deal with UIDs or GIDs. In that case the easiest way to get Dovecot running is to use the static userdb:
mail_location = maildir:~/Maildir passdb { driver = pam } userdb { driver = static args = uid=vmail gid=vmail home=/var/mail/virtual/%d/%n }
Commands ☜
Replicator Add
doveadm replicator add [-a replicator_socket_path] user_mask
Add the specified user(s) to the replicator. If the user_mask contains «?» or
«*» wildcards, the list of usernames is looked up from the userdb.
Replicator Dsync-Status
doveadm replicator dsync-status [-a replicator_socket_path]
Show the status for the currently running dsync processes.
doveadm replicator remove [-a replicator_socket_path] username
Remove the specified user from replicator.
Replicator Replicate
doveadm replicator replicate [-a replicator_socket_path] [-f]
[-p priority] user_mask
Start replication for the specified users now. If the -f parameter is given, full replication is
done for the user. You can also specify the priority, which can be either high or low. If
the user mask contains «?» or «*» wildcards, the list of usernames is looked up
from the users that currently exist in replicator (not from the userdb).
Virtual users
With a lookup
Give the destination username to dovecot-lda with -d parameter, for example:
dovecot-lda -f $FROM_ENVELOPE -d $DEST_USERNAME
You’ll need to set up a auth-userdb socket for dovecot-lda so it knows where to find mailboxes for the users:
service auth { unix_listener auth-userdb { mode = 0600 user = vmail # User running dovecot-lda #group = vmail # Or alternatively mode 0660 + dovecot-lda user in this group } }
The auth-userdb socket can be used to do userdb lookups for given usernames or get a list of all users. Typically the result will contain the user’s UID, GID and home directory, but depending on your configuration it may return other information as well. So the information is similar to what can be found from eg. /etc/passwd for system users. This means that it’s probably not a problem to use mode=0666 for the socket, but you should try to restrict it more just to be safe.
Without a lookup
If you have already looked up the user’s home directory and you don’t need a userdb lookup for any other reason either (such as overriding settings for specific users), you can run dovecot-lda similar to how it’s run for system users:
HOME=/path/to/user/homedir dovecot-lda -f $FROM_ENVELOPE
This way you don’t need to have a master listener socket. Note that you should verify the user’s existence prior to running dovecot-lda, otherwise you’ll end up having mail delivered to nonexistent users as well.
You must have set the proper UID (and GID) before running dovecot-lda. It’s not possible to run dovecot-lda as root without -d parameter.
Multiple UIDs
If you’re using more than one UID for users, you’re going to have problems running dovecot-lda, as most MTAs won’t let you run dovecot-lda as root. Best solution is to use LMTP instead, but if you can’t do that, there are two ways to work around this problem:
- Make dovecot-lda setuid-root.
- Use sudo to wrap the invocation of dovecot-lda.
Making dovecot-lda setuid-root:
Beware: it’s insecure to make dovecot-lda setuid-root, especially if you have untrusted users in your system. Setuid-root dovecot-lda can be used to gain root privileges. You should take extra steps to make sure that untrusted users can’t run it and potentially gain root privileges. You can do this by making sure only your MTA has execution access to it. For example:
# chgrp secmail /usr/local/libexec/dovecot/dovecot-lda # chmod 04750 /usr/local/libexec/dovecot/dovecot-lda # ls -l /usr/local/libexec/dovecot/dovecot-lda -rwsr-x--- 1 root secmail 4023932 2010-06-15 16:23 dovecot-lda
Then start dovecot-lda as a user that belongs to secmail group. Note that you have to recreate these rights after each update of dovecot.
Using sudo:
Alternatively, you can use sudo to wrap the invocation of dovecot-lda. This has the advantage that updates will not clobber the setuid bit, but note that it is just as insecure being able to run dovecot-lda via sudo as setuid-root. Make sure you only give your MTA the ability to invoke dovecot-lda via sudo.
