draft-ietf-sieve-editheader-00.txt   draft-ietf-sieve-editheader-01.txt 
Network Working Group Jutta Degener
Internet Draft Philip Guenther Internet Draft Philip Guenther
Expires: August 2005 Sendmail, Inc. Expires: November 2005 Sendmail, Inc.
February 2005 May 2005
Sieve Mail Filtering Language: Editheader Extension Sieve Email Filtering: Editheader Extension
<draft-ietf-sieve-editheader-00.txt> draft-ietf-sieve-editheader-01.txt
Status of this memo Status of this memo
By submitting this Internet-Draft, I certify that any applicable By submitting this Internet-Draft, each author represents that any
patent or other IPR claims of which I am aware have been disclosed, or applicable patent or other IPR claims of which he or she is aware
will be disclosed, and any of which I become aware will be disclosed, have been or will be disclosed, and any of which he or she becomes
in accordance with RFC 3668. aware will be disclosed, in accordance with Section 6 of BCP 79.
This document is an Internet-Draft and is subject to all
provisions of Section 10 of RFC2026.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
other groups may also distribute working documents as other groups may also distribute working documents as
Internet-Drafts. Internet-Drafts.
Internet-Drafts are draft documents valid for a maximum of six Internet-Drafts are draft documents valid for a maximum of six
months and may be updated, replaced, or obsoleted by other months and may be updated, replaced, or obsoleted by other
documents at any time. It is inappropriate to use Internet- documents at any time. It is inappropriate to use Internet-
Drafts as reference material or to cite them other than as Drafts as reference material or to cite them other than as
"work in progress." "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/1id-abstracts.html http://www.ietf.org/1id-abstracts.html
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html http://www.ietf.org/shadow.html
Copyright Notice
Copyright (C) The Internet Society (2005).
Abstract Abstract
This document defines two new actions for the "sieve" This document defines two new actions for the "Sieve" email
language that add and delete email header fields. filtering language that add and delete email header fields.
1. Introduction 1. Introduction
Email headers are a flexible and easy to understand means Email header fields are a flexible and easy to understand means
of communication between email processors. of communication between email processors.
This extension enables sieve scripts to interact with other This extension enables sieve scripts to interact with other
components that consume or produce header fields by allowing components that consume or produce header fields by allowing
the script to delete and add header fields. the script to delete and add header fields.
2. Conventions used. 2. Conventions used.
Conventions for notations are as in [SIEVE] section 1.1, including Conventions for notations are as in [SIEVE] section 1.1, including
use of [KEYWORDS] and "Syntax:" label for the definition of action use of [KEYWORDS] and the "Syntax:" label for the definition of
and tagged arguments syntax. action and tagged arguments syntax.
The term "header field" is used here as in [RFC-2822] to mean a The term "header field" is used here as in [IMAIL] to mean a
logical line of an email message header. logical line of an email message header.
The capability string associated with extension defined in this The capability string associated with the extension defined in
document is "editheader". this document is "editheader".
3. Action addheader 3. Action addheader
Syntax: Syntax: "addheader" [":last"] <field-name: string> <value: string>
"addheader" [":last"] <name: string> <value: string>
The addheader action adds a header field to the existing The addheader action adds a header field to the existing message
message header. The name MUST be a valid 7-bit US-ASCII header header. The field-name MUST be a valid 7-bit US-ASCII header
field name as described by [RFC-2822] "field-name" nonterminal. field name as described by the [IMAIL] "field-name" nonterminal
syntax element. The addheader action does not affect Sieve's
implicit keep.
If the specified field value does not match the RFC 2822 If the specified field value does not match the RFC 2822
"unstructured" nonterminal or exceeds a length limit set by "unstructured" nonterminal syntax element or exceeds a length
the implementation, the implementation MUST either flag an limit set by the implementation, the implementation MUST either
error or encode the field using folding white space and the flag an error or encode the field using folding white space and
encodings described in RFC 2047 or RFC 2231 to be compliant the encodings described in [RFC2047] or [RFC2231] to be compliant
with RFC 2822. with RFC 2822.
An implementation MAY impose a length limit onto the size of An implementation MAY impose a length limit onto the size of
the encoded header field; such a limit MUST NOT be less the encoded header field; such a limit MUST NOT be less
than 998 characters, not including the terminating CRLF than 998 characters, not including the terminating CRLF
supplied by the implementation. supplied by the implementation.
