draft-ietf-sieve-refuse-reject-04.txt   draft-ietf-sieve-refuse-reject-05.txt 
Internet Draft M. Elvey Internet Draft Aaron Stone
Document: draft-ietf-sieve-refuse-reject-04 The Elvey Partnership, Document: draft-ietf-sieve-refuse-reject-05 libSieve Project
Intended status: Standards Track Matthew Elvey
Expires: April 7, 2008 The Elvey Partnership,
LLC LLC
Expires: April 2007 A. Melnikov Alexey Melnikov
Isode Ltd Isode, Ltd
October 2006 October 4, 2007
The SIEVE mail filtering language - reject extension Sieve Email Filtering: Reject Extension
draft-ietf-sieve-refuse-reject-04.txt draft-ietf-sieve-refuse-reject-05.txt
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at line 41 skipping to change at line 43
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
A revised version of this draft document will be submitted to the A revised version of this draft document will be submitted to the
RFC editor as a Proposed Standard for the Internet Community. RFC editor as a Proposed Standard for the Internet Community.
Discussion and suggestions for improvement are requested. Discussion and suggestions for improvement are requested.
Distribution of this draft is unlimited. Distribution of this draft is unlimited.
Abstract Abstract
This memo updates the definition the SIEVE mail filtering language (RFC This memo updates the definition of the Sieve mail filtering language
<<3028bis>>) "reject" extension, originally defined in RFC 3028. (RFC draft-ietf-sieve-3028bis-XX.txt) "reject" extension, originally
defined in RFC 3028.
A Joe-job is a spam run forged to appear as though it came from an A "Joe-job" is a spam run forged to appear as though it came from an
innocent party, who is then generally flooded by the bounces, innocent party, who is then generally flooded by automated bounces,
Message Disposition Notifications (MDNs) and messages with Message Disposition Notifications (MDNs), and personal messages with
complaints. The original Sieve "reject" action defined in RFC 3028 complaints. The original Sieve "reject" action defined in RFC 3028
required use of MDNs for rejecting messages, thus contributing to required use of MDNs for rejecting messages, thus contributing to the
the flood of Joe-job spam to victims of Joe-jobs. This document flood of Joe-job spam to victims of Joe-jobs.
updates the definition of "reject" to require rejecting messages
during the SMTP transaction (instead of accepting them and then This memo updates the definition of the "reject" action to allow
sending MDNs back to the alleged sender) wherever possible, thereby messages to be refused during the SMTP transaction, and defines the
reducing the problem. "ereject" action to require messages to be refused during the SMTP
transaction.
The "ereject" action is intended to replace the "reject" action
wherever possible.
Table of Contents Table of Contents
1. Introduction 2 1. Introduction 2
2. Conventions Used in this Document 3 2. Conventions Used in this Document 3
3. SIEVE "reject" extension 3 3. Sieve "reject" and "ereject" extensions X
3.1 Action reject 3 3.1 Action ereject
3.2 "reject" compatibility with other actions 7 3.1.1 Rejecting a message at the SMTP/LMTP protocol level
4. Security Considerations 7 3.1.2 Rejecting a message by sending a DSN
5. IANA Considerations 7 3.2 Action reject
5.1 reject extension registration 7 3.3 "ereject"/"reject" compatibility with other actions
5.2 refuse extension registration 8 3.4 How "reject"/"ereject" should generate MDNs
6. References 8 3.5 How "reject"/"ereject" should perform protocol level refusal
6.1 Normative References 8 4. Security Considerations X
6.2 Informative References 8 5. IANA Considerations X
7. Acknowledgments 9 5.1 reject extension registration X
8. Author's Addresses 9 5.2 refuse extension registration X
9. Intellectual Property Rights Statement 9 6. References X
10. Full Copyright Statement 10 6.1 Normative References X
11. Changes from RFC 3028 11 6.2 Informative References X
12. Change Log 11 7. Acknowledgments X
8. Author's Addresses X
9. Intellectual Property Rights Statement X
10. Full Copyright Statement X
11. Changes from RFC 3028 X
12. Change Log X
1. Introduction 1. Introduction
The SIEVE mail filtering language [SIEVE] "reject" action defined The Sieve mail filtering language [SIEVE] defined in RFC 3028
in RFC 3028 only allowed users to refuse delivery of a message by specifies that "reject" action shall discard a message and send a
sending an [MDN]. Message Disposition Notification [MDN] to the envelope sender along
with an explanatory message.
