headers
Internet-Drafts | 1 Jul 2003 13:22
Picon
Favicon

I-D ACTION:draft-melnikov-sieve-imapflags-05.txt

A New Internet-Draft is available from the on-line Internet-Drafts directories.

	Title		: Sieve -- IMAP flag Extension
	Author(s)	: A. Melnikov
	Filename	: draft-melnikov-sieve-imapflags-05.txt
	Pages		: 7
	Date		: 2003-6-30
	
Recent discussions have shown that it is desirable to set different
[IMAP] flags on message delivery.  This can be done, for example,
by a Sieve interpreter that works as a part of a Mail Delivery
Agent.
This document describes an extension to the Sieve mail filtering
language for setting [IMAP] flags. The extension allows to set both
[IMAP] system flags and [IMAP] keywords.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-melnikov-sieve-imapflags-05.txt

To remove yourself from the IETF Announcement list, send a message to 
ietf-announce-request with the word unsubscribe in the body of the message.

Internet-Drafts are also available by anonymous FTP. Login with the username
"anonymous" and a password of your e-mail address. After logging in,
type "cd internet-drafts" and then
	"get draft-melnikov-sieve-imapflags-05.txt".

A list of Internet-Drafts directories can be found in
http://www.ietf.org/shadow.html 
or ftp://ftp.ietf.org/ietf/1shadow-sites.txt
(Continue reading)

Permalink | Reply | 2 comments |
headers
Bart Schaefer | 2 Jul 2003 05:50

Re: Quizzic: Spam equivalent to EICAR test virus proposal.


Just for comparison:

SpamAssassin defines what's called the Generic Test for Unsolicited Bulk
Email (GTUBE).  It's defined as a string matching the regular expression

XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X

appearing anywhere in the message body, after decoding and HTML rendering.

(I write the regular expression rather than the string itself so that any
of you running spamassassin won't score this message at 1000 points.)
Permalink | Reply | 4 comments |
headers
Nigel Swinson | 2 Jul 2003 15:11

Re: I-D ACTION:draft-melnikov-sieve-imapflags-05.txt


3.1. Addflag action

- Duplicates are allowed and ignored?  Do we need to specify that we just
ignore them, or should our "list" maintain both entries?  I see in 4 and 6
there is a note about this issue, but perhaps it would help to have a
comment in this section that "duplicate removal" is seen as optional.

3.2 Removeflag Action

- Example contains :globalflags , But :globalflags isn't defined anywhere in
the document.  I remember it from the old revisions, did it get dropped?  If
so this example is now out of date...

- If duplicate removal is "optional", then what happens if we have two
flags, and we are asked to removeflag that flag.  We remove both
occurrences?  Would it perhaps just be easier to say that we MUST do
duplicate removal during addflags?  Both removal of existing duplicates
before we add the new flags, and any new duplicates created after adding the
flags?

- Don't understand what "Multiple occurrences of removeflag are treated
additively." means.  Does that mean multiple removeflag actions are treated
additively, or does it refer to the content of the flags and answer my
previous question about when multiple flags exist with the same name?

10. Extended Example

- Extended example contains a few "add" actions that I think should be
"addflags".
(Continue reading)

Permalink | Reply | 1 comment |
headers
Matthew Elvey (FM | 2 Jul 2003 17:20

GTUBE/Re: Quizzic: Spam equivalent to EICAR test virus proposal.


Bart Schaefer wrote:

>Just for comparison:
>
>SpamAssassin defines what's called the Generic Test for Unsolicited Bulk
>Email (GTUBE).  It's defined as a string matching the regular expression
>
>XJS\*C4JDBQADN1\.NSBN3\*2IDNEN\*GTUBE-STANDARD-ANTI-UBE-TEST-EMAIL\*C\.34X
>
>appearing anywhere in the message body, after decoding and HTML rendering.
>
>(I write the regular expression rather than the string itself so that any
>of you running spamassassin won't score this message at 1000 points.)
>
>  
>
Thanks! So a start has been made. 

http://spamassassin.planetmirror.com/dist/t/data/spam/gtube.eml - a sample.

Matt Sergeant of SpamAssassin posted very relevantly to the ASRG about 
GTUBE in March:
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html+gtube

There were a couple replies that are meritless from Vernon Schryver and 
Kee Hinckley
A valid complaint was  what about antispam systems that aren't content 
filters?
(Continue reading)

Permalink | Reply | 3 comments |
headers
Alexey Melnikov | 3 Jul 2003 00:02
Favicon

Re: I-D ACTION:draft-melnikov-sieve-imapflags-05.txt


Nigel Swinson wrote:

> 3.1. Addflag action
>
> - Duplicates are allowed and ignored?  Do we need to specify that we just
> ignore them, or should our "list" maintain both entries?  I see in 4 and 6
> there is a note about this issue, but perhaps it would help to have a
> comment in this section that "duplicate removal" is seen as optional.

Actually I would like to give implementations freedom of choice.

> 3.2 Removeflag Action
>
> - Example contains :globalflags , But :globalflags isn't defined anywhere in
> the document.  I remember it from the old revisions, did it get dropped?

Yes. Fixed now. Thank you.

> If so this example is now out of date...
>
> - If duplicate removal is "optional", then what happens if we have two
> flags, and we are asked to removeflag that flag.  We remove both
> occurrences?

Yes, that was my indent.

>  Would it perhaps just be easier to say that we MUST do
> duplicate removal during addflags?  Both removal of existing duplicates
> before we add the new flags, and any new duplicates created after adding the
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kjetil Torgrim Homme | 3 Jul 2003 15:33
Picon
Picon

Re: GTUBE/Re: Quizzic: Spam equivalent to EICAR test virus proposal.


[Matthew Elvey (FM)]:
>
>   Matt Sergeant of SpamAssassin posted very relevantly to the ASRG about
>   GTUBE in March:
>   https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html+gtube
>   
>   There were a couple replies that are meritless from Vernon
>   Schryver and Kee Hinckley.  A valid complaint was what about
>   antispam systems that aren't content filters?

that's a bit harsh on Vernon Schryver, his idea of setting up an
auto-responder from a fixed IP-address is exactly what you propose.

>   Enhancement to my scheme to more fully address it: A pseudo-open
>   relay could be established (run by who?)

probably someone academic, for stability topologywise, and also for
IPv6 support.  the problem is that willfully getting your host listed
in RBL is scary.  you never know what people will jump to conclusions
and blacklist your entire B-net.  (perhaps MIT could run it in its own
B-net ;-)

>   that would (attempt to) relay only Quizzic-compliant messages.

might as well leave SMTP out of it.  connect to a port, enter a
recipient address, and the server will connect to the MX of the source
IP.  (make sure the reverse and forward lookup match.)  the message
will be fixed, and therefore not attractive to abuse by spammers.
rate limiting per source IP (no more than 10 messages a day?) will
(Continue reading)

Permalink | Reply | 2 comments |
headers
Matthew Elvey (FM | 3