dovecot-2.0-sieve: Built basic implementation of the spamtest, spamtestplus and virustest extensions (unfinished).
pigeonhole at rename-it.nl
pigeonhole at rename-it.nl
Wed Dec 30 01:16:35 EET 2009
details: http://hg.rename-it.nl/dovecot-2.0-sieve/rev/afdd60d29da1
changeset: 1157:afdd60d29da1
user: Stephan Bosch <stephan at rename-it.nl>
date: Wed Dec 30 00:16:30 2009 +0100
description:
Built basic implementation of the spamtest, spamtestplus and virustest extensions (unfinished).
diffstat:
TODO | 4 +-
configure.in | 1 +
doc/rfc/spamvirustest.rfc5235.txt | 731 ++++++++++++++
src/lib-sieve/Makefile.am | 3 +-
src/lib-sieve/plugins/Makefile.am | 2 +-
src/lib-sieve/plugins/spamvirustest/Makefile.am | 19 +
src/lib-sieve/plugins/spamvirustest/ext-spamvirustest-common.c | 487 +++++++++
src/lib-sieve/plugins/spamvirustest/ext-spamvirustest-common.h | 37 +
src/lib-sieve/plugins/spamvirustest/ext-spamvirustest.c | 154 +++
src/lib-sieve/plugins/spamvirustest/tst-spamvirustest.c | 311 ++++++
src/lib-sieve/sieve-extensions.c | 6 +
src/lib-sieve/sieve-extensions.h | 4 +-
12 files changed, 1755 insertions(+), 4 deletions(-)
diffs (truncated from 1851 to 300 lines):
diff -r 3dda16391ef9 -r afdd60d29da1 TODO
--- a/TODO Tue Dec 29 23:49:27 2009 +0100
+++ b/TODO Wed Dec 30 00:16:30 2009 +0100
@@ -4,7 +4,9 @@
- Implement proper :content "multipart" behavior
- Implement proper :content "message/rfc822" behavior
- Build test cases for decoding MIME encodings to UTF-8
-* Finish ereject extension
+* Unfinished new extensions:
+ - Finish the spamtest and virustest extensions
+ - Finish the ereject extension
* Build a sieve tool to filter an entire existing mailbox through a Sieve
script:
- Add commandline options to fully customize execution
diff -r 3dda16391ef9 -r afdd60d29da1 configure.in
--- a/configure.in Tue Dec 29 23:49:27 2009 +0100
+++ b/configure.in Wed Dec 30 00:16:30 2009 +0100
@@ -140,6 +140,7 @@
src/lib-sieve/plugins/environment/Makefile
src/lib-sieve/plugins/mailbox/Makefile
src/lib-sieve/plugins/date/Makefile
+src/lib-sieve/plugins/spamvirustest/Makefile
src/lib-sieve-tool/Makefile
src/plugins/Makefile
src/plugins/lda-sieve/Makefile
diff -r 3dda16391ef9 -r afdd60d29da1 doc/rfc/spamvirustest.rfc5235.txt
--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/doc/rfc/spamvirustest.rfc5235.txt Wed Dec 30 00:16:30 2009 +0100
@@ -0,0 +1,731 @@
+
+
+
+
+
+
+Network Working Group C. Daboo
+Request for Comments: 5235 January 2008
+Obsoletes: 3685
+Category: Standards Track
+
+
+ Sieve Email Filtering: Spamtest and Virustest Extensions
+
+Status of This Memo
+
+ This document specifies an Internet standards track protocol for the
+ Internet community, and requests discussion and suggestions for
+ improvements. Please refer to the current edition of the "Internet
+ Official Protocol Standards" (STD 1) for the standardization state
+ and status of this protocol. Distribution of this memo is unlimited.
+
+Abstract
+
+ The Sieve email filtering language "spamtest", "spamtestplus", and
+ "virustest" extensions permit users to use simple, portable commands
+ for spam and virus tests on email messages. Each extension provides
+ a new test using matches against numeric "scores". It is the
+ responsibility of the underlying Sieve implementation to do the
+ actual checks that result in proper input to the tests.
