Network Working Group C. Daboo
Request for Comments: 3685 Cyrusoft International, Inc.
Category: Standards Track February 2004
Network Working Group C. Daboo
Request for Comments: 3685 Cyrusoft International, Inc.
Category: Standards Track February 2004
SIEVE Email Filtering: Spamtest and VirusTest Extensions
筛选电子邮件过滤:Spamtest和VirusTest扩展
Status of this Memo
本备忘录的状况
This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.
本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
Abstract
摘要
The SIEVE mail filtering language "spamtest" and "virustest" extensions permit users to use simple, portable commands for spam and virus tests on email messages. Each extension provides a new test using matches against numeric 'scores'. It is the responsibility of the underlying SIEVE implementation to do the actual checks that result in values returned by the tests.
SIEVE邮件过滤语言“spamtest”和“virustest”扩展允许用户使用简单、可移植的命令对电子邮件进行垃圾邮件和病毒测试。每个扩展都提供一个新的测试,使用与数字“分数”的匹配。底层的SIEVE实现负责进行实际检查,从而得到测试返回的值。
Table of Contents
目录
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 2
2. SIEVE Extensions . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. General Considerations . . . . . . . . . . . . . . . . . 3
2.2. Test spamtest. . . . . . . . . . . . . . . . . . . . . . 3
2.3. Test virustest . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4.1. spamtest registration. . . . . . . . . . . . . . . . . . 6
4.2. virustest registration . . . . . . . . . . . . . . . . . 6
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Normative References . . . . . . . . . . . . . . . . . . 7
5.2. Informative References . . . . . . . . . . . . . . . . . 7
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7
7. Intellectual Property Rights Statement . . . . . . . . . . . . 7
8. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
9. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 9
1. Introduction and Overview . . . . . . . . . . . . . . . . . . 2
2. SIEVE Extensions . . . . . . . . . . . . . . . . . . . . . . . 3
2.1. General Considerations . . . . . . . . . . . . . . . . . 3
2.2. Test spamtest. . . . . . . . . . . . . . . . . . . . . . 3
2.3. Test virustest . . . . . . . . . . . . . . . . . . . . . 4
3. Security Considerations . . . . . . . . . . . . . . . . . . . 5
4. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 6
4.1. spamtest registration. . . . . . . . . . . . . . . . . . 6
4.2. virustest registration . . . . . . . . . . . . . . . . . 6
5. References . . . . . . . . . . . . . . . . . . . . . . . . . . 7
5.1. Normative References . . . . . . . . . . . . . . . . . . 7
5.2. Informative References . . . . . . . . . . . . . . . . . 7
6. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 7
7. Intellectual Property Rights Statement . . . . . . . . . . . . 7
8. Author's Address . . . . . . . . . . . . . . . . . . . . . . . 8
9. Full Copyright Statement . . . . . . . . . . . . . . . . . . . 9
SIEVE scripts are frequently being used to do spam and virus filtering based on either implicit script tests (e.g., tests for 'black-listed' senders directly encoded in the SIEVE script), or via testing messages modified by some external spam or virus checker that handled the message prior to SIEVE. The use of third-party spam and virus checker tools poses a problem since each tool has its own way of indicating the result of its checks. These usually take the form of a header added to the message, the content of which indicates the status using some syntax defined by the particular tool. Each user has to then create their own SIEVE scripts to match the contents of these headers to do filtering. This requires the script to stay in synchronization with the third party tool as it gets updated or perhaps replaced with another. Thus scripts become tied to specific environments, and lose portability.
