One document matched: draft-ietf-sieve-include-15.xml
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE rfc SYSTEM 'rfc2629.dtd' [
<!ENTITY rfc2119 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.2119.xml'>
<!ENTITY rfc5228 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5228.xml'>
<!ENTITY rfc5229 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5229.xml'>
<!ENTITY rfc5293 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5293.xml'>
<!ENTITY rfc5429 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5429.xml'>
<!ENTITY rfc5703 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5703.xml'>
<!ENTITY rfc5804 PUBLIC ''
'http://xml.resource.org/public/rfc/bibxml/reference.RFC.5804.xml'>
]>
<?rfc toc="yes" ?>
<?rfc symrefs="yes" ?>
<?rfc sortrefs="yes"?>
<?rfc compact="yes"?>
<?rfc subcompact="no"?>
<rfc ipr='trust200902' docName='draft-ietf-sieve-include-15' category='std'>
<front>
<title abbrev="Sieve Extension: Include">
Sieve Email Filtering: Include Extension
</title>
<author initials='C.' surname='Daboo' fullname='Cyrus Daboo'>
<organization></organization>
<address>
<email>cyrus@daboo.name</email>
</address>
</author>
<author initials='A.' surname='Stone' fullname='Aaron Stone'>
<organization></organization>
<address>
<email>aaron@serendipity.cx</email>
</address>
</author>
<date month='January' year='2012' />
<area>Applications</area>
<abstract>
<t>
The Sieve Email Filtering "include" extension permits users to include
one Sieve script inside another. This can make managing large scripts or
multiple sets of scripts much easier, and allows a site and its users to
build up libraries of scripts. Users are able to include their own personal
scripts or site-wide scripts.
</t>
</abstract>
</front>
<middle>
<section title='Introduction and Overview'>
<t>
It's convenient to be able to break <xref target='RFC5228'>SIEVE</xref>
scripts down into smaller components which can be reused in a variety
of different circumstances. For example, users may want to have a
default script and a special 'vacation' script, the latter being
activated when the user goes on vacation. In that case the default
actions should continue to be run, but a vacation command should be
executed first. One option is to edit the default script to add or
remove the vacation command as needed. Another is to have a vacation
script that simply has a vacation command and then includes the default
script.
</t>
</section>
<section title='Conventions Used in This Document'>
<t>
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
"SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
document are to be interpreted as described in <xref target='RFC2119'/>.
</t>
<t>
Conventions for notations are as in <xref target='RFC5228'>SIEVE</xref>
Section 1.1.
</t>
<t>
The following key phrases are used to describe scripts and script execution:
<list style="hanging">
<t hangText="script"><vspace />
a valid Sieve script.
</t>
<t hangText="script execution"><vspace />
an instance of a Sieve interpreter invoked for a given message
delivery, starting with the user's active script and continuing
through any included scripts until the final disposition of the
message (e.g. delivered, forwarded, discarded, rejected, etc.).
</t>
<t hangText="immediate script"><vspace />
the individual Sieve script file being executed.
</t>
<t hangText="including script"><vspace />
the individual Sieve script file that had an
include statement which included the immediate script.
</t>
</list>
</t>
</section>
<section title='Include Extension'>
<section title='General Considerations'>
<t>
Sieve implementations that implement the "include", "return", and
"global" commands described below have an identifier of "include" for
use with the capability mechanism. If any of the "include", "return",
or "global" commands are used in a script, the "include" capability
MUST be listed in the "require" statement in that script.
</t>
<t>
Sieve implementations need to track the use of actions in included
scripts so that implicit "keep" behavior can be properly determined
based on whether any actions have executed in any script.
</t>
<t>
Sieve implementations are allowed to limit the total number of
nested included scripts, but MUST provide for a total of at least
three levels of nested scripts including the top-level script. An
error MUST be generated either when the script is uploaded to the
Sieve repository, or when the script is executed, if any nesting
limit is exceeded. If such an error is detected whilst processing a
Sieve script, an implicit "keep" action MUST be executed to prevent
loss of any messages.
