draft-ietf-sieve-include-13.txt   draft-ietf-sieve-include-14.txt 
Network Working Group C. Daboo Network Working Group C. Daboo
Internet-Draft A. Stone Internet-Draft A. Stone
Intended status: Standards Track September 27, 2011 Intended status: Standards Track January 5, 2012
Expires: March 30, 2012 Expires: July 8, 2012
Sieve Email Filtering: Include Extension Sieve Email Filtering: Include Extension
draft-ietf-sieve-include-13 draft-ietf-sieve-include-14
Abstract Abstract
The Sieve Email Filtering "include" extension permits users to The Sieve Email Filtering "include" extension permits users to
include one Sieve script inside another. This can make managing include one Sieve script inside another. This can make managing
large scripts or multiple sets of scripts much easier, and allows a large scripts or multiple sets of scripts much easier, and allows a
site and its users to build up libraries of scripts. Users are able site and its users to build up libraries of scripts. Users are able
to include their own personal scripts or site-wide scripts. to include their own personal scripts or site-wide scripts.
Status of this Memo Status of this Memo
skipping to change at page 1, line 34 skipping to change at page 1, line 34
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF). Note that other groups may also distribute Task Force (IETF). Note that other groups may also distribute
working documents as Internet-Drafts. The list of current Internet- working documents as Internet-Drafts. The list of current Internet-
Drafts is at http://datatracker.ietf.org/drafts/current/. Drafts is at http://datatracker.ietf.org/drafts/current/.
Internet-Drafts are draft documents valid for a maximum of six months Internet-Drafts are draft documents valid for a maximum of six months
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
This Internet-Draft will expire on March 30, 2012. This Internet-Draft will expire on July 8, 2012.
Copyright Notice Copyright Notice
Copyright (c) 2011 IETF Trust and the persons identified as the Copyright (c) 2012 IETF Trust and the persons identified as the
document authors. All rights reserved. document authors. All rights reserved.
This document is subject to BCP 78 and the IETF Trust's Legal This document is subject to BCP 78 and the IETF Trust's Legal
Provisions Relating to IETF Documents Provisions Relating to IETF Documents
(http://trustee.ietf.org/license-info) in effect on the date of (http://trustee.ietf.org/license-info) in effect on the date of
publication of this document. Please review these documents publication of this document. Please review these documents
carefully, as they describe your rights and restrictions with respect carefully, as they describe your rights and restrictions with respect
to this document. Code Components extracted from this document must to this document. Code Components extracted from this document must
include Simplified BSD License text as described in Section 4.e of include Simplified BSD License text as described in Section 4.e of
the Trust Legal Provisions and are provided without warranty as the Trust Legal Provisions and are provided without warranty as
described in the Simplified BSD License. described in the Simplified BSD License.
Table of Contents Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 3
2. Conventions Used in This Document . . . . . . . . . . . . . . 3 2. Conventions Used in This Document . . . . . . . . . . . . . . 3
3. Include Extension . . . . . . . . . . . . . . . . . . . . . . 3 3. Include Extension . . . . . . . . . . . . . . . . . . . . . . 3
3.1. General Considerations . . . . . . . . . . . . . . . . . . 3 3.1. General Considerations . . . . . . . . . . . . . . . . . . 3
3.2. Control Structure include . . . . . . . . . . . . . . . . 5 3.2. Control Structure include . . . . . . . . . . . . . . . . 5
3.3. Control Structure return . . . . . . . . . . . . . . . . . 8 3.3. Control Structure return . . . . . . . . . . . . . . . . . 8
3.4. Interaction with Variables . . . . . . . . . . . . . . . . 8 3.4. Interaction with Variables Extension . . . . . . . . . . . 8
3.4.1. Control Structure global . . . . . . . . . . . . . . . 8 3.4.1. Control Structure global . . . . . . . . . . . . . . . 8
3.4.2. Variables Namespace global . . . . . . . . . . . . . . 10 3.4.2. Variables Namespace global . . . . . . . . . . . . . . 10
3.5. Interaction with Other Extensions . . . . . . . . . . . . 11
4. Security Considerations . . . . . . . . . . . . . . . . . . . 11 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 12
5.1. "include" Extension Registration . . . . . . . . . . . . . 12 5.1. "include" Extension Registration . . . . . . . . . . . . . 12
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . . 12 6.2. Informative References . . . . . . . . . . . . . . . . . . 13
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 12 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 13
Appendix B. Change History (to be removed prior to Appendix B. Change History (to be removed prior to
publication as an RFC) . . . . . . . . . . . . . . . 12 publication as an RFC) . . . . . . . . . . . . . . . 13
Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 15 Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . . 16
1. Introduction and Overview 1. Introduction and Overview
It's convenient to be able to break SIEVE [RFC5228] scripts down into It's convenient to be able to break SIEVE [RFC5228] scripts down into
smaller components which can be reused in a variety of different smaller components which can be reused in a variety of different
circumstances. For example, users may want to have a default script circumstances. For example, users may want to have a default script
and a special 'vacation' script, the latter being activated when the and a special 'vacation' script, the latter being activated when the
user goes on vacation. In that case the default actions should user goes on vacation. In that case the default actions should
continue to be run, but a vacation command should be executed first. continue to be run, but a vacation command should be executed first.
