draft-ietf-sieve-spamtestbis-03.txt   draft-ietf-sieve-spamtestbis-04.txt 
SIEVE Email Filtering Working C. Daboo SIEVE Email Filtering Working C. Daboo
Group June 12, 2006 Group June 25, 2006
Internet-Draft Internet-Draft
Expires: December 14, 2006 Expires: December 27, 2006
SIEVE Email Filtering: Spamtest and Virustest Extensions SIEVE Email Filtering: Spamtest and Virustest Extensions
draft-ietf-sieve-spamtestbis-03 draft-ietf-sieve-spamtestbis-04
Status of this Memo Status of this Memo
By submitting this Internet-Draft, each author represents that any By submitting this Internet-Draft, each author represents that any
applicable patent or other IPR claims of which he or she is aware applicable patent or other IPR claims of which he or she is aware
have been or will be disclosed, and any of which he or she becomes have been or will be disclosed, and any of which he or she becomes
aware will be disclosed, in accordance with Section 6 of BCP 79. aware will be disclosed, in accordance with Section 6 of BCP 79.
Internet-Drafts are working documents of the Internet Engineering Internet-Drafts are working documents of the Internet Engineering
Task Force (IETF), its areas, and its working groups. Note that Task Force (IETF), its areas, and its working groups. Note that
skipping to change at page 1, line 34 skipping to change at page 1, line 34
and may be updated, replaced, or obsoleted by other documents at any and may be updated, replaced, or obsoleted by other documents at any
time. It is inappropriate to use Internet-Drafts as reference time. It is inappropriate to use Internet-Drafts as reference
material or to cite them other than as "work in progress." material or to cite them other than as "work in progress."
The list of current Internet-Drafts can be accessed at The list of current Internet-Drafts can be accessed at
http://www.ietf.org/ietf/1id-abstracts.txt. http://www.ietf.org/ietf/1id-abstracts.txt.
The list of Internet-Draft Shadow Directories can be accessed at The list of Internet-Draft Shadow Directories can be accessed at
http://www.ietf.org/shadow.html. http://www.ietf.org/shadow.html.
This Internet-Draft will expire on December 14, 2006. This Internet-Draft will expire on December 27, 2006.
Copyright Notice Copyright Notice
Copyright (C) The Internet Society (2006). Copyright (C) The Internet Society (2006).
Abstract Abstract
The SIEVE email filtering language "spamtest", "spamtestplus" and The SIEVE email filtering language "spamtest", "spamtestplus" and
"virustest" extensions permit users to use simple, portable commands "virustest" extensions permit users to use simple, portable commands
for spam and virus tests on email messages. Each extension provides for spam and virus tests on email messages. Each extension provides
a new test using matches against numeric "scores". It is the a new test using matches against numeric "scores". It is the
responsibility of the underlying SIEVE implementation to do the responsibility of the underlying SIEVE implementation to do the
actual checks that result in proper input to the tests. actual checks that result in proper input to the tests.
Change History (to be removed prior to publication as an RFC) Change History (to be removed prior to publication as an RFC)
Changes from -03:
1. Clarified that there are two possible ways to test for not-spam.
2. Clarified that 'not tested for xxx' also implies 'SIEVE could not
determine whether a test was done or not'.
Changes from -02: Changes from -02:
1. Changed formatting of tables. 1. Changed formatting of tables.
2. Fixed missing 2119 definitions. 2. Fixed missing 2119 definitions.
3. Moved reference to previous extension to informative. 3. Moved reference to previous extension to informative.
4. Minor text improvements. 4. Minor text improvements.
5. Fixed some single/double quote issues. 5. Fixed some single/double quote issues.
6. Reworded abstract, introduction and overview to use better SIEVE 6. Reworded abstract, introduction and overview to use better SIEVE
terminology when describing tests, commands and results. terminology when describing tests, commands and results.
