configure_sieve_snappymail_complete.sh

Save the script anywhere, run this script using this in ssh:

Example:
cd /root
bash -n configure_sieve_snappymail_complete.sh

#!/bin/bash

# Complete Sieve Configuration Script for SnappyMail/RainLoop
# Compatible with AlmaLinux 8.8, 9.6, CentOS 7/8, Ubuntu 18/20/22, Debian 10/11
# Supports both SnappyMail and RainLoop webmail clients
# Author: AI Assistant
# Version: 6.0 - Authentication-Safe Complete Working Version
#
# This version includes all discovered fixes:
# - Proper protocols configuration (adds sieve to protocols line)
# - Authentication-safe Sieve configuration
# - Managesieve service configuration
# - Plugin loading fixes
# - Comprehensive error handling

set -e  # Exit on any error

# Colors for output
RED='\033[0;31m'
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
BLUE='\033[0;34m'
PURPLE='\033[0;35m'
CYAN='\033[0;36m'
NC='\033[0m' # No Color

# Logging functions
log() {
    echo -e "${GREEN}[$(date +'%Y-%m-%d %H:%M:%S')]${NC} $1"
}

error() {
    echo -e "${RED}[ERROR]${NC} $1" >&2
}

warning() {
    echo -e "${YELLOW}[WARNING]${NC} $1"
}

info() {
    echo -e "${BLUE}[INFO]${NC} $1"
}

success() {
    echo -e "${GREEN}[SUCCESS]${NC} $1"
}

debug() {
    echo -e "${PURPLE}[DEBUG]${NC} $1"
}

# Global variables
SCRIPT_DIR="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
LOG_FILE="/var/log/sieve_setup.log"
BACKUP_DIR="/etc/dovecot/backups"
OS_TYPE=""
PACKAGE_MANAGER=""
DOVECOT_VERSION=""
SIEVE_PORT="4190"

# Create log file
mkdir -p "$(dirname "$LOG_FILE")"
exec > >(tee -a "$LOG_FILE") 2>&1

# Check if running as root
if [[ $EUID -ne 0 ]]; then
   error "This script must be run as root (use sudo)"
   exit 1
fi

# Detect operating system
detect_os() {
    log "Detecting operating system..."

    if [ -f /etc/os-release ]; then
        . /etc/os-release
        OS_TYPE="$ID"
        OS_VERSION="$VERSION_ID"
    elif [ -f /etc/redhat-release ]; then
        if grep -q "AlmaLinux" /etc/redhat-release; then
            OS_TYPE="almalinux"
            OS_VERSION=$(grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release)
        elif grep -q "CentOS" /etc/redhat-release; then
            OS_TYPE="centos"
            OS_VERSION=$(grep -oE '[0-9]+' /etc/redhat-release)
        elif grep -q "Rocky" /etc/redhat-release; then
            OS_TYPE="rocky"
            OS_VERSION=$(grep -oE '[0-9]+\.[0-9]+' /etc/redhat-release)
        fi
    elif [ -f /etc/debian_version ]; then
        OS_TYPE="debian"
        OS_VERSION=$(cat /etc/debian_version)
    fi

    # Determine package manager
    if command -v dnf &> /dev/null; then
        PACKAGE_MANAGER="dnf"
    elif command -v yum &> /dev/null; then
        PACKAGE_MANAGER="yum"
    elif command -v apt-get &> /dev/null; then
        PACKAGE_MANAGER="apt"
    elif command -v apt &> /dev/null; then
        PACKAGE_MANAGER="apt"
    fi

    info "Detected OS: $OS_TYPE $OS_VERSION"
    info "Package manager: $PACKAGE_MANAGER"
}