By default, the header field is inserted at the beginning of By default, the header field is inserted at the beginning of the
the existing header. If the optional flag ":last" is existing message header. If the optional flag ":last" is
specified, it is appended at the end. specified, it is appended at the end.
Example: Example:
/* Don't redirect if we already redirected */ /* Don't redirect if we already redirected */
if not header :contains "X-Sieve-Filtered" if not header :contains "X-Sieve-Filtered"
["<kim@job.tld>", "<kim@home.tld>"] ["<kim@job.example.com>", "<kim@home.example.com>"]
{ {
addheader "X-Sieve-Filtered" "<kim@job.tld>"; addheader "X-Sieve-Filtered" "<kim@job.example.com>";
redirect "kim@home.tld"; redirect "kim@home.example.com";
} }
4. Action deleteheader 4. Action deleteheader
Syntax: Syntax: "deleteheader" [":index" <fieldno: number> [":last"]]
"deleteheader"
[":index" <fieldno: number> [":last"]]
[COMPARATOR] [MATCH-TYPE] [COMPARATOR] [MATCH-TYPE]
<field-name: string> <field-name: string>
[<value-patterns: string-list>] [<value-patterns: string-list>]
By default, the deleteheader action deletes all occurrences By default, the deleteheader action deletes all occurrences of
of the named header field. the named header field. The deleteheader action does not affect
Sieve's implicit keep.
The field-name is mandatory and always matched as a The field-name is mandatory and always matched as a
case-insensitive us-ascii string. The value-patterns, case-insensitive US-ASCII string. The value-patterns,
if specified, are matched according to the match type and if specified, are matched according to the match type and
comparator. If none are specified, all values match. comparator. If none are specified, all values match.
The field-name MUST be a valid 7-bit header field name as The field-name MUST be a valid 7-bit header field name as described
described by the [RFC-2822] "field-name" nonterminal. by the [IMAIL] "field-name" nonterminal syntax element.
If :index <fieldno> is specified, the attempts to match If :index <fieldno> is specified, the attempts to match
a value are limited to the header field <fieldno> (beginning a value are limited to the header field <fieldno> (beginning
at 1, the first named header field). If :last is specified, at 1, the first named header field). If :last is specified,
the count is backwards; 1 denotes the last named header field, the count is backwards; 1 denotes the last named header field,
2 the second to last, and so on. The counting happens 2 the second to last, and so on. The counting happens
before the <value-patterns> match, if any; before the <value-patterns> match, if any. For example:
deleteheader :index 2 :contains "Received" "via carrier-pidgeon" deleteheader :index 2 :contains "Received" "via carrier-pigeon"
deletes the second "Received:" header field if it contains deletes the second "Received:" header field if it contains
the string "via carrier-pidgeon" (not the second Received: field the string "via carrier-pigeon" (not the second Received: field
that contains "via carrier-pidgeon"). that contains "via carrier-pigeon").
It is not an error if no header fields match the conditions in
the deleteheader action or if the :index argument is greater
than the number of named header fields.
5. Interaction with Other Sieve Extensions 5. Interaction with Other Sieve Extensions
Tests and actions such as "exist" or "header" that examine Tests and actions such as "exists", "header", or "vacation"
header fields MUST examine the current state of a header as [VACATION] that examine header fields MUST examine the current
modified by any actions that have taken place so far. state of a header as modified by any actions that have taken
place so far.
As an example, the "header" test in the following fragment will As an example, the "header" test in the following fragment will
always evaluate to true, regardless of whether the incoming always evaluate to true, regardless of whether the incoming
message contained an "X-Hello" header field or not: message contained an "X-Hello" header field or not:
addheader "X-Hello" "World"; addheader "X-Hello" "World";
if header :contains "X-Hello" "World" if header :contains "X-Hello" "World"
{ {
fileinto "international"; fileinto "international";
} }
Actions that create messages in storage or in transport to However, if the presence or value of a header field affects how
MTAs MUST store and send messages with the current set of the implementation parses or decodes other parts of the message,
header fields. then for the purposes of that parsing or decoding the implementation
MAY ignore some or all changes made to those header fields. For
example, in an implementation that supports the [BODY] extension,
"body" tests may be unaffected by deleting or adding Content-Type
or Content-Transfer-Encoding header fields. This does not rescind
the requirement that changes to those header fields affect direct
tests; only the semantic side effects of changes to the fields
may be ignored.
Actions that store or send the message MUST do so with the current
set of header fields.