7. Remove "untested" string result from ":percent" test. 7. Remove "untested" string result from ":percent" test.
8. Allow ":count" match type to be used for tested/untested checks. 8. Allow ":count" match type to be used for tested/untested checks.
skipping to change at page 3, line 15 skipping to change at page 3, line 15
Table of Contents Table of Contents
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 4 1. Introduction and Overview . . . . . . . . . . . . . . . . . . 4
2. Conventions Used in This Document . . . . . . . . . . . . . . 4 2. Conventions Used in This Document . . . . . . . . . . . . . . 4
3. SIEVE Extensions . . . . . . . . . . . . . . . . . . . . . . . 5 3. SIEVE Extensions . . . . . . . . . . . . . . . . . . . . . . . 5
3.1. General Considerations . . . . . . . . . . . . . . . . . . 5 3.1. General Considerations . . . . . . . . . . . . . . . . . . 5
3.2. Test spamtest . . . . . . . . . . . . . . . . . . . . . . 5 3.2. Test spamtest . . . . . . . . . . . . . . . . . . . . . . 5
3.2.1. spamtest without :percent argument . . . . . . . . . . 6 3.2.1. spamtest without :percent argument . . . . . . . . . . 6
3.2.2. spamtest with :percent argument . . . . . . . . . . . 7 3.2.2. spamtest with :percent argument . . . . . . . . . . . 7
3.3. Test virustest . . . . . . . . . . . . . . . . . . . . . . 9 3.3. Test virustest . . . . . . . . . . . . . . . . . . . . . . 9
4. Security Considerations . . . . . . . . . . . . . . . . . . . 10 4. Security Considerations . . . . . . . . . . . . . . . . . . . 11
5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11 5. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 11
5.1. spamtest registration . . . . . . . . . . . . . . . . . . 11 5.1. spamtest registration . . . . . . . . . . . . . . . . . . 12
5.2. virustest registration . . . . . . . . . . . . . . . . . . 12 5.2. virustest registration . . . . . . . . . . . . . . . . . . 12
5.3. spamtestplus registration . . . . . . . . . . . . . . . . 12 5.3. spamtestplus registration . . . . . . . . . . . . . . . . 13
6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 12 6. References . . . . . . . . . . . . . . . . . . . . . . . . . . 13
6.1. Normative References . . . . . . . . . . . . . . . . . . . 12 6.1. Normative References . . . . . . . . . . . . . . . . . . . 13
6.2. Informative References . . . . . . . . . . . . . . . . . . 13 6.2. Informative References . . . . . . . . . . . . . . . . . . 13
Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 13 Appendix A. Acknowledgments . . . . . . . . . . . . . . . . . . . 14
Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 14 Author's Address . . . . . . . . . . . . . . . . . . . . . . . . . 15
Intellectual Property and Copyright Statements . . . . . . . . . . 15 Intellectual Property and Copyright Statements . . . . . . . . . . 16
1. Introduction and Overview 1. Introduction and Overview
SIEVE scripts are frequently being used to do spam and virus SIEVE scripts are frequently being used to do spam and virus
filtering based on either implicit script tests (e.g. tests for filtering based on either implicit script tests (e.g. tests for
"black-listed" senders directly encoded in the SIEVE script), or via "black-listed" senders directly encoded in the SIEVE script), or via
testing messages modified by some external spam or virus checker that testing messages modified by some external spam or virus checker that
handled the message prior to SIEVE. The use of third-party spam and handled the message prior to SIEVE. The use of third-party spam and
virus checker tools poses a problem since each tool has its own way virus checker tools poses a problem since each tool has its own way
of indicating the result of its checks. These usually take the form of indicating the result of its checks. These usually take the form
skipping to change at page 5, line 42 skipping to change at page 5, line 42
implementation specific details about the tests and descriptive implementation specific details about the tests and descriptive
comments about the result. Tests can be done using standard string comments about the result. Tests can be done using standard string
comparators against this text if it helps to refine behavior, however comparators against this text if it helps to refine behavior, however
this will break portability of the script as the text will likely be this will break portability of the script as the text will likely be
specific to a particular implementation. specific to a particular implementation.
