How to get Sieve Automated Vacation Responses to work with regular mailboxes as well as aliased Email addresses, with or without a recipient delimiter, and without bypassing header checks.
NOTE: This guide assumes you have already set up an Email server running Postfix, Dovecot-LDA, and Sieve. There are plenty of high quality walkthroughs out there already detailing this setup, so I’ve chosen to forego those steps. It also assumes you are running a Debian-based Linux system like Ubuntu, if you are not, you may have to substitute some commands and file locations from this guide with their appropriate equivalent for your system. I wrote this because I was unable to find a simple explanation of the issue at hand, I had to dig through some documentation and do some tinkering to figure it out myself, so I hope this will save you some time.
Understanding the issue
By default, Sieve will make sure the recipient address is in either the To:, or CC: fields before it will send an Automated Vacation Response. This is to ensure you don’t send auto responses to mailing lists or emails that you are receiving as a Blind Carbon Copy. We do not want to bypass that check, we only want to pass the alias addresses and/or recipient tag to Sieve so those addresses will correctly pass the check.
Recipient Delimiter: If you aren’t familiar with the term, recipient delimiter is a character designated to separate the user in an email address from a tag in the address. For example, Google Mail uses the + character as a recipient delimiter, so an email to somebody+foo@gmail.com will get delivered to the user somebody@gmail.com, but the To: header will still show somebody+foo@gmail.com. This is extremely useful, as you can give out a unique email address to anyone, and set up Sieve filters for that address only. You can even reject messages based on the tag in the address, essentially giving you access to an unlimited number of disposable burner email addresses. I recommend using - as a recipient delimiter over +, as some sites/services won’t allow the + character, some will even filter it out.
Error Messages
The following error messages in /var/log/mail.log are indicative of a misconfiguration between Postfix and Dovecot that is the subject of this guide. These errors may occur when sending Emails to an aliased address, a regular mailbox address, either of those with a recipient delimiter, or all of the above.
dovecot: lda(you@yourdomain.tld): Warning: sieve: msgid=<messageID@senderAddress.tld>: vacation action aborted: envelope recipient is <>
dovecot: lda(you@yourdomain.tld): sieve: msgid=<messageID@senderAddress.tld>: discarding vacation response for implicitly delivered message; no known (envelope) recipient address found in message headers (recipient=<you@yourdomain.tld>, and no additional `:addresses' are specified)
Resolution
Starting with Postfix configuration, we need to enable the X-Original-To header, and make sure it doesn’t get re-written by your alias maps. You will have to add the line receive_override_options = no_address_mappings before any external handling of the message (Amavis/ClamAV/Dovecot/etc.), and add the line dovecot_destination_recipient_limit = 1 after the Dovecot declaration, this limit is required for the X-Original-To header to be added.
Search /etc/postfix/main.cf for the line enable_original_recipient = no, and comment it out if it is present, the default value is yes, but a lot of tutorials add this line for privacy (it’s a small sacrifice to get vacation responses working with aliased addresses).
/etc/postfix/main.cf
...
# Don't rewrite headers in original message envelope
# receive_override_options =
receive_override_options = no_address_mappings
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
...
*It’s always a good idea to add a brief description and the default value in comments when you are adding a new line to a config file.
Now we need to pass the correct values to Dovecot, please do not just copy and paste here, I’ll explain the relative parts and you’ll need to adjust your configuration and test the results.
You should have a line similar to this one:
/etc/postfix/master.cf
flags=DRhu user=user:group argv=/path/to/dovecot-lda -f ${sender} -a ${original_recipient} -d ${user}@${nexthop}
So let’s break this down first. From left to right we have:
- flags: Modifications to the incoming Email headers made by Postfix.
- D: Prepend a “Delivered-To:” header.
- R: Prepend a “Return-Path:” header.
- h: Fold the command-line
$original_recipientand$recipientaddress domain part (text to the right of the right-most @ character) to lower case; fold the entire command-line$domainand$nexthophost or domain information to lower case. - u: Fold the command-line
$original_recipientand$recipientaddress localpart (text to the left of the right-most @ character) to lower case.
- user: User name and group that are used by your mail system
- argv: Path to local delivery agent to be used (Dovecot-LDA)
- -f: Envelope sender address passed to LDA
- -a: Original envelope address passed to LDA
- -d: Destination username passed to LDA
We need to change a few things here, specifically we can’t use the original envelope address value (-a), because that will override the X-Original-To header value, but we still need to pass the recipient address otherwise Dovecot won’t know where to deliver it, we can use the final envelope address (-r) for this. Also, we need to pass the X-Original-To header with the O flag (That’s a capital letter o, not a number zero).
It should look something like this:
/etc/postfix/master.cf
flags=DORhu user=user:group argv=/path/to/dovecot-lda -f ${sender} -r ${recipient} -d ${user}@${nexthop}
- Changelog
- flags
- O: Prepend
X-Original-Toheader
- O: Prepend
- -a: Removed
- -r: Final envelope address passed to LDA (Note that the value passed has also changed from
${original_recipient}to${recipient})
- flags
For Dovecot configuration, we need to tell Dovecot-LDA what the recipient delimiter is, and to get the recipient address from the new X-Original-To header instead of the Delivered-To header. Edit your Dovecot-LDA configuration file, the following two lines should already exist but be commented out, remove the comment tag (#), and edit them to match the lines below (if your recipient delimiter is not - be sure to change that to what you are using.):
/etc/dovecot/conf.d/15-lda.conf *This file may have a different name on your system.
recipient_delimiter = -
lda_original_recipient_header = X-Original-To
Now we just need to tell Sieve what the recipient delimiter is, and to use the original recipient address given by Dovecot for the vacation response header check (this will be the X-Original-To header we’ve worked so hard to pass all the way down to this point). Edit your Sieve configuration file, the recipient_delimiter line should already exist in a comment, I had to add the line sieve_vacation_use_original_recipient = yes, I just put it at the top of the first plugin section (again use the correct recipient delimiter here). It should look something like this:
/etc/dovecot/conf.d/90-sieve.conf *This file may have a different name on your system.
plugin {
# This specifies whether the original envelope recipient should be used
# in the check for implicit delivery.
# Use this option with caution: if you are using aliases that point
# to more than a single account, senders can get multiple vacation
# responses for a single message.
# sieve_vacation_use_original_recipient = no
sieve_vacation_use_original_recipient = yes
...
recipient_delimiter = -
...
}
Finally, run the obligatory sudo systemctl restart dovecot, and sudo systemctl restart postfix, and send some test emails. Note that Sieve will only send one vacation response per sender address within the time defined in it’s rule, usually 1 day or more, you can reset the Discarding duplicate vacation response behavior by changing the vacation response message in the rule. Make sure you test emails with your target address in the CC and BCC fields as well, CC should send a vacation response, but BCC should not.
