(1)
This is the first extension to introduce an action command with match
arguments (match type and comparator), apart perhaps from the "denotify"
command of the long-deprecated notify extension. Some match types such
as ":matches" introduce the side-effect of setting match variables when
the variables extension is active (RFC 5229; Section 3.2). So, my
question is: can deleteheader action of the editheader extension affect
match variables or is that supposed to be disabled much like the body test?
I don't see why not. Our implementation certainly does.
Intuitively, I would think it is supposed to be disabled, i.e. I feel no
action command should influence match variables.
My intuitation says exactly the opposite. And more to the point, the
specifications seem very clear that :matches combined with variables sets match
variables. It doesn't say only :matches in a test combined with variables set
match variables AFAIK.
Also, it is not really
possible to short-circuit the 'test' as required in RFC 5229 Section
3.2, because all matching headers must be deleted and thus matching
continues.
Short-circuiting simply means you're supposed to stop as soon as possible and
retain the last match. It's a moot statement when there's no stopping
condition as with deleteheader, so I see no real conflict.
(2)
If I understand the specification correctly, users can use the
editheader extension to (accidentally) create invalid IMAIL (now RFC
5322, was RFC 2822) messages.
It can also be done intentionally. And there can be good reasons for doing so.
Sieves are typically applied around the time of final delivery to the store,
and all kinds of odd things hang off of message stores.
And in point of fact, this is actually permitted by the relevant standards:
Criteria for what's legal in a message store message are a lot more lax than
RFC 5322 specifies.
Some header fields defined in the IMAIL
specification have a restricted number of occurrences and some have a
specific well-defined structure. The editheader specification does not
require, recommend, nor mention keeping the message a valid RFC2822
message. The only syntactic restriction I see is the requirement that
the field value complies with the "unstructured" nonterminal syntax from
IMAIL. It is allowed to silently refuse certain modifications (e.g.
deleting Received headers), but I would have expected some
recommendations in this respect.
I wouldn't and would oppose their addition. In fact in hindsight I think the
MUST NOT allow deletion of Received: fields is actually a mistake. (Yes, I know
it can be used to break loop detection, but it also can be used to work around
bogus loop checks which, like it or not, do happen from time to time.)
For example, is it wise to allow adding
a second 'Subject:' header, or to allow setting the 'Date:' header to
some syntactically incorrect nonsense?
The problem is figuring out where the boundary between what you should allow
and what you shouldn't is nearly impossible to specify. And even if were,
there's an even bigger problem: A series of editheader actions may at some
intermediate point leave the header in an "illegal" condition that subsequent
actions fix up. So if you want to try and prevent generation of "illegal"
headers you have to look at the sum of the actions. Good luck with that.
More complex examples would
include the requirement for a 'Sender:' header when more than one
'From:' mailbox is specified.
A condition that could easily arise as an intermediate step in editing.
Syntax problems can be handled the same as deleting a restricted header
(silently ignore), however, enforcing the uniqueness (and presence) of
certain headers is a bit more complicated. Bluntly refusing addheader
when the header already exists makes modifying such headers impossible,
especially when deleting the header first would not be allowed (e.g. for
'Date:'; it is unique AND required). Implicitly deleting the previous
occurrence of such headers during addheader would be an option, but is
that a good idea?
No, for the reasons I've given.
Or am I just exaggerating this problem?
Yes, I'd have to say that you are.
Ned
_______________________________________________
sieve mailing list
sieve(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/sieve