IETF Logo Mail Archive

Re: Working Group Last Call for draft-ietf-sieve-refuse-reject-00.txt

Matthew Elvey <matthew@elvey.com> Fri, 19 August 2005 16:09 UTC

Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7JG9ROU037716; Fri, 19 Aug 2005 09:09:27 -0700 (PDT) (envelope-from owner-ietf-mta-filters@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j7JG9Rc7037715; Fri, 19 Aug 2005 09:09:27 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-mta-filters@mail.imc.org using -f
Received: from out3.smtp.messagingengine.com (out3.smtp.messagingengine.com [66.111.4.27]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j7JG9QEx037707 for <ietf-mta-filters@imc.org>; Fri, 19 Aug 2005 09:09:26 -0700 (PDT) (envelope-from matthew@elvey.com)
Received: from frontend3.messagingengine.com (frontend3.internal [10.202.2.152]) by frontend1.messagingengine.com (Postfix) with ESMTP id 0452ACC9E5D; Fri, 19 Aug 2005 12:09:24 -0400 (EDT)
X-Sasl-enc: TVsnyRIBKC6yOFlp+uiLQvoT63dKFD37GT1v711xlkON 1124467763
Received: from [192.168.2.98] (adsl-67-123-79-222.dsl.snfc21.pacbell.net [67.123.79.222]) by frontend3.messagingengine.com (Postfix) with ESMTP id 85F561E1; Fri, 19 Aug 2005 12:09:21 -0400 (EDT)
Message-ID: <43060431.2020702@elvey.com>
Date: Fri, 19 Aug 2005 09:09:21 -0700
From: Matthew Elvey <matthew@elvey.com>
User-Agent: Thunderbird 1.0+ (Macintosh/20050811)
MIME-Version: 1.0
To: Alexey Melnikov <alexey.melnikov@isode.com>
CC: "Mark E. Mallett" <mem@mv.mv.com>, IETF MTA Filters List <ietf-mta-filters@imc.org>
Subject: Re: Working Group Last Call for draft-ietf-sieve-refuse-reject-00.txt
References: <FF47B65677F611C47F8FC103@ninevah.cyrusoft.com> <20050818190929.GM21465@osmium.mv.net> <4305B817.9070503@isode.com>
In-Reply-To: <4305B817.9070503@isode.com>
X-Habeas-SWE-1: winter into spring
X-Habeas-SWE-2: brightly anticipated
X-Habeas-SWE-3: like Habeas SWE (tm)
X-Habeas-SWE-4: Copyright 2002 Habeas (tm)
X-Habeas-SWE-5: Sender Warranted Email (SWE) (tm). The sender of this
X-Habeas-SWE-6: email in exchange for a license for this Habeas
X-Habeas-SWE-7: warrant mark warrants that this is a Habeas Compliant
X-Habeas-SWE-8: Message (HCM) and not spam. Please report use of this
X-Habeas-SWE-9: mark in spam to <http://www.habeas.com/report/>.
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Sender: owner-ietf-mta-filters@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-mta-filters/mail-archive/>
List-ID: <ietf-mta-filters.imc.org>
List-Unsubscribe: <mailto:ietf-mta-filters-request@imc.org?body=unsubscribe>

FYI: Alexey and I are discussing the hurdles to merging refuse and 
reject and other options and will post about this anon.

On 8/19/05 3:44 AM, Alexey Melnikov sent forth electrons to convey:
>
> Mark E. Mallett wrote:
> .......
>> So it's really "when more than one RCPT TO has been
>> accepted" instead of "when a message has multiple valid recipients."
>> (picky, I know.)
>>  
>>
> That is exactly what Matthew and I were trying to say, but your 
> suggested text is much clearer. Thanks.
Right.
>
>>> 4.2  "reject" compatibility with other actions
>>>   
>>>   Implementations MUST prohibit more than one reject in a SIEVE
>>>   script.
>>>   
>>
>> must prohibit "the execution of..."  (certainly more than one reject can
>> appear in a script).
>>  
>>
> Yes. Fixed.
:)
>
>>> 5.1  Action refuse
>>>   
>>>   The "refuse" action refuses delivery of a message by sending back
>>>   the 550 SMTP response code to an SMTP client.
>>>
>>>   This extension can be only supported by a Sieve implementation
>>>   running in an MTA.
>>>   
>>   The way this is worded, an implementation that communicates with an 
>> MTA
>> via LMTP (or any other protocol or mechanism, for that matter) is
>> prohibited from using "refuse."  There are multiple ways that an MDA may
>> be invoked by an MTA during the SMTP dialog, where refusal can be
>> communicated back to the SMTP client.  The MTA itself isn't necessarily
>> (and probably isn't likely to be) running the Sieve script itself.
>>  
>>
> The current copy we are editing says "running in an MTA or MDA". Does 
> this address your concern?
> The intent was certainly to allow for MDA.
>
> Regarding MTA/MDA executing Sieve directly versa an external process 
> MTA/MDA is talking to: I certainly would want to allow for both, as 
> this is an implementation detail. So do you think "running in an MTA 
> or MDA" can be interpreted to mean that an external process is not 
> allowed?
> How should we make the clear?
I think we may need to refer to the fact that what we're concerned about 
is that if there's an SMTP connection over the open Internet, it is the 
one where we require the rejection to take place.  I'm not sure how to 
word that. Maybe that's the right wording to use. Maybe
http://www.ietf.org/internet-drafts/draft-crocker-email-arch-04.txt has 
better terms for this.  It's an SMTP connection between Edge MTAs of 
different AUs?   Perhaps Dave Crocker would provide advice on good 
wording, using his draft.
>
>> And actually I am not sure that LMTP needs to be mentioned in the
>> document at all, other than as an example of one of the ways that an MTA
>> and an MDA might communicate during the SMTP dialog.  The important 
>> thing
>> is that the Sieve script is being run at SMTP time and its results are
>> somehow used by the MTA to respond to the SMTP client.
>>  
>>
> I actually disagree. The sieve engine I am working on runs in LMTP 
> server, it is the one that has to implement refuse.
>
>>    This extension can only be supported by a Sieve implementation
>>    that is invoked on behalf of the MTA during SMTP time, and that
>>    can communicate its results to the MTA which can then return a
>>    status to the SMTP client.
Getting there.
How' bout
  This extension can only be supported by a Sieve implementation
   that is invoked on behalf of the MTA during SMTP time, and that
   can communicate its results to the MTA which can then return a
   status to the SMTP client on the other side of every SMTP connection 
over the open Internet over which mail is received.


"on the other side of every SMTP connection over the open Internet" is 
intended to make clear that the 550 goes to the generally distant, 
untrusted client.

 "over which mail is received." is there just so that we aren't 
inadvertently disallowing the blocking of  connections (e.g. from known 
bad actors) before Sieve sees them.
>>
>> Another somewhat thorny point is that a Sieve script may be invoked at
>> the time when the SMTP server sees the "RCPT TO" so that the refusal may
>> be communicated to the SMTP client at that time (before DATA).  At this
>> stage, various Sieve facilities (e.g. header tests, fileinto, keep) are
>> not available.  I don't know whether this has to be mentioned in this
>> draft, but once you have "refuse" capability, this does come into play.
>>  
>>
> Running Sieve scripts before message headers/body are available is 
> certainly possible and not prohibited by the draft.
> However I think this is somewhat outside the scope for the document, 
> as this is effectively a different Sieve profile.
>
>>
>>  <snip>
>>
> Both fixed, thanks.
>
Yeah, thanks.  :)

v2.29.0 | Report a Bug | By Email | System Status