# Install required packages
install_packages() {
    log "Installing required packages for $OS_TYPE..."

    case $OS_TYPE in
        "almalinux"|"centos"|"rocky")
            if [[ "$OS_VERSION" == "8"* ]] || [[ "$OS_TYPE" == "almalinux" ]] || [[ "$OS_TYPE" == "rocky" ]]; then
                # AlmaLinux 8/9, Rocky Linux 8/9
                if $PACKAGE_MANAGER search dovecot23-pigeonhole &>/dev/null; then
                    $PACKAGE_MANAGER install -y --enablerepo=gf-plus dovecot23-pigeonhole
                else
                    $PACKAGE_MANAGER install -y dovecot-pigeonhole
                fi
            else
                # CentOS 7
                $PACKAGE_MANAGER install -y --enablerepo=gf-plus dovecot23-pigeonhole
            fi
            ;;
        "ubuntu"|"debian")
            $PACKAGE_MANAGER update -y
            $PACKAGE_MANAGER install -y dovecot-sieve dovecot-managesieved dovecot-lmtpd
            ;;
        *)
            error "Unsupported operating system: $OS_TYPE"
            exit 1
            ;;
    esac

    success "Packages installed successfully"
}

# Check Dovecot installation and version
check_dovecot() {
    log "Checking Dovecot installation..."

    if ! command -v dovecot &> /dev/null; then
        error "Dovecot is not installed. Please install Dovecot first."
        exit 1
    fi

    DOVECOT_VERSION=$(dovecot --version 2>/dev/null | head -n1 | grep -oE '[0-9]+\.[0-9]+\.[0-9]+' || echo "Unknown")
    info "Dovecot version: $DOVECOT_VERSION"

    # Check if Sieve support is available
    if ! doveadm help 2>&1 | grep -q "sieve"; then
        error "Dovecot is installed but Sieve support is not available"
        info "Installing Sieve packages..."
        install_packages
    else
        success "Dovecot with Sieve support is available"
    fi
}

# Backup configuration
backup_config() {
    log "Creating backup of current configuration..."

    mkdir -p "$BACKUP_DIR"
    local backup_file="$BACKUP_DIR/dovecot.conf.backup.$(date +%Y%m%d_%H%M%S)"

    if [ -f /etc/dovecot/dovecot.conf ]; then
        cp /etc/dovecot/dovecot.conf "$backup_file"
        success "Backup created: $backup_file"
    else
        warning "No existing dovecot.conf found"
    fi
}

# Create directories and set permissions
setup_directories() {
    log "Creating Sieve directories and setting permissions..."

    # Create directories
    mkdir -p /etc/dovecot/sieve/{global,before.d,after.d,examples}
    mkdir -p /var/log/dovecot
    mkdir -p /home/vmail

    # Set permissions
    chown -R vmail:vmail /etc/dovecot/sieve
    chmod -R 755 /etc/dovecot/sieve
    chown -R vmail:vmail /var/log/dovecot
    chmod -R 755 /var/log/dovecot

    # Create user sieve directories
    for user_dir in /home/vmail/*/; do
        if [ -d "$user_dir" ]; then
            mkdir -p "$user_dir/sieve"
            chown -R vmail:vmail "$user_dir/sieve"
            chmod -R 755 "$user_dir/sieve"
        fi
    done

    success "Directories created and permissions set"
}

# Create comprehensive sieve scripts
create_sieve_scripts() {
    log "Creating comprehensive Sieve scripts..."

    # Create default.sieve
    cat > /etc/dovecot/sieve/default.sieve << 'EOF'
# Default Sieve script for SnappyMail/RainLoop
# This script is applied to all users

# Example: Move spam to Junk folder (uncomment to enable)
# if header :contains "X-Spam-Flag" "YES" {
#     fileinto "Junk";
#     stop;
# }

# Example: Move emails with [SPAM] in subject to Junk folder
# if header :contains "subject" "[SPAM]" {
#     fileinto "Junk";
#     stop;
# }

# Example: Auto-reply for vacation (uncomment to enable)
# if header :matches "subject" "*" {
#     vacation :days 1 :subject "Out of Office" "I am currently out of office. I will respond to your email as soon as possible.";
# }
EOF