+
+Table of Contents
+
+ 1. Introduction and Overview .......................................2
+ 2. Conventions Used in This Document ...............................2
+ 3. Sieve Extensions ................................................3
+ 3.1. General Considerations .....................................3
+ 3.2. Test spamtest ..............................................3
+ 3.2.1. spamtest without :percent Argument ..................4
+ 3.2.2. spamtest with :percent Argument .....................5
+ 3.3. Test virustest .............................................7
+ 4. Security Considerations .........................................9
+ 5. IANA Considerations .............................................9
+ 5.1. spamtest Registration ......................................9
+ 5.2. virustest Registration ....................................10
+ 5.3. spamtestplus Registration .................................10
+ 6. References .....................................................10
+ 6.1. Normative References ......................................10
+ 6.2. Informative References ....................................11
+ Appendix A. Acknowledgments .......................................12
+ Appendix B. Important Changes since RFC 3685 ......................12
+
+
+
+
+
+
+Daboo Standards Track [Page 1]
+�
+RFC 5235 Sieve: Spamtest and Virustest Extensions January 2008
+
+
+1. Introduction and Overview
+
+ Sieve scripts are frequently being used to do spam and virus
+ filtering either based on implicit script tests (e.g., tests for
+ "black-listed" senders directly encoded in the Sieve script), or via
+ testing messages modified by some external spam or virus checker that
+ handled the message prior to Sieve. The use of third-party spam and
+ virus checker tools poses a problem since each tool has its own way
+ of indicating the result of its checks. These usually take the form
+ of a header added to the message, the content of which indicates the
+ status using some syntax defined by the particular tool. Each user
+ has to then create their own Sieve scripts to match the contents of
+ these headers to do filtering. This requires the script to stay in
+ synchronization with the third-party tool as it gets updated or
+ perhaps replaced with another. Thus, scripts become tied to specific
+ environments and lose portability.
+
+ The purpose of this document is to introduce two Sieve tests that can
+ be used to implement "generic" tests for spam and viruses in messages
+ processed via Sieve scripts. The spam and virus checks themselves
+ are handled by the underlying Sieve implementation in whatever manner
+ is appropriate, so that the Sieve spam and virus test commands can be
+ used in a portable way.
+
+ In order to do numeric comparisons against the returned strings,
+ server implementations MUST also support the Sieve relational
+ [RFC5231] extension, in addition to the extensions described here.
+ All examples below assume the relational extension is present.
+
+2. Conventions Used in This Document
+
+ Conventions for notations are as in [RFC5228] Section 1.1.
+
+ The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
+ "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
+ document are to be interpreted as described in [RFC2119].
+
+ The term "spam" is used in this document to refer to unsolicited or
+ unwanted email messages. This document does not attempt to define
+ what exactly constitutes spam, or how it should be identified, or
+ what actions should be taken when detected.
+
+ The term "virus" is used in this document to refer to any type of
+ message whose content can cause malicious damage. This document does
+ not attempt to define what exactly constitutes a virus, or how it
+ should be identified, or what actions should be taken when detected.
+
+
+
+
+
+Daboo Standards Track [Page 2]
+�
+RFC 5235 Sieve: Spamtest and Virustest Extensions January 2008
+
+
+3. Sieve Extensions
+
+3.1. General Considerations
+
+ The "spamtest" and "virustest" tests described below evaluate the
+ results of implementation-specific spam and virus checks in a
+ portable way. The implementation may, for example, check for third-
+ party spam tool headers and determine how those map into the way the
+ test commands are used. To do this, the underlying Sieve
+ implementation provides a normalized result string as one of the
+ inputs to each test command. The normalized result string is
+ considered to be the value on the left-hand side of the test, and the
+ comparison values given in the test command are considered to be on
+ the right-hand side.
+
+ The normalized result starts with a digit string, with its numeric
+ value within the range of values used by the specific test,
+ indicating the severity of spam or viruses in a message or whether
+ any tests were done at all. This may optionally be followed by a
+ space (%x20) character and arbitrary text, or in one specific case a
+ single keyword is returned. The numeric value can be compared to
+ specific values using the Sieve relational [RFC5231] extension in
+ conjunction with the "i;ascii-numeric" comparator [RFC4790], which
+ will test for the presence of a numeric value at the start of the
+ string, ignoring any additional text in the string. The optional
+ text can be used to carry implementation-specific details about the
+ tests and descriptive comments about the result. Tests can be done
+ using standard string comparators against this text if it helps to
+ refine behavior; however, this will break portability of the script
+ as the text will likely be specific to a particular implementation.
