draft-ietf-sieve-external-lists-06.txt   draft-ietf-sieve-external-lists-07.txt 
Sieve Working Group A. Melnikov Sieve Working Group A. Melnikov
Internet-Draft Isode Limited Internet-Draft Isode Limited
Intended status: Standards Track B. Leiba Intended status: Standards Track B. Leiba
Expires: September 30, 2011 Huawei Technologies Expires: October 23, 2011 Huawei Technologies
March 29, 2011 April 21, 2011
Sieve Extension: Externally Stored Lists Sieve Extension: Externally Stored Lists
draft-ietf-sieve-external-lists-06 draft-ietf-sieve-external-lists-07
Abstract Abstract
The Sieve scripting language can be used to implement whitelisting, The Sieve scripting language can be used to implement whitelisting,
blacklisting, personal distribution lists, and other sorts of list blacklisting, personal distribution lists, and other sorts of list
matching. Currently, this requires that all members of such lists be matching. Currently, this requires that all members of such lists be
hardcoded in the script itself. Whenever a member of a list is added hardcoded in the script itself. Whenever a member of a list is added
or deleted, the script needs to be updated and possibly uploaded to a or deleted, the script needs to be updated and possibly uploaded to a
mail server. mail server.
This document defines a Sieve extension for accessing externally This document defines a Sieve extension for accessing externally
stored lists -- lists whose members are stored externally to the stored lists -- lists whose members are stored externally to the
script, such as using LDAP (RFC 4510), ACAP (RFC 2244), or relational script, such as using LDAP (RFC 4510), ACAP (RFC 2244), CardDAV (work
databases. in progress), or relational databases.
Status of this Memo Status of this Memo
This Internet-Draft is submitted in full conformance with the This Internet-Draft is submitted in full conformance with the
provisions of BCP 78 and BCP 79. provisions of BCP 78 and BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on September 30, 2011. This Internet-Draft will expire on October 23, 2011.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2011 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
skipping to change at page 2, line 29 skipping to change at page 2, line 29
2.2. :list Match Type for Supported Tests . . . . . . . . . . . 3 2.2. :list Match Type for Supported Tests . . . . . . . . . . . 3
2.3. :list Tagged Argument to the "redirect" Action . . . . . . 4 2.3. :list Tagged Argument to the "redirect" Action . . . . . . 4
2.4. Other Uses for External Lists . . . . . . . . . . . . . . 5 2.4. Other Uses for External Lists . . . . . . . . . . . . . . 5
2.5. Syntax of an Externally Stored List Name . . . . . . . . . 5 2.5. Syntax of an Externally Stored List Name . . . . . . . . . 5
2.6. Test valid_ext_list . . . . . . . . . . . . . . . . . . . 6 2.6. Test valid_ext_list . . . . . . . . . . . . . . . . . . . 6
2.7. Interaction with ManageSieve . . . . . . . . . . . . . . . 6 2.7. Interaction with ManageSieve . . . . . . . . . . . . . . . 6
2.8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 7 2.8. Examples . . . . . . . . . . . . . . . . . . . . . . . . . 7
2.8.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . . . 7 2.8.1. Example 1 . . . . . . . . . . . . . . . . . . . . . . . . 7
2.8.2. Example 2 . . . . . . . . . . . . . . . . . . . . . . . . 8 2.8.2. Example 2 . . . . . . . . . . . . . . . . . . . . . . . . 8
2.8.3. Example 3 . . . . . . . . . . . . . . . . . . . . . . . . 8 2.8.3. Example 3 . . . . . . . . . . . . . . . . . . . . . . . . 8
2.8.4. Example 4 . . . . . . . . . . . . . . . . . . . . . . . . 8
2.8.5. Example 5 . . . . . . . . . . . . . . . . . . . . . . . . 9
3. Security Considerations . . . . . . . . . . . . . . . . . 8 3. Security Considerations . . . . . . . . . . . . . . . . . 9
