7Internet Engineering Task Force (IETF) C. Daboo
8Request for Comments: 6609 Apple, Inc.
9Category: Standards Track A. Stone
10ISSN: 2070-1721 Serendipity
14 Sieve Email Filtering: Include Extension
18 The Sieve Email Filtering "include" extension permits users to
19 include one Sieve script inside another. This can make managing
20 large scripts or multiple sets of scripts much easier, and allows a
21 site and its users to build up libraries of scripts. Users are able
22 to include their own personal scripts or site-wide scripts.
26 This is an Internet Standards Track document.
28 This document is a product of the Internet Engineering Task Force
29 (IETF). It represents the consensus of the IETF community. It has
30 received public review and has been approved for publication by the
31 Internet Engineering Steering Group (IESG). Further information on
32 Internet Standards is available in Section 2 of RFC 5741.
34 Information about the current status of this document, any errata,
35 and how to provide feedback on it may be obtained at
36 http://www.rfc-editor.org/info/rfc6609.
40 Copyright (c) 2012 IETF Trust and the persons identified as the
41 document authors. All rights reserved.
43 This document is subject to BCP 78 and the IETF Trust's Legal
44 Provisions Relating to IETF Documents
45 (http://trustee.ietf.org/license-info) in effect on the date of
46 publication of this document. Please review these documents
47 carefully, as they describe your rights and restrictions with respect
48 to this document. Code Components extracted from this document must
49 include Simplified BSD License text as described in Section 4.e of
50 the Trust Legal Provisions and are provided without warranty as
51 described in the Simplified BSD License.
58Daboo & Stone Standards Track [Page 1]
60RFC 6609 Sieve Extension: Include May 2012
65 1. Introduction and Overview .......................................2
66 2. Conventions Used in This Document ...............................2
67 3. Include Extension ...............................................3
68 3.1. General Considerations .....................................3
69 3.2. Control Structure "include" ................................4
70 3.3. Control Structure "return" .................................7
71 3.4. Interaction with the "variables" Extension .................8
72 3.4.1. Control Structure "global" ..........................8
73 3.4.2. Variables Namespace global .........................10
74 3.5. Interaction with Other Extensions .........................11
75 4. Security Considerations ........................................12
76 5. IANA Considerations ............................................12
77 6. References .....................................................13
78 6.1. Normative References ......................................13
79 6.2. Informative References ....................................13
80 Appendix A. Acknowledgments .......................................14
821. Introduction and Overview
84 It's convenient to be able to break Sieve [RFC5228] scripts down into
85 smaller components that can be reused in a variety of different
86 circumstances. For example, users may want to have a default script
87 and a special 'vacation' script, the latter being activated when the
88 user goes on vacation. In that case, the default actions should
89 continue to be run, but a vacation command should be executed first.
90 One option is to edit the default script to add or remove the
91 vacation command as needed. Another is to have a vacation script
92 that simply has a vacation command and then includes the default
95 This document defines the Sieve Email Filtering "include" extension,
96 which permits users to include one Sieve script inside another.
982. Conventions Used in This Document
100 The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
101 "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
102 document are to be interpreted as described in [RFC2119].
104 Conventions for notations are as in Sieve [RFC5228], Section 1.1.
114Daboo & Stone Standards Track [Page 2]
116RFC 6609 Sieve Extension: Include May 2012
119 The following key phrases are used to describe scripts and script
123 a valid Sieve script.
126 an instance of a Sieve interpreter invoked for a given message
127 delivery, starting with the user's active script and continuing
128 through any included scripts until the final disposition of the
129 message (e.g., delivered, forwarded, discarded, rejected, etc.).
132 the individual Sieve script file being executed.
135 the individual Sieve script file that had an include statement
136 that included the immediate script.
1403.1. General Considerations
142 Sieve implementations that implement the "include", "return", and
143 "global" commands described below have an identifier of "include" for
144 use with the capability mechanism. If any of the "include",
145 "return", or "global" commands are used in a script, the "include"
146 capability MUST be listed in the "require" statement in that script.
148 Sieve implementations need to track the use of actions in included
149 scripts so that implicit "keep" behavior can be properly determined
150 based on whether any actions have executed in any script.
152 Sieve implementations are allowed to limit the total number of nested
153 included scripts, but MUST provide for a total of at least three
154 levels of nested scripts including the top-level script. An error
155 MUST be generated either when the script is uploaded to the Sieve
156 repository, or when the script is executed, if any nesting limit is
157 exceeded. If such an error is detected whilst processing a Sieve
158 script, an implicit "keep" action MUST be executed to prevent loss of
161 Sieve implementations MUST NOT allow recursive script inclusion.
162 Both direct recursion, where script A includes script A (itself), and
163 indirect recursion, where script A includes script B which includes
164 script A once again, are prohibited.
170Daboo & Stone Standards Track [Page 3]
172RFC 6609 Sieve Extension: Include May 2012
175 Sieve implementations MUST generate an error at execution time if an
176 included script is a recursive inclusion. Implementations MUST NOT
177 generate errors for recursive includes at upload time, as this would
178 force an upload ordering requirement upon script authors and
181 Sieve implementations MUST generate an error at execution time if an
182 included script does not exist, except when the ":optional" parameter
183 is specified. Implementations MUST NOT generate errors for scripts
184 missing at upload time, as this would force an upload ordering
185 requirement upon script authors and generators.
187 If the Sieve "variables" extension [RFC5229] is present, an issue
188 arises with the "scope" of variables defined in scripts that may
189 include each other. For example, if a script defines the variable
190 "${status}" with one particular meaning or usage, and another defines
191 "${status}" with a different meaning, then if one script includes the
192 other there is an issue as to which "${status}" is being referenced.
193 To solve this problem, Sieve implementations MUST follow the scoping
194 rules defined in Section 3.4 and support the "global" command defined
1973.2. Control Structure "include"
199 Usage: include [LOCATION] [":once"] [":optional"] <value: string>
201 LOCATION = ":personal" / ":global"
203 The "include" command takes an optional "location" parameter, an
204 optional ":once" parameter, an optional ":optional" parameter, and a
205 single string argument representing the name of the script to include
206 for processing at that point. Implementations MUST restrict script
207 names according to ManageSieve [RFC5804], Section 1.6. The script
208 name argument MUST be a constant string as defined in [RFC5229],
209 Section 3; implementations MUST NOT expand variables in the script
212 The "location" parameter MUST default to ":personal" if not
213 specified. The "location" parameter MUST NOT be specified more than
214 once. The "location" has the following meanings:
217 Indicates that the named script is stored in the user's own
218 personal (private) Sieve repository.
221 Indicates that the named script is stored in a site-wide Sieve
222 repository, accessible to all users of the Sieve system.
226Daboo & Stone Standards Track [Page 4]
228RFC 6609 Sieve Extension: Include May 2012
231 The ":once" parameter tells the interpreter only to include the named
232 script if it has not already been included at any other point during
233 script execution. If the script has already been included,
234 processing continues immediately following the "include" command.
235 Implementations MUST NOT generate an error if an "include :once"
236 command names a script whose inclusion would be recursive; in this
237 case, the script MUST be considered previously included, and
238 therefore "include :once" will not include it again.
240 Note: It is RECOMMENDED that script authors and generators use the
241 ":once" parameter only when including a script that performs general
242 duties such as declaring global variables and making sanity checks of
245 The ":optional" parameter indicates that the script may be missing.
246 Ordinarily, an implementation MUST generate an error during execution
247 if an "include" command specifies a script that does not exist. When
248 ":optional" is specified, implementations MUST NOT generate an error
249 for a missing script, and MUST continue as if the "include" command
250 had not been present.
252 The included script MUST be a valid Sieve script. Implementations
253 MUST validate that each script has its own "require" statements for
254 all optional capabilities used by that script. The scope of a
255 "require" statement is the script in which it immediately appears,
256 and neither inherits nor passes on capabilities to other scripts
257 during the course of execution.
