From 30e4f136fd7df76377cb5e608e46440dc98c700a Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 7 Jan 2018 12:32:05 +0100
Subject: [PATCH 1/5] Add enableManageSieve option to open port 4190

---
 default.nix                | 12 ++++++++++++
 mail-server/networking.nix |  1 +
 2 files changed, 13 insertions(+)

diff --git a/default.nix b/default.nix
index 5854226..04fd9d6 100644
--- a/default.nix
+++ b/default.nix
@@ -280,6 +280,18 @@ in
       '';
     };
 
+    enableManageSieve = mkOption {
+      type = types.bool;
+      default = false;
+      description = ''
+        Whether to enable ManageSieve, setting this option to true will open
+        port 4190 in the firewall.
+
+        The ManageSieve protocol allows users to manage their Sieve scripts on
+        a remote server with a supported client, including Thunderbird.
+      '';
+    };
+
     virusScanning = mkOption {
       type = types.bool;
       default = false;
diff --git a/mail-server/networking.nix b/mail-server/networking.nix
index c224b0a..20fa34f 100644
--- a/mail-server/networking.nix
+++ b/mail-server/networking.nix
@@ -28,6 +28,7 @@ in
         ++ lib.optional enableImapSsl 993
         ++ lib.optional enablePop3 110
         ++ lib.optional enablePop3Ssl 995
+        ++ lib.optional enableManageSieve 4190
         ++ lib.optional (certificateScheme == 3) 80;
     };
   };

From a6d9604ea504360eb0d0e813e94cc9e82ac3df38 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 7 Jan 2018 12:58:52 +0100
Subject: [PATCH 2/5] Fix Sieve script activation via ManageSieve

---
 mail-server/dovecot.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 89249b5..34c94fb 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -109,7 +109,7 @@ in
         }
 
         plugin {
-          sieve = file:/var/sieve/%u.sieve
+          sieve = file:/var/sieve/%u/scripts;active=/var/sieve/%u/active.sieve
         }
 
         lda_mailbox_autosubscribe = yes

From aeedb25daf43268309dd8df4420ee4cfa3588347 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 7 Jan 2018 13:06:05 +0100
Subject: [PATCH 3/5] Use sieve_default option for sieveScript

https://wiki2.dovecot.org/Pigeonhole/Sieve/Configuration#Visible_Default_Script
---
 mail-server/dovecot.nix |  2 ++
 mail-server/users.nix   | 15 ++++++++++-----
 2 files changed, 12 insertions(+), 5 deletions(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 34c94fb..731b578 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -110,6 +110,8 @@ in
 
         plugin {
           sieve = file:/var/sieve/%u/scripts;active=/var/sieve/%u/active.sieve
+          sieve_default = file:/var/sieve/%u/default.sieve
+          sieve_default_name = default
         }
 
         lda_mailbox_autosubscribe = yes
diff --git a/mail-server/users.nix b/mail-server/users.nix
index 9484882..a8cda32 100644
--- a/mail-server/users.nix
+++ b/mail-server/users.nix
@@ -55,16 +55,21 @@ let
     # is null, remove the file.
     ${lib.concatMapStringsSep "\n" ({ name, sieveScript }:
       if lib.isString sieveScript then ''
-        cat << EOF > "/var/sieve/${name}.sieve"
+        if (! test -d "/var/sieve/${name}"); then
+          mkdir -p "/var/sieve/${name}"
+          chown "${name}:${vmailGroupName}" "/var/sieve/${name}"
+          chmod 770 "/var/sieve/${name}"
+        fi
+        cat << EOF > "/var/sieve/${name}/default.sieve"
         ${sieveScript}
         EOF
-        chown "${name}:${vmailGroupName}" "/var/sieve/${name}.sieve"
+        chown "${name}:${vmailGroupName}" "/var/sieve/${name}/default.sieve"
       '' else ''
-        if (test -f "/var/sieve/${name}.sieve"); then
-          rm "/var/sieve/${name}.sieve"
+        if (test -f "/var/sieve/${name}/default.sieve"); then
+          rm "/var/sieve/${name}/default.sieve"
         fi
         if (test -f "/var/sieve/${name}.svbin"); then
-          rm "/var/sieve/${name}.svbin"
+          rm "/var/sieve/${name}/default.svbin"
         fi
       '') (map (user: { inherit (user) name sieveScript; })
             (lib.attrValues loginAccounts))}

From ee479ae683fd7d8e2d11cbde2f8953e3374f9bd7 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 7 Jan 2018 13:08:04 +0100
Subject: [PATCH 4/5] Run spam.sieve after user scripts

Allows the user to override or disable it, if necessary.
---
 mail-server/dovecot.nix | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/mail-server/dovecot.nix b/mail-server/dovecot.nix
index 731b578..807a708 100644
--- a/mail-server/dovecot.nix
+++ b/mail-server/dovecot.nix
@@ -41,7 +41,7 @@ in
       protocols = [ "sieve" ];
 
       sieveScripts = {
-        before = builtins.toFile "spam.sieve" ''
+        after = builtins.toFile "spam.sieve" ''
           require "fileinto";
 
           if header :is "X-Spam" "Yes" {

From 239cc771ec32ee708deafa287366e8dc28a495b6 Mon Sep 17 00:00:00 2001
From: Andrey Golovizin <ag@sologoc.com>
Date: Sun, 7 Jan 2018 13:15:36 +0100
Subject: [PATCH 5/5] Update README.md

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index bde7c50..552c10e 100644
--- a/README.md
+++ b/README.md
@@ -54,6 +54,7 @@ the user accounts.
  * Sieves
     - [x] A simple standard script that moves spam
     - [x] Allow user defined sieve scripts
+    - [x] ManageSieve support
  * User Aliases
     - [x] Regular aliases
     - [x] Catch all aliases
@@ -179,6 +180,9 @@ common ones.
     enableImapSsl = true;
     enablePop3Ssl = true;
 
+    # Enable the ManageSieve protocol
+    enableManageSieve = true;
+
     # whether to scan inbound emails for viruses (note that this requires at least
     # 1 Gb RAM for the server. Without virus scanning 256 MB RAM should be plenty)
     virusScanning = false;