--- 1/draft-ietf-extra-sieve-fcc-08.txt 2019-01-13 16:13:15.233736340 -0800 +++ 2/draft-ietf-extra-sieve-fcc-09.txt 2019-01-13 16:13:15.285737611 -0800 @@ -1,19 +1,19 @@ EXTRA K. Murchison Internet-Draft B. Gondwana Updates: 5230, 5435 (if approved) FastMail -Intended status: Standards Track December 4, 2018 -Expires: June 7, 2019 +Intended status: Standards Track January 13, 2019 +Expires: July 17, 2019 Sieve Extension: File Carbon Copy (Fcc) - draft-ietf-extra-sieve-fcc-08 + draft-ietf-extra-sieve-fcc-09 Abstract The Sieve Email Filtering Language provides a number of action commands, some of which can generate additional messages on behalf of the user. This document defines an extension to such commands to allow a copy of any generated message to be filed into a target mailbox. This document updates RFC5230 and RFC5435 by adding a new tagged @@ -27,25 +27,25 @@ Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet- Drafts is at https://datatracker.ietf.org/drafts/current/. Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress." - This Internet-Draft will expire on June 7, 2019. + This Internet-Draft will expire on July 17, 2019. Copyright Notice - Copyright (c) 2018 IETF Trust and the persons identified as the + Copyright (c) 2019 IETF Trust and the persons identified as the document authors. All rights reserved. This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Simplified BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as @@ -58,92 +58,100 @@ 3. Tagged Argument ":fcc" . . . . . . . . . . . . . . . . . . . 3 3.1. Interaction with Fileinto Extensions . . . . . . . . . . 3 3.1.1. Imap4flags Extension . . . . . . . . . . . . . . . . 4 3.1.2. Mailbox Extension . . . . . . . . . . . . . . . . . . 4 3.1.3. Special-Use Extension . . . . . . . . . . . . . . . . 4 3.2. Collected Grammar . . . . . . . . . . . . . . . . . . . . 5 4. Format of File Carbon Copied Messages . . . . . . . . . . . . 5 5. Interaction with the Vacation Action . . . . . . . . . . . . 6 6. Interaction with the Notify Action . . . . . . . . . . . . . 6 6.1. Notification-Capability "fcc" . . . . . . . . . . . . . . 7 - 7. Compatibility with Other Actions . . . . . . . . . . . . . . 8 - 8. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 - 9. Security Considerations . . . . . . . . . . . . . . . . . . . 9 - 10. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 9 - 10.1. Registration of Sieve Extension . . . . . . . . . . . . 9 - 10.2. Registration of Notification-Capability + 7. Compatibility with the Reject and Extended Reject + Actions . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 + 8. Compatibility with Other Actions . . . . . . . . . . . . . . 8 + 9. Implementation Status . . . . . . . . . . . . . . . . . . . . 8 + 10. Security Considerations . . . . . . . . . . . . . . . . . . . 9 + 11. Privacy Considerations . . . . . . . . . . . . . . . . . . . 9 + 12. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 10 + 12.1. Registration of Sieve Extension . . . . . . . . . . . . 10 + 12.2. Registration of Notification-Capability Parameter . . . . . . . . . . . . . . . . . . . . . . . 10 - 11. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 - 12. References . . . . . . . . . . . . . . . . . . . . . . . . . 10 - 12.1. Normative References . . . . . . . . . . . . . . . . . . 10 - 12.2. Informative References . . . . . . . . . . . . . . . . . 12 - 12.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 12 + 13. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 10 + 14. References . . . . . . . . . . . . . . . . . . . . . . . . . 11 + 14.1. Normative References . . . . . . . . . . . . . . . . . . 11 + 14.2. Informative References . . . . . . . . . . . . . . . . . 12 + 14.3. URIs . . . . . . . . . . . . . . . . . . . . . . . . . . 13 Appendix A. Change History (To be removed by RFC Editor before - publication) . . . . . . . . . . . . . . . . . . . . 12 - Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 14 + publication) . . . . . . . . . . . . . . . . . . . . 13 + Authors' Addresses . . . . . . . . . . . . . . . . . . . . . . . 