In addition, the SIEVE relational [I-D.ietf-sieve-3431bis] ":count" In addition, the SIEVE relational [I-D.ietf-sieve-3431bis] ":count"
match type can be used to determine if the underlying implementation match type can be used to determine if the underlying implementation
actually did a test. If the underlying spam or virus test was done, actually did a test. If the underlying spam or virus test was done,
the ":count" of the normalized result will return the numeric value the ":count" of the normalized result will return the numeric value
"1", whilst if the test was not done, the ":count" value will be "0" "1", whilst if the test was not done, or the SIEVE implementation
(zero). could not determine if a test was done or not done, the ":count"
value will be "0" (zero).
3.2. Test spamtest 3.2. Test spamtest
Usage: spamtest [":percent"] [COMPARATOR] [MATCH-TYPE] Usage: spamtest [":percent"] [COMPARATOR] [MATCH-TYPE]
<value: string> <value: string>
SIEVE implementations that implement the "spamtest" test use an SIEVE implementations that implement the "spamtest" test use an
identifier of either "spamtest" or "spamtestplus" for use with the identifier of either "spamtest" or "spamtestplus" for use with the
capability mechanism. capability mechanism.
If the ":percent" argument is not used with any spamtest test, then If the ":percent" argument is not used with any spamtest test, then
skipping to change at page 6, line 35 skipping to change at page 6, line 35
When the ":percent" argument is not present in the "spamtest" test, When the ":percent" argument is not present in the "spamtest" test,
the normalized result string provided for the left hand side of the the normalized result string provided for the left hand side of the
test starts with a numeric value in the range "0" (zero) through test starts with a numeric value in the range "0" (zero) through
"10", with meanings summarized below: "10", with meanings summarized below:
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
| spamtest | interpretation | | spamtest | interpretation |
| value | | | value | |
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
| 0 | message was not tested for spam | | 0 | message was not tested for spam, or SIEVE could not |
| | determine whether any test was done |
| | |
| 1 | message was tested and is clear of spam | | 1 | message was tested and is clear of spam |
| | |
| 2 - 9 | message was tested and has a varying likelihood of | | 2 - 9 | message was tested and has a varying likelihood of |
| | containing spam in increasing order | | | containing spam in increasing order |
| | |
| 10 | message was tested and definitely contains spam | | 10 | message was tested and definitely contains spam |
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
The underlying SIEVE implementation will map whatever spam check is The underlying SIEVE implementation will map whatever spam check is
done into this numeric range, as appropriate. done into this numeric range, as appropriate.
Examples: Examples:
require ["spamtest", "fileinto", require ["spamtest", "fileinto",
"relational", "comparator-i;ascii-numeric"]; "relational", "comparator-i;ascii-numeric"];
skipping to change at page 7, line 35 skipping to change at page 7, line 35
When the ":percent" argument is present in the "spamtest" test, the When the ":percent" argument is present in the "spamtest" test, the
normalized result string provided for the left hand side of the test normalized result string provided for the left hand side of the test
starts with a numeric value in the range "0" (zero) through "100", starts with a numeric value in the range "0" (zero) through "100",
with meanings summarized below: with meanings summarized below:
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
| spamtest | interpretation | | spamtest | interpretation |
| value | | | value | |
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
| 0 | message was tested and is clear of spam, or was not | | 0 | message was tested and is clear of spam, or was not |
| | tested for spam | | | tested for spam, or SIEVE could not determine whether |
| | any test was done |
| | |
| 1 - 99 | message was tested and has a varying likelihood of | | 1 - 99 | message was tested and has a varying likelihood of |
| | containing spam in increasing order based on the | | | containing spam in increasing order based on the |
| | spamtest value | | | spamtest value |
| | |
| 100 | message was tested and definitely contains spam | | 100 | message was tested and definitely contains spam |
+----------+--------------------------------------------------------+ +----------+--------------------------------------------------------+
The underlying SIEVE implementation will map whatever spam check is The underlying SIEVE implementation will map whatever spam check is
done into the numeric range, as appropriate. done into the numeric range, as appropriate.
To determine whether the message was tested for spam or not, the To determine whether the message was tested for spam or not, two
preferred solution is to use the test without the ":percent" options can be used:
argument, testing for the normalized result value "0" as described in
a. a test with or without the ":percent" argument and ":count" match
type, testing for the value "0" as described in Section 3.1.
b. a test without the ":percent" argument using the ":value" match
type, testing for the normalized result value "0" as described in
Section 3.2.1. Section 3.2.1.