This document updates definition of the "reject" action to permit This document updates the definition of the "reject" action to permit
users to handle unwanted email in a way that is generally refusal of the message during the SMTP transaction, if possible, and
preferable to the existing 'discard' and the original 'reject' defines a new "ereject" action to require refusal of the message
capabilities. When a spam-detection system suspects a message is during the SMTP transaction.
spam, but isn't certain, discarding the email is considered too
risky for some users, for example, those who receive sales leads by Implementations are further encouraged to use spam-detection systems
email. They are willing to use the reject command. Users are to determine the level of risk associated with sending an MDN,
willing to reject but not discard because the sender of an email allowing implementations to silently drop the MDN if the rejected
incorrectly marked as spam will receive a notification that the message is deemed to be likely spam.
email was refused, and will likely try again to contact the
intended recipient, perhaps via another method of communication. Further discussion highlighting the risks of generating MDNs and the
Unfortunately, this usage is problematic, because in the usual benefits of protocol-level refusal can be found in [Joe-DoS].
case, the email is indeed spam, and the alleged sender to whom an
MDN caused by the reject will be sent will often be an innocent Joe-
job victim. The updated "reject" is less likely to result in email
to an innocent victim, because it requires that an implemention
refuse to accept an email for delivery instead of accepting it and
then sending an MDN wherever possible. Much spam is sent through
open proxies, so SMTP level refusal reduces Joe-job bounces (AKA
backscatter) resulting from usage of MDNs. The updated "reject"
will also reduce Joe-jobs caused by virus self-propagation via
emails with false sender information. SMTP level refusal helps to
prevent the blacklisting of sources of backscatter and conserve
bandwidth, by reducing the number of MDNs sent. Further discussion
highlighting the risks of generating MDNs and the benefits of
protocol-level refusal can be found in [Joe-DoS].
2. Conventions Used in this Document 2. Conventions Used in this Document
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
this document are to be interpreted as described in RFC 2119. document are to be interpreted as described in RFC 2119.
Conventions for notations are as in [SIEVE] section 1.1. Conventions for notations are as in [SIEVE] Section 1.1.
This document does not attempt to define what exactly constitutes a This document does not attempt to define spam or how it should be
spam or virus containing email or how it should be identified. identified, nor to define an email virus or how it should be
detected. Implementations are advised to follow best practices
and keep abreast of current research in these fields.
3. SIEVE "reject" extension 3. Sieve "reject" and "ereject" extensions
SIEVE implementations that implement the "reject" action must use 3.1 Action ereject
the "reject" capability string.
3.1 Action reject Usage: ereject <reason: string>
Usage: reject <reason: string> Sieve implementations that implement the "ereject" action must use
the "ereject" capability string.
The "reject" action cancels the implicit keep and refuses delivery The "ereject" action cancels the implicit keep and refuses delivery
of a message. The reason string is a UTF-8 [UTF-8] string of a message. The reason string is a UTF-8 [UTF-8] string
specifying the reason for refusal. How a message is refused depends specifying the reason for refusal. How a message is refused depends
on the capabilities of the mail component (MUA, MDA or MTA) executing on the capabilities of the mail component (MDA or MTA) executing the
the Sieve script. The Sieve interpreter must do one of the following Sieve script. The Sieve interpreter MUST carry out one of the
actions, as detailed by the following priority table (items listed following actions (listed in order from most to least preferred),
earlier take precedence). Note that if an action can not be taken or SHOULD carry out the most preferable action, and SHOULD fall back to
fails, the interpreter should try the next item in the list: lesser actions if a preferred action fails.
1. If a "reject" implementation performs a return-path verification 1. Refuse message delivery by sending a 5XX response code
and it clearly indicates that the message has a forged return-path, over SMTP [SMTP] or LMTP [LMTP]. See Section 3.1.1 for more
the implementation need not refuse mail delivery, but rather MAY details.
accept and discard it.
2. Message delivery is refused by sending 5XX response code over
SMTP [SMTP] or LMTP [LMTP]. See section 3.1.1 for more details.
3. Message delivery is refused by sending a non delivery report
(DSN [DSN]). See section 3.1.2 for more details.
4. Message delivery is refused by sending a message disposition
notification report (MDN). See section 3.1.3 for more details.
3.1.1 Rejecting messages at the SMTP/LMTP protocol level 2. Discard the message if a return-path verification clearly
indicates that the message has a forged return-path.
3. Send a non-delivery report to the envelope sender
([REPORT] [DSN]). See Section 3.1.2 for more details.
The ereject action MUST NOT be available in environments that do
not support protocol level rejection, e.g. an MUA.
3.1.1 Rejecting a message at the SMTP/LMTP protocol level
Sieve implementations that are able to reject messages at the Sieve implementations that are able to reject messages at the
SMTP/LMTP level MUST do so and SHOULD use the 550 response code. Note SMTP/LMTP level MUST do so and SHOULD use the 550 response code. Note
that if a message is arriving over SMTP and has multiple recipients, that if a message is arriving over SMTP and has multiple recipients,
some of which have accepted the message, or the Sieve implementation some of whom have accepted the message, Section 3.1.2 defines how to
is part of an MUA, section 3.1.2 and section 3.1.3 define how to
reject such a message. reject such a message.