筛脚本经常被用于基于隐式脚本测试(例如,对筛脚本中直接编码的“黑名单”发件人的测试)或通过测试在筛前处理邮件的某些外部垃圾邮件或病毒检查器修改的邮件来进行垃圾邮件和病毒过滤。使用第三方垃圾邮件和病毒检查工具会带来一个问题,因为每个工具都有自己的方式来指示其检查结果。它们通常采用添加到消息中的头的形式,头的内容使用特定工具定义的某些语法指示状态。然后,每个用户都必须创建自己的筛选脚本,以匹配这些标题的内容来进行筛选。这要求脚本在更新或可能被另一个工具替换时与第三方工具保持同步。因此,脚本与特定环境绑定,并失去可移植性。
The purpose of this document is to introduce two SIEVE tests that can be used to implement 'generic' tests for spam and viruses in messages processed via SIEVE scripts. These tests return a string containing a range of numeric values that indicate the severity of spam or viruses in a message, or a string that indicates the message has not passed through any spam or virus checking tools. The spam and virus checks themselves are handled by the underlying SIEVE implementation in whatever manner is appropriate, and the implementation maps the results of these checks into the numeric ranges defined by the new tests. Thus a SIEVE implementation can have a spam test that implicitly checks for third-party spam tool headers and determines how those map into the spamtest numeric range.
本文档的目的是介绍两种筛选测试,可用于对通过筛选脚本处理的邮件中的垃圾邮件和病毒实施“通用”测试。这些测试返回一个字符串,该字符串包含一系列数字值,指示邮件中垃圾邮件或病毒的严重性,或者返回一个字符串,指示邮件未通过任何垃圾邮件或病毒检查工具。垃圾邮件和病毒检查本身由底层的SIEVE实现以任何适当的方式进行处理,该实现将这些检查的结果映射到新测试定义的数字范围。因此,SIEVE实现可以有一个垃圾邮件测试,隐式地检查第三方垃圾邮件工具头,并确定这些工具头如何映射到spamtest数值范围。
In order to do numeric comparisons against the returned strings, server implementations MUST also support the SIEVE relational [RELATIONAL] extension, in addition to the extensions described here. All examples below assume the relational extension is present.
为了对返回的字符串进行数字比较,除了这里描述的扩展之外,服务器实现还必须支持SIEVE-relational[relational]扩展。下面的所有示例都假定存在关系扩展。
Conventions for notations are as in [SIEVE] section 1.1, including use of [KEYWORDS].
符号惯例如[SIFE]第1.1节所述,包括使用[关键词]。
The term 'spam' is used in this document to refer to unsolicited or unwanted email messages. This document does not attempt to define what exactly constitutes spam, or how it should be identified, or what actions should be taken when detected.
本文档中的术语“垃圾邮件”指未经请求或不需要的电子邮件。本文档不试图定义垃圾邮件的确切构成,也不试图定义应如何识别垃圾邮件,或者在检测到垃圾邮件时应采取的措施。
The term 'virus' is used in this document to refer to any type of message whose content can cause malicious damage. This document does not attempt to define what exactly constitutes a virus, or how it should be identified, or what actions should be taken when detected.
本文档中的术语“病毒”用于指其内容可能造成恶意损害的任何类型的邮件。本文档不试图定义病毒的确切构成,或如何识别病毒,或在检测到病毒时应采取的措施。
The "spamtest" and "virustest" tests described below both return a string that starts with a numeric value, followed by an optional space (%x20) character and optional arbitrary text. The numeric value can be compared to specific values using the SIEVE relational [RELATIONAL] extension in conjunction with the "i;ascii-numeric" comparator [ACAP], which will test for the presence of a numeric value at the start of the string, ignoring any additional text in the string. The additional text can be used to carry implementation specific details about the tests performed and descriptive comments about the result. Tests can be done using standard string comparators against this text if it helps to refine behavior, however this will break portability of the script as the text will likely be specific to a particular implementation.
下面描述的“spamtest”和“virustest”测试都返回一个以数值开头的字符串,后跟可选空格(%x20)字符和可选的任意文本。可使用筛网关系[relational]扩展和“i;ascii数字”比较器[ACAP]将数值与特定值进行比较,该比较器将测试字符串开头是否存在数值,忽略字符串中的任何其他文本。附加文本可用于提供有关所执行测试的具体实施细节以及有关结果的描述性注释。如果此文本有助于优化行为,则可以使用标准字符串比较器对其进行测试,但这将破坏脚本的可移植性,因为文本可能特定于特定的实现。
Syntax: spamtest [COMPARATOR] [MATCH-TYPE] <value: string>
Syntax: spamtest [COMPARATOR] [MATCH-TYPE] <value: string>
SIEVE implementations that implement the "spamtest" test have an identifier of "spamtest" for use with the capability mechanism.
实现“spamtest”测试的SIEVE实现有一个标识符“spamtest”,用于能力机制。
The "spamtest" test evaluates to true if the spamtest result matches the value. The type of match is specified by the optional match argument, which defaults to ":is" if not specified.
如果spamtest结果与值匹配,“spamtest”测试的计算结果为true。匹配类型由可选的match参数指定,如果未指定,则默认为“:is”。
The spamtest result is a string starting with a numeric value in the range "0" (zero) through "10", with meanings summarized below:
spamtest结果是一个以“0”(零)到“10”范围内的数值开头的字符串,其含义总结如下:
spamtest interpretation value
spamtest解释值
0 message was not tested for spam 1 message was tested and is clear of spam 2 - 9 message was tested and has a varying likelihood of containing spam in increasing order 10 message was tested and definitely contains spam
0邮件未测试是否存在垃圾邮件1邮件已测试且不存在垃圾邮件2-9邮件已测试且包含垃圾邮件的可能性不断增加10邮件已测试且肯定包含垃圾邮件
The underlying SIEVE implementation will map whatever spam check is done into this numeric range, as appropriate.
底层的SIEVE实现将根据需要将垃圾邮件检查映射到这个数字范围。
Examples:
示例:
require ["spamtest", "fileinto", "relational", "comparator-i;ascii-numeric"];
要求[“spamtest”、“fileinto”、“relational”、“comparator-i;ascii数字”];
if spamtest :value "eq" :comparator "i;ascii-numeric" "0"
{
fileinto "INBOX.unclassified";
}
elsif spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
if spamtest :value "eq" :comparator "i;ascii-numeric" "0"
{
fileinto "INBOX.unclassified";
}
elsif spamtest :value "ge" :comparator "i;ascii-numeric" "3"
{
fileinto "INBOX.spam-trap";
}
In this example, any message that has not passed through a spam check tool will be filed into the mailbox "INBOX.unclassified". Any message with a spamtest value greater than or equal to "3" is filed into a mailbox called "INBOX.spam-trap" in the user's mailstore.
在此示例中,任何未通过垃圾邮件检查工具的邮件都将被归档到邮箱“INBOX.unclassified”。spamtest值大于或等于“3”的任何邮件都将归档到用户邮件存储中名为“INBOX.spam trap”的邮箱中。
Syntax: virustest [COMPARATOR] [MATCH-TYPE] <value: string>
Syntax: virustest [COMPARATOR] [MATCH-TYPE] <value: string>
SIEVE implementations that implement the "virustest" test have an identifier of "virustest" for use with the capability mechanism.
实现“virustest”测试的SIEVE实现的标识符为“virustest”,用于能力机制。
The "virustest" test evaluates to true if the virustest result matches the value. The type of match is specified by the optional match argument, which defaults to ":is" if not specified.
如果virustest结果与值匹配,“virustest”测试的计算结果为true。匹配类型由可选的match参数指定,如果未指定,则默认为“:is”。
The virustest result is a string starting with a numeric value in the range "0" (zero) through "5", with meanings summarized below:
virustest结果是以“0”(零)到“5”范围内的数值开头的字符串,其含义总结如下:
virustest interpretation value
最佳解释值
0 message was not tested for viruses 1 message was tested and contains no known viruses 2 message was tested and contained a known virus which was replaced with harmless content 3 message was tested and contained a known virus which was "cured" such that it is now harmless 4 message was tested and possibly contains a known virus 5 message was tested and definitely contains a known virus
0邮件未测试病毒1邮件已测试但不包含已知病毒2邮件已测试并包含已知病毒,该病毒已被无害内容替换3邮件已测试并包含已知病毒,该病毒已“治愈”因此,它现在是无害的。4消息经过测试,可能包含已知病毒。5消息经过测试,肯定包含已知病毒
The underlying SIEVE implementation will map whatever virus checks are done into this numeric range, as appropriate. If the message has not been categorized by any virus checking tools, then the virustest result is "0".
底层的SIEVE实现将根据需要将任何病毒检查映射到该数值范围。如果邮件未被任何病毒检查工具分类,则virustest结果为“0”。
Example:
例子:
require ["virustest", "fileinto", "relational", "comparator-i;ascii-numeric"];
要求[“virustest”、“fileinto”、“relational”、“comparator-i;ascii数字”];
if virustest :value "eq" :comparator "i;ascii-numeric" "0"
{
fileinto "INBOX.unclassified";
}
if virustest :value "eq" :comparator "i;ascii-numeric" "4"
{
fileinto "INBOX.quarantine";
}
elsif virustest :value "eq" :comparator "i;ascii-numeric" "5"
{
discard;
}
if virustest :value "eq" :comparator "i;ascii-numeric" "0"
{
fileinto "INBOX.unclassified";
}
if virustest :value "eq" :comparator "i;ascii-numeric" "4"
{
fileinto "INBOX.quarantine";
}
elsif virustest :value "eq" :comparator "i;ascii-numeric" "5"
{
discard;
}
In this example, any message that has not passed through a virus check tool will be filed into the mailbox "INBOX.unclassified". Any message with a virustest value equal to "4" is filed into a mailbox called "INBOX.quarantine" in the user's mailstore. Any message with a virustest value equal to "5" is discarded (removed) and not delivered to the user's mailstore.
在此示例中,任何未通过病毒检查工具的邮件都将被归档到邮箱“INBOX.unclassified”。virustest值等于“4”的任何邮件都将归档到用户邮件存储中名为“INBOX.quantial”的邮箱中。任何virustest值等于“5”的邮件都将被丢弃(删除),并且不会传递到用户的邮件存储。
SIEVE implementations SHOULD ensure that "spamtest" and "virustest" tests can only occur for messages that have gone through a legitimate spam or virus check process. If such checks rely on the addition of special headers to messages, it is the responsibility of the implementation to ensure that such headers cannot be spoofed by the sender, to prevent the implementation from being tricked into returning the wrong result for the test.
SIEVE实现应确保“spamtest”和“virustest”测试只能对经过合法垃圾邮件或病毒检查过程的邮件进行。如果此类检查依赖于向消息中添加特殊头,则实现有责任确保此类头不会被发送方欺骗,以防止实现被欺骗而返回错误的测试结果。
Server administrators MUST ensure that the virus checking tools are kept up to date, to provide reasonable protection for users using the "virustest" test. Users should be made aware of the fact that the "virustest" test does not provide a 100% reliable way to remove all viruses, and they should continue to exercise caution when dealing with messages of unknown content and origin.
服务器管理员必须确保病毒检查工具保持最新,以便为使用“virustest”测试的用户提供合理的保护。应该让用户意识到,“virustest”测试并不能提供100%可靠的方法来删除所有病毒,在处理未知内容和来源的邮件时,他们应该继续保持谨慎。
Beyond that, the "spamtest" and "virustest" extensions do not raise any security considerations that are not present in the base [SIEVE] protocol, and these issues are discussed in [SIEVE].
除此之外,“spamtest”和“virustest”扩展不会引起基本[SIEVE]协议中不存在的任何安全问题,这些问题将在[SIEVE]中讨论。
The following templates specify the IANA registration of the Sieve extensions specified in this document:
以下模板规定了本文件中规定的筛网扩展的IANA注册:
To: iana@iana.org Subject: Registration of new Sieve extension
致:iana@iana.org主题:新筛网扩展的注册
Capability name: spamtest Capability keyword: spamtest Capability arguments: N/A Standards Track/IESG-approved RFC XXXX: this RFC Person and email address to contact for further information:
能力名称:spamtest能力关键字:spamtest能力参数:不适用标准跟踪/IESG批准的RFC XXXX:此RFC人员和联系的电子邮件地址,以获取更多信息:
Cyrus Daboo Cyrusoft International, Inc. 5001 Baum Blvd., Suite 780, Pittsburgh, PA 15213 U.S.A.