One option is to edit the default script to add or remove the One option is to edit the default script to add or remove the
skipping to change at page 4, line 21 skipping to change at page 4, line 21
Sieve implementations are allowed to limit the total number of nested Sieve implementations are allowed to limit the total number of nested
included scripts, but MUST provide for a total of at least three included scripts, but MUST provide for a total of at least three
levels of nested scripts including the top-level script. An error levels of nested scripts including the top-level script. An error
MUST be generated either when the script is uploaded to the Sieve MUST be generated either when the script is uploaded to the Sieve
repository, or when the script is executed, if any nesting limit is repository, or when the script is executed, if any nesting limit is
exceeded. If such an error is detected whilst processing a Sieve exceeded. If such an error is detected whilst processing a Sieve
script, an implicit "keep" action MUST be executed to prevent loss of script, an implicit "keep" action MUST be executed to prevent loss of
any messages. any messages.
Sieve implementations MUST NOT allow recursive script inclusion. An Sieve implementations MUST NOT allow recursive script inclusion.
error MUST be generated when such a script is executed. An error Both direct recursion, where script A includes script A (itself), and
SHOULD be generated when such a script is marked active with indirect recursion, where script A includes script B which includes
MANAGESIEVE [RFC5804] or similar mechanisms. Implementations MUST script A once again, are prohibited.
NOT generate errors for recursive inclusions at upload time, as this
would force an upload ordering requirement upon script authors / Sieve implementations MUST generate an error at execution time if an
generators. However, if an active script is replaced with a faulty included script is a recursive inclusion. Implementations MUST NOT
script and would remain the active script, an error MUST be generated generate errors for recursive includes at upload time, as this would
and the upload MUST fail. If an include recursion error is detected force an upload ordering requirement upon script authors and
during script execution, an implicit "keep" action MUST be executed generators.
to prevent loss of any messages.
Sieve implementations MUST generate an error at execution time if an Sieve implementations MUST generate an error at execution time if an
included script does not exist, except when the ":optional" parameter included script does not exist, except when the ":optional" parameter
is specified. Implementations MUST NOT generate errors for scripts is specified. Implementations MUST NOT generate errors for scripts
missing at upload time, as this would force an upload ordering missing at upload time, as this would force an upload ordering
requirement upon script authors / generators. requirement upon script authors and generators.
If the Sieve "variables" extension [RFC5229] is present, an issue If the Sieve "variables" extension [RFC5229] is present, an issue
arises with the "scope" of variables defined in scripts that may arises with the "scope" of variables defined in scripts that may
include each other. For example, if a script defines the variable include each other. For example, if a script defines the variable
"${status}" with one particular meaning or usage, and another defines "${status}" with one particular meaning or usage, and another defines
"${status}" with a different meaning, then if one script includes the "${status}" with a different meaning, then if one script includes the
other there is an issue as to which "${status}" is being referenced. other there is an issue as to which "${status}" is being referenced.
To solve this problem, Sieve implementations MUST follow the scoping To solve this problem, Sieve implementations MUST follow the scoping
rules defined in Section 3.4 and support the "global" command defined rules defined in Section 3.4 and support the "global" command defined
there. there.
skipping to change at page 5, line 41 skipping to change at page 5, line 41
The ":once" parameter tells the interpreter only to include the named The ":once" parameter tells the interpreter only to include the named
script if it has not already been included at any other point during script if it has not already been included at any other point during
script execution. If the script has already been included, script execution. If the script has already been included,
processing continues immediately following the include command. processing continues immediately following the include command.