Note that SMTP [SMTP] doesn't allow for non-ASCII characters in the Note that SMTP [SMTP] doesn't allow for non-ASCII characters in the
SMTP response text. If non-ASCII characters appear in the "reason" SMTP response text. If non-ASCII characters appear in the "reason"
string, they can be sent if and only if the client and the server use string, they can be sent at the protocol level if and only if the
an SMTP extension that allows for transmission of non-ASCII reply client and the server use an SMTP extension that allows for
text. (One example of such an SMTP extension is described in transmission of non-ASCII reply text. (One example of such an SMTP
[UTF8-RESP].) In the absence of such an SMTP extension, the Sieve extension is described in [UTF8-RESP].) In the absence of such an
engine MUST replace any reason string containing non-ASCII characters SMTP extension, the Sieve engine MUST replace any reason string
with an implementation-defined ASCII-only string. Implementations being sent at the protocol level and containing non-ASCII
SHOULD notify the user that such replacement took place. Users that characters with an implementation-defined ASCII-only string.
don't like this behavior should consider using "reject :exacttext" as Implementations SHOULD notify the user that such replacement took
described in Section 3.2, if available. place. Users that don't like this behavior should consider using
the "reject" action described in Section 3.2, if available.
If the "reason" string consists of multiple CRLF separated lines,
then the reason text MUST be returned as a multiline SMTP/LMTP
response, per [SMTP], section 4.2.1. Any line MUST NOT exceed the
SMTP limit on the maximal line length. To make the reason string
conform to any such limits the server MAY insert CRLFs and turn the
response into a multiline response.
In the following script (which assumes support for the spamtest
[SPAMTEST] and fileinto extensions), messages that test highly
positive for spam are refused.
Example:
require ["reject", "spamtest",
"comparator-i;ascii-numeric", "fileinto"];
if spamtest :value "ge" :comparator "i;ascii-numeric" "6" {
reject text:
AntiSpam engine thinks your message is spam.
It is therefore being refused.
Please call 1-900-PAY-US if you want to reach us.
.
;
} elsif spamtest :value "ge" :comparator "i;ascii-numeric" "4" {
fileinto "Suspect";
}
The following excerpt from an SMTP session shows it in action.
...
C: DATA
S: 354 Send message, ending in CRLF.CRLF.
...
C: .
S: 550-AntiSpam engine thinks your message is spam.
S: 550-It is therefore being refused.
S: 550 Please call 1-900-PAY-US if you want to reach us.
If the SMTP/LMTP server supports RFC 2034 [ENHANCED-CODES] it MUST
prepend an appropriate Enhanced Error Code to the "reason" text.
Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED.
With an Enhanced Error Code, the response to DATA command in the SMTP
example below will look like:
S: 550-5.7.1 AntiSpam engine thinks your message is spam.
S: 550-5.7.1 It is therefore being refused.
S: 550 5.7.1 Please call 1-900-PAY-US if you want to reach us.
if the server selected "5.7.1" as appropriate.
If a Sieve implementation that supports "reject" doesn't wish to See Section 3.5 for the detailed instructions about performing
immediately disclose the reason for rejection (for example that it protocol level rejection.
detected spam), it may delay immediately sending of the 550 error
code by sending a 4XX error code on the first attempt to receive
the message.
3.1.2 Rejecting a message by sending a DSN 3.1.2 Rejecting a message by sending a DSN
An implementation may receive a message via SMTP that has more An implementation may receive a message via SMTP that has more
than one RCPT TO that has been accepted by the server, and at least than one RCPT TO that has been accepted by the server, and at least
one but not all of them are refusing delivery (whether the refusal one but not all of them are refusing delivery (whether the refusal
is caused by execution of a Sieve "reject" or for another reason). is caused by a Sieve "ereject" action or for some other reason).
In this case, the server MUST accept the message and generate DSNs In this case, the server MUST accept the message and generate DSNs
for all recipients that are refusing it. Note that this exception for all recipients that are refusing it. Note that this exception
does not apply to LMTP, as LMTP is able to reject messages on a per- does not apply to LMTP, as LMTP is able to reject messages on a per-
recipient basis. recipient basis.
Note that according to [DSN], Delivery Status Notifications MUST NOT Note that according to [DSN], Delivery Status Notifications MUST NOT
be generated if the MAIL FROM (return-path) is empty. be generated if the MAIL FROM (or Return-Path) is empty.
3.1.3 Rejecting a message by sending an MDN
When a Sieve engine is running inside an MUA, it has no ability to
reject a message at the SMTP/LMTP protocol level, as final delivery
(in the SMTP sense) is already complete. In this case the client
should send a Message Disposition Notification [MDN] back to the
sender. It resends the message to the sender as specified in the
Return-Path header field, wrapping it in a "reject" form, noting that
it was rejected by the recipient.
MTAs and MDAs MUST NOT implement "reject" by sending MDNs, they
SHOULD reject at the protocol level as described in section 3.1.1.
In the following script, a message is rejected and returned to the
sender.
Note that according to MDN MUST NOT be generated if the MAIL FROM
(Return-path) is empty.