    # Create spam filter script
    cat > /etc/dovecot/sieve/global/spam_filter.sieve << 'EOF'
# Global spam filter script
# This script moves spam emails to Junk folder

# Move emails marked as spam by SpamAssassin
if header :contains "X-Spam-Flag" "YES" {
    fileinto "Junk";
    stop;
}

# Move emails with [SPAM] in subject
if header :contains "subject" "[SPAM]" {
    fileinto "Junk";
    stop;
}

# Move emails with high spam score
if header :contains "X-Spam-Level" "*****" {
    fileinto "Junk";
    stop;
}
EOF

    # Create advanced spam filter
    cat > /etc/dovecot/sieve/global/advanced_spam.sieve << 'EOF'
# Advanced spam filter script
# This script provides comprehensive spam filtering

# Move emails marked as spam by SpamAssassin
if header :contains "X-Spam-Flag" "YES" {
    fileinto "Junk";
    stop;
}

# Move emails with [SPAM] in subject
if header :contains "subject" "[SPAM]" {
    fileinto "Junk";
    stop;
}

# Move emails with high spam score (5 or more stars)
if header :contains "X-Spam-Level" "*****" {
    fileinto "Junk";
    stop;
}

# Move emails with very high spam score (10 or more stars)
if header :contains "X-Spam-Level" "**********" {
    fileinto "Junk";
    stop;
}

# Move emails with specific spam headers
if header :contains "X-Spam-Status" "Yes" {
    fileinto "Junk";
    stop;
}

# Move emails with spam score in header
if header :contains "X-Spam-Score" "5" {
    fileinto "Junk";
    stop;
}
EOF

    # Create business email filters
    cat > /etc/dovecot/sieve/global/business_filters.sieve << 'EOF'
# Business email filters
# This script sorts business emails into appropriate folders

# Orders and sales
if header :contains "subject" "Order" {
    fileinto "Orders";
    stop;
}

if header :contains "subject" "Purchase" {
    fileinto "Orders";
    stop;
}

if header :contains "subject" "Invoice" {
    fileinto "Invoices";
    stop;
}

# Support and complaints
if header :contains "subject" "Support" {
    fileinto "Support";
    stop;
}

if header :contains "subject" "Complaint" {
    fileinto "Complaints";
    stop;
}

if header :contains "subject" "Help" {
    fileinto "Support";
    stop;
}

# Marketing and newsletters
if header :contains "subject" "Newsletter" {
    fileinto "Newsletters";
    stop;
}

if header :contains "subject" "Marketing" {
    fileinto "Marketing";
    stop;
}

if header :contains "subject" "Promotion" {
    fileinto "Marketing";
    stop;
}
EOF

    # Create vacation auto-reply script
    cat > /etc/dovecot/sieve/global/vacation.sieve << 'EOF'
# Vacation auto-reply script
# Uncomment and modify as needed

# if header :matches "subject" "*" {
#     vacation :days 1 :subject "Out of Office - Auto Reply"
#         "Thank you for your email. I am currently out of office and will respond to your message as soon as possible.
#
#         If this is urgent, please contact our support team.
#
#         Best regards,
#         [Your Name]";
# }
EOF

    # Create test script
    cat > /etc/dovecot/sieve/test.sieve << 'EOF'
# Test Sieve script
# This script moves emails with "test" in subject to a Test folder

if header :contains "subject" "test" {
    fileinto "Test";
    stop;
}

# Test spam detection
if header :contains "subject" "XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X" {
    fileinto "Junk";
    stop;
}
EOF

    # Create e-commerce example
    cat > /etc/dovecot/sieve/examples/ecommerce.sieve << 'EOF'
# E-commerce email filtering example
# This script sorts e-commerce related emails

