← Back to Guardian

Dovecot & Sieve Integration

Closing the loop is essential for a high-performance antispam system. By integrating Dovecot with Mailuminati Guardian, you transform every user report into instant local intelligence.

FEEDBACK LOOP

The Reporting Workflow

When a user moves an email to the Junk folder or marks it as Not Spam, Dovecot triggers a Sieve script. This script pipes the message to a lightweight reporter that updates the Guardian's local database.

Instant Learning: New phishing patterns are blocked server-wide as soon as the first user reports them.
Privacy Focused: The reporter only extracts the Message-ID to identify the scan data; no raw content is resubmitted.
Low Overhead: Uses standard POSIX tools (bash, grep, curl) for maximum efficiency.

1. The Reporting Script

Install the guardian-report.sh script on your server. It extracts the Message-ID and sends a JSON payload to the Guardian API.

# Example usage in Sieve:
# pipe :copy "guardian-report.sh" ["spam"];

2. Dovecot Configuration

Configure the imapsieve plugin in your Dovecot settings to automate the process:

plugin {
  sieve_plugins = sieve_imapsieve
  
  # From anywhere to Junk folder
  imapsieve_mailbox1_name = Junk
  imapsieve_mailbox1_causes = COPY
  imapsieve_mailbox1_before = file:/usr/lib/dovecot/sieve/report-spam.sieve

  # From Junk folder to anywhere else
  imapsieve_mailbox2_name = *
  imapsieve_mailbox2_from = Junk
  imapsieve_mailbox2_causes = COPY
  imapsieve_mailbox2_before = file:/usr/lib/dovecot/sieve/report-ham.sieve
}

Technical Impact

By using the /report endpoint, Guardian immediately reinforces local detection for any message sharing the same TLSH structural fingerprint. This prevents "patient zero" scenarios where a phishing campaign hits multiple users before central filters can react.