</t>
<t>
Sieve implementations MUST NOT allow recursive script inclusion.
Both direct recursion, where script A includes script A (itself), and
indirect recursion, where script A includes script B which includes
script A once again, are prohibited.
</t>
<t>
Sieve implementations MUST generate an error at execution time if an
included script is a recursive inclusion. Implementations MUST NOT
generate errors for recursive includes at upload time, as this would
force an upload ordering requirement upon script authors and
generators.
</t>
<t>
Sieve implementations MUST generate an error at execution time if an
included script does not exist, except when the ":optional" parameter
is specified. Implementations MUST NOT generate errors for
scripts missing at upload time, as this would force an upload
ordering requirement upon script authors and generators.
</t>
<t>
If the Sieve "variables" extension <xref target='RFC5229'/> is
present, an issue arises with the "scope" of variables defined in
scripts that may include each other. For example, if a script defines
the variable "${status}" with one particular meaning or usage, and
another defines "${status}" with a different meaning, then if one
script includes the other there is an issue as to which "${status}" is
being referenced. To solve this problem, Sieve implementations MUST
follow the scoping rules defined in <xref target='variables'/> and
support the "global" command defined there.
</t>
</section>
<section anchor='include' title='Control Structure include'> <figure> <artwork><![CDATA[
Usage: include [LOCATION] [":once"] [":optional"] <value: string>
LOCATION = ":personal" / ":global"
]]></artwork>
</figure>
<t>
The "include" command takes an optional "location" parameter, an
optional ":once" parameter, an optional ":optional" parameter, and
a single string argument representing the name of the script to
include for processing at that point. Implementations MUST restrict
script names according to <xref target='RFC5804'>MANAGESIEVE</xref>,
Section 1.6. The script name argument MUST be a constant string as
defined in <xref target='RFC5229'>VARIABLES</xref>, Section 3;
implementations MUST NOT expand variables in the script
name argument.
</t>
<t>
The "location" parameter MUST default to ":personal" if not specified.
The "location" parameter MUST NOT be specified more than once.
The "location" has the following meanings:
</t>
<t>
<list style="hanging">
<t hangText=":personal"><vspace />
Indicates that the named script is stored in the user's own
personal (private) Sieve repository.
</t>
<t hangText=":global"><vspace />
Indicates that the named script is stored in a site-wide Sieve
repository, accessible to all users of the Sieve system.
</t>
</list>
</t>
<t>
The ":once" parameter tells the interpreter only to include the named
script if it has not already been included at any other point during
script execution. If the script has already been included, processing
continues immediately following the include command. Implementations
MUST NOT generate an error if an "include :once" command names a script
whose inclusion would be recursive; in this case, the script MUST
be considered previously included and therefore "include :once" will not
include it again.
</t>
<t>
Note: It is RECOMMENDED that script authors and generators use the ":once"
parameter only when including a script that performs general duties
such as declaring global variables and making sanity checks of the
environment.
</t>
<t>
The ":optional" parameter indicates that the script may be missing.
Ordinarily, an implementation MUST generate an error during execution if an
include command specifies a script that does not exist. When ":optional"
is specified, implementations MUST NOT generate an error for a missing
script, and MUST continue as if the include command had not been present.
</t>
<t>
The included script MUST be a valid Sieve script. Implementations MUST
validate that each script has its own "require" statements for all optional capabilities used by
that script. The scope of a "require" statement is the script in which
it immediately appears, and neither inherits nor passes on capabilities to
other scripts during the course of execution.
</t>
<t>
A "stop" command in an included script MUST stop all script
processing, including the processing of the scripts that include the
immediate one. The "return" command (described below) stops processing
of the immediate script only, and allows the scripts that include it to
continue.
</t>
<t>
The "include" command MAY appear anywhere in a script where a
control structure is legal, and MAY be used within another control
structure, e.g., an "if" block.