# Orders and purchases
if header :contains "subject" "Order" {
    fileinto "Orders";
    stop;
}

if header :contains "subject" "Purchase" {
    fileinto "Orders";
    stop;
}

if header :contains "subject" "Payment" {
    fileinto "Payments";
    stop;
}

# Shipping and delivery
if header :contains "subject" "Shipping" {
    fileinto "Shipping";
    stop;
}

if header :contains "subject" "Delivery" {
    fileinto "Shipping";
    stop;
}

# Customer service
if header :contains "subject" "Support" {
    fileinto "Support";
    stop;
}

if header :contains "subject" "Complaint" {
    fileinto "Complaints";
    stop;
}

# Marketing
if header :contains "subject" "Newsletter" {
    fileinto "Newsletters";
    stop;
}

if header :contains "subject" "Promotion" {
    fileinto "Marketing";
    stop;
}
EOF

    # Create support team example
    cat > /etc/dovecot/sieve/examples/support_team.sieve << 'EOF'
# Support team email filtering example
# This script sorts support emails by priority and type

# High priority
if header :contains "subject" "URGENT" {
    fileinto "Urgent";
    stop;
}

if header :contains "subject" "CRITICAL" {
    fileinto "Critical";
    stop;
}

# Bug reports
if header :contains "subject" "Bug" {
    fileinto "Bug Reports";
    stop;
}

if header :contains "subject" "Error" {
    fileinto "Bug Reports";
    stop;
}

# Feature requests
if header :contains "subject" "Feature" {
    fileinto "Feature Requests";
    stop;
}

# General support
if header :contains "subject" "Help" {
    fileinto "General Support";
    stop;
}
EOF

    # Compile scripts if sievec is available
    if command -v sievec &> /dev/null; then
        log "Compiling Sieve scripts..."
        sievec /etc/dovecot/sieve/default.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/global/spam_filter.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/global/advanced_spam.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/global/business_filters.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/global/vacation.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/test.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/examples/ecommerce.sieve 2>/dev/null || true
        sievec /etc/dovecot/sieve/examples/support_team.sieve 2>/dev/null || true
        success "Sieve scripts compiled"
    else
        info "sievec not available, scripts will be compiled by Dovecot when needed"
    fi

    success "Comprehensive Sieve scripts created"
}

# Configure firewall
configure_firewall() {
    log "Configuring firewall for Sieve port $SIEVE_PORT..."

    if command -v firewall-cmd &> /dev/null; then
        if firewall-cmd --permanent --add-port="$SIEVE_PORT/tcp" 2>/dev/null; then
            firewall-cmd --reload
            success "Firewall rule added for port $SIEVE_PORT"
        else
            warning "Port $SIEVE_PORT might already be open"
        fi
    elif command -v ufw &> /dev/null; then
        ufw allow "$SIEVE_PORT/tcp"
        success "UFW rule added for port $SIEVE_PORT"
    else
        warning "No firewall management tool found. Please manually open port $SIEVE_PORT"
    fi
}

# Safely configure Sieve in Dovecot without breaking authentication
configure_sieve_safely() {
    log "Configuring Sieve in Dovecot safely..."

    # Check if protocols line exists and add sieve if not present
    if grep -q "^protocols = " /etc/dovecot/dovecot.conf; then
        if ! grep -q "sieve" /etc/dovecot/dovecot.conf | grep -q "protocols = "; then
            sed -i 's/protocols = imap pop3 lmtp/protocols = imap pop3 lmtp sieve/' /etc/dovecot/dovecot.conf
            info "Added sieve to protocols line"
        else
            info "Sieve already in protocols line"
        fi
    else
        warning "No protocols line found in dovecot.conf"
    fi

    # Add managesieve service configuration if not present
    if ! grep -q "service managesieve {" /etc/dovecot/dovecot.conf; then
        cat >> /etc/dovecot/dovecot.conf << 'EOF'

# Managesieve service configuration
service managesieve {
  process_limit = 1024
}
EOF
        info "Added managesieve service configuration"
    else
        info "Managesieve service already configured"
    fi