15 1. Introduction The Sieve Email Filtering Language [RFC5228] provides a number of action commands, some of which can generate additional messages on behalf of the user. It is sometimes desirable for a Sieve user to maintain an archive of the messages generated by these commands. This extension defines a new optional tagged argument ":fcc" to - action commands which generate additional messages to allow a copy of + action commands that generate additional messages to allow a copy of the generated message to be filed into a target mailbox. The capability string associated with this extension is "fcc". - Each action that generates additional messages will need to specify - how it interfacts with :fcc. This document specifies the interaction - of :fcc with the Vacation [RFC5230] and Notify [RFC5435] extensions. + Each new action that generates additional messages will need to + specify how it interacts with :fcc. This document specifies the + interaction of :fcc with the Vacation [RFC5230] and Notify [RFC5435] + extensions. 2. Conventions Used in This Document Conventions for notations are as in Section 1.1 of [RFC5228], including use of the "Usage:" label for the definition of action and tagged arguments syntax. The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [1] [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here. 3. Tagged Argument ":fcc" This document specifies a new optional tagged argument ":fcc" that - alters the behavior of action commands which generate additional + alters the behavior of action commands that generate additional messages on behalf of the user. Usage: :fcc The :fcc tagged argument instructs the Sieve interpreter to file a copy of the generated message into the mailbox provided in the - subsequent argument. The syntax and semantics of the mailbox - argument MUST match those of the mailbox argument to the "fileinto" - action specified in Section 4.1 of [RFC5228]. If the specified - mailbox doesn't exist, the implementation MUST file the message into - the user's main mailbox (e.g. IMAP "INBOX"). + subsequent argument. The semantics and treatment of the mailbox + argument are defined to match those of the mailbox argument to the + "fileinto" action specified in Section 4.1 of [RFC5228]. + Specifically, use of an invalid mailbox name MAY be treated as an + error or result in delivery to an implementation-defined mailbox, and + if the specified mailbox doesn't exist, the implementation MAY treat + it as an error, create the mailbox, or file the message into an + implementation-defined mailbox. 3.1. Interaction with Fileinto Extensions Some tagged arguments defined in extensions to the "fileinto" action can be used together with ":fcc". The sections below describe these interactions. Tagged arguments in future extensions to the - "fileinto" action should describe their interaction with ":fcc", if + "fileinto" action need to describe their interaction with ":fcc", if any. When any "fileinto" extension arguments are used with ":fcc", the - corresponding extension MUST be enabled, and the arguments MUST have - the same syntax and semantics as they do with "fileinto". + corresponding extension MUST be enabled, and the arguments are + defined to have the same syntax, semantics, and treatment as they do + with "fileinto". 3.1.1. Imap4flags Extension This document extends the definition of the ":flags" tagged argument (see Section 5 of [RFC5232]) so that it can optionally be used with the ":fcc" argument. Usage: :fcc [:flags ] If the optional ":flags" argument is specified with ":fcc", it @@ -331,39 +339,51 @@ if notify_method_capability "xmpp:" "fcc" "yes" { notify :fcc "INBOX.Sent" :message "You got mail" "xmpp:ken@example.com?message;subject=SIEVE"; } else { notify :fcc "INBOX.Sent" :message "You got mail!" "mailto:ken@example.com"; } -7. Compatibility with Other Actions +7. Compatibility with the Reject and Extended Reject Actions + + Implementations MUST NOT allow use of "fcc" with the "reject" and + "ereject" [RFC5429] actions. Allowing "fcc" with these actions would + violate the SMTP [RFC5321] principle that a message is either + delivered or bounced back to the