</t>
<t>Examples:</t>
<t>The user has four scripts stored in their personal repository:</t>
<t>"default"</t>
<t><list>
<t>This is the default active script that includes several others.</t>
</list></t>
<figure>
<artwork><![CDATA[
require ["include"];
include :personal "always_allow";
include :global "spam_tests";
include :personal "spam_tests";
include :personal "mailing_lists";
]]></artwork>
</figure>
<t>Personal script "always_allow"</t>
<t><list>
<t>This script special-cases some correspondent email addresses and
makes sure any message containing those addresses are always kept.
</t>
</list></t>
<figure>
<artwork><![CDATA[
if address :is "from" "boss@example.com"
{
keep;
}
elsif address :is "from" "ceo@example.com"
{
keep;
}
]]></artwork>
</figure>
<t>Personal script "spam_tests" (uses "reject" <xref target='RFC5429'/>)</t>
<t><list>
<t>
This script does some user-specific spam tests to catch spam
messages not caught by the site-wide spam tests.
</t>
</list></t>
<figure>
<artwork><![CDATA[
require ["reject"];
if header :contains "Subject" "XXXX"
{
reject "Subject XXXX is unacceptable.";
}
elsif address :is "from" "money@example.com"
{
reject "Mail from this sender is unwelcome.";
}
]]></artwork>
</figure>
<t>Personal script "mailing_lists"</t>
<t><list>
<t>
This script looks for messages from different mailing lists and
files each into a mailbox specific to the mailing list.
</t>
</list></t>
<figure>
<artwork><![CDATA[
require ["fileinto"];
if header :is "List-ID" "sieve.ietf.org"
{
fileinto "lists.sieve";
}
elsif header :is "List-ID" "ietf-imapext.imc.org"
{
fileinto "lists.imapext";
}
]]></artwork>
</figure>
<t>There is one script stored in the global repository:</t>
<t>Site script "spam_tests" (uses "reject" <xref target='RFC5429'/>)</t>
<t><list>
<t>
This script does some site-wide spam tests which any user at the
site can include in their own scripts at a suitable point. The
script content is kept up to date by the site administrator.
</t>
</list></t>
<figure>
<artwork><![CDATA[
require ["reject"];
if anyof (header :contains "Subject" "$$",
header :contains "Subject" "Make money")
{
reject "No thank you.";
}
]]></artwork>
</figure>
</section>
<section title='Control Structure return'>
<figure>
<artwork><![CDATA[
Usage: return
]]></artwork>
</figure>
<t>
The "return" command stops processing of the immediately included
script only and returns processing control to the script which
includes it. If used in the main script (i.e., not in an included
script), it has the same effect as the "stop" command, including the
appropriate "keep" action if no other actions have been executed up
to that point.
</t>
</section>
<section anchor='variables' title='Interaction with Variables Extension'>
<t>
In order to avoid problems of variables in an included script
"overwriting" those from the script that includes it, this
specification requires that all variables defined in a script MUST be
kept "private" to the immediate script by default - that is, they are not
"visible" to other scripts. This ensures that two script authors
cannot inadvertently cause problems by choosing the same name for a
variable.
</t>
<t>
However, sometimes there is a need to make a variable defined in one
script available to others. This specification defines the new
command "global" to declare that a variable is shared among scripts.
Effectively, two namespaces are defined: one local to the immediate
script, and another shared among all scripts. Implementations MUST
allow a non-global variable to have the same name as a global
variable but have no interaction between them.
</t>
<section title='Control Structure global'>
<figure>
<artwork><![CDATA[
Usage: global <value: string-list>
]]></artwork>
</figure>
<t>
The "global" command accepts a string list argument that defines one
or more names of variables to be stored in the global variable
space. Each name MUST be a constant string and conform to the
syntax of variable-name as defined in
<xref target='RFC5229'>VARIABLES</xref>, Section 3. Match variables
cannot be specified and namespace prefixes are not allowed. An
invalid name MUST be detected as a syntax error.
</t>
<t>
The "global" command is only available when the script has both
"include" and "variables" in its require line. If the "global"
command appears when only "include" or only "variables" has been
required, an error MUST be generated when the script is uploaded.