Implementations MUST NOT generate an error if an "include :once" Implementations MUST NOT generate an error if an "include :once"
command names a script whose inclusion would be recursive; in this command names a script whose inclusion would be recursive; in this
case, the script MUST be considered previously included and therefore case, the script MUST be considered previously included and therefore
"include :once" will not include it again. "include :once" will not include it again.
Note: It is RECOMMENDED that script authors / generators use the Note: It is RECOMMENDED that script authors and generators use the
":once" parameter only when including a script that performs general ":once" parameter only when including a script that performs general
duties such as declaring global variables and making sanity checks of duties such as declaring global variables and making sanity checks of
the environment. the environment.
The ":optional" parameter indicates that the script may be missing. The ":optional" parameter indicates that the script may be missing.
Ordinarily, an implementation MUST generate an error during execution Ordinarily, an implementation MUST generate an error during execution
if an include command specifies a script that does not exist. When if an include command specifies a script that does not exist. When
":optional" is specified, implementations MUST NOT generate an error ":optional" is specified, implementations MUST NOT generate an error
for a missing script, and MUST continue as if the include command had for a missing script, and MUST continue as if the include command had
not been present. not been present.
The included script MUST be a valid Sieve script. Each script MUST The included script MUST be a valid Sieve script. Implementations
have its own "require" statements for all optional capabilities used MUST validate that each script has its own "require" statements for
by that script. The scope of a "require" statement is the script in all optional capabilities used by that script. The scope of a
which it immediately appears, and neither inherits nor passes on "require" statement is the script in which it immediately appears,
capabilities to other scripts during the course of execution. and neither inherits nor passes on capabilities to other scripts
during the course of execution.
A "stop" command in an included script MUST stop all script A "stop" command in an included script MUST stop all script
processing, including the processing of the scripts that include the processing, including the processing of the scripts that include the
immediate one. The "return" command (described below) stops immediate one. The "return" command (described below) stops
processing of the immediate script only, and allows the scripts that processing of the immediate script only, and allows the scripts that
include it to continue. include it to continue.
The "include" command MAY appear anywhere in a script where a control The "include" command MAY appear anywhere in a script where a control
structure is legal, and MAY be used within another control structure, structure is legal, and MAY be used within another control structure,
e.g., within an "if" or "foreverypart" block (MIME [RFC5703]). The e.g., an "if" block.
included script SHALL NOT have any special control over the control
structure it was included from, e.g., inclusion from within a
"foreverypart" block does not allow the included script to directly
terminate or continue flow of that block.
Examples: Examples:
The user has four scripts stored in their personal repository: The user has four scripts stored in their personal repository:
"default" "default"
This is the default active script that includes several others. This is the default active script that includes several others.
require ["include"]; require ["include"];
skipping to change at page 8, line 27 skipping to change at page 8, line 24
Usage: return Usage: return
The "return" command stops processing of the immediately included The "return" command stops processing of the immediately included
script only and returns processing control to the script which script only and returns processing control to the script which
includes it. If used in the main script (i.e., not in an included includes it. If used in the main script (i.e., not in an included
script), it has the same effect as the "stop" command, including the script), it has the same effect as the "stop" command, including the
appropriate "keep" action if no other actions have been executed up appropriate "keep" action if no other actions have been executed up
to that point. to that point.
3.4. Interaction with Variables 3.4. Interaction with Variables Extension
In order to avoid problems of variables in an included script In order to avoid problems of variables in an included script
"overwriting" those from the script that includes it, this "overwriting" those from the script that includes it, this
specification requires that all variables defined in a script MUST be specification requires that all variables defined in a script MUST be
kept "private" to the immediate script by default - that is, they are kept "private" to the immediate script by default - that is, they are
not "visible" to other scripts. This ensures that two script authors not "visible" to other scripts. This ensures that two script authors
cannot inadvertently cause problems by choosing the same name for a cannot inadvertently cause problems by choosing the same name for a
variable. variable.
However, sometimes there is a need to make a variable defined in one However, sometimes there is a need to make a variable defined in one
skipping to change at page 10, line 44 skipping to change at page 10, line 44
3.4.2. Variables Namespace global 3.4.2. Variables Namespace global
In addition to the "global" command, this document defines the In addition to the "global" command, this document defines the
variables namespace "global", as specified in VARIABLES [RFC5229], variables namespace "global", as specified in VARIABLES [RFC5229],
Section 3. The global namespace has no sub-namespaces (e.g., 'set Section 3. The global namespace has no sub-namespaces (e.g., 'set
"global.data.from" "me@example.com";' is not allowed). The variable- "global.data.from" "me@example.com";' is not allowed). The variable-
name part MUST be a valid identifier (e.g., 'set "global.12" name part MUST be a valid identifier (e.g., 'set "global.12"
"value";' is not valid because "12" is not a valid identifier). "value";' is not valid because "12" is not a valid identifier).
