Postfix Dovecot Sieve – Automatically move spam emails into trash folders

Deprecated: Function create_function() is deprecated in /home/vhosts/ on line 4698

In order to automatically move emails tagged as spam into another folder, we need to configure postfix to deliver emails via dovecot lmtp, instead of postfix/virtual. Then we configure dovecot lmtp to use the sieve plugin, which is a language that allows us to write rules to process incoming emails. Last, we configure sieve and write some rules to automatically move spam into a specific inbox folder of the user. Note: The following steps were performed in a Centos 6.3 server, but the general steps should apply to other distributions with minor changes.

Configure postfix to deliver via Dovecot LMTP

Enable LMTP on Dovecot conf

Edit the dovecot.conf file, and add the lmtp protocol to the end of protocols line


protocols = imap pop3 lmtp

Add following configuration in file 20-lmtp.conf

Notice we are adding the sieve plugin, and also postmaster_address line is required.


protocol lmtp {
postmaster_address = # required

# Space separated list of plugins to load (default is global mail_plugins).
mail_plugins = $mail_plugins sieve

Make sure the service lmpt section is configured as follow in the file 10-mater.conf


service lmtp {
unix_listener /var/spool/postfix/private/dovecot-lmtp {
group = postfix
mode = 0600
user = postfix

Enable Dovecot LMTP on Postfix

Now we need to tell postfix to use the dovecot-lmtp service to deliver emails.

Locate the line virtual_transport, and replace as following. This tells postfix to use the unix socket we configured in the previous step.


###virtual_transport = virtual
virtual_transport = lmtp:unix:private/dovecot-lmtp

Configure Sieve

Make sure to setup sieve_global_path as following in the file 90-sieve.conf


plugin {
# The path to the user's main active script.
sieve = ~/.dovecot.sieve

# A path to a global sieve script file, which gets executed ONLY
# if user's private Sieve script doesn't exist. Be sure to
# pre-compile this script manually using the sievec command line
# tool.
sieve_global_path = /var/lib/dovecot/sieve/default.sieve

Now, create the directory, and make sure the user postfix has permission in the folder /var/lib/dovecot

mkdir /var/lib/dovecot/sieve/
chgrp postfix /var/lib/dovecot/
chgrp postfix /var/lib/dovecot/sieve/

Now we will create the rules to automatically move spam emails inside the file default.sieve

In the following example, we use the Spam folder, but we can replace it with another folder like INBOX.spam, SPAM, etc.

If the designated folder does not exists, it will be automatically created.


require ["fileinto", "mailbox"];

if exists "X-Spam-Flag" {
if header :contains "X-Spam-Flag" "NO" {

} else {
fileinto :create "Spam";


Compile the sieve file with the sievec command:

cd /var/lib/dovecot/sieve/
sievec default.sieve

That will generate file: default.svbin

Please make sure both files have execution permission, and that the user postfix can reach the files:

chmod +x default.sieve
chmod +x devault.svbin

Setting sieve scripts for specific users

It is also possible to set different sieve script for each user. The sieve script stored in the user’s inbox folder takes precedence over the global sieve script. For example, the path to store a sieve script for the user is:


Note that this path depends on the path that postfix is configured to store emails. In this example, /home/vmail

Finally restart both dovecot and postfix services and test

service dovecot restart
service postfix restart


Important logs files that we should monitor:

  • /var/log/maillog
  • /var/log/dovecot.log

Example of permissions problems in the folder /var/lib/dovecot

May 22 14:05:20 lmtp(8369, Debug: CJTBKWA8flOxIAAA7c9hNA: sieve: opening script /var/lib/dovecot/sieve/default.sieve
May 22 14:05:20 lmtp(8369, Error: CJTBKWA8flOxIAAA7c9hNA: sieve: main_script: failed to stat sieve script:
failed: Permission denied (euid=89(postfix) egid=89(postfix)
missing +x perm: /var/lib/dovecot, euid is not dir owner)

Example of Sieve working as expected

May 22 14:14:28 lmtp(8425, Debug: /34REHQ9flPpIAAA7c9hNA: sieve: script binary /var/lib/dovecot/sieve/default.svbin successfully loaded
May 22 14:14:28 lmtp(8425, Debug: /34REHQ9flPpIAAA7c9hNA: sieve: binary save: not saving binary /var/lib/dovecot/sieve/default.svbin, because it is already stored
May 22 14:14:28 lmtp(8425, Debug: /34REHQ9flPpIAAA7c9hNA: sieve: executing script from /var/lib/dovecot/sieve/default.svbin
May 22 14:14:28 lmtp(8425, Debug: Namespace : Using permissions from /home/vmail/ mode=0700 gid=-1
May 22 14:14:28 lmtp(8425, Info: /34REHQ9flPpIAAA7c9hNA: sieve: msgid=<9e1b8e38994ec37aec66875636bb2b73@>: stored mail into mailbox 'Spam'
May 22 14:14:28 lmtp(8425): Info: Disconnect from local: Client quit

External documentation

Dovecot LMTP

Manually Compiling Sieve Scripts

Sieve Interpreter

Sieve Examples

You may also like...