First configure sudo to allow ‘dovelda’ user to invoke dovecot-lda by adding the following to your /etc/sudoers:
Defaults:dovelda !syslog dovelda ALL=NOPASSWD:/usr/local/libexec/dovecot/dovecot-lda
Then configure your MTA to invoke dovecot-lda as user ‘dovelda’ and via sudo:
/usr/bin/sudo /usr/local/libexec/dovecot/dovecot-lda
instead of just plain /usr/local/libexec/dovecot/dovecot-lda.
Per-user quota
You can override quota rules in your userdb’s extra fields. Keep all the global settings in plugin section and override only those settings you need to in your userdb.
If you’re wondering why per-user quota isn’t working:
-
Check that dovecot-lda is called with -d parameter.
-
Check that you’re not using userdb static.
-
Check that quota_rule setting is properly returned by userdb. Enable auth_debug=yes and mail_debug=yes to see this.
For example:
plugin { quota = maildir:User quota quota_rule = *:storage=1G quota_rule2 = Trash:storage=+100M }
Next override the default 1GB quota for users:
LDAP
Quota limit is in quotaBytes field:
user_attrs = homeDirectory=home, quotaBytes=quota_rule=*:bytes=%$
Remember that user_attrs is used only if you use userdb ldap.
MySQL
user_query = SELECT uid, gid, home, \ concat('*:bytes=', quota_limit_bytes) AS quota_rule \ FROM users WHERE userid = '%u' # MySQL with userdb prefetch: Remember to prefix quota_rule with userdb_ # (just like all other userdb extra fields): password_query = SELECT userid AS user, password, \ uid AS userdb_uid, gid AS userdb_gid, \ concat('*:bytes=', quota_limit_bytes) AS userdb_quota_rule \ FROM users WHERE userid = '%u'
Remember that user_query is used only if you use userdb sql.
PostgreSQL, SQLite
user_query = SELECT uid, gid, home, \ '*:bytes=' || quota_limit_bytes AS quota_rule \ FROM users WHERE userid = '%u'
Remember that user_query is used only if you use userdb sql.
passwd-file
Example passwd-file entries:
user:{plain}pass:1000:1000::/home/user::userdb_quota_rule=*:bytes=100M user2:{plain}pass2:1001:1001::/home/user2::userdb_quota_rule=*:bytes=200M user3:{plain}pass3:1002:1002::/home/user3::userdb_mail=maildir:~/Maildir userdb_quota_rule=*:bytes=300M
passwd
The passwd userdb doesn’t support extra fields. That’s why you can’t directly set users’ quota limits to passwd file. One possibility would be to write a script that reads quota limits from another file, merges them with passwd file and produces another passwd-file, which you could then use with Dovecot’s userdb passwd-file.
Настройка Postfix[править]
apt-get install postfix-ldap
Изменение файловправить
В каталоге /etc/postfix изменяем файлы для домена test.alt:
main.cfправить
# Global Postfix configuration file. This file lists only a small subset # of all parameters. For the syntax, and for a complete parameter list, # see the postconf(5) manual page. For a commented and more complete # version of this file see /etc/postfix/main.cf.dist mailbox_command = /usr/libexec/dovecot/dovecot-lda -f "$SENDER" -a "$RECIPIENT" inet_protocols = ipv4 # Mappings virtual_mailbox_base = /var/mail virtual_mailbox_domains = test.alt virtual_mailbox_maps = ldap:/etc/postfix/ad_local_recipients.cf virtual_alias_maps = ldap:/etc/postfix/ad_mail_groups.cf virtual_transport = dovecot local_transport = virtual local_recipient_maps = $virtual_mailbox_maps # SSL/TLS smtpd_use_tls = yes smtpd_tls_security_level = encrypt #smtpd_tls_security_level = may smtpd_sasl_auth_enable = yes smtpd_sasl_local_domain = test.alt smtpd_sasl_path = private/auth smtpd_sasl_type = dovecot smtpd_sender_login_maps = ldap:/etc/postfix/ad_sender_login.cf smtpd_tls_auth_only = yes smtpd_tls_cert_file = /var/lib/ssl/certs/dovecot.cert smtpd_tls_key_file = /var/lib/ssl/private/dovecot.key smtpd_tls_CAfile = /var/lib/ssl/certs/dovecot.pem smtpd_recipient_restrictions = permit_mynetworks, reject_unauth_destination, permit_sasl_authenticated, reject smtpd_sender_restrictions = reject_authenticated_sender_login_mismatch
Внимание! Файл /etc/postfix/mydestination должен быть пустым