Examples: Examples:
require ["spamtestplus", "fileinto", require ["spamtestplus", "fileinto",
"relational", "comparator-i;ascii-numeric"]; "relational", "comparator-i;ascii-numeric"];
if spamtest :value "eq" if spamtest :value "eq"
:comparator "i;ascii-numeric" "0" :comparator "i;ascii-numeric" "0"
{ {
skipping to change at page 9, line 48 skipping to change at page 10, line 9
optional match argument, which defaults to ":is" if not specified. optional match argument, which defaults to ":is" if not specified.
The normalized result string provided for the left side of the test The normalized result string provided for the left side of the test
starts with a numeric value in the range "0" (zero) through "5", with starts with a numeric value in the range "0" (zero) through "5", with
meanings summarized below: meanings summarized below:
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| virustest | interpretation | | virustest | interpretation |
| value | | | value | |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
| 0 | message was not tested for viruses | | 0 | message was not tested for viruses, or SIEVE could |
| | not determine whether any test was done |
| | |
| 1 | message was tested and contains no known viruses | | 1 | message was tested and contains no known viruses |
| | |
| 2 | message was tested and contained a known virus which | | 2 | message was tested and contained a known virus which |
| | was replaced with harmless content | | | was replaced with harmless content |
| | |
| 3 | message was tested and contained a known virus which | | 3 | message was tested and contained a known virus which |
| | was "cured" such that it is now harmless | | | was "cured" such that it is now harmless |
| | |
| 4 | message was tested and possibly contains a known | | 4 | message was tested and possibly contains a known |
| | virus | | | virus |
| 5 | message was tested and definately contains a known | | | |
| 5 | message was tested and definitely contains a known |
| | virus | | | virus |
+-----------+-------------------------------------------------------+ +-----------+-------------------------------------------------------+
The underlying SIEVE implementation will map whatever virus checks The underlying SIEVE implementation will map whatever virus checks
are done into this numeric range, as appropriate. If the message has are done into this numeric range, as appropriate. If the message has
not been categorized by any virus checking tools, then the virustest not been categorized by any virus checking tools, then the virustest
result is "0". result is "0".
Example: Example:
skipping to change at page 13, line 14 skipping to change at page 13, line 44
Tests", draft-ietf-sieve-3431bis-04 (work in progress), Tests", draft-ietf-sieve-3431bis-04 (work in progress),
December 2005. December 2005.
[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
Requirement Levels", BCP 14, RFC 2119, March 1997. Requirement Levels", BCP 14, RFC 2119, March 1997.
6.2. Informative References 6.2. Informative References
[I-D.newman-i18n-comparator] [I-D.newman-i18n-comparator]
Newman, C., "Internet Application Protocol Collation Newman, C., "Internet Application Protocol Collation
Registry", draft-newman-i18n-comparator-11 (work in Registry", draft-newman-i18n-comparator-12 (work in
progress), May 2006. progress), June 2006.
[RFC3685] Daboo, C., "SIEVE Email Filtering: Spamtest and VirusTest [RFC3685] Daboo, C., "SIEVE Email Filtering: Spamtest and VirusTest
Extensions", RFC 3685, February 2004. Extensions", RFC 3685, February 2004.
Appendix A. Acknowledgments Appendix A. Acknowledgments
Thanks to Mark E. Mallett, Tony Hansen, Jutta Degener, Ned Freed, Thanks to Mark E. Mallett, Tony Hansen, Jutta Degener, Ned Freed,
Ashish Gawarikar, Alexey Melnikov and Nigel Swinson for comments and Ashish Gawarikar, Alexey Melnikov and Nigel Swinson for comments and
corrections. corrections.
 End of changes. 22 change blocks. 
23 lines changed or deleted 47 lines changed or added

This html diff was produced by rfcdiff 1.32. The latest version is available from http://www.levkowetz.com/ietf/tools/rfcdiff/