Example:
require ["reject"];
if header :contains "from" "coyote@desert.example.org"
{
reject text:
I am not taking mail from you, and I don't
want your birdseed, either!"
.
;
}
A reject message MUST take the form of a failure MDN as specified The DSN message MUST follow the requirements of [DSN] and [REPORT].
by [MDN]. The human-readable portion of the message, the first The action-value field defined in [DSN], Section 2.3.3, MUST contain
component of the MDN, contains the human readable message the value "failed". The human-readable portion of the non-delivery
describing the error, and it SHOULD contain additional text report MUST contain the reason string from the "ereject" action and
alerting the original sender that mail was refused by a filter. SHOULD contain additional text alerting the apparent original sender
This part of the MDN might appear as follows: that the message was refused by an email filter. This part of the
report might appear as follows:
------------------------------------------------------------ ------------------------------------------------------------
The message was refused by the recipient's mail filtering program. Your message was refused by the recipient's mail filtering program.
The reason given was as follows: The reason given was as follows:
I am not taking mail from you, and I don't want your birdseed, I am not taking mail from you, and I don't want your birdseed,
either! either!
------------------------------------------------------------ ------------------------------------------------------------
The MDN action-value field as defined in the MDN specification MUST 3.2 Action reject
be "deleted" and MUST have the MDN-sent-automatically and automatic-
action modes set.
3.2 :exacttext optional argument to reject action This section updates the definition of the reject action in Section
4.1 of RFC 3028 and is an optional extension to [SIEVE].
SIEVE implementations that implement the :exacttext optional argument Usage: reject <reason: string>
to the "reject" action must advertise the "rejectexact" capability in
addition to the "reject" capability described above.
The :exacttext argument affects how reject processing described in Sieve implementations that implement the "reject" action must use
section 3.1.1 is performed. If this argument is present, and the the "reject" capability string.
SMTP client and server don't both support an SMTP extension that
allows for transmission of non-ASCII reply text and there is The "reject" action cancels the implicit keep and refuses delivery
non-ASCII text in the reason string, then the reason string MUST NOT of a message. The reason string is a UTF-8 [UTF-8] string
be replaced with an implementation defined ASCII-only string as specifying the reason for refusal. Unlike the "ereject" action
defined in 3.1.1. Instead, the Sieve engine MUST try to generate described above, this action would always favor preserving the exact
DSN, in order to preserve the exact text specified in the reason text of the refusal reason. Typically the "reject" action refuses
string. delivery of a message by sending back an [MDN] to the alleged sender
(see Section 3.4). However implementations MAY refuse delivery over
protocol (as detailed in Section 3.5), if and only if all of the
following conditions are true:
1) The reason string consists of only US-ASCII characters
or
The reason string contains non-US-ASCII and both client and server
support and negotiate use of an SMTP/LMTP extension for sending
UTF-8 responses.
2) LMTP protocol is used
or
SMTP protocol is used and the message contains a single recipient
or SMTP protocol is used, the message contains multiple recipients
and all of them refused message delivery (whether using Sieve or
not).
Script generators SHOULD ensure that a rejection action being
executed as a result of an anti-spam/anti-virus positive test
be done using the ereject action, as it is more suitable for such
rejections.
Script generators MAY automatically upgrade scripts that previously
used the reject action for anti-spam/anti-virus related rejections.
Note that such generators MUST make sure that the target environment
can support the ereject action.
Example: Example:
require ["reject", "rejectexact]; require ["reject"];
if size :over 100K { if size :over 100K {
reject :exacttext text: reject text:
Your message is to big. If you want to send me a big attachement, Your message is to big. If you want to send me a big attachment,
put it on a public web site and send me an URL. put it on a public web site and send me an URL.
. .
; ;
} }
<<Pretend that the reason string above contains some non-ASCII text>> (Pretend that the reason string above contains some non-ASCII text)
NOTE: The :exacttext argument has no effect if the Sieve engine is 3.3 "ereject"/"reject" compatibility with other actions
running in an MUA. The :exacttext argument also has no effect if the
Sieve engine is running in an MTA/MDA, but both client and server
support and negotiate use of an SMTP/LMTP extension for sending UTF-8
responses.
3.3 "reject" compatibility with other actions This section applies equally to "reject" and "ereject" actions.
All references to the "reject" action in this section can be replaced
with the "ereject" action.
A "reject" action cancels the implicit keep. A "reject" action cancels the implicit keep.
Implementations MUST prohibit the execution of more than one reject Implementations MUST prohibit the execution of more than one reject
in a SIEVE script. in a Sieve script.
"Reject" MUST be incompatible with the "vacation" [VACATION] "Reject" MUST be incompatible with the "vacation" [VACATION]
action. It is NOT RECOMMENDED that implementations permit the use of action. It is NOT RECOMMENDED that implementations permit the use of
"reject" with actions that cause mail delivery, such as "keep", "reject" with actions that cause mail delivery, such as "keep",
"fileinto", "redirect". "fileinto", "redirect".
