diff --git a/createlinks b/createlinks
index 1564aa9..6602c4f 100755
--- a/createlinks
+++ b/createlinks
@@ -10,6 +10,9 @@ templates2events("/etc/sogo/sogo.conf", qw(email-update bootstrap-console-save p
 templates2events("/etc/sysconfig/sogo", qw(email-update bootstrap-console-save));
 templates2events("/etc/logrotate.d/sogo", qw(email-update bootstrap-console-save));
 templates2events("/etc/pam.d/dovecot", qw(email-update bootstrap-console-save));
+templates2events("/etc/sogo/sieve.creds", qw(email-update bootstrap-console-save));
+templates2events("/etc/cron.d/sogo", qw(email-update bootstrap-console-save));
+templates2events("/etc/dovecot/master.sieve.127.0.0.1", qw(email-update bootstrap-console-save));
 
 safe_symlink("restart", "root/etc/e-smith/events/email-update/services2adjust/sogod");
 safe_symlink("restart", "root/etc/e-smith/events/email-update/services2adjust/memcached-sogo");
diff --git a/root/etc/cron.hourly/sogo-sessions b/root/etc/cron.hourly/sogo-sessions
deleted file mode 100644
index d88779f..0000000
--- a/root/etc/cron.hourly/sogo-sessions
+++ /dev/null
@@ -1,6 +0,0 @@
-#!/bin/bash
-
-TIME=$(/sbin/e-smith/db configuration getprop sogod SessionDuration || echo 1440)
-
-# Remove old SOGo sessions entries
-su -l -s /bin/bash sogo -c "/usr/sbin/sogo-tool expire-sessions $TIME"
diff --git a/root/etc/e-smith/db/configuration/migrate/SOGoSievePassword b/root/etc/e-smith/db/configuration/migrate/SOGoSievePassword
new file mode 100644
index 0000000..3cbd28d
--- /dev/null
+++ b/root/etc/e-smith/db/configuration/migrate/SOGoSievePassword
@@ -0,0 +1,32 @@
+{
+    my $sogodrec = $DB->get('sogod')
+        || $DB->new_record('sogod', {type => 'service'});
+    my $sogod_sieve_pw = $sogodrec->prop('SieveMasterPassword');
+    if (not $sogod_sieve_pw or length($sogod_sieve_pw) < 57)
+    {
+        use MIME::Base64 qw(encode_base64);
+
+        $sogod_sieve_pw = "not set due to error";
+        if ( open( RANDOM, "/dev/urandom" ) )
+        {
+            my $buf;
+            # 57 bytes is a full line of Base64 coding, and contains
+            # 456 bits of randomness - given a perfectly random /dev/random
+            if ( read( RANDOM, $buf, 57 ) != 57 )
+            {
+                warn("Short read from /dev/random: $!");
+            }
+            else
+            {
+                $sogod_sieve_pw = encode_base64($buf);
+                chomp $sogod_sieve_pw;
+            }
+            close RANDOM;
+        }
+        else
+        {
+            warn "Could not open /dev/urandom: $!";
+        }
+        $sogodrec->set_prop('SieveMasterPassword', $sogod_sieve_pw);
+    }
+}
diff --git a/root/etc/e-smith/templates.metadata/etc/dovecot/master.sieve.127.0.0.1 b/root/etc/e-smith/templates.metadata/etc/dovecot/master.sieve.127.0.0.1
new file mode 100644
index 0000000..d102826
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/dovecot/master.sieve.127.0.0.1
@@ -0,0 +1 @@
+PERMS=0600
diff --git a/root/etc/e-smith/templates.metadata/etc/sogo/sieve.creds b/root/etc/e-smith/templates.metadata/etc/sogo/sieve.creds
new file mode 100644
index 0000000..81757a1
--- /dev/null
+++ b/root/etc/e-smith/templates.metadata/etc/sogo/sieve.creds
@@ -0,0 +1,3 @@
+PERMS=0640
+UID="root"
+GID="sogo"
diff --git a/root/etc/e-smith/templates/etc/cron.d/sogo/autoreply b/root/etc/e-smith/templates/etc/cron.d/sogo/autoreply
new file mode 100644
index 0000000..6617f02
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/cron.d/sogo/autoreply
@@ -0,0 +1 @@
+0 0 * * *      sogo    /usr/sbin/sogo-tool update-autoreply -p /etc/sogo/sieve.creds
diff --git a/root/etc/e-smith/templates/etc/cron.d/sogo/sessions b/root/etc/e-smith/templates/etc/cron.d/sogo/sessions
new file mode 100644
index 0000000..6a0039f
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/cron.d/sogo/sessions
@@ -0,0 +1 @@
+* * * * *      sogo    /usr/sbin/sogo-tool expire-sessions { $sogod{SessionDuration} || '60' }
diff --git a/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/14AuthSieve b/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/14AuthSieve
new file mode 100644
index 0000000..28eef02
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/dovecot/dovecot.conf/14AuthSieve
@@ -0,0 +1,9 @@
+passdb \{
+  driver = passwd-file
+  master = yes
+  args = username_format=%u /etc/dovecot/master.%s.%r
+\}
+userdb \{
+  driver = passwd-file
+  args = username_format=%u /etc/dovecot/master.%s.%r
+\}
diff --git a/root/etc/e-smith/templates/etc/dovecot/master.sieve.127.0.0.1/sogo b/root/etc/e-smith/templates/etc/dovecot/master.sieve.127.0.0.1/sogo
new file mode 100644
index 0000000..c9edf58
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/dovecot/master.sieve.127.0.0.1/sogo
@@ -0,0 +1 @@
+sogo-sieve:\{plain\}{ $sogod{SieveMasterPassword} }:101:101::/home/e-smith::allow_nets=127.0.0.1/8
diff --git a/root/etc/e-smith/templates/etc/dovecot/master.sieve.127.0.0.1/template-begin b/root/etc/e-smith/templates/etc/dovecot/master.sieve.127.0.0.1/template-begin
new file mode 100644
index 0000000..e69de29
diff --git a/root/etc/e-smith/templates/etc/sogo/sieve.creds/sogo b/root/etc/e-smith/templates/etc/sogo/sieve.creds/sogo
new file mode 100644
index 0000000..00db885
--- /dev/null
+++ b/root/etc/e-smith/templates/etc/sogo/sieve.creds/sogo
@@ -0,0 +1 @@
+sogo-sieve:{ $sogod{SieveMasterPassword} }
diff --git a/root/etc/e-smith/templates/etc/sogo/sieve.creds/template-begin b/root/etc/e-smith/templates/etc/sogo/sieve.creds/template-begin
new file mode 100644
index 0000000..e69de29