+
+ In addition, the Sieve relational [RFC5231] ":count" match type can
+ be used to determine if the underlying implementation actually did a
+ test. If the underlying spam or virus test was done, the ":count" of
+ the normalized result will return the numeric value "1", whilst if
+ the test was not done, or the Sieve implementation could not
+ determine if a test was done or not done, the ":count" value will be
+ "0" (zero).
+
+3.2. Test spamtest
+
+ Usage: spamtest [":percent"] [COMPARATOR] [MATCH-TYPE]
+ <value: string>
+
+ Sieve implementations that implement the "spamtest" test use an
+ identifier of either "spamtest" or "spamtestplus" for use with the
+ capability mechanism.
+
+
+
+
+Daboo Standards Track [Page 3]
+�
+RFC 5235 Sieve: Spamtest and Virustest Extensions January 2008
+
+
+ If the ":percent" argument is not used with any spamtest test, then
+ one or both of "spamtest" or "spamtestplus" capability identifiers
+ MUST be present.
+
+ If the ":percent" argument is used with any spamtest test, then the
+ "spamtestplus" capability identifier MUST be present. Sieve
+ implementations MUST return an error if the ":percent" argument is
+ used and "spamtestplus" is not specified.
+
+ In the interests of brevity and clarity, scripts SHOULD NOT specify
+ both "spamtestplus" and "spamtest" capability identifiers together.
+
+ The "spamtest" test evaluates to true if the normalized spamtest
+ result matches the value. The type of match is specified by the
+ optional match argument, which defaults to ":is" if not specified.
+
+3.2.1. spamtest without :percent Argument
+
+ When the ":percent" argument is not present in the "spamtest" test,
+ the normalized result string provided for the left-hand side of the
+ test starts with a numeric value in the range "0" (zero) through
+ "10", with meanings summarized below:
+
+ +----------+--------------------------------------------------------+
+ | spamtest | interpretation |
+ | value | |
+ +----------+--------------------------------------------------------+
+ | 0 | message was not tested for spam, or Sieve could not |
+ | | determine whether any test was done |
+ | | |
+ | 1 | message was tested and is clear of spam |
+ | | |
+ | 2 - 9 | message was tested and may contain spam; a higher |
+ | | number indicates a greater likelihood of spam |
+ | | |
+ | 10 | message was tested and definitely contains spam |
+ +----------+--------------------------------------------------------+
+
+ The underlying Sieve implementation will map whatever spam check is
+ done into this numeric range, as appropriate.
+
+ Examples:
+
+ require ["spamtest", "fileinto", "relational", "comparator-
+ i;ascii-numeric"];
+
+
+
+
+
+
+Daboo Standards Track [Page 4]
+�
+RFC 5235 Sieve: Spamtest and Virustest Extensions January 2008
+
+
+ if spamtest :value "eq" :comparator "i;ascii-numeric" "0"
+ {
+ fileinto "INBOX.unclassified";
+ }
+ elsif spamtest :value "ge" :comparator "i;ascii-numeric" "3"
+ {
+ fileinto "INBOX.spam-trap";
+ }
+
+ In this example, any message that has not passed through a spam check
+ tool will be filed into the mailbox "INBOX.unclassified". Any
+ message with a normalized result value greater than or equal to "3"
+ is filed into a mailbox called "INBOX.spam-trap" in the user's
+ mailstore.
+
+3.2.2. spamtest with :percent Argument
+
+ When the ":percent" argument is present in the "spamtest" test, the
+ normalized result string provided for the left-hand side of the test
+ starts with a numeric value in the range "0" (zero) through "100",
+ with meanings summarized below:
+
+ +----------+-------------------------------------------------------+
+ | spamtest | interpretation |
+ | value | |
+ +----------+-------------------------------------------------------+
+ | 0 | message was tested and is clear of spam, or was not |
+ | | tested for spam, or Sieve could not determine whether |
+ | | any test was done |
+ | | |
+ | 1 - 99 | message was tested and may contain spam; a higher |
+ | | percentage indicates a greater likelihood of spam |
+ | | |
+ | 100 | message was tested and definitely contains spam |
+ +----------+-------------------------------------------------------+
+
+ The underlying Sieve implementation will map whatever spam check is
+ done into the numeric range, as appropriate.
+
+ To determine whether or not the message was tested for spam, two
+ options can be used:
More information about the dovecot-cvs
mailing list