I think there is more than one problem in this area, so I will try to
summarize a list of issues (all section #s are for the RFC 3028). Please
feel free to correct me and add more issues to the list:
1). In section "2.10.2. Implicit Keep"
> An implicit keep is performed if a message is not written to a
> mailbox, redirected to a new address, or explicitly thrown out. That
> is, if a fileinto, a keep, a redirect, or a discard is performed, an
> implicit keep is not.
"reject" should be added to the list.
2). Section "2.10.4. Limits on Numbers of Actions" states:
> Implementations SHOULD prohibit reject when used with other actions.
It would be nice if this is mentioned where "reject" is described (i.e.
in section 4.1.)
3). Need to state that "reject" and "discard" are incompatible.
4). In section "10. Security Considerations":
> It is equally important that implementations sanity-check the user's
> scripts, and not allow users to create on-demand mailbombs. For
> instance, an implementation that allows a user to reject or redirect
> multiple times to a single message
Section 2.10.4 says:
Implementations MUST prohibit more than one reject.
So "more than one reject" is illegal.
> might also allow a user to create
> a mailbomb triggered by mail from a specific user. Site- or
> implementation-defined limits on actions are useful for this.
5). Ok, that might be obvious, but I want the document to be explicit on
this: if an implementation allows for multiple fileinto/redirect for the
same input message, than the document should state that all
fileinto/redirect should be honored, not the last executed one.
Also a clarification that redirect and fileinto are compatible, might be
a good idea.