For the purpose of weeding out duplicates, a message modified For the purpose of weeding out duplicates, a message modified
by addheader or deleteheader MUST be considered the same as by addheader or deleteheader MUST be considered the same as
the original message. For example, in an implementation that the original message. For example, in an implementation that
obeys the constraint in [SIEVE] section 2.10.3 and does not deliver obeys the constraint in [SIEVE] section 2.10.3 and does not deliver
the same message to a folder more than once, the following the same message to a folder more than once, the following
code fragment code fragment
keep; keep;
addheader "X-Flavor" "vanilla"; addheader "X-Flavor" "vanilla";
skipping to change at line 183 skipping to change at line 197
To: iana@iana.org To: iana@iana.org
Subject: Registration of new Sieve extension Subject: Registration of new Sieve extension
Capability name: editheader Capability name: editheader
Capability keyword: editheader Capability keyword: editheader
Capability arguments: N/A Capability arguments: N/A
Standards Track/IESG-approved experimental RFC number: this RFC Standards Track/IESG-approved experimental RFC number: this RFC
Person and email address to contact for further information: Person and email address to contact for further information:
Jutta Degener Jutta Degener
jutta@sendmail.com jutta@pobox.com
This information should be added to the list of sieve extensions This information should be added to the list of sieve extensions
given on http://www.iana.org/assignments/sieve-extensions. given on http://www.iana.org/assignments/sieve-extensions.
7. Security Considerations 7. Security Considerations
Someone with write access to a user's script storage may use this Someone with write access to a user's script storage may use this
extension to generate headers that a user would otherwise be extension to generate headers that a user would otherwise be
shielded from (by a gateway MTA that removes them). shielded from (by a gateway MTA that removes them).
A sieve filter that removes headers may unwisely destroy A sieve filter that removes header fields may unwisely destroy
evidence about the path a header has taken. evidence about the path a message has taken.
Any change in a message content may interfere with digital Any change in a message content may interfere with digital
signature mechanisms that include the header in the signed signature mechanisms that include the header in the signed
material. Since normal message delivery adds "Received:" material. Since normal message delivery adds "Received:"
header fields to the beginning of a message, many such schemas header fields to the beginning of a message, many such schemas
are impervious to headers prefixed to a message, and will are impervious to headers prefixed to a message, and will
work with "addheader" unless :last is used. work with "addheader" unless :last is used.
Any decision mechanism in a user's filter that is based Any decision mechanism in a user's filter that is based
on headers is vulnerable to header spoofing. For example, on headers is vulnerable to header spoofing. For example,
if the user adds an APPROVED header or tag, a malicious sender if the user adds an APPROVED header or tag, a malicious sender
may add that tag or header themselves. One way to guard against may add that tag or header themselves. One way to guard against
this is to delete or rename any such headers or stamps prior this is to delete or rename any such headers or stamps prior
to processing the message. to processing the message.
Modifying the header of a message and then using the "reject"
action may let a sender 'probe' the logic of the sieve filter.
8. Acknowledgments 8. Acknowledgments
Thanks to Eric Allman, Cyrus Daboo, Ned Freed, Philip Guenther, Thanks to Eric Allman, Cyrus Daboo, Matthew Elvey, Ned Freed,
Simon Josefsson, Will Lee, Mark E. Mallet, Chris Markle, Arnt Gulbrandsen, Simon Josefsson, Will Lee, William Leibzon,
Randall Schwartz, Nigegl Swinson, Kjetil Torgrim Homme, and Mark E. Mallett, Chris Markle, Randall Schwartz, Nigel Swinson,
Rand Wacker for extensive corrections and suggestions. Kjetil Torgrim Homme, and Rand Wacker for extensive corrections
and suggestions.
9. Authors' Addresses 9. Authors' Addresses
Jutta Degener Jutta Degener
5245 College Ave, Suite #127 5245 College Ave, Suite #127
Oakland, CA 94618 Oakland, CA 94618
Email: jutta@pobox.com Email: jutta@pobox.com
Philip Guenther Philip Guenther
skipping to change at line 247 skipping to change at line 265
This draft is intended as an extension to the Sieve mail filtering This draft is intended as an extension to the Sieve mail filtering
language. Sieve extensions are discussed on the MTA Filters mailing language. Sieve extensions are discussed on the MTA Filters mailing
list at <ietf-mta-filters@imc.org>. Subscription requests can list at <ietf-mta-filters@imc.org>. Subscription requests can
be sent to <ietf-mta-filters-request@imc.org> (send an email be sent to <ietf-mta-filters-request@imc.org> (send an email
message with the word "subscribe" in the body). message with the word "subscribe" in the body).