</t>
<t>
If a "global" command is given the name of a variable that has
previously been defined in the immediate script with "set", an
error MUST be generated either when the script is uploaded or at
execution time.
</t>
<t>
If a "global" command lists a variable that has not been defined in
the global namespace, the name of the variable is now
marked as global, and any subsequent "set" command will set the
value of the variable in global scope.
</t>
<t>
A variable has global scope in all scripts that have declared it with
the "global" command. If a script uses that variable name without
declaring it global, the name specifies a separate, non-global
variable within that script.
</t>
<t>
Interpretation of a string containing a variable marked as global,
but without any value set, SHALL behave as any other access to an
unknown variable, as specified in <xref target='RFC5229'>VARIABLES</xref>, Section 3
(i.e., evaluates to an empty string).
</t>
<t>Example:</t>
<t>The active script</t>
<t><list>
<t>
The included script may contain repetitive code that is
effectively a subroutine that can be factored out. In this
script, the test which matches last will leave its value in
the test_mailbox variable and the top-level script will
file the message into that mailbox. If no tests matched,
the message will be implicitly kept in the INBOX.
</t>
</list></t>
<figure>
<artwork><![CDATA[
require ["fileinto", "include", "variables", "relational"];
global "test";
global "test_mailbox";
set "test" "$$";
include "subject_tests";
set "test" "Make money";
include "subject_tests";
if string :count "eq" "${test_mailbox}" "1"
{
fileinto "${test_mailbox}";
stop;
}
]]></artwork>
</figure>
<t>Personal script "subject_tests"</t>
<t><list>
<t>
This script performs a number of tests against the message, sets
the global test_mailbox variable with a folder to file the message
into, then falls back to the top-level script.
</t>
</list></t>
<figure> <artwork><![CDATA[
require ["include", "variables"];
global ["test", "test_mailbox"];
if header :contains "Subject" "${test}"
{
set "test_mailbox" "spam-${test}";
}
]]></artwork>
</figure>
</section>
<section title='Variables Namespace global'>
<t>
In addition to the "global" command, this document defines the
variables namespace "global", as specified in
<xref target="RFC5229">VARIABLES</xref>, Section 3.
The global namespace has no sub-namespaces
(e.g., 'set "global.data.from" "me@example.com";' is not allowed).
The variable-name part MUST be a valid identifier (e.g., 'set "global.12" "value";'
is not valid because "12" is not a valid identifier).
</t>
<t>
Note that <xref target="RFC5229">VARIABLES</xref>, Section 3,
suggests that extensions should define a namespace that is the same
as its capability string (in this case, "include" rather than
"global"). Nevertheless, references to the "global" namespace without a prior
require statement for the "include" extension MUST cause an error.
</t>
<t>Example:</t>
<figure>
<artwork><![CDATA[
require ["variables", "include"];
set "global.i_am_on_vacation" "1";
]]></artwork>
</figure>
<t>
Variables declared global and variables accessed via the global
namespace MUST each be one and the same. In the following example
script, we see the variable "i_am_on_vacation" used in a "global"
command, and again with the "global." namespace. Consider these as
two syntaxes with identical meaning.
</t>
<t>Example:</t>
<figure>
<artwork><![CDATA[
require ["variables", "include", "vacation"];
global "i_am_on_vacation";
set "global.i_am_on_vacation" "1";
if string :is "${i_am_on_vacation}" "1"
{
vacation "It's true, I am on vacation.";
}
]]></artwork>
</figure>
</section>
</section>
<section anchor='interaction' title='Interaction with Other Extensions'>
<t>
When "include" is used with the Editheader extension <xref
target='RFC5293' />, any changes made to headers in a script MUST be
propagated both to and from included scripts. By way of example, if a
script deletes one header and add another, then includes a second
script, the included script MUST NOT see the removed header, and MUST
see the added header. Likewise, if the included script adds or
removes a header, upon returning to the including script, subsequent
actions MUST see the added headers and MUST NOT see the removed
headers.
