diff --git a/src/lib-sieve-tool/mail-raw.c b/src/lib-sieve-tool/mail-raw.c
index a46bd6fb9ce3c1862da63c3ba833bcd390f962fe..b0ec7109f8b1c5146237d8b10afad04842103dc6 100644
--- a/src/lib-sieve-tool/mail-raw.c
+++ b/src/lib-sieve-tool/mail-raw.c
@@ -13,6 +13,9 @@
 #include "str.h"
 #include "str-sanitize.h"
 #include "strescape.h"
+#include "safe-mkstemp.h"
+#include "close-keep-errno.h"
+#include "mkdir-parents.h"
 #include "message-address.h"
 #include "mbox-from.h"
 #include "raw-storage.h"
@@ -57,6 +60,46 @@ char *raw_tmp_prefix;
  * Raw mail implementation
  */
 
+static int seekable_fd_callback
+(const char **path_r, void *context ATTR_UNUSED)
+{
+	const char *dir, *p;
+	string_t *path;
+	int fd;
+
+ 	path = t_str_new(128);
+ 	str_append(path, "/tmp/dovecot.sieve-tool.");
+	fd = safe_mkstemp(path, 0600, (uid_t)-1, (gid_t)-1);
+	if (fd == -1 && errno == ENOENT) {
+		dir = str_c(path);
+		p = strrchr(dir, '/');
+		if (p != NULL) {
+			dir = t_strdup_until(dir, p);
+			if ( mkdir_parents(dir, 0600) < 0 ) {
+				i_error("mkdir_parents(%s) failed: %m", dir);
+				return -1;
+			}
+			fd = safe_mkstemp(path, 0600, (uid_t)-1, (gid_t)-1);
+		}
+	}
+
+	if (fd == -1) {
+		i_error("safe_mkstemp(%s) failed: %m", str_c(path));
+		return -1;
+	}
+
+	/* we just want the fd, unlink it */
+	if (unlink(str_c(path)) < 0) {
+		/* shouldn't happen.. */
+		i_error("unlink(%s) failed: %m", str_c(path));
+		close_keep_errno(fd);
+		return -1;
+	}
+
+	*path_r = str_c(path);
+	return fd;
+}
+
 static struct istream *create_raw_stream
 (int fd, time_t *mtime_r, const char **sender)
 {
@@ -104,8 +147,8 @@ static struct istream *create_raw_stream
 	i_stream_unref(&input);
 
 	input_list[0] = input2; input_list[1] = NULL;
-	input = i_stream_create_seekable
-		(input_list, MAIL_MAX_MEMORY_BUFFER, raw_tmp_prefix);
+	input = i_stream_create_seekable(input_list, MAIL_MAX_MEMORY_BUFFER,
+		seekable_fd_callback, raw_mail_user);
 	i_stream_unref(&input2);
 	return input;
 }
@@ -133,7 +176,7 @@ void mail_raw_init
 	raw_ns_set.location = "/tmp";
 
 	raw_ns = mail_namespaces_init_empty(raw_mail_user);
-	raw_ns->flags |= NAMESPACE_FLAG_INTERNAL;
+	raw_ns->flags |= NAMESPACE_FLAG_NOQUOTA | NAMESPACE_FLAG_NOACL;
 	raw_ns->set = &raw_ns_set;
     
 	if (mail_storage_create(raw_ns, "raw", 0, &errstr) < 0)
@@ -154,7 +197,7 @@ void mail_raw_deinit(void)
  */
 
 static struct mail_raw *mail_raw_create
-(struct istream *input, const char *mailfile, const char *sender, 
+(struct istream *input, const char *mailfile, const char *sender,
 	time_t mtime)
 {
 	pool_t pool;
diff --git a/src/sieve-tools/sieve-test.c b/src/sieve-tools/sieve-test.c
index 98c3d97d3df540743cbfdd2e394e2a80e1c60fd9..b6e6f2136da2912086d7c8769ac1c844f207ce29 100644
--- a/src/sieve-tools/sieve-test.c
+++ b/src/sieve-tools/sieve-test.c
@@ -271,7 +271,7 @@ int main(int argc, char **argv)
     		ns_set.location = mailloc;
 
     		ns = mail_namespaces_init_empty(mail_user);
-    		ns->flags |= NAMESPACE_FLAG_INTERNAL;
+    		ns->flags |= NAMESPACE_FLAG_NOQUOTA | NAMESPACE_FLAG_NOACL;
     		ns->set = &ns_set;
 		}