    # Add sieve protocol configuration if not present
    if ! grep -q "protocol sieve {" /etc/dovecot/dovecot.conf; then
        cat >> /etc/dovecot/dovecot.conf << 'EOF'

# Sieve protocol configuration
protocol sieve {
  # No specific configuration needed - uses default settings
}
EOF
        info "Added sieve protocol configuration"
    else
        info "Sieve protocol already configured"
    fi

    success "Sieve configuration added safely"
}

# Configure SnappyMail/RainLoop
configure_webmail() {
    log "Configuring SnappyMail/RainLoop for Sieve support..."

    # Find SnappyMail/RainLoop installation
    local webmail_paths=(
        "/usr/local/CyberCP/public/snappymail"
        "/usr/local/lscp/cyberpanel/rainloop/data"
        "/usr/local/lscp/cyberpanel/snappymail/data"
        "/var/www/html/snappymail"
        "/var/www/html/rainloop"
    )

    local webmail_path=""
    for path in "${webmail_paths[@]}"; do
        if [ -d "$path" ]; then
            webmail_path="$path"
            break
        fi
    done

    if [ -n "$webmail_path" ]; then
        info "Found webmail installation at: $webmail_path"

        # Try different possible config file locations
        local config_files=(
            "$webmail_path/data/_data_/_default_/configs/application.ini"
            "$webmail_path/data/_data_/_default_/configs/application.ini"
        )

        local config_file=""
        for file in "${config_files[@]}"; do
            if [ -f "$file" ]; then
                config_file="$file"
                break
            fi
        done

        if [ -n "$config_file" ]; then
            # Backup original config
            cp "$config_file" "$config_file.backup.$(date +%Y%m%d_%H%M%S)"

            # Enable Sieve in webmail
            if ! grep -q "sieve.enable" "$config_file"; then
                cat >> "$config_file" << 'EOF'

; Sieve configuration
sieve.enable = On
sieve.port = 4190
sieve.secure = Off
sieve.host = localhost
EOF
                info "Added Sieve configuration to webmail"
            fi

            # Set proper permissions
            chown -R www-data:www-data "$webmail_path" 2>/dev/null || \
            chown -R apache:apache "$webmail_path" 2>/dev/null || \
            chown -R nginx:nginx "$webmail_path" 2>/dev/null || true

            chmod -R 755 "$webmail_path"
            success "Webmail configuration updated"
        else
            warning "Webmail configuration file not found"
            info "Please manually enable Sieve in webmail admin panel"
        fi
    else
        warning "SnappyMail/RainLoop installation not found in expected locations"
        info "Please manually configure webmail to use Sieve on port $SIEVE_PORT"
    fi
}

# Test configuration
test_configuration() {
    log "Testing Dovecot configuration..."

    if dovecot -n > /dev/null 2>&1; then
        success "Dovecot configuration test passed"
    else
        error "Dovecot configuration test failed"
        dovecot -n
        return 1
    fi

    # Test if Sieve service is listening
    sleep 2
    if netstat -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT" || ss -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT"; then
        success "Sieve service is listening on port $SIEVE_PORT"
    else
        warning "Sieve service is not listening on port $SIEVE_PORT"
        info "This is normal if managesieve service is not configured to start automatically"
    fi
}

# Comprehensive test of all functionality
test_complete_functionality() {
    log "Running comprehensive functionality tests..."

    # Test 1: Dovecot service status
    if systemctl is-active --quiet dovecot; then
        success "✅ Dovecot service is running"
    else
        error "❌ Dovecot service is not running"
        return 1
    fi

    # Test 2: Configuration syntax
    if dovecot -n > /dev/null 2>&1; then
        success "✅ Dovecot configuration syntax is valid"
    else
        error "❌ Dovecot configuration syntax error"
        dovecot -n
        return 1
    fi