</t>
<t>
When "include" is used with the MIME extension <xref target='RFC5703'
/> "foreverypart" control structure, the included script MUST be
presented with the current MIME part as though it were the entire
message.
A script SHALL NOT have any special control over the control
structure it was included from. In the MIME example once again, a
"stop" or "return" in an included script cannot directly terminate or
continue flow of a "foreverypart" block. In such a case, the included
script should set a global variable that the including script can
test.
A "stop" in an included script, even within a "foreverpart" loop,
still halts all script execution, per <xref target='include' />.
</t>
<t>
When "include" is used with the Reject extension <xref target='RFC5429'
/>, calling "reject" or "ereject" at any time sets the reject action
on the message, and continues script execution. Apropos of the MIME
extension, if an included script sees only a portion of the message
and calls a reject, it is the entire message and not the single MIME
part which carries the rejection.
</t>
</section>
</section>
<section title='Security Considerations'>
<t>
Sieve implementations MUST ensure adequate security for the global
script repository to prevent unauthorized changes to global scripts.
For example, a site policy might enable only certain users with
administrative privileges to modify the global scripts. Site are
advised against allowing all users to have write access to the site's global scripts.
</t>
<t>
Sieve implementations MUST ensure that script names are checked for
validity and proper permissions prior to inclusion, in order to prevent
a malicious user from gaining access to files accessible to the mail
server software that should not be accessible to the user.
</t>
<t>
Sieve implementations MUST ensure that script names are safe for use
with their storage system. An error MUST be generated either when the
script is uploaded or at execution time for a script including a name
that could be used as a vector to attack the storage system. By way of
example, the following include commands should be considered hostile:
'include "./../..//etc/passwd"', 'include "foo$(`rm star`)"'.
</t>
<t>
Beyond these, the "include" extension does not raise any security
considerations that are not present in the base
<xref target='RFC5228'>SIEVE</xref> document and the
<xref target='RFC5229'>VARIABLES</xref> extension.
</t>
</section>
<section anchor="iana" title="IANA Considerations">
<t>
The following template specifies the IANA registration of the Sieve
extension specified in this document:
</t>
<section anchor="iana-include" title=""include" Extension
Registration"> <figure> <artwork><![CDATA[
To: iana@iana.org
Subject: Registration of new Sieve extension
Capability name: include
Description: adds the "include" command to execute other Sieve
scripts, the "return" action from an included
script, and the "global" command and "global"
variables namespace to access variables shared
among included scripts.
RFC number: this RFC
Contact address: the Sieve discussion list <sieve@ietf.org>
]]></artwork>
</figure>
<t>
This information has been added to the IANA registry of Sieve Extensions
(currently found at http://www.iana.org).
</t>
</section>
</section>
</middle>
<back>
<references title="Normative References">
&rfc2119;
&rfc5228;
&rfc5229;
&rfc5804;
</references>
<references title="Informative References">
&rfc5293;
&rfc5429;
&rfc5703;
</references>
<section title="Acknowledgments">
<t>
Thanks to Ken Murchison, Rob Siemborski, Alexey Melnikov, Marc Mutz,
Kjetil Torgrim Homme, Stephan Bosch, Arnt Gulbrandsen, Barry Leiba, and
Jeffrey Hutzelman for comments and corrections.