sender. Namely, the saved copy of + the rejection message will contain the original message. + + It is an error for a script to use the ":fcc" tagged argument with + either "reject" or "ereject". + +8. Compatibility with Other Actions The "fcc" extension is not compatible with any Sieve action that does not generate an additional message on behalf of the user. It is an error for a script to use the ":fcc" tagged argument with any such action. Future extensions that define actions that generate additional - messages on behalf of the user should describe their compatibility + messages on behalf of the user need to describe their compatibility with ":fcc", and how to MIME-encapsulate the message, if required. -8. Implementation Status +9. Implementation Status < RFC Editor: before publication please remove this section and the reference to [RFC7942] > This section records the status of known implementations of the protocol defined by this specification at the time of posting of this Internet-Draft, and is based on a proposal described in [RFC7942]. + The description of implementations in this section is intended to assist the IETF in its decision processes in progressing drafts to RFCs. Please note that the listing of any individual implementation here does not imply endorsement by the IETF. Furthermore, no effort has been spent to verify the information presented here that was supplied by IETF contributors. This is not intended as, and must not be construed to be, a catalog of available implementations or their features. Readers are advised to note that other implementations may exist. @@ -367,91 +387,103 @@ features. Readers are advised to note that other implementations may exist. According to [RFC7942], "this will allow reviewers and working groups to assign due consideration to documents that have the benefit of running code, which may serve as evidence of valuable experimentation and feedback that have made the implemented protocols more mature. It is up to the individual working groups to use this information as they see fit". -8.1. Cyrus Server +9.1. Cyrus Server The open source Cyrus Server [2] project is a highly scalable enterprise mail system which supports Sieve email filtering at the point of final delivery. This production level Sieve implementation supports all of the requirements described in this document. This implementation is freely distributable under a BSD style license from Computing Services at Carnegie Mellon University [3]. -8.2. Oracle Communications Messaging Server +9.2. Oracle Communications Messaging Server The Oracle Communications Messaging Server [4] is a highly scalable, reliable, and available messaging platform. This production level product supports the :fcc extension in conjunction with both the notify and vacation extensions. The implementation meets all the requirements given in this document. The product also supports the imap4flags extension so the :flags may be used in conjunction :fcc. -9. Security Considerations +10. Security Considerations - The "fcc" extension does not raise any other security considerations - that are not already present in [RFC5228], [RFC5230], [RFC5435], and - [RFC6131]. + In addition to the security considerations in [RFC5228], [RFC5230], + [RFC5435], and [RFC6131], it should be noted that filing copies of + generated messages may cause the Sieve script owner to exceed their + allocated storage (quota) on the mail system, thereby preventing + delivery of future messages destined for the owner. -10. IANA Considerations +11. Privacy Considerations -10.1. Registration of Sieve Extension + In addition to the privacy considerations in [RFC5228], [RFC5230], + [RFC5435], and [RFC6131], it should be noted that a copy of a + generated message filed into a shared or public maibox (as opposed to + a private mailbox) could expose private information about the Sieve + script owner to third parties. For instance, users that have access + to the shared/public mailbox might discover that the Sieve script + owner is on holiday or might discover the owner's physical location. + +12. IANA Considerations + +12.1. Registration