Note that VARIABLES [RFC5229], Section 3, suggests that extensions
should define a namespace that is the same as its capability string
(in this case, "include" rather than "global"). Nevertheless,
references to the "global" namespace without a prior require
statement for the "include" extension MUST cause an error.
Example: Example:
require ["variables", "include"]; require ["variables", "include"];
set "global.i_am_on_vacation" "1"; set "global.i_am_on_vacation" "1";
Variables declared global and variables accessed via the global Variables declared global and variables accessed via the global
namespace MUST be one and the same. In the following example script, namespace MUST each be one and the same. In the following example
we see the variable "i_am_on_vacation" used in a "global" command, script, we see the variable "i_am_on_vacation" used in a "global"
and again with the "global." namespace. Consider these as two command, and again with the "global." namespace. Consider these as
syntaxes with identical meaning. two syntaxes with identical meaning.
Example: Example:
require ["variables", "include", "vacation"]; require ["variables", "include", "vacation"];
global "i_am_on_vacation"; global "i_am_on_vacation";
set "global.i_am_on_vacation" "1"; set "global.i_am_on_vacation" "1";
if string :is "${i_am_on_vacation}" "1" if string :is "${i_am_on_vacation}" "1"
{ {
vacation "It's true, I am on vacation."; vacation "It's true, I am on vacation.";
} }
3.5. Interaction with Other Extensions
When "include" is used with the Editheader extension [RFC5293], any
changes made to headers in a script MUST be propagated both to and
from included scripts. By way of example, if a script deletes one
header and add another, then includes a second script, the included
script MUST NOT see the removed header, and MUST see the added
header. Likewise, if the included script adds or removes a header,
upon returning to the including script, subsequent actions MUST see
the added headers and MUST NOT see the removed headers.
When "include" is used with the MIME extension [RFC5703]
"foreverypart" control structure, the included script MUST be
presented with the current MIME part as though it were the entire
message. A script SHALL NOT have any special control over the
control structure it was included from. In the MIME example once
again, a "stop" or "return" in an included script cannot directly
terminate or continue flow of a "foreverypart" block. In such a
case, the included script should set a global variable that the
including script can test.
4. Security Considerations 4. Security Considerations
Sieve implementations MUST ensure adequate security for the global Sieve implementations MUST ensure adequate security for the global
script repository to prevent unauthorized changes to global scripts. script repository to prevent unauthorized changes to global scripts.
For example, a site policy might enable only certain users with For example, a site policy might enable only certain users with
administrative privileges to modify the global scripts. Site are administrative privileges to modify the global scripts. Site are
advised against allowing all users to have write access to the site's advised against allowing all users to have write access to the site's
global scripts. global scripts.
Sieve implementations MUST ensure that script names are checked for Sieve implementations MUST ensure that script names are checked for
validity and proper permissions prior to inclusion, in order to validity and proper permissions prior to inclusion, in order to
prevent a malicious user from gaining access to files accessible to prevent a malicious user from gaining access to files accessible to
the mail server software that should not be accessible to the user. the mail server software that should not be accessible to the user.
skipping to change at page 11, line 37 skipping to change at page 12, line 18
global scripts. global scripts.
Sieve implementations MUST ensure that script names are checked for Sieve implementations MUST ensure that script names are checked for
validity and proper permissions prior to inclusion, in order to validity and proper permissions prior to inclusion, in order to
prevent a malicious user from gaining access to files accessible to prevent a malicious user from gaining access to files accessible to
the mail server software that should not be accessible to the user. the mail server software that should not be accessible to the user.
Sieve implementations MUST ensure that script names are safe for use Sieve implementations MUST ensure that script names are safe for use
with their storage system. An error MUST be generated either when with their storage system. An error MUST be generated either when
the script is uploaded or at execution time for a script including a the script is uploaded or at execution time for a script including a
name that could be used as a vector to attack the storage system. name that could be used as a vector to attack the storage system. By
way of example, the following include commands should be considered
hostile: 'include "./../..//etc/passwd"', 'include "foo$(`rm
star`)"'.
Beyond these, the "include" extension does not raise any security Beyond these, the "include" extension does not raise any security
considerations that are not present in the base SIEVE [RFC5228] considerations that are not present in the base SIEVE [RFC5228]
document and the VARIABLES [RFC5229] extension. document and the VARIABLES [RFC5229] extension.
5. IANA Considerations 5. IANA Considerations
The following template specifies the IANA registration of the Sieve The following template specifies the IANA registration of the Sieve
extension specified in this document: extension specified in this document:
5.1. "include" Extension Registration 5.1. "include" Extension Registration
To: iana@iana.org
Subject: Registration of new Sieve extension
Capability name: include Capability name: include
Description: adds the "include" command to execute other Sieve Description: adds the "include" command to execute other Sieve
scripts, the "return" action from an included scripts, the "return" action from an included
script, and the "global" command and "global" script, and the "global" command and "global"
variables namespace to access variables shared variables namespace to access variables shared
among included scripts. among included scripts.
RFC number: this RFC RFC number: this RFC
Contact address: the Sieve discussion list <sieve@ietf.org> Contact address: the Sieve discussion list <sieve@ietf.org>
6. References This information has been added to the IANA registry of Sieve
Extensions (currently found at http://www.iana.org).
6. References
6.1. Normative References 6.1. Normative References
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
[RFC5228] Guenther, P. and T. Showalter, "Sieve: An Email Filtering [RFC5228] Guenther, P. and T. Showalter, "Sieve: An Email Filtering
Language", RFC 5228, January 2008. Language", RFC 5228, January 2008.
[RFC5229] Homme, K., "Sieve Email Filtering: Variables Extension", [RFC5229] Homme, K., "Sieve Email Filtering: Variables Extension",
RFC 5229, January 2008. RFC 5229, January 2008.
[RFC5804] Melnikov, A. and T. Martin, "A Protocol for Remotely [RFC5804] Melnikov, A. and T. Martin, "A Protocol for Remotely
Managing Sieve Scripts", RFC 5804, July 2010. Managing Sieve Scripts", RFC 5804, July 2010.
6.2. Informative References 6.2. Informative References
[RFC5293] Degener, J. and P. Guenther, "Sieve Email Filtering:
Editheader Extension", RFC 5293, August 2008.
[RFC5429] Stone, A., "Sieve Email Filtering: Reject and Extended [RFC5429] Stone, A., "Sieve Email Filtering: Reject and Extended
Reject Extensions", RFC 5429, March 2009. Reject Extensions", RFC 5429, March 2009.
[RFC5703] Hansen, T. and C. Daboo, "Sieve Email Filtering: MIME Part [RFC5703] Hansen, T. and C. Daboo, "Sieve Email Filtering: MIME Part
Tests, Iteration, Extraction, Replacement, and Enclosure", Tests, Iteration, Extraction, Replacement, and Enclosure",
RFC 5703, October 2009. RFC 5703, October 2009.
Appendix A. Acknowledgments Appendix A. Acknowledgments
Thanks to Ken Murchison, Rob Siemborski, Alexey Melnikov, Marc Mutz, Thanks to Ken Murchison, Rob Siemborski, Alexey Melnikov, Marc Mutz,
Kjetil Torgrim Homme, Stephan Bosch, Arnt Gulbrandsen, Barry Leiba, Kjetil Torgrim Homme, Stephan Bosch, Arnt Gulbrandsen, Barry Leiba,
and Jeffrey Hutzelman for comments and corrections. and Jeffrey Hutzelman for comments and corrections.
Appendix B. Change History (to be removed prior to publication as an Appendix B. Change History (to be removed prior to publication as an
RFC) RFC)
Changes from ietf-13 to ietf-14:
a. Updated for Last Call comments.
Changes from ietf-12 to ietf-13: Changes from ietf-12 to ietf-13:
a. Nits from Stephan Bosch. a. Nits from Stephan Bosch.
b. Nits from Robert Burrell Donkin. b. Nits from Robert Burrell Donkin.
Changes from ietf-11 to ietf-12: Changes from ietf-11 to ietf-12:
a. Nits from Alexey Melnikov. a. Nits from Alexey Melnikov.
 End of changes. 25 change blocks. 
43 lines changed or deleted 83 lines changed or added

This html diff was produced by rfcdiff 1.41. The latest version is available from http://tools.ietf.org/tools/rfcdiff/