</t>
</section>
<section title="Change History (to be removed prior to publication as an RFC)">
<t>Changes from ietf-14 to ietf-15:
<list style='letters'>
<t>Interaction with reject, stop.</t>
</list>
</t>
<t>Changes from ietf-13 to ietf-14:
<list style='letters'>
<t>Updated for Last Call comments.</t>
</list>
</t>
<t>Changes from ietf-12 to ietf-13:
<list style='letters'>
<t>Nits from Stephan Bosch.</t>
<t>Nits from Robert Burrell Donkin.</t>
</list>
</t>
<t>Changes from ietf-11 to ietf-12:
<list style='letters'>
<t>Nits from Alexey Melnikov.</t>
<t>Nits from Barry Leiba.</t>
</list>
</t>
<t>Changes from ietf-10 to ietf-11:
<list style='letters'>
<t>Nits from Dilyan Palauzov.</t>
<t>Nits from Stephan Bosch.</t>
<t>Nits from Alexey Melnikov.</t>
</list>
</t>
<t>Changes from ietf-09 to ietf-10:
<list style='letters'>
<t>Another example script error caught by Stephan Bosch.</t>
<t>Add :optional argument to allow a missing script to be ignored.</t>
</list>
</t>
<t>Changes from ietf-08 to ietf-09:
<list style='letters'>
<t>Better variables language from Stephan Bosch.</t>
</list>
</t>
<t>Changes from ietf-07 to ietf-08:
<list style='letters'>
<t>Nits from Stephan Bosch.</t>
<t>Nits from Barry Leiba.</t>
<t>Wordsmithing and layout wrangling.</t>
</list>
</t>
<t>Changes from ietf-06 to ietf-07:
<list style='letters'>
<t>Nits from Stephan Bosch.</t>
</list>
</t>
<t>Changes from ietf-05 to ietf-06:
<list style='letters'>
<t>Nits from Barry Leiba.</t>
</list>
</t>
<t>Changes from ietf-04 to ietf-05:
<list style='letters'>
<t>Integrate review from Barry Leiba.</t>
</list></t>
<t>Changes from ietf-03 to ietf-04:
<list style='letters'>
<t>No changes.</t>
</list></t>
<t>Changes from ietf-02 to ietf-03:
<list style='letters'>
<t>Setting a variable then calling global on it is an error (something like 'use strict').</t>
<t>Specify that the 'global' keyword is only available when 'variables' has also been required.</t>
<t>Uploading a script that includes a nonexistent script is not an error at upload time.</t>
</list></t>
<t>Changes from ietf-01 to ietf-02:
<list style='letters'>
<t>Require that script names must be constant strings, not subject to variable expansion.</t>
<t>Try the phrase immediate script instead of current script.</t>
<t>Clarify that "global 'varname'" and "global.varname" refer to the same variable.</t>
<t>Drop the requirement the global keywords come after require and before anything else.</t>
</list></t>
<t>Changes from ietf-00 to ietf-01:
<list style='letters'>
<t>Replaced import/export with global.</t>
<t>Added :once modifier to include.</t>
<t>Added global namespace to see if it holds water.</t>
</list></t>
<t>Changes from daboo-06 to ietf-00:
<list style='letters'>
<t>None</t>
</list></t>
<t>Changes from -05 to -06:
<list style='letters'>
<t>Aaron Stone joins as author.</t>
<t>Removed | characters from the script examples.</t>
<t>Updated draft references to published RFCs.</t>
</list></t>
<t>Changes from -04 to -05:
<list style='letters'>
<t>Fixed examples.</t>
<t>Relaxed requirement that imported/exported variables be set before being used.</t>
</list></t>
<t>Changes from -03 to -04:
<list style='letters'>
<t>Fixed missing 2119 definitions.</t>
<t>Defined interaction with variables through use of import and export commands.</t>
</list></t>
<t>Changes from -02 to -03:
<list style='letters'>
<t>Refreshing expired draft (updated for nits).</t>
<t>Syntax -> Usage.</t>
<t>Updated to 3028bis reference.</t>
</list></t>
<t>Changes from -01 to -02:
<list style='letters'>
<t>Minor formatting changes only - refreshing expired draft.</t>
</list></t>
<t>Changes from -00 to -01:
<list style='letters'>
<t>Added IPR boiler plate.</t>
<t>Re-ordered sections at start to conform to RFC style.</t>
<t>Moved recursion comment into General Considerations section.</t>
<t>Switched to using optional parameter to indicate personal vs global.</t>
<t>Explicitly state that an error occurs when a missing script is included.</t>
</list></t>
</section>
</back>
</rfc>
| PAFTECH AB 2003-2026 | 2026-04-24 16:44:42 |