More information on the mailing list along with a WWW archive of More information on the mailing list along with a WWW archive of
back messages is available at <http://www.imc.org/ietf-mta-filters/>. back messages is available at <http://www.imc.org/ietf-mta-filters/>.
10.1 Changes from draft-degener-sieve-editheader-03.txt 10.1 Changes from draft-ietf-sieve-editheader-00.txt
Updated IPR boilerplate to RFC 3978/3979.
Many corrections in response to WGLC comments. Of particular note:
- correct a number of spelling and grammar errors
- document that neither addheader nor deleteheader affects the
implicit keep
- add normative references to RFC 2047 and RFC 2231
- it is not an error for deleteheader to affect nothing
- change "foo.tld" to "foo.example.com"
- add an informative reference to [VACATION], citing it as an
example of an action that examines header fields
- add weasel words about changes to fields that have secondary
effects
- add security consideration for combination of header changes
and "reject"
10.2 Changes from draft-degener-sieve-editheader-03.txt
Renamed to draft-ietf-sieve-editheader-00.txt; Renamed to draft-ietf-sieve-editheader-00.txt;
tweaked the title and abstract. tweaked the title and abstract.
Added Philip Guenther as co-author. Added Philip Guenther as co-author.
Updated IPR boilerplate. Updated IPR boilerplate.
10.2 Changes from draft-degener-sieve-editheader-02.txt 10.3 Changes from draft-degener-sieve-editheader-02.txt
Changed the duplicate restrictions from "messages with different Changed the duplicate restrictions from "messages with different
headers MUST be considered different" to their direct opposite, headers MUST be considered different" to their direct opposite,
"messages with different headers MUST be considered the same," "messages with different headers MUST be considered the same,"
as requested by workgroup members on the mailing list. as requested by workgroup members on the mailing list.
Expanded mention of header signature schemes to Security Expanded mention of header signature schemes to Security
Considerations. Considerations.
Added IANA Considerations section. Added IANA Considerations section.
Appendices Appendices
Appendix A. Normative References Appendix A. Normative References
[RFC-2822] Resnick, P., "Internet Message Format", RFC 2822, April [IMAIL] Resnick, P., "Internet Message Format", RFC 2822, April
2001. 2001.
<<Should this refer to RFC 822 instead of 2822 so that it can go to draft?>> [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997.
[RFC2047] Moore, K., "MIME (Multipurpose Internet Mail
Extensions) Part Three: Message Header Extensions for
Non-ASCII Text", RFC 2047, November 1996.
[RFC2231] Freed, N. and K. Moore, "MIME Parameter Value and
Encoded Word Extensions: Character Sets, Languages, and
Continuations", RFC 2231, November 1997.
[SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC 3028, [SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC 3028,
January 2001. January 2001.
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Appendix B. Informative References
Requirement Levels", RFC 2119, March 1997.
Appendix B. Copyright Statement [VACATION] Showalter, T. and N. Freed, "Sieve Email Filtering:
Vacation Extension", draft-ietf-sieve-vacation-02,
April 2005
Copyright (C) The Internet Society (2005). Copyright Statement
This document is subject to the rights, licenses and restrictions Copyright (C) The Internet Society (2005). This document is
contained in BCP 78, and except as set forth therein, the authors subject to the rights, licenses and restrictions contained in
retain all their rights. BCP 78, and except as set forth therein, the authors retain all
their rights.
This document and the information contained herein are provided on an This document and the information contained herein are provided on an
"AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND THE
INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR
IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
Intellectual Property Intellectual Property
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed Intellectual Property Rights or other rights that might be claimed to
to pertain to the implementation or use of the technology pertain to the implementation or use of the technology described in
described in this document or the extent to which any license this document or the extent to which any license under such rights
under such rights might or might not be available; nor does it might or might not be available; nor does it represent that it has
represent that it has made any independent effort to identify any made any independent effort to identify any such rights. Information
such rights. Information on the IETF's procedures with respect to on the procedures with respect to rights in RFC documents can be
rights in IETF Documents can be found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use attempt made to obtain a general license or permission for the use
of such proprietary rights by implementers or users of this of such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository specification can be obtained from the IETF on-line IPR repository
at http://www.ietf.org/ipr. at http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention The IETF invites any interested party to bring to its attention
any copyrights, patents or patent applications, or other any copyrights, patents or patent applications, or other
 End of changes. 

This html diff was produced by rfcdiff 1.23, available from http://www.levkowetz.com/ietf/tools/rfcdiff/