Head of household Sieve filters

From Messaging Server Technical Reference Wiki
Jump to: navigation, search


The MTA supports the concept of "head of household" (also referred to as "parental controls") filtering of incoming messages. This refers to cases where the MTA applies a "parent" or "head of household" Sieve filter to a user's incoming messages in addition to the user's own personal Sieve filter. This allows the "parent" or "head of household" user to exert some control over the receipt and handling of messages addressed to the "child" user.

Such "head of household" controls are enabled by marking a "child" user entry with:

  • a site-chosen LDAP attribute enabling application of "head of household" control (see the ldap_parental_controls MTA option), and
  • a site-chosen LDAP attribute (see the ldap_filter_reference MTA option) whose value will be the DN of the entry that contains the actual "head of household" Sieve filter (typically the DN of the "head of household" user).

By default, the "head of household" Sieve filter to be applied will simply be the "head of household" user's own Sieve filter as stored in mailSieveRuleSource; note that use of the Sieve "envelope" extension permits a Sieve filter to be sensitive to the recipient of a message, thus to distinguish between those messages addressed to the "head of household" user him/herself, vs. those messages having the "head of household" Sieve filter applied, but which were addressed to some other "child" user. However, see the ldap_hoh_filter MTA option which may be used to select use of a differently named LDAP attribute as the location of the "head of household" Sieve filter, if it is preferred to store the Sieve filter to be applied in a "head of household" capacity to "child" messages separately from the Sieve filter applying to the "head of household"'s own messages.

Sieve filter application requires a Sieve "owner" for certain purposes. By default, the "head of household" user's mail LDAP attribute is taken to be the Sieve "owner" when a Sieve filter is being applied in "head of household" capacity. However, see the ldap_hoh_owner MTA option which may be used to specify a different LDAP attribute whose value to consider as "owner" for such purposes.


See also: