draft-ietf-sieve-refuse-reject-01.txt   draft-ietf-sieve-refuse-reject-02.txt 
Internet Draft M. Elvey Internet Draft M. Elvey
Document: draft-ietf-sieve-refuse-reject-01 The Elvey Partnership, Document: draft-ietf-sieve-refuse-reject-02 The Elvey Partnership,
LLC LLC
Expires: September 2006 A. Melnikov Expires: December 2006 A. Melnikov
Isode Ltd Isode Ltd
The SIEVE mail filtering language - reject and refuse extensions The SIEVE mail filtering language - reject extension
draft-ietf-sieve-refuse-reject draft-ietf-sieve-refuse-reject
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
skipping to change at line 48 skipping to change at line 48
This memo defines the SIEVE mail filtering language (RFC This memo defines the SIEVE mail filtering language (RFC
<<3028bis>>) "reject" extension. <<3028bis>>) "reject" extension.
A Joe-job is a spam run forged to appear as though it came from an A Joe-job is a spam run forged to appear as though it came from an
innocent party, who is then generally flooded by the bounces, innocent party, who is then generally flooded by the bounces,
Message Disposition Notifications (MDNs) and messages with Message Disposition Notifications (MDNs) and messages with
complaints. The original Sieve "reject" action defined in RFC 3028 complaints. The original Sieve "reject" action defined in RFC 3028
required use of MDNs for rejecting messages, thus contributing to required use of MDNs for rejecting messages, thus contributing to
the flood of Joe-job spam to victims of Joe-jobs. This document the flood of Joe-job spam to victims of Joe-jobs. This document
updates definition of "reject" to allow for rejecting messages updates definition of "reject" to require rejecting messages during
during the SMTP transaction. the SMTP transaction (instead of accepting them and then sending
MDNs back to the alleged sender) wherever possible, thereby
reducing the problem.
Table of Contents Table of Contents
1. Introduction 3 1. Introduction 2
2. Conventions Used in this Document 3 2. Conventions Used in this Document 3
3. SIEVE "reject" extension 4 3. SIEVE "reject" extension 3
3.1 Action reject 4 3.1 Action reject 3
3.2 "reject" compatibility with other actions 7 3.2 "reject" compatibility with other actions 7
4. Security Considerations 7 4. Security Considerations 7
5. IANA Considerations 7 5. IANA Considerations 7
5.1 reject extension registration 7 5.1 reject extension registration 7
5.2 refuse extension registration 8 5.2 refuse extension registration 8
6. References 8 6. References 8
6.1 Normative References 8 6.1 Normative References 8
6.2 Informative References 8 6.2 Informative References 8
7. Acknowledgments 8 7. Acknowledgments 9
8. Author's Addresses 9 8. Author's Addresses 9
9. Intellectual Property Rights Statement 9 9. Intellectual Property Rights Statement 9
10. Full Copyright Statement 10 10. Full Copyright Statement 10
11. Changes from RFC 3028 10 11. Changes from RFC 3028 11
12. Change Log 10 12. Change Log 11
1. Introduction 1. Introduction
The SIEVE mail filtering language [SIEVE] "reject" action defined The SIEVE mail filtering language [SIEVE] "reject" action defined
in RFC 3028 only allows users to refuse delivery of a message by in RFC 3028 only allowed users to refuse delivery of a message by
sending an [MDN]. sending an [MDN].
This document updates definition of the "reject" action to permit This document updates definition of the "reject" action to permit
users to handle unwanted email in a way that is sometimes users to handle unwanted email in a way that is sometimes
preferable to the existing 'discard' and the original 'reject' preferable to the existing 'discard' and the original 'reject'
capabilities. When a spam-detection system suspects a message is capabilities. When a spam-detection system suspects a message is
spam, but isn't certain, discarding the email is considered too spam, but isn't certain, discarding the email is considered too
risky for some users, for example, those who receive sales leads by risky for some users, for example, those who receive sales leads by
email. They are willing to use the reject command. Users are email. They are willing to use the reject command. Users are
willing to reject but not discard because the sender of an email willing to reject but not discard because the sender of an email
incorrectly marked as spam will receive a notification that the incorrectly marked as spam will receive a notification that the
email was refused, and will likely try again to contact the email was refused, and will likely try again to contact the
intended recipient, perhaps via another method of communication. intended recipient, perhaps via another method of communication.
Unfortunately, this usage is problematic, because in the usual Unfortunately, this usage is problematic, because in the usual
case, the email is indeed spam, and the alleged sender to whom the case, the email is indeed spam, and the alleged sender to whom an
MDN caused by the reject will be sent will often be an innocent Joe- MDN caused by the reject will be sent will often be an innocent Joe-
job victim. The updated "reject" is less likely to result in email job victim. The updated "reject" is less likely to result in email
to an innocent victim, because it allows to refuse to accept an to an innocent victim, because it requires that an implemention
email for delivery instead of accepting it and then sending an MDN. refuse to accept an email for delivery instead of accepting it and
Much spam is sent through open proxies, so SMTP level refusal then sending an MDN wherever possible. Much spam is sent through
reduces Joe-job bounces (AKA backscatter) resulting from usage of open proxies, so SMTP level refusal reduces Joe-job bounces (AKA
MDNs. The updated "reject" will also reduce Joe-jobs caused by backscatter) resulting from usage of MDNs. The updated "reject"
virus self-propagation via emails with false sender information. will also reduce Joe-jobs caused by virus self-propagation via
SMTP level refusal may conserve bandwidth, by reducing the number emails with false sender information. SMTP level refusal helps to
of MDNs sent. Further discussion highlighting the risks of prevent the blacklisting of sources of backscatter and conserve
generating MDNs and the benefits of protocol level refusal can be bandwidth, by reducing the number of MDNs sent. Further discussion
found in [Joe-DoS]. highlighting the risks of generating MDNs and the benefits of
protocol level refusal can be found in [Joe-DoS].
2. Conventions Used in this Document 2. Conventions Used in this Document
Conventions for notations are as in [SIEVE] section 1.1, including The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
use of [KEYWORDS]. "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in
this document are to be interpreted as described in RFC 2119.
Conventions for notations are as in [SIEVE] section 1.1.
This document does not attempt to define what exactly constitutes a This document does not attempt to define what exactly constitutes a
spam or virus containing email or how it should be identified, or spam or virus containing email or how it should be identified.
what actions should be taken when detected.
3. SIEVE "reject" extension 3. SIEVE "reject" extension
SIEVE implementations that implement the "reject" action must use SIEVE implementations that implement the "reject" action must use
the "reject" capability string. the "reject" capability string.
3.1 Action reject 3.1 Action reject
Usage: reject <reason: string> Usage: reject <reason: string>
The "reject" action cancels the implicit keep and refuses delivery The "reject" action cancels the implicit keep and refuses delivery
of a message. How message is refused depends on capabilities of of a message. The reason string is a UTF-8 [UTF-8] string
mail component (MUA, MDA or MTA) executing the Sieve script. The specifying the reason for refusal. How message is refused depends
Sieve interpreter must do one of the following actions, as detailed on capabilities of mail component (MUA, MDA or MTA) executing the
by the following priority table (items listed earlier take Sieve script. The Sieve interpreter must do one of the following
precedence). Note that if action can not be taken or fails, the actions, as detailed by the following priority table (items listed
interpreter should try the next item in the list: earlier take precedence). Note that if action can not be taken or
fails, the interpreter should try the next item in the list:
1. If message return-path (MAIL FROM) is empty the message MAY be 1. If message return-path (MAIL FROM) is empty the message SHOULD be
accepted and discarded. accepted and discarded.
2. If a "reject" implementation performs a return-path 2. If a "reject" implementation performs a return-path verification
verification and it clearly indicates that the message has a and it clearly indicates that the message has a forged return-path,
forged return-path, the implementation need not refuse mail the implementation need not refuse mail delivery, but rather MAY
delivery, but rather MAY accept and discard it. accept and discard it.
3. Message delivery is refused by sending 5XX response code over 3. Message delivery is refused by sending 5XX response code over
SMTP/LMTP. See section 3.1.1 for more details. SMTP [SMTP] or LMTP [LMTP]. See section 3.1.1 for more details.
4. Message delivery is refused by sending a non delivery report 4. Message delivery is refused by sending a non delivery report
(DSN). See section 3.1.2 for more details. (DSN [DSN]). See section 3.1.2 for more details.
5. Message delivery is refused by sending a message disposition 5. Message delivery is refused by sending a message disposition
notification report (MDN). See section 3.1.3 for more details. notification report (MDN). See section 3.1.3 for more details.
3.1.1 Rejecting message at SMTP/LMTP protocol level 3.1.1 Rejecting messages at SMTP/LMTP protocol level
Sieve engines that are able to reject messages at SMTP/LMTP level Sieve implementations that are able to reject messages at SMTP/LMTP
SHOULD use 550 response code. Note that it is not always possible level SHOULD use the 550 response code. Note that if a message is
to do that, for example if the message is arriving over SMTP and arriving over SMTP and has multiple recipients, some of which have
has multiple recipients, some of which have accepted the message. accepted the message, or the Sieve implementation is part of an
See section 3.1.2 for recommendations on how to reject message in MUA, section 3.1.2 and section 3.1.3 define how to reject such a
such case. message.
<<Open issue: do we want to allow for non-ascii text below and do <<Open issue: do we want to allow for non-ascii text below and do
we need a way to control "reject with DSN containing non-ascii we need a way to control "reject with DSN containing non-ascii
text" versa "replace non-ascii characters with ?">> text" vs. "replace non-ascii characters with ?">>
Note that SMTP [SMTP] doesn't allow for non-ASCII characters in Note that SMTP [SMTP] doesn't allow for non-ASCII characters in
SMTP response text. It is an error for non-ASCII characters to SMTP response text. If non-ASCII characters appear in the "reason"
appear in the "reason" string (unless the client and the server use string, they may be sent if and only if the client and the server
an SMTP extension that allows for transmission of non-ASCII reply use an SMTP extension that allows for transmission of non-ASCII
text). reply text. Otherwise, the implementation should either consider it
an error, or accept the message and generate DSN as described in
section 3.1.2.
If the "reason" string is multiline, than the reason text MUST be If the "reason" string is multiline, than the reason text MUST be
returned as a multiline SMTP/LMTP response, per [SMTP], section returned as a multiline SMTP/LMTP response, per [SMTP], section
4.2.1. Any line MUST NOT exceed the SMTP limit on the maximal line 4.2.1. Any line MUST NOT exceed the SMTP limit on the maximal line
length. To make the reason string conform to any such limits the length. To make the reason string conform to any such limits the
server MAY insert CRLFs and turn the response into multiline server MAY insert CRLFs and turn the response into a multiline
response. response.
In the following script (which assumes support for the spamtest and In the following script (which assumes support for the spamtest
fileinto extensions), messages that test highly positive for spam [SPAMTEST] and fileinto extensions), messages that test highly
are refused. positive for spam are refused.
Example: Example:
require ["reject", "spamtest", require ["reject", "spamtest",
"comparator-i;ascii-numeric", "fileinto"] "comparator-i;ascii-numeric", "fileinto"];
if spamtest :value "ge" :comparator "i;ascii-numeric" "6" { if spamtest :value "ge" :comparator "i;ascii-numeric" "6" {
refuse text: refuse text:
AntiSpam engine thinks your message is spam. AntiSpam engine thinks your message is spam.
It is therefore being refused. It is therefore being refused.
Please call 1-900-PAY-US if you want to reach us. Please call 1-900-PAY-US if you want to reach us.
. .
; ;
} elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" { } elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" {
fileinto "Suspect"; fileinto "Suspect";
skipping to change at line 209 skipping to change at line 217
Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED. Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED.
With Enhanced Error Code the response to DATA command in the SMTP With Enhanced Error Code the response to DATA command in the SMTP
example below will look like: example below will look like:
S: 550-5.7.1 AntiSpam engine thinks your message is spam. S: 550-5.7.1 AntiSpam engine thinks your message is spam.
S: 550-5.7.1 It is therefore being refused. S: 550-5.7.1 It is therefore being refused.
S: 550 5.7.1 Please call 1-900-PAY-US if you want to reach us. S: 550 5.7.1 Please call 1-900-PAY-US if you want to reach us.
if the server selected "5.7.1" as appropriate. if the server selected "5.7.1" as appropriate.
If a Sieve implementation that supports "reject" doesn't wish to
immediately disclose the reason for rejection (for example that it
detected spam), it may delay immediate sending the 550 error code
by sending a 4XX error code on the first attempt to receive the
message.
3.1.2 Rejecting message by sending DSN 3.1.2 Rejecting message by sending DSN
If the implementation receives a message via SMTP that has more If the implementation receives a message via SMTP that has more
than one RCPT TO that has been accepted by the server, and at least than one RCPT TO that has been accepted by the server, and at least
one but not all of them are refusing delivery (whether the refusal one but not all of them are refusing delivery (whether the refusal
is caused by execution of a Sieve "reject" or for another reason). is caused by execution of a Sieve "reject" or for another reason).
In this case, the server MUST accept the message and generate DSNs In this case, the server MUST accept the message and generate DSNs
for all recipients that are refusing it. Note that this exception for all recipients that are refusing it. Note that this exception
does not apply to LMTP, as LMTP is able to reject messages on a per- does not apply to LMTP, as LMTP is able to reject messages on a per-
recipient basis. recipient basis.
3.1.3 Rejecting message by sending MDN 3.1.3 Rejecting message by sending MDN
When Sieve engine is running inside MUA it has no ability to reject When Sieve engine is running inside MUA it has no ability to reject
the message before it was delivered, as the message is already the message before it was delivered, as the message is already
deliverd. In this case the client should send a Message Disposition delivered. In this case the client should send a Message
Notification [MDN] back to the sender. It resends the message to Disposition Notification [MDN] back to the sender. It resends the
the sender as specified in the Return-Path header field, wrapping message to the sender as specified in the Return-Path header field,
it in a "reject" form, noting that it was rejected by the wrapping it in a "reject" form, noting that it was rejected by the
recipient. In the following script, a message is rejected and recipient.
returned to the sender. MTAs and MDAs SHOULD NOT implement "reject" by sending MDNs, they
SHOULD reject at protocol level as described in section 3.1.1.
In the following script, a message is rejected and returned to the
sender.
Example: Example:
require ["reject"] require ["reject"];
if header :contains "from" "coyote@desert.example.org" if header :contains "from" "coyote@desert.example.org"
{ {
reject text: reject text:
I am not taking mail from you, and I don't I am not taking mail from you, and I don't
want your birdseed, either!" want your birdseed, either!"
. .
; ;
} }
skipping to change at line 269 skipping to change at line 286
The MDN action-value field as defined in the MDN specification MUST The MDN action-value field as defined in the MDN specification MUST
be "deleted" and MUST have the MDN-sent-automatically and automatic- be "deleted" and MUST have the MDN-sent-automatically and automatic-
action modes set. action modes set.
3.2 "reject" compatibility with other actions 3.2 "reject" compatibility with other actions
A "reject" action cancels the implicit keep. A "reject" action cancels the implicit keep.
Implementations MUST prohibit the execution of more than one reject Implementations MUST prohibit the execution of more than one reject
in a SIEVE script. "Reject" is also incompatible with the in a SIEVE script. "Reject" is also incompatible with the
"vacation" [VACATION] extensions. "vacation" [VACATION] extensions. Implementations SHOULD prohibit
reject when used with other actions, in particular "reject" SHOULD
be incompatible with keep, fileinto, redirect and discard.
Any action that would modify the message body will not have effect Any action that would modify the message body will not have effect
on the body of any message refused by "reject" using the 550 SMTP on the body of any message refused by "reject" using the 550 SMTP
response code <<and might not have any effect on context of response code and MUST NOT have any effect on context of generated
generated DSN/MDNs>>. DSN/MDNs.
Implementations SHOULD prohibit reject when used with other
actions.
4. Security Considerations 4. Security Considerations
The "reject" extension does not raise any security considerations
that are not present in the base [SIEVE] protocol, and these issues
are discussed in [SIEVE]. <<Mail loops>>
The Introduction section talks about why rejecting messages before The Introduction section talks about why rejecting messages before
delivery is better then accepting and bouncing them. delivery is better then accepting and bouncing them.
Security issues associated with mail auto-responders are fully
discussed in the security consideration section of [RFC3834]. This
document is believed not to introduce any additional security
considerations in this general area.
The "reject" extension does not raise any other security
considerations that are not already present in the base [SIEVE]
protocol, and these issues are discussed in [SIEVE].
5. IANA Considerations 5. IANA Considerations
The following section provides the IANA registrations for the Sieve The following section provides the IANA registrations for the Sieve
extensions specified in this document: extensions specified in this document:
5.1 reject extension registration 5.1 reject extension registration
IANA is requested to update the registration for the SIEVE "reject" IANA is requested to update the registration for the SIEVE "reject"
extension to point to this document. extension to point to this document.
IANA is also requested to update Tim Showalter's email address to IANA is also requested to update Tim Showalter's email address to
be be
tjs@psaux.com tjs@psaux.com
5.2 refuse extension registration 5.2 refuse extension registration
IANA is requested to remove registration of the refuse extension. IANA is requested to remove registration of the refuse extension.
<<Should this be taken care of by talking directly to IANA?>>
6. References 6. References
6.1 Normative References 6.1 Normative References
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997. Requirement Levels", RFC 2119, March 1997.
[SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering [SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering
Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt
skipping to change at line 332 skipping to change at line 354
Delivery Status Notifications", University of Tennessee, Lucent Delivery Status Notifications", University of Tennessee, Lucent
Technologies, RFC 3464, January 2003. Technologies, RFC 3464, January 2003.
[MDN] Fajman, R., "An Extensible Message Format for Message [MDN] Fajman, R., "An Extensible Message Format for Message
Disposition Notifications", National Institutes of Health, RFC Disposition Notifications", National Institutes of Health, RFC
2298, March 1998. 2298, March 1998.
[ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning [ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning
Enhanced Error Codes", Innosoft, RFC 2034, October 1996. Enhanced Error Codes", Innosoft, RFC 2034, October 1996.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 3629, November 2003.
[VACATION] Showalter, T. and N. Freed, "Sieve Email Filtering:
Vacation Extension", work in progress, draft-ietf-sieve-vacation-XX.txt.
6.2 Informative References 6.2 Informative References
[Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non [Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non
Delivery Message DDoS Attacks", 5 April 2004", Delivery Message DDoS Attacks", 5 April 2004",
<http://www.techzoom.net/paper-mailbomb.asp>. <http://www.techzoom.net/paper-mailbomb.asp>.
[SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and [SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and
Virustest Extensions", work in progress, draft-ietf-sieve- Virustest Extensions", work in progress, draft-ietf-sieve-
spamtestbis-XX.txt spamtestbis-XX.txt
<<Note that this reference can be safely replaced with RFC 3685.>> <<Note to the RFC editor: this reference can be safely replaced
with RFC 3685.>>
[RFC3834] Moore, K., "Recommendations for Automatic Responses to
Electronic Mail", RFC 3834, August 2004.
7. Acknowledgments 7. Acknowledgments
Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner, Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner,
Mark E. Mallett, Philip Guenther and Michael Haardt for comments Mark E. Mallett, Philip Guenther and Michael Haardt for comments
and corrections. and corrections.
The authors gratefully acknowledge the extensive work of Tim The authors gratefully acknowledge the extensive work of Tim
Showalter as the author of the RFC 3028, which originally defined Showalter as the author of the RFC 3028, which originally defined
"reject". the "reject" action.
8. Author's Addresses 8. Author's Addresses
Matthew Elvey Matthew Elvey
The Elvey Partnership, LLC The Elvey Partnership, LLC
3042 Sacramento-ietf St Ste 04 3042 Sacramento-ietf St Ste 04
San Francisco, CA San Francisco, CA
U.S.A. U.S.A.
Email: sieve3@matthew.elvey.com Email: sieve3@matthew.elvey.com
skipping to change at line 426 skipping to change at line 458
Internet Society. Internet Society.
11. Changes from RFC 3028 11. Changes from RFC 3028
Clarified that the "reject" action cancels the implicit keep. Clarified that the "reject" action cancels the implicit keep.
Extended list of allowable actions on reject to include protocol Extended list of allowable actions on reject to include protocol
level message rejection and generation of DSNs. level message rejection and generation of DSNs.
12. Change Log 12. Change Log
<<Note that this section will be deleted before publication.>> <<NOTE to the RFC editor: please delete this section before
publication.>>
00 First formal draft. 00 First formal draft.
01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos 01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos
corrected, clarifications, etc. corrected, clarifications, etc.
02 Many insubstantial editorial changes (mostly rewording text for 02 Many insubstantial editorial changes (mostly rewording text for
readability). Added text regarding non-ASCII characters in the readability). Added text regarding non-ASCII characters in the refuse
refuse "reason" string. Added an exception allowing return-path "reason" string. Added an exception allowing return-path forgery to
forgery to justify discarding a message. justify discarding a message.
03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject 03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject
action from the base spec, acknowledged Tim as the author of action from the base spec, acknowledged Tim as the author of "reject".
"reject".
04 (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject 04 (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject
actions were merged into a single action called reject. Text actions were merged into a single action called reject. Text
reorganized as the result. Typos and examples corrected. Updated reorganized as the result. Typos and examples corrected. Updated IANA
IANA registration and Security Considerations sections. registration and Security Considerations sections.
05 (SIEVE WG 02) Copied some security considerations from Vacation
draft. Clarified that the "reason" string is in UTF-8. Clarified
interaction with "editheader" extension. Added text about sending of
4XX instead of 550. Corrected typos in several examples.
 End of changes. 40 change blocks. 
82 lines changed or deleted 114 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/