master.cfправить
В файл master.cf необходимо добавить:
dovecot unix - n n - - pipe flags=DRhu user=mail:mail argv=/usr/libexec/dovecot/deliver -d ${recipient} smtps inet n - n - - smtpd -o smtpd_tls_wrappermode=yes -o smtpd_sasl_auth_enable=yes -o smtpd_client_restrictions=permit_sasl_authenticated,reject
ad_local_recipients.cfправить
version = 3 server_host = test.alt:389 search_base = dc=test,dc=alt scope = sub query_filter = (&(|(mail=%s)(otherMailbox=%u@%d))(sAMAccountType=805306368)) result_filter = %s result_attribute = mail special_result_attribute = member bind = yes bind_dn = cn=vmail,cn=users,dc=test,dc=alt bind_pw = Pa$$word
ad_mail_groups.cfправить
version = 3 server_host = test.alt:389 search_base = dc=test,dc=alt timeout = 3 scope = sub query_filter = (&(mail=%s)(sAMAccountType=268435456)) result_filter = %s result_attribute = mail special_result_attribute = member bind = yes bind_dn = cn=vmail,cn=users,dc=test,dc=alt bind_pw = Pa$$word
ad_sender_login.cfправить
version = 3 server_host = test.alt:389 search_base = dc=test,dc=alt scope = sub query_filter = (&(objectClass=user)(|(sAMAccountName=%s)(mail=%s))) result_attribute = mail bind = yes bind_dn = cn=vmail,cn=users,dc=test,dc=alt bind_pw = Pa$$word
Тестируем работуправить
Проверка конфигурации Postfix (не должно быть никаких сообщений:
# postconf >/dev/null
Проверка пользователя почты petrov:
# postmap -q petrov@test.alt ldap:/etc/postfix/ad_local_recipients.cf petrov@test.alt
Проверка входа:
# postmap -q petrov@test.alt ldap:/etc/postfix/ad_sender_login.cf petrov@test.alt
# samba-tool group add --mail-address=sales@test.alt Sales Added group Sales # samba-tool group addmembers Sales ivanov,petrov Added members to group Sales # postmap -q sales@test.alt ldap:/etc/postfix/ad_mail_groups.cf sales@test.alt,ivanov@test.alt,petrov@test.alt
service postfix restart
Quota for private namespaces
You can create a separate namespace-specific quota for a folder hierarchy. This is done by adding another namespace and the :ns=<namespace prefix> parameter to quota setting. For example you could have something like:
namespace { type = private prefix = Archive/ #location = .. } plugin { # Maildir quota quota = maildir:User quota:ns= quota2 = maildir:Archive quota:ns=Archive/ # Dict quota #quota = dict:User quota:%u.default:ns=:proxy::quota #quota2 = dict:Archive quota:%u.archive:ns=Archive/:proxy::quota #quota_rules and quota2_rules.. }
Note: If you’re using dict quota, you need to make sure that the quota of the Archive namespace is calculated for another «user» than the default namespace. Either track different namespaces in different backends or make sure the users differs. %u.archive defines <username>.archive as key to track quota for the Archive namespace, the %u.default tracks the quota of other folders. See Variables for further help on variables.
Задача[править]
Настроить почтовую систему на базе Postfix и Dovecot для работы с базой пользователей Active Directory.
Параметр | Значение |
---|---|
Имя домена | test.alt |
Размещение почты | /var/mail/<имя домена>/<имя пользователя> (формат maildir) |
Доступ на чтение почты | IMAP (порт 993), SSL |
Доступ на отправку почты | SMTP (порт 465), SSL/STARTTLS |
Данные аутентификации: | Полный email с доменом (например, petrov@test.alt) или имя пользователя |
Журнал работы | /var/log/maillog |
Принятые ограниченияправить
В текущей конфигурации не рассматриваются многодоменные конфигурации;
Доступ к службам реализован только с помощью SSL по соображениям безопасности;
Уровень домена и леса Active Directory должен быть не выше Windows 2008 R2;
В данной версии инструкции не рассматривается конфигурация для подключения Microsoft Exchange на основе MAPI или EWS;
Для подключения в данной конфигурации можно использовать Microsoft Outlook версии, начиная с 2003 в режиме подключения почты по IMAP;
Внимание! Доступ к серверу LDAP осуществляется по протоколу ldap без шифрования. Для SambaDC отключите обязательный ldaps в /etc/samba/smb.conf в секции : ldap server require strong auth = no
Configure startup
On Ubuntu, installing slapd is sufficient to start it, and have it start on reboot. It runs as root. Proceed to Configuration.
Run as root, listen on all interfaces
This is the simplest set up. I recommed this for your initial set up and testing. Running as root is a security risk, so you probably want to change this before making the the server available to users.
The first step is to go to /etc/rc.conf and add the following line.
slapd_enable="YES"
This will cause the OS to look for slapd.sh and run it at bootup.
Go to /usr/local/etc/rc.d, and copy slapd.sh.sample to slapd.sh. (Yes, Virginia, there is a slap daemon.) Open the file in a text editor. If you have the following line
# Uncomment one of the following:
ignore it. Comment out the following line if you have it.
slapd_args="-u ldap -g ldap"
Save your changes and close the text editor.
Run as normal user, listen at specified sockets
Create a new user and group named «ldap». ldap needs access to the configuration file and the database.
chown ldap:ldap /usr/local/etc/openldap/slapd.conf chown -R ldap:ldap /var/db/openldap-data
Add the following to /etc/rc.conf.
slapd_args="-u ldap -g ldap"
slapd_args='-u ldap -g ldap -h "ldap://localhost/ ldap://<Internal IP address>/ ldapi://%2fvar%2frun%2fopenldap%2fldapi/????x-mod=0777"'
The ldapi specification is for Unix domain sockets. See the slapd man page.
Arguments ☜
- user_mask
- Specifies for which users the command should be executed. In most cases you would like to use
patterns which contains wildcards, e.g. \*@example.net for all users of the example.net domain, or
simply \* for all users.When the SQL userdb module is used make sure that the iterate_query setting in
/etc/dovecot/dovecot-sql.conf.ext matches your database layout. When using the LDAP userdb
module, make sure that the iterate_attrs and iterate_filter settings in
/etc/dovecot/dovecot-ldap.conf.ext match your LDAP schema. Otherwise doveadm(1) will be unable to iterate over all users.
Install
If you are going to use CRYPT password hashing as the default in OpenLDAP (this is compatible with Dovecot), then you will need to add the —enable-crypt option to the CONFIGRE_ARGS variable in the Makefile so that OpenLDAP will compile with CRYPT support. If you don’t do this, OpenLDAP may actually work for a while, but then one day you’ll restart the server and OpenLDAP will refuse to run until you remove the CRYPT setting from slapd.conf, which means the user passwords won’t work.
On BSD, if you have portupgrade installed, the simplest way to install OpenLDAP is by using the portinstall tool.
# portinstall openldap21
On Ubuntu, use apt-get (or aptitude).
% sudo apt-get install slapd
The instructions for configuring OpenLDAP, including a Quick Install Guide, are at
http://www.openldap.org
On BSD, OpenLDAP appears to be difficult to install properly. My first two attempts were unsuccessful. The FreeBSD port includes Perl scripts that run tests to ensure that the installation succeeded. Even though the installation passed the tests, it couldn’t be configured to work properly. On my third attempt, OpenLDAP worked but attempts to limit access to specified attributes caused OpenLDAP to refuse access to all attributes. On my fourth attempt, OpenLDAP ignored any attempts to limit access to specified attributes. While searching for information, I found a posting that commented that every installation of OpenLDAP on FreeBSD 4.8 requires its own config file; each installation behaves differently and the config file has to be tuned to the individual installation. You may need to install a few times before you get a usable installation of OpenLDAP.
On Ubuntu, it worked fine.