Cyrus Daboo Cyrusoft International,Inc.美国宾夕法尼亚州匹兹堡鲍姆大道5001号780室,邮编15213。
<mailto:daboo@cyrusoft.com>
<mailto:daboo@cyrusoft.com>
This information has been added to the list of sieve extensions given on http://www.iana.org/assignments/sieve-extensions.
此信息已添加到上给出的筛网扩展列表中http://www.iana.org/assignments/sieve-extensions.
To: iana@iana.org Subject: Registration of new Sieve extension
致:iana@iana.org主题:新筛网扩展的注册
Capability name: virustest Capability keyword: virustest Capability arguments: N/A Standards Track/IESG-approved RFC XXXX: this RFC Person and email address to contact for further information:
能力名称:virustest能力关键字:virustest能力参数:N/A Standards Track/IESG approved RFC XXXX:此RFC人员和联系的电子邮件地址以获取更多信息:
Cyrus Daboo Cyrusoft International, Inc. 5001 Baum Blvd., Suite 780, Pittsburgh, PA 15213 U.S.A.
Cyrus Daboo Cyrusoft International,Inc.美国宾夕法尼亚州匹兹堡鲍姆大道5001号780室,邮编15213。
<mailto:daboo@cyrusoft.com>
<mailto:daboo@cyrusoft.com>
This information has been added to the list of sieve extensions given on http://www.iana.org/assignments/sieve-extensions.
此信息已添加到上给出的筛网扩展列表中http://www.iana.org/assignments/sieve-extensions.
[KEYWORDS] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[关键词]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
[RELATIONAL] Segmuller, W., "Sieve Extension: Relational Tests", RFC 3431, December 2002.
[RELATIONAL]Segmuller,W.,“筛网扩展:关系测试”,RFC 34312002年12月。
[SIEVE] Showalter, T., "Sieve: A Mail Filtering Language", RFC 3028, January 2001.
[SIEVE]Showalter,T.,“SIEVE:邮件过滤语言”,RFC30281001年1月。
[ACAP] Newman, C. and J. Myers, "ACAP -- Application Configuration Access Protocol", RFC 2244, November 1997.
[ACAP]Newman,C.和J.Myers,“ACAP——应用程序配置访问协议”,RFC22441997年11月。
Thanks to Tony Hansen, Jutta Degener, Ned Freed, Ashish Gawarikar and Nigel Swinson for comments and corrections.
感谢Tony Hansen、Jutta Degener、Ned Freed、Ashish Gawarikar和Nigel Swinson的评论和更正。
The IETF takes no position regarding the validity or scope of any intellectual property or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; neither does it represent that it has made any effort to identify any such rights. Information on the IETF's procedures with respect to rights in standards-track and standards-related documentation can be found in BCP-11. Copies of claims of rights made available for publication and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementors or users of this specification can be obtained from the IETF Secretariat.
IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何努力来确定任何此类权利。有关IETF在标准跟踪和标准相关文件中权利的程序信息,请参见BCP-11。可从IETF秘书处获得可供发布的权利声明副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果。
The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights which may cover technology that may be required to practice this standard. Please address the information to the IETF Executive Director.
IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涉及实施本标准所需技术的专有权利。请将信息发送给IETF执行董事。
Cyrus Daboo Cyrusoft International, Inc. 5001 Baum Blvd., Suite 780, Pittsburgh, PA 15213 U.S.A.
Cyrus Daboo Cyrusoft International,Inc.美国宾夕法尼亚州匹兹堡鲍姆大道5001号780室,邮编15213。
EMail: daboo@cyrusoft.com
EMail: daboo@cyrusoft.com
Copyright (C) The Internet Society (2004). All Rights Reserved.
版权所有(C)互联网协会(2004年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。
Acknowledgement
确认
Funding for the RFC Editor function is currently provided by the Internet Society.
RFC编辑功能的资金目前由互联网协会提供。