4. IANA Considerations . . . . . . . . . . . . . . . . . . . 9 4. IANA Considerations . . . . . . . . . . . . . . . . . . . 11
4.1. Registration of Sieve Extension . . . . . . . . . . . . . 10 4.1. Registration of Sieve Extension . . . . . . . . . . . . . 11
4.2. Registration of ManageSieve Capability . . . . . . . . . . 10 4.2. Registration of ManageSieve Capability . . . . . . . . . . 11
4.3. Registration of "ab" URI Scheme . . . . . . . . . . . . . 11 4.3. Registration of "ab" URI Scheme . . . . . . . . . . . . . 12
5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 12 5. Acknowledgements . . . . . . . . . . . . . . . . . . . . . 13
6. References . . . . . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . . 13 6.2. Informative References . . . . . . . . . . . . . . . . . . 14
Authors' Addresses . . . . . . . . . . . . . . . . . . . . 14 Authors' Addresses . . . . . . . . . . . . . . . . . . . . 15
1. Introduction 1. Introduction
This document specifies an extension to the Sieve language [RFC5228] This document specifies an extension to the Sieve language [RFC5228]
for checking membership in an external list or for redirecting for checking membership in an external list or for redirecting
messages to an external list of recipients. An "external list" is a messages to an external list of recipients. An "external list" is a
list whose members are stored externally to the Sieve script, such as list whose members are stored externally to the Sieve script, such as
using LDAP [RFC4510], ACAP [RFC2244], or relational databases. using LDAP [RFC4510], ACAP [RFC2244], CardDAV
[I-D.ietf-vcarddav-carddav], or relational databases.
This extension adds a new match type to apply to supported tests, and This extension adds a new match type to apply to supported tests, and
a new tagged argument to the "redirect" action. a new tagged argument to the "redirect" action.
1.1. Conventions Used In This Document 1.1. Conventions Used In This Document
Conventions for notations are as in [RFC5228] section 1.1, including Conventions for notations are as in [RFC5228] section 1.1, including
the use of [RFC5234]. the use of [RFC5234].
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
skipping to change at page 7, line 41 skipping to change at page 7, line 43
{ /* Unknown: less tolerance in spam score */ { /* Unknown: less tolerance in spam score */
fileinto "spam"; fileinto "spam";
} }
The same example can also be written another way, if the Variables The same example can also be written another way, if the Variables
extension [RFC5229] is also supported: extension [RFC5229] is also supported:
require ["envelope", "extlists", "fileinto", "spamtest", require ["envelope", "extlists", "fileinto", "spamtest",
"variables", "relational", "comparator-i;ascii-numeric"]; "variables", "relational", "comparator-i;ascii-numeric"];
if envelope :list "from" "ab:default" { if envelope :list "from" "ab:default" {
set "limit" "8"; /* Known: allow high spam score */ set "lim" "8"; /* Known: allow high spam score */
} else { } else {
set "limit" "3"; /* Unknown: less tolerance in spam score */ set "lim" "3"; /* Unknown: less tolerance in spam score */
} }
if spamtest :value "ge" :comparator "i;ascii-numeric" ${limit} { if spamtest :value "ge" :comparator "i;ascii-numeric" "${lim}" {
fileinto "spam"; fileinto "spam";
} }
2.8.2. Example 2 2.8.2. Example 2
This example uses the "currentdate" test [RFC5260] and a list This example uses the "currentdate" test [RFC5260] and a list
containing the dates of local holidays. If today is a holiday, the containing the dates of local holidays. If today is a holiday, the
script will notify [RFC5435] the user via XMPP [RFC5437] about the script will notify [RFC5435] the user via XMPP [RFC5437] about the
message. message.