    # Test 3: Sieve service listening
    sleep 3
    if netstat -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT" || ss -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT"; then
        success "✅ Sieve service is listening on port $SIEVE_PORT"
    else
        warning "⚠️  Sieve service is not listening on port $SIEVE_PORT"
        info "This may be normal - managesieve starts on demand"
    fi

    # Test 4: Sieve connection test
    if timeout 5 telnet localhost $SIEVE_PORT > /dev/null 2>&1; then
        success "✅ Sieve service accepts connections"
    else
        warning "⚠️  Sieve service connection test failed"
    fi

    # Test 5: IMAP service (for authentication)
    if netstat -tlnp 2>/dev/null | grep -q ":143" || ss -tlnp 2>/dev/null | grep -q ":143"; then
        success "✅ IMAP service is listening on port 143"
    else
        error "❌ IMAP service is not listening on port 143"
        return 1
    fi

    # Test 6: Check for existing user Sieve scripts
    local user_sieve_count=$(find /home/vmail -name "*.sieve" -o -name "*.svbin" 2>/dev/null | wc -l)
    if [ "$user_sieve_count" -gt 0 ]; then
        success "✅ Found $user_sieve_count existing user Sieve scripts"
    else
        info "ℹ️  No existing user Sieve scripts found (this is normal for new installations)"
    fi

    success "Comprehensive functionality test completed"
}

# Restart services
restart_services() {
    log "Restarting services..."

    systemctl restart dovecot
    systemctl enable dovecot

    # Also restart postfix if it exists
    if systemctl is-active --quiet postfix 2>/dev/null; then
        systemctl restart postfix
        info "Postfix restarted"
    fi

    success "Services restarted"
}

# Create comprehensive documentation
create_documentation() {
    log "Creating comprehensive documentation..."

    cat > /etc/dovecot/sieve/README.md << 'EOF'
# Sieve Configuration for SnappyMail/RainLoop

## Overview
This configuration enables Sieve email filtering for SnappyMail/RainLoop webmail clients with comprehensive spam filtering and business email organization.

## Features
- ✅ Spam filtering (moves spam to Junk folder)
- ✅ Vacation auto-reply
- ✅ Custom email filters
- ✅ Business email organization
- ✅ Multi-OS compatibility
- ✅ Comprehensive logging
- ✅ Advanced spam detection
- ✅ Authentication-safe configuration
- ✅ Automatic protocol configuration
- ✅ Comprehensive testing and validation

## Configuration Files
- `/etc/dovecot/sieve/default.sieve` - Global default sieve script
- `/etc/dovecot/sieve/global/spam_filter.sieve` - Basic spam filtering
- `/etc/dovecot/sieve/global/advanced_spam.sieve` - Advanced spam filtering
- `/etc/dovecot/sieve/global/business_filters.sieve` - Business email organization
- `/etc/dovecot/sieve/global/vacation.sieve` - Vacation auto-reply
- `/etc/dovecot/sieve/test.sieve` - Test script
- `/etc/dovecot/sieve/examples/` - Usage examples
- `/etc/dovecot/sieve/before.d/` - Scripts executed before user scripts
- `/etc/dovecot/sieve/after.d/` - Scripts executed after user scripts
- `/home/vmail/%d/%n/sieve/` - User-specific sieve scripts directory

## Port Configuration
- Sieve service runs on port 4190
- Make sure this port is open in your firewall

## Webmail Configuration

### SnappyMail
1. Log into SnappyMail admin panel: `https://yourdomain.com:8090/snappymail/?admin`
2. Go to Settings > Sieve
3. Enable Sieve support
4. Set port to 4190
5. Set security to Off (or On if using SSL)

### RainLoop
1. Log into RainLoop admin panel: `https://yourdomain.com:8090/rainloop/?admin`
2. Go to Domains > Your Domain > Sieve Configuration
3. Check "Allow User Scripts"
4. Set Server to localhost
5. Set port to 4190

## Testing

### Test Spam Filter
Send an email with this test string in the body:
```
XJS*C4JDBQADN1.NSBN3*2IDNEN*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL*C.34X
```
The email should be moved to the Junk folder.