Search Keys ☜
The following search keys from the specification of IMAP version 4 revision 1 (see: RFC 3501,
section 6.4.4) are supported:
- sequence-set
- Matches messages with the given sequence numbers. The sequence-set may be a single UID.
Can be a sequence range, written as from:to, e.g. 100:125. As
comma separated list of sequences, e.g. 11,50,4. It’s also possible to combine multiple
sequences, e.g. 1,3,5,7,10:20. Using * selects the last mail in the mailbox.
For example 1:100 matches the first 100 mails and 101:200 the next second hundred mails. 1,5,*
matches the first, the fifth and the last email. - ALL
- Matches all messages.
- ANSWERED
- Matches messages with the IMAP flag \Answered set.
- BCC string
- Matches messages, which contain string in the BCC field of the message’s IMAP
envelope structure. - BEFORE date specification
- Matches messages with an internal date before date specification.
- BODY string
- Matches messages, which contain string in the body part.
- CC string
- Matches messages, which contain string in the CC field of the message’s IMAP
envelope structure. - DELETED
- Matches messages with the IMAP flag \Deleted set.
- DRAFT
- Matches messages with the IMAP flag \Draft set.
- FLAGGED
- Matches messages with the IMAP flag \Flagged set.
- FROM string
- Matches messages, which contain string in the FROM field of the message’s IMAP
envelope structure. - HEADER field string
- Matches messages, which either have the named header field, when empty string was
given. Or messages, where the given header field‘s value contains the specified
string. - KEYWORD keyword
- Matches messages with the given IMAP keyword (e.g. $Forwarded) flag set.
- LARGER size
- Matches messages that are larger than the specified size.
- MAILBOX name
- Matches messages in the mailbox with the specified name.
- MAILBOX-GUID guid
- Matches messages in the mailbox with the specified guid.
- NEW
- Matches messages, which have the IMAP flag \Recent set but not the IMAP flag \Seen.
- NOT search key
- Inverse matching — matches massages, where the search doesn’t match the specified
search key or its value. - OLD
- Matches messages, which do not have the IMAP flag \Recent set.
- ON date specification
- Matches messages whose internal date matches the given date specification.
- search key OR search key
- Matches messages where one of the OR-ed search keys matches.
Note: IMAP4rev1 uses the syntax: OR search key search key - RECENT
- Matches messages with the IMAP flag \Recent set.
- SEEN
- Matches messages with the IMAP flag \Seen set.
- SENTBEFORE date specification
- Matches messages with a Date: header before date specification.
- SENTON date specification
- Matches messages with a Date: header matching the given date specification.
- SENTSINCE date specification
- Matches messages with a Date: header matching or after the given
date specification. - SINCE date specification
- Matches messages whose internal date is within or after the given
date specification. - SMALLER size
- Matches messages with a size smaller than the given size.
- SUBJECT string
- Matches messages, which contain string in the SUBJECT field of the message’s IMAP
envelope structure. - TEXT string
- Matches messages, which contain string in the message body.
- TO string
- Matches messages, which contain string in the TO field of the message’s IMAP
envelope structure. - UID sequence-set
- Matches messages with the given IMAP UID(s). See the sequence-set description for
details on it. For example 1:10,100:200,* matches the UIDs from 1 to 10, 100 to 200 and also
the last mail. - UNANSWERED
- Matches messages, which do not have the IMAP flag \Answered set.
- UNDELETED
- Matches messages, which do not have the IMAP flag \Deleted set.
- UNDRAFT
- Matches messages, which do not have the IMAP flag \Draft set.
- UNFLAGGED
- Matches messages, which do not have the IMAP flag \Flagged set.
- UNKEYWORD keyword
- Matches messages, which do not have the given IMAP keyword flag set
- UNSEEN
- Matches messages, which do not have the IMAP flag \Seen set.
Doveadm Search Keys
Additional search keys, provided by doveadm(1).
- SAVEDBEFORE date specification
- Matches messages, which were saved before date specification.
- SAVEDON date specification
- Matches messages whose save date matches the given date specification.
- SAVEDSINCE date specification
- Matches messages with a save date matching or after the given
date specification.