Making "reject" compatible with actions that cause mail delivery Making "reject" compatible with actions that cause mail delivery
violates the RFC 2821 principle that a message is either delivered or violates the RFC 2821 principle that a message is either delivered or
bounced back to the sender. So bouncing a message back (rejecting) bounced back to the sender. So bouncing a message back (rejecting)
and delivering it will make the sender believe that the message was and delivering it will make the sender believe that the message was
not delivered. not delivered.
However, there are existing laws requiring certain organizations to However, there are existing laws requiring certain organizations to
archive all received messages, even the rejected ones. Also, it can archive all received messages, even the rejected ones. Also, it can
be quite useful to save copies of rejected messages for later be quite useful to save copies of rejected messages for later
analysis. analysis.
Any action that would modify the message body will not have an effect Any action that would modify the message body will not have an effect
on the body of any message refused by "reject" using an SMTP response on the body of any message refused by "reject" using an SMTP response
code and MUST NOT have any effect on the content of generated code and MUST NOT have any effect on the content of generated
DSN/MDNs. DSN/MDNs.
3.4 Rejecting a message by sending an MDN
The reject action resends the received message to the envelope sender
specified by the MAIL FROM (or Return-Path) address, wrapping it in
a "reject" form, explaining that it was rejected by the recipient.
Note that according to [MDN], Message Disposition Notifications MUST
NOT be generated if the MAIL FROM (or Return-Path) is empty.
A reject message MUST take the form of a failure MDN as specified
by [MDN]. The human-readable portion of the message, the first
component of the MDN, contains the human readable message
describing the error, and it SHOULD contain additional text
alerting the apparent original sender that mail was refused by an
email filter.
The MDN disposition-field as defined in the MDN specification MUST
be "deleted" and MUST have the "MDN-sent-automatically" and
"automatic-action" modes set (see Section 3.2.6 of [MDN]).
In the following script, a message is rejected and returned to the
alleged sender.
Example:
require ["reject"];
if header :contains "from" "coyote@desert.example.org" {
reject text:
I am not taking mail from you, and I don't
want your birdseed, either!"
.
;
}
For this script, the first part of the MDN might appear as follows:
------------------------------------------------------------
The message was refused by the recipient's mail filtering program.
The reason given was as follows:
I am not taking mail from you, and I don't want your birdseed,
either!
------------------------------------------------------------
3.5 How "reject"/"ereject" should perform protocol level refusal
If the "reason" string consists of multiple CRLF separated lines,
then the reason text MUST be returned as a multiline SMTP/LMTP
response, per [SMTP], Section 4.2.1. Any line MUST NOT exceed the
SMTP limit on the maximal line length. To make the reason string
conform to any such limits the server MAY insert CRLFs and turn the
response into a multiline response.
In the following script (which assumes support for the spamtest
[SPAMTEST] and fileinto extensions), messages that test highly
positive for spam are refused.
Example:
require ["ereject", "spamtest", "fileinto",
"comparator-i;ascii-numeric"];
if spamtest :value "ge"
:comparator "i;ascii-numeric" "6" {
ereject text:
AntiSpam engine thinks your message is spam.
It is therefore being refused.
Please call 1-900-PAY-US if you want to reach us.
.
;
} elsif spamtest :value "ge"
:comparator "i;ascii-numeric" "4" {
fileinto "Suspect";
}
The following excerpt from an SMTP session shows it in action.
...
C: DATA
S: 354 Send message, ending in CRLF.CRLF.
...
C: .
S: 550-AntiSpam engine thinks your message is spam.
S: 550-It is therefore being refused.
S: 550 Please call 1-900-PAY-US if you want to reach us.
If the SMTP/LMTP server supports RFC 2034 [ENHANCED-CODES] it MUST
prepend an appropriate Enhanced Error Code to the "reason" text.
Enhanced Error code 5.7.1 or a more generic 5.7.0 are RECOMMENDED.
With an Enhanced Error Code, the response to DATA command in the SMTP
example below will look like:
S: 550-5.7.1 AntiSpam engine thinks your message is spam.
S: 550-5.7.1 It is therefore being refused.
S: 550 5.7.1 Please call 1-900-PAY-US if you want to reach us.
if the server selected "5.7.1" as appropriate.
If a Sieve implementation that supports "ereject" doesn't wish to
immediately disclose the reason for rejection (for example that it
detected spam), it may delay immediately sending of the 550 error
code by sending a 4XX error code on the first attempt to receive
the message.
4. Security Considerations 4. Security Considerations
The Introduction section talks about why rejecting messages before The Introduction to this document discusses why rejecting messages
delivery is better then accepting and bouncing them. before delivery is better than accepting and bouncing them.
