ietf-mta-filters
[Top] [All Lists]

Re: sieve/managesieve/time and ACL

2006-05-13 13:00:01

Ned Freed writes, answering me:
I believe that managesieve, as well as pretty much every other piece of software, should perform all the sanity checks it easily can. If putscript can easily check more than just syntax, it should.

Again, this check seems like it forces an unnecessary ordering on how users set things up. I don't think that's a good idea.

I agree with you in general, or so I think, but this is a fairly extreme case. If you're uploading a sieve script that runs fileinto on someone else's mailbox, I don't think it's unreasonable to make that someone grant permission first.

A more regular case, such as fileinto a nonexistent mailbox in the user's own mailbox subtree, is different IMO. It's conveivable that the MUA issues PUTSCRIPT first, then uses IMAP to CREATE the necessary mailbox(es) if PUTSCRIPT goes through. It's also reasonable that the mailbox is created on delivery.

But the extreme case is different: It's difficult to conceive of an MUA that does PUTSCRIPT, then logs in via IMAP as a different user and does SETACL to grant permission.

I think that this applies to all circumstances which ensure that the sieve cannot work as specified if made active now and which cannot be corrected by the user within the system. Possible candiates (many of which are hard to test):
1. redirect to a nonexistent domain
2. redirect to a nonexistent local address
3. fileinto a mailbox with a name that the local software does not support
4. fileinto a mailbox to which the user does not have the insert right and to which the user cannot himself grant the insert right 5. fileinto a mailbox which does not exist and which cannot be created by the user

If the managesieve draft ends up mentioning checks on anything other than pure syntax, then I think no. 3 above is a good example.

Yes (in a more general form, ideally).

In any case, some discussion of how to handle error conditions that creep in between sieve evaluation and execution of the resulting actions would be fine.

Do you mean evaluation by managesieve during putscript, or evaluation by the sieve processor when a message is received? I agree in either case.

Arnt

<Prev in Thread] Current Thread [Next in Thread>