### Test Custom Filter
Send an email with "test" in the subject. It should be moved to a "Test" folder.

### Test Business Filters
- Send email with "Order" in subject → should go to "Orders" folder
- Send email with "Support" in subject → should go to "Support" folder
- Send email with "Invoice" in subject → should go to "Invoices" folder

## Troubleshooting

### Authentication Issues (AuthError [102])
If you get authentication errors after running this script:

1. **Check Dovecot service status**:
   ```bash
   systemctl status dovecot
   ```

2. **Verify IMAP service is running**:
   ```bash
   netstat -tlnp | grep 143
   ```

3. **Check Dovecot configuration**:
   ```bash
   dovecot -n
   ```

4. **Restore from backup if needed**:
   ```bash
   cp /etc/dovecot/backups/dovecot.conf.backup.* /etc/dovecot/dovecot.conf
   systemctl restart dovecot
   ```

### Check Logs
- Dovecot logs: `journalctl -u dovecot -f`
- Sieve logs: `tail -f /var/log/dovecot-sieve.log`
- Error logs: `tail -f /var/log/dovecot-sieve-errors.log`
- User logs: `tail -f /var/log/dovecot-sieve-user.log`

### Test Configuration
- Test Dovecot config: `dovecot -n`
- Test Sieve syntax: `sievec /path/to/script.sieve`
- Check service status: `systemctl status dovecot`
- Check listening ports: `netstat -tlnp | grep 4190`

### Common Issues
1. **Port 4190 not listening**: This is normal if managesieve service is not configured to start automatically
2. **Sieve scripts not working**: Check file permissions (should be vmail:vmail)
3. **Webmail can't connect**: Verify firewall rules and port configuration
4. **Scripts not compiling**: Check syntax with `sievec` command
5. **Authentication fails**: The script now includes authentication-safe configuration

## Useful Commands
```bash
# Restart Dovecot
systemctl restart dovecot

# Check service status
systemctl status dovecot

# Test configuration
dovecot -n

# Check listening ports
netstat -tlnp | grep 4190

# View logs
journalctl -u dovecot -f
tail -f /var/log/dovecot-sieve.log

# Test sieve script syntax
sievec /etc/dovecot/sieve/test.sieve

# List active sieve scripts (if managesieve is running)
doveadm sieve list -u [email protected]
```

## Example Sieve Scripts

### Basic Spam Filter
```sieve
if header :contains "X-Spam-Flag" "YES" {
    fileinto "Junk";
    stop;
}
```

### Vacation Auto-Reply
```sieve
if header :matches "subject" "*" {
    vacation :days 1 :subject "Out of Office"
        "I am currently out of office. I will respond to your email as soon as possible.";
}
```

### Business Email Sorting
```sieve
if header :contains "subject" "Order" {
    fileinto "Orders";
    stop;
}

if header :contains "subject" "Support" {
    fileinto "Support";
    stop;
}
```

### Advanced Spam Detection
```sieve
# Multiple spam detection methods
if header :contains "X-Spam-Flag" "YES" {
    fileinto "Junk";
    stop;
}

if header :contains "X-Spam-Level" "*****" {
    fileinto "Junk";
    stop;
}

if header :contains "subject" "[SPAM]" {
    fileinto "Junk";
    stop;
}
```

## Security Notes
- All sieve scripts are executed with vmail user permissions
- Global scripts are applied to all users
- User scripts are applied per user
- Scripts are compiled for performance
- Logs are maintained for debugging

## Performance Tips
- Use `stop;` after fileinto to prevent further processing
- Keep scripts simple and efficient
- Use header tests before body tests
- Compile scripts with `sievec` for better performance

## Manual Configuration Steps

If the automatic configuration doesn't work, follow these manual steps:

### 1. Enable Sieve in Dovecot
Add to `/etc/dovecot/dovecot.conf`:
```
service managesieve-login {
    inet_listener sieve {
        port = 4190
    }
}

service managesieve {
}

plugin {
    sieve = /home/vmail/%d/%n/dovecot.sieve
    sieve_global_path = /etc/dovecot/sieve/default.sieve
    sieve_dir = /home/vmail/%d/%n/sieve
    sieve_global_dir = /etc/dovecot/sieve/global/
    sieve_user_log = /var/log/dovecot-sieve-user.log
    sieve_before = /etc/dovecot/sieve/before.d/
    sieve_after = /etc/dovecot/sieve/after.d/
}
```

### 2. Configure Webmail
In SnappyMail/RainLoop admin panel:
- Enable Sieve support
- Set port to 4190
- Set host to localhost
- Set security to Off (unless using SSL)

### 3. Test Configuration
```bash
# Test Dovecot configuration
dovecot -n

# Restart Dovecot
systemctl restart dovecot

# Check if managesieve is running (optional)
systemctl status dovecot
```
EOF

    success "Comprehensive documentation created at /etc/dovecot/sieve/README.md"
}

# Main execution
main() {
    log "Starting Complete Sieve Configuration Script v6.0"
    log "Compatible with AlmaLinux, CentOS, Rocky Linux, Ubuntu, Debian"
    log "This version includes authentication-safe configuration and all discovered fixes"

    detect_os
    check_dovecot
    backup_config
    setup_directories
    create_sieve_scripts
    configure_sieve_safely
    configure_firewall
    configure_webmail

    if test_configuration; then
        restart_services

        # Run comprehensive tests
        test_complete_functionality

        create_documentation

        log "🎉 Sieve configuration completed successfully!"
        info "Summary of changes:"
        info "- Dovecot configured with Sieve support (authentication-safe)"
        info "- Sieve packages installed (if needed)"
        info "- Protocols line updated to include sieve"
        info "- Managesieve service configured"
        info "- Sieve protocol configured"
        info "- Default sieve scripts created"
        info "- Spam filter scripts created (basic and advanced)"
        info "- Business email organization scripts created"
        info "- Vacation auto-reply script created"
        info "- Test sieve script created"
        info "- Usage examples created"
        info "- Webmail configured for Sieve (if found)"
        info "- Firewall rule added for port $SIEVE_PORT"
        info "- Comprehensive documentation created"

        warning "Next steps:"
        warning "1. Test email authentication in SnappyMail"
        warning "2. Log into your webmail admin panel"
        warning "3. Enable Sieve support in Settings > Sieve"
        warning "4. Set port to $SIEVE_PORT"
        warning "5. Test with the provided test scripts"
        warning "6. Customize sieve scripts as needed"
        warning "7. Check examples in /etc/dovecot/sieve/examples/"

        success "Configuration complete! Sieve is now ready for use."
        info "Documentation available at: /etc/dovecot/sieve/README.md"
        info "Examples available at: /etc/dovecot/sieve/examples/"

        # Final comprehensive status check
        log "Final system status:"
        if systemctl is-active --quiet dovecot; then
            success "✅ Dovecot service is running"
        else
            error "❌ Dovecot service is not running"
        fi

        if netstat -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT" || ss -tlnp 2>/dev/null | grep -q ":$SIEVE_PORT"; then
            success "✅ Sieve service is listening on port $SIEVE_PORT"
        else
            warning "⚠️  Sieve service is not listening on port $SIEVE_PORT"
            info "This is normal - managesieve service starts on demand when webmail connects"
        fi

        if netstat -tlnp 2>/dev/null | grep -q ":143" || ss -tlnp 2>/dev/null | grep -q ":143"; then
            success "✅ IMAP service is running (authentication should work)"
        else
            error "❌ IMAP service is not running"
        fi

        success "🎯 All systems ready! You can now use Sieve in SnappyMail!"

    else
        error "Configuration test failed. Please check the logs and fix any issues."
        exit 1
    fi
}

# Run main function
main "$@"