259 A "stop" command in an included script MUST stop all script
260 processing, including the processing of the scripts that include the
261 immediate one. The "return" command (described below) stops
262 processing of the immediate script only, and allows the scripts that
263 include it to continue.
265 The "include" command MAY appear anywhere in a script where a control
266 structure is legal, and MAY be used within another control structure,
282Daboo & Stone Standards Track [Page 5]
284RFC 6609 Sieve Extension: Include May 2012
289 The user has four scripts stored in their personal repository:
293 This is the default active script that includes several others.
297 include :personal "always_allow";
298 include :global "spam_tests";
299 include :personal "spam_tests";
300 include :personal "mailing_lists";
302 Personal script "always_allow"
304 This script special-cases some correspondent email addresses and
305 makes sure any message containing those addresses is always kept.
307 if address :is "from" "boss@example.com"
311 elsif address :is "from" "ceo@example.com"
316 Personal script "spam_tests" (uses "reject" [RFC5429])
318 This script does some user-specific spam tests to catch spam
319 messages not caught by the site-wide spam tests.
323 if header :contains "Subject" "XXXX"
325 reject "Subject XXXX is unacceptable.";
327 elsif address :is "from" "money@example.com"
329 reject "Mail from this sender is unwelcome.";
338Daboo & Stone Standards Track [Page 6]
340RFC 6609 Sieve Extension: Include May 2012
343 Personal script "mailing_lists"
345 This script looks for messages from different mailing lists and
346 files each into a mailbox specific to the mailing list.
348 require ["fileinto"];
350 if header :is "List-ID" "sieve.ietf.org"
352 fileinto "lists.sieve";
354 elsif header :is "List-ID" "ietf-imapext.imc.org"
356 fileinto "lists.imapext";
359 There is one script stored in the global repository:
361 Site script "spam_tests" (uses "reject" [RFC5429])
363 This script does some site-wide spam tests that any user at the
364 site can include in their own scripts at a suitable point. The
365 script content is kept up to date by the site administrator.
369 if anyof (header :contains "Subject" "$$",
370 header :contains "Subject" "Make money")
372 reject "No thank you.";
3753.3. Control Structure "return"
379 The "return" command stops processing of the immediately included
380 script only and returns processing control to the script that
381 includes it. If used in the main script (i.e., not in an included
382 script), it has the same effect as the "stop" command, including the
383 appropriate "keep" action if no other actions have been executed up
394Daboo & Stone Standards Track [Page 7]
396RFC 6609 Sieve Extension: Include May 2012
3993.4. Interaction with the "variables" Extension
401 In order to avoid problems of variables in an included script
402 "overwriting" those from the script that includes it, this
403 specification requires that all variables defined in a script MUST be
404 kept "private" to the immediate script by default -- that is, they
405 are not "visible" to other scripts. This ensures that two script
406 authors cannot inadvertently cause problems by choosing the same name
409 However, sometimes there is a need to make a variable defined in one
410 script available to others. This specification defines the new
411 command "global" to declare that a variable is shared among scripts.
412 Effectively, two namespaces are defined: one local to the immediate
413 script, and another shared among all scripts. Implementations MUST
414 allow a non-global variable to have the same name as a global
415 variable but have no interaction between them.
4173.4.1. Control Structure "global"
419 Usage: global <value: string-list>
421 The "global" command accepts a string list argument that defines one
422 or more names of variables to be stored in the global variable space.
423 Each name MUST be a constant string and conform to the syntax of
424 variable-name as defined in the "variables" extension document
425 [RFC5229], Section 3. Match variables cannot be specified, and
426 namespace prefixes are not allowed. An invalid name MUST be detected
429 The "global" command is only available when the script has both
430 "include" and "variables" in its require line. If the "global"
431 command appears when only "include" or only "variables" has been
432 required, an error MUST be generated when the script is uploaded.
434 If a "global" command is given the name of a variable that has
435 previously been defined in the immediate script with "set", an error
436 MUST be generated either when the script is uploaded or at execution
439 If a "global" command lists a variable that has not been defined in
440 the "global" namespace, the name of the variable is now marked as
441 global, and any subsequent "set" command will set the value of the
442 variable in global scope.
450Daboo & Stone Standards Track [Page 8]
452RFC 6609 Sieve Extension: Include May 2012
455 A variable has global scope in all scripts that have declared it with
456 the "global" command. If a script uses that variable name without
457 declaring it global, the name specifies a separate, non-global
458 variable within that script.
460 Interpretation of a string containing a variable marked as global,
461 but without any value set, SHALL behave as any other access to an
462 unknown variable, as specified in the "variables" extension document
463 [RFC5229], Section 3 (i.e., evaluates to an empty string).
469 The included script may contain repetitive code that is
470 effectively a subroutine that can be factored out. In this
471 script, the test that matches last will leave its value in the
472 test_mailbox variable, and the top-level script will file the
473 message into that mailbox. If no tests matched, the message will
474 be implicitly kept in the INBOX.
476 require ["fileinto", "include", "variables", "relational"];
478 global "test_mailbox";
481 include "subject_tests";
483 set "test" "Make money";
484 include "subject_tests";
486 if string :count "eq" "${test_mailbox}" "1"
488 fileinto "${test_mailbox}";
506Daboo & Stone Standards Track [Page 9]
508RFC 6609 Sieve Extension: Include May 2012
511 Personal script "subject_tests"
513 This script performs a number of tests against the message, sets
514 the global test_mailbox variable with a folder to file the message
515 into, and then falls back to the top-level script.
518 require ["include", "variables"];
519 global ["test", "test_mailbox"];
521 if header :contains "Subject" "${test}"
523 set "test_mailbox" "spam-${test}";
5263.4.2. Variables Namespace global
528 In addition to the "global" command, this document defines the
529 variables namespace "global", in accordance with the "variables"
530 extension document [RFC5229], Section 3. The "global" namespace has
531 no sub-namespaces (e.g., 'set "global.data.from" "me@example.com";'
532 is not allowed). The variable-name part MUST be a valid identifier
533 (e.g., 'set "global.12" "value";' is not valid because "12" is not a
536 Note that the "variables" extension document [RFC5229], Section 3
537 suggests that extensions should define a namespace that is the same
538 as its capability string (in this case, "include" rather than
539 "global"). Nevertheless, references to the "global" namespace
540 without a prior require statement for the "include" extension MUST
545 require ["variables", "include"];
547 set "global.i_am_on_vacation" "1";
549 Variables declared global and variables accessed via the "global"
550 namespace MUST each be one and the same. In the following example
551 script, we see the variable "i_am_on_vacation" used in a "global"
552 command, and again with the "global" namespace. Consider these as
553 two syntaxes with identical meaning.
562Daboo & Stone Standards Track [Page 10]
564RFC 6609 Sieve Extension: Include May 2012
569 require ["variables", "include", "vacation"];
570 global "i_am_on_vacation";
572 set "global.i_am_on_vacation" "1";
574 if string :is "${i_am_on_vacation}" "1"
576 vacation "It's true, I am on vacation.";
5793.5. Interaction with Other Extensions
581 When "include" is used with the "editheader" extension [RFC5293], any
582 changes made to headers in a script MUST be propagated both to and
583 from included scripts. By way of example, if a script deletes one
584 header and adds another, then includes a second script, the included
585 script MUST NOT see the removed header, and MUST see the added
586 header. Likewise, if the included script adds or removes a header,
587 upon returning to the including script, subsequent actions MUST see
588 the added headers and MUST NOT see the removed headers.
590 When "include" is used with the MIME extension [RFC5703]
591 "foreverypart" control structure, the included script MUST be
592 presented with the current MIME part as though it were the entire
593 message. A script SHALL NOT have any special control over the
594 control structure it was included from. The "break" command in an
595 included script is not valid on its own and may not terminate a
596 "foreverypart" iteration in another script. The included script can
597 use "return" to transfer control back to the including script. A
598 global variable can be used to convey results to the including
599 script. A "stop" in an included script, even within a "foreverypart"
600 loop, still halts all script execution, per Section 3.2.