Security issues associated with mail auto-responders are fully Security issues associated with email auto-responders are fully
discussed in the security consideration section of [RFC3834]. This discussed in the Security Considerations section of [RFC3834]. This
document is believed not to introduce any additional security document is not believed to introduce any additional security
considerations in this general area. considerations in this general area.
The "reject" extension does not raise any other security The "ereject" extension does not raise any other security
considerations that are not already present in the base [SIEVE] considerations that are not already present in the base [SIEVE]
protocol, and these issues are discussed in [SIEVE]. specification, and these issues are discussed in [SIEVE].
5. IANA Considerations 5. IANA Considerations
The following section provides the IANA registrations for the Sieve The following section provides the IANA registrations for the Sieve
extensions specified in this document: extensions specified in this document:
5.1 reject extension registration 5.1 reject extension registration
IANA is requested to update the registration for the SIEVE "reject" IANA is requested to update the registration for the Sieve "reject"
extension to point to this document. extension as detailed below:
IANA is also requested to update Tim Showalter's email address to
be
tjs@psaux.com
5.2 refuse extension registration Capability name: reject
Description: adds the 'reject' action for refusing delivery
of a message. The exact reason for refusal is
conveyed back to the client.
RFC number: this RFC
Contact address: The Sieve discussion list <ietf-mta-filters@imc.org>
IANA is requested to remove registration of the refuse extension. 5.2 ereject extension registration
<<Should this be taken care of by talking directly to IANA?>>
5.3 rejectexact extension registration IANA is requested to replace the preliminary registration of the
Sieve refuse extension with the following registration:
IANA is requested to add the following registration to the list of << Issue of replace / obsolete the draft refuse extension:
Sieve extensions:
Capability name: rejectexact Matthew: Would it be better to have it obsolete it, rather
Description: adds the ':exacttext' optional argument to the than replace it? I think so, to prevent inadvertent reuse,
reject action, which instructs the Sieve engine to especially since there are 'refuse' implementations.
generate Delivery Status Notifications if rejection
reason string contains non-ASCII text. Alexey: I agree with obsoleting it, if you think there are
RFC number: this RFC (Sieve base spec) implementations. But I thought there were no implementations
of refuse.
>>
Capability name: ereject
Description: adds the 'ereject' action for refusing delivery
of a message. The refusal should happen as early
as possible (e.g. at the protocol level) and might
not preserve the exact reason for refusal if it
contains non-US-ASCII text.
RFC number: this RFC
Contact address: The Sieve discussion list <ietf-mta-filters@imc.org> Contact address: The Sieve discussion list <ietf-mta-filters@imc.org>
6. References 6. References
6.1 Normative References 6.1 Normative References
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate [KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", RFC 2119, March 1997. Requirement Levels", RFC 2119, March 1997.
<< NIT: KEYWORDS is never cited >>
[SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering [SIEVE] Showalter, T. and P. Guenther, "Sieve: An Email Filtering
Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt Language", Work-in-progress, draft-ietf-sieve-3028bis-XX.txt
[SMTP] Klensin, J. (Editor), "Simple Mail Transfer Protocol", AT&T [SMTP] Klensin, J. (Editor), "Simple Mail Transfer Protocol", AT&T
Laboratories, RFC 2821, April 2001. Laboratories, RFC 2821, April 2001.
[LMTP] Myers, J., "Local Mail Transfer Protocol", Carnegie-Mellon [LMTP] Myers, J., "Local Mail Transfer Protocol", Carnegie-Mellon
University, RFC 2033, October 1996. University, RFC 2033, October 1996.
<< NIT: LMTP is Informative >>
[DSN] Moore , K., Vaudreuil, G., "An Extensible Message Format for [DSN] Moore , K., Vaudreuil, G., "An Extensible Message Format for
Delivery Status Notifications", University of Tennessee, Lucent Delivery Status Notifications", University of Tennessee, Lucent
Technologies, RFC 3464, January 2003. Technologies, RFC 3464, January 2003.
[MDN] Fajman, R., "An Extensible Message Format for Message [MDN] Hansen, T. and G. Vaudreuil, "Message Disposition
Disposition Notifications", National Institutes of Health, RFC Notification", RFC 3798, May 2004.
2298, March 1998.
[REPORT] Vaudreuil, G., "The Multipart/Report Content Type for the
Reporting of Mail System Administrative Messages", RFC 3462,
January 2003.
[ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning [ENHANCED-CODES] Freed, N., "SMTP Service Extension for Returning
Enhanced Error Codes", Innosoft, RFC 2034, October 1996. Enhanced Error Codes", Innosoft, RFC 2034, October 1996.
[UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646", [UTF-8] Yergeau, F., "UTF-8, a transformation format of ISO 10646",
RFC 3629, November 2003. RFC 3629, November 2003.
[VACATION] Showalter, T. and N. Freed, "Sieve Email Filtering: [VACATION] Showalter, T. and N. Freed, "Sieve Email Filtering:
Vacation Extension", work in progress, draft-ietf-sieve-vacation-XX.txt. Vacation Extension", work in progress,
draft-ietf-sieve-vacation-XX.txt.