skipping to change at page 8, line 36 skipping to change at page 8, line 36
require ["extlists", "envelope", "subaddress"]; require ["extlists", "envelope", "subaddress"];
# Submission from list members is sent to all members # Submission from list members is sent to all members
if allof (envelope :detail "to" "mylist", if allof (envelope :detail "to" "mylist",
header :list "from" header :list "from"
"tag:example.com,2010-05-28:mylist") { "tag:example.com,2010-05-28:mylist") {
redirect :list "tag:example.com,2010-05-28:mylist"; redirect :list "tag:example.com,2010-05-28:mylist";
} }
2.8.4. Example 4
This example uses variable matching [RFC5229] to extract the IP
address from the last "Received" header field. It then checks that
against a "block list" of undesirable IP addresses, and rejects the
message if there's a match.
require ["variables", "extlists", "index", "reject"];
if header :index 1 :matches "received" "*(* [*.*.*.*])*" {
set "ip" "${3}.${4}.${5}.${6}";
if string :list "${ip}"
"tag:example.com,2011-04-10:DisallowedIPs" {
reject "Message not allowed from this IP address";
}
}
2.8.5. Example 5
This example uses several features of the MIME parts extension
[RFC5703] to scan for unsafe attachment types. To make it easily
extensible, the unsafe types are kept in an external list, which
would be shared among all users and all scripts, avoiding the need to
change scripts when the list changes.
[Note that this is an illustrative example, and more rigorous malware
filtering is advisable. It is insufficient to base email security on
checks of filenames alone.]
require [ "extlists", "foreverypart", "mime", "enclose" ];
foreverypart
{
if header :mime :param "filename"
:list ["Content-Type", "Content-Disposition"]
"tag:example.com,2011-04-10:BadFileNameExts"
{
# these attachment types are executable
enclose :subject "Warning" :text
WARNING! The enclosed message attachments that might be unsafe.
These attachment types may contain a computer virus program
that can infect your computer and potentially damage your data.
Before clicking on these message attachments, you should verify
with the sender that this message was sent intentionally, and
that the attachments are safe to open.
.
;
break;
}
}
3. Security Considerations 3. Security Considerations
Security considerations related to the "address"/"envelope"/"header" Security considerations related to the "address"/"envelope"/"header"
tests and "redirect" action discussed in Sieve [RFC5228] also apply tests and "redirect" action discussed in Sieve [RFC5228] also apply
to this document. to this document.
External list memberships ought to be treated as if they are an External list memberships ought to be treated as if they are an
integral part of the script, so a temporary failure to access an integral part of the script, so a temporary failure to access an
external list SHOULD be handled in the same way as a temporary external list SHOULD be handled in the same way as a temporary
failure to retrieve the Sieve script itself. failure to retrieve the Sieve script itself.
skipping to change at page 14, line 14 skipping to change at page 15, line 16
"Sieve Email Filtering: Extension for Notifications", "Sieve Email Filtering: Extension for Notifications",
RFC 5435, January 2009. RFC 5435, January 2009.
[RFC5437] Saint-Andre, P. and A. Melnikov, "Sieve Notification [RFC5437] Saint-Andre, P. and A. Melnikov, "Sieve Notification
Mechanism: Extensible Messaging and Presence Protocol Mechanism: Extensible Messaging and Presence Protocol
(XMPP)", RFC 5437, January 2009. (XMPP)", RFC 5437, January 2009.
[RFC5463] Freed, N., "Sieve Email Filtering: Ihave Extension", [RFC5463] Freed, N., "Sieve Email Filtering: Ihave Extension",
RFC 5463, March 2009. RFC 5463, March 2009.
[RFC5703] Hansen, T. and C. Daboo, "Sieve Email Filtering: MIME Part
Tests, Iteration, Extraction, Replacement, and Enclosure",
RFC 5703, October 2009.
Authors' Addresses Authors' Addresses
Alexey Melnikov Alexey Melnikov
Isode Limited Isode Limited
5 Castle Business Village 5 Castle Business Village
36 Station Road 36 Station Road
Hampton, Middlesex TW12 2BX Hampton, Middlesex TW12 2BX
UK UK
Email: Alexey.Melnikov@isode.com Email: Alexey.Melnikov@isode.com
 End of changes. 16 change blocks. 
20 lines changed or deleted 78 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/