602 When "include" is used with the "reject" extension [RFC5429], calling
603 "reject" or "ereject" at any time sets the reject action on the
604 message, and continues script execution. Apropos of the MIME
605 extension, if an included script sees only a portion of the message
606 and calls a reject, it is the entire message and not the single MIME
607 part that carries the rejection.
618Daboo & Stone Standards Track [Page 11]
620RFC 6609 Sieve Extension: Include May 2012
6234. Security Considerations
625 Sieve implementations MUST ensure adequate security for the global
626 script repository to prevent unauthorized changes to global scripts.
627 For example, a site policy might enable only certain users with
628 administrative privileges to modify the global scripts. Sites are
629 advised against allowing all users to have write access to the sites'
632 Sieve implementations MUST ensure that script names are checked for
633 validity and proper permissions prior to inclusion, in order to
634 prevent a malicious user from gaining access to files accessible to
635 the mail server software that should not be accessible to the user.
637 Sieve implementations MUST ensure that script names are safe for use
638 with their storage system. An error MUST be generated either when
639 the script is uploaded or at execution time for a script including a
640 name that could be used as a vector to attack the storage system. By
641 way of example, the following include commands should be considered
642 hostile: 'include "./../..//etc/passwd"', 'include "foo$(`rm
645 Beyond these, the "include" extension does not raise any security
646 considerations that are not discussed in the base Sieve [RFC5228]
647 document and the "variables" extension document [RFC5229].
6495. IANA Considerations
651 The following template specifies the IANA registration of the Sieve
652 extension specified in this document:
655 Subject: Registration of new Sieve extension
657 Capability name: include
658 Description: adds the "include" command to execute other Sieve
659 scripts, the "return" action from an included
660 script, and the "global" command and "global"
661 variables namespace to access variables shared
662 among included scripts.
664 Contact address: the Sieve discussion list <sieve@ietf.org>
666 This information has been added to IANA's "Sieve Extensions" registry
667 (http://www.iana.org).
674Daboo & Stone Standards Track [Page 12]
676RFC 6609 Sieve Extension: Include May 2012
6816.1. Normative References
683 [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
684 Requirement Levels", BCP 14, RFC 2119, March 1997.
686 [RFC5228] Guenther, P., Ed., and T. Showalter, Ed., "Sieve: An Email
687 Filtering Language", RFC 5228, January 2008.
689 [RFC5229] Homme, K., "Sieve Email Filtering: Variables Extension",
690 RFC 5229, January 2008.
692 [RFC5804] Melnikov, A., Ed., and T. Martin, "A Protocol for Remotely
693 Managing Sieve Scripts", RFC 5804, July 2010.
6956.2. Informative References
697 [RFC5293] Degener, J. and P. Guenther, "Sieve Email Filtering:
698 Editheader Extension", RFC 5293, August 2008.
700 [RFC5429] Stone, A., Ed., "Sieve Email Filtering: Reject and
701 Extended Reject Extensions", RFC 5429, March 2009.
703 [RFC5703] Hansen, T. and C. Daboo, "Sieve Email Filtering: MIME Part
704 Tests, Iteration, Extraction, Replacement, and Enclosure",
705 RFC 5703, October 2009.
730Daboo & Stone Standards Track [Page 13]
732RFC 6609 Sieve Extension: Include May 2012
735Appendix A. Acknowledgments
737 Thanks to Stephan Bosch, Ned Freed, Arnt Gulbrandsen, Tony Hansen,
738 Kjetil Torgrim Homme, Jeffrey Hutzelman, Barry Leiba, Alexey
739 Melnikov, Ken Murchison, Marc Mutz, and Rob Siemborski, for comments
750 EMail: cyrus@daboo.name
751 URI: http://www.apple.com/
756 1817 California St. #104
757 San Francisco, CA 94109
760 EMail: aaron@serendipity.cx
786Daboo & Stone Standards Track [Page 14]