6.2 Informative References 6.2 Informative References
[Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non [Joe-DoS] Stefan Frei, Ivo Silvestri, Gunter Ollmann, "Mail Non
Delivery Message DDoS Attacks", 5 April 2004", Delivery Message DDoS Attacks", 5 April 2004",
<http://www.techzoom.net/paper-mailbomb.asp>. <http://www.techzoom.net/paper-mailbomb.asp>.
[SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and [SPAMTEST] Daboo, C., "SIEVE Email Filtering: Spamtest and
Virustest Extensions", work in progress, draft-ietf-sieve- Virustest Extensions", work in progress, draft-ietf-sieve-
spamtestbis-XX.txt spamtestbis-XX.txt
<<Note to the RFC editor: this reference can be safely replaced
with RFC 3685.>>
[RFC3834] Moore, K., "Recommendations for Automatic Responses to [RFC3834] Moore, K., "Recommendations for Automatic Responses to
Electronic Mail", RFC 3834, August 2004. Electronic Mail", RFC 3834, August 2004.
[UTF8-RESP] A. Melnikov (Ed.), "SMTP Language Extension", [UTF8-RESP] A. Melnikov (Ed.), "SMTP Language Extension",
work in progress, draft-melnikov-smtp-lang-XX.txt work in progress, draft-melnikov-smtp-lang-XX.txt
7. Acknowledgments 7. Acknowledgments
Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner, Thanks to Ned Freed, Cyrus Daboo, Arnt Gulbrandsen, Kristin Hubner,
Mark E. Mallett, Philip Guenther, Michael Haardt, Randy Gellens Mark E. Mallett, Philip Guenther, Michael Haardt, and Randy Gellens
for comments and corrections. for comments and corrections.
The authors gratefully acknowledge the extensive work of Tim The authors gratefully acknowledge the extensive work of Tim
Showalter as the author of the RFC 3028, which originally defined Showalter as the author of the RFC 3028, which originally defined
the "reject" action. the "reject" action.
8. Author's Addresses 8. Authors' Addresses
Aaron Stone
libSieve Project
260 El Verano Ave
Palo Alto, CA 94306
USA
Email: aaron@serendipity.palo-alto.ca.us
Matthew Elvey Matthew Elvey
The Elvey Partnership, LLC The Elvey Partnership, LLC
1819 Polk-ietf St Ste 133 1819 Polk Street, Suite 133
San Francisco, CA San Francisco, CA 94109
U.S.A. USA
Email: sieve3@matthew.elvey.com Email: sieve3@matthew.elvey.com
Alexey Melnikov Alexey Melnikov
Isode Limited Isode Limited
5 Castle Business Village 5 Castle Business Village
36 Station Road 36 Station Road
Hampton, Middlesex, TW12 2BX Hampton, Middlesex, TW12 2BX
UK UK
Email: Alexey.Melnikov@isode.com Email: Alexey.Melnikov@isode.com
9. Intellectual Property Rights Statement 9. Intellectual Property Rights Statement
The IETF takes no position regarding the validity or scope of any The IETF takes no position regarding the validity or scope of any
Intellectual Property Rights or other rights that might be claimed Intellectual Property Rights or other rights that might be claimed to
to pertain to the implementation or use of the technology described pertain to the implementation or use of the technology described in
in this document or the extent to which any license under such this document or the extent to which any license under such rights
rights might or might not be available; nor does it represent that might or might not be available; nor does it represent that it has
it has made any independent effort to identify any such rights. made any independent effort to identify any such rights. Information
Information on the procedures with respect to rights in RFC on the procedures with respect to rights in RFC documents can be
documents can be found in BCP 78 and BCP 79. found in BCP 78 and BCP 79.
Copies of IPR disclosures made to the IETF Secretariat and any Copies of IPR disclosures made to the IETF Secretariat and any
assurances of licenses to be made available, or the result of an assurances of licenses to be made available, or the result of an
attempt made to obtain a general license or permission for the use attempt made to obtain a general license or permission for the use of
of such proprietary rights by implementers or users of this such proprietary rights by implementers or users of this
specification can be obtained from the IETF on-line IPR repository specification can be obtained from the IETF on-line IPR repository at
at http://www.ietf.org/ipr. http://www.ietf.org/ipr.
The IETF invites any interested party to bring to its attention any The IETF invites any interested party to bring to its attention any
copyrights, patents or patent applications, or other proprietary copyrights, patents or patent applications, or other proprietary
rights that may cover technology that may be required to implement rights that may cover technology that may be required to implement
this standard. Please address the information to the IETF at ietf- this standard. Please address the information to the IETF at
ipr@ietf.org. ietf-ipr@ietf.org.
10. Full Copyright Statement 10. Full Copyright Statement
Copyright (C) The Internet Society (2006). Copyright (C) The IETF Trust (2007).