of Sieve Extension To: iana@iana.org Subject: Registration of new Sieve extension Capability name: fcc Description: Adds the ":fcc" parameter to Sieve action commands that generate additional messages. RFC number: RFC XXXX Contact address: The Sieve discussion list -10.2. Registration of Notification-Capability Parameter +12.2. Registration of Notification-Capability Parameter To: iana@iana.org Subject: Registration of a new notification-capability parameter Capability name: fcc Description: Returns whether a copy of the notification message sent using the method identified by the notification-uri parameter to the notify_method_capability test can be filed into a target mailbox. Syntax: Can contain one of two values: "yes" or "no". Values MUST be in lowercase. Permanent and readily available reference(s): This RFC Contact information: The Sieve discussion list -11. Acknowledgments +13. Acknowledgments The authors would like to thank the following individuals for contributing their ideas and support for writing this specification: Ned Freed, Stan Kalisch, and Alexey Melnikov. -12. References +14. References -12.1. Normative References +14.1. Normative References [I-D.ietf-extra-sieve-special-use] Bosch, S., "Sieve Email Filtering: Delivering to Special- Use Mailboxes", draft-ietf-extra-sieve-special-use-04 (work in progress), November 2018. [RFC2045] Freed, N. and N. Borenstein, "Multipurpose Internet Mail Extensions (MIME) Part One: Format of Internet Message Bodies", RFC 2045, DOI 10.17487/RFC2045, November 1996, . @@ -490,68 +522,90 @@ [RFC5234] Crocker, D., Ed. and P. Overell, "Augmented BNF for Syntax Specifications: ABNF", STD 68, RFC 5234, DOI 10.17487/RFC5234, January 2008, . [RFC5322] Resnick, P., Ed., "Internet Message Format", RFC 5322, DOI 10.17487/RFC5322, October 2008, . + [RFC5429] Stone, A., Ed., "Sieve Email Filtering: Reject and + Extended Reject Extensions", RFC 5429, + DOI 10.17487/RFC5429, March 2009, + . + [RFC5435] Melnikov, A., Ed., Leiba, B., Ed., Segmuller, W., and T. Martin, "Sieve Email Filtering: Extension for Notifications", RFC 5435, DOI 10.17487/RFC5435, January 2009, . [RFC5490] Melnikov, A., "The Sieve Mail-Filtering Language -- Extensions for Checking Mailbox Status and Accessing Mailbox Metadata", RFC 5490, DOI 10.17487/RFC5490, March 2009, . [RFC8174] Leiba, B., "Ambiguity of Uppercase vs Lowercase in RFC 2119 Key Words", BCP 14, RFC 8174, DOI 10.17487/RFC8174, May 2017, . -12.2. Informative References +14.2. Informative References + + [RFC5321] Klensin, J., "Simple Mail Transfer Protocol", RFC 5321, + DOI 10.17487/RFC5321, October 2008, + . [RFC5436] Leiba, B. and M. Haardt, "Sieve Notification Mechanism: mailto", RFC 5436, DOI 10.17487/RFC5436, January 2009, . [RFC5437] Saint-Andre, P. and A. Melnikov, "Sieve Notification Mechanism: Extensible Messaging and Presence Protocol (XMPP)", RFC 5437, DOI 10.17487/RFC5437, January 2009, . [RFC6131] George, R. and B. Leiba, "Sieve Vacation Extension: "Seconds" Parameter", RFC 6131, DOI 10.17487/RFC6131, July 2011, . [RFC7942] Sheffer, Y. and A. Farrel, "Improving Awareness of Running Code: The Implementation Status Section", BCP 205, RFC 7942, DOI 10.17487/RFC7942, July 2016, . -12.3. URIs +14.3. URIs [1] https://tools.ietf.org/html/bcp14 [2] http://www.cyrusimap.org/ [3] http://www.cmu.edu/computing/ [4] https://www.oracle.com/industries/communications/enterprise/ products/messaging-server/index.html Appendix A. Change History (To be removed by RFC Editor before publication) + Changes since draft-ietf-extra-sieve-fcc-08: + + o Introduced additional security and privacy considerations. + + o Reintroduced text describing incompatibility with [e]reject. + + o Reverted to RFC 5228 fileinto language regarding invalid/non- + existent FCC mailbox. + + o Editorial changes from IESG review. + + o Editorial changes from Gen-ART review. + Changes since draft-ietf-extra-sieve-fcc-07: o Added comments regarding FCC ABNF per Alexey Melnikov. o Reordered arguments in the "vacation" example to show ":fcc" appearing amongst FCC-OPTS. Changes since draft-ietf-extra-sieve-fcc-06: o Reorganized sections.