This document is subject to the rights, licenses and restrictions This document is subject to the rights, licenses and restrictions
contained in BCP 78, and except as set forth therein, the authors contained in BCP 78, and except as set forth therein, the authors
retain all their rights. retain all their rights.
This document and the information contained herein are provided on This document and the information contained herein are provided on an
an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY AND OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
PARTICULAR PURPOSE.
Acknowledgement Acknowledgement
Funding for the RFC Editor function is currently provided by the Funding for the RFC Editor function is currently provided by the
Internet Society. Internet Society.
11. Changes from RFC 3028 11. Changes from RFC 3028
Clarified that the "reject" action cancels the implicit keep. Clarified that the "reject" action cancels the implicit keep.
Extended list of allowable actions on reject to include protocol Extended list of allowable actions on "reject" to include protocol
level message rejection and generation of DSNs. level message rejection.
Added the "ereject" action that is similar to "reject", but will
always favor protocol level message rejection.
12. Change Log 12. Change Log
<<NOTE to the RFC editor: please delete this section before <<NOTE to the RFC editor: please delete this section before
publication.>> publication.>>
00 First formal draft. 00 First formal draft.
01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos 01 Explicit RFC 2034 support, disallow "refuse" in MUAs, typos
corrected, clarifications, etc. corrected, clarifications, etc.
02 Many insubstantial editorial changes (mostly rewording text for 02 Many insubstantial editorial changes (mostly rewording text for
readability). Added text regarding non-ASCII characters in the refuse readability). Added text regarding non-ASCII characters in the
"reason" string. Added an exception allowing return-path forgery to refuse "reason" string. Added an exception allowing return-path
justify discarding a message. forgery to justify discarding a message.
03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject 03 (Renamed to be SIEVE WG 00) - Updated boilerplate, added reject
action from the base spec, acknowledged Tim as the author of action from the base spec, acknowledged Tim as the author of
"reject". "reject".
04 (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject 04 (SIEVE WG 01) Based on WGLC feedback, the refuse and the reject
actions were merged into a single action called reject. Text actions were merged into a single action called reject. Text
reorganized as the result. Typos and examples corrected. Updated reorganized as the result. Typos and examples corrected. Updated
IANA registration and Security Considerations sections. IANA registration and Security Considerations sections.
05 (SIEVE WG 02) Copied some security considerations from Vacation 05 (SIEVE WG 02) Copied some security considerations from Vacation
draft. Clarified that the "reason" string is in UTF-8. Clarified draft. Clarified that the "reason" string is in UTF-8. Clarified
interaction with "editheader" extension. Added text about sending interaction with "editheader" extension. Added text about sending
of 4XX instead of 550. Corrected typos in several examples. of 4XX instead of 550. Corrected typos in several examples.
06 (SIEVE WG 03) Explicitly list all actions incompatible with reject. 06 (SIEVE WG 03) Explicitly list all actions incompatible w/
Added two paragraphs explaining why reject SHOULD (as opposed to reject. Added two paragraphs explaining why reject SHOULD (as
MUST/MAY) be incompatible with them. Clarified that if the reason opposed to MUST/MAY) be incompatible with them. Clarified that if
string contains non-ASCII and rejection over protocol is possible, the reason string contains non-ASCII and rejection over protocol
then the reason string MUST be replaced with an implementations is possible, then the reason string MUST be replaced with an
defined ASCII-only string. Added :exacttext optional argument that implementations defined ASCII-only string. Added :exacttext
preserves UTF-8 reason string by forcing generation of DSN. optional argument that preserves UTF-8 reason string by forcing
generation of DSN.
07 (SIEVE WG 04) Removed special handling of empty return path. 07 (SIEVE WG 04) Removed special handling of empty return path.
Several editorial changes from Randy Gellens. Several editorial changes from Randy Gellens.
Clarified :exacttext applicability, removed redundancy. Reverted Clarified :exacttext applicability, removed redundancy. Reverted
SHOULD NOT send MDNs back to MUST NOT send MDNs of earlier drafts SHOULD NOT send MDNs back to MUST NOT send MDNs of earlier drafts
(section 3.1.3). (section 3.1.3).
08 (SIEVE WG 05)
Reformatted the text to use no more than 72 characters per line.
Reverted back to two actions (reject and ereject), as per
consensus at the IETF 67. Major text update/rewrite as the
result. Changed the order of actions that can be performed by
ereject: protocol level rejection should always be first,
followed by "accept and discard" for the case of faked return
path. Added more details on how DSN reports should be generated.
09 Editorship of this document taken over by Aaron Stone. Many
general edits, including clarifications and grammar and spelling
corrections. Updated boilerplate to RFC 4748. Nits identified.
Republished for the first time in a long time.
 End of changes. 65 change blocks. 
289 lines changed or deleted 361 lines changed or added

This html diff was produced by rfcdiff 1.34. The latest version is available from http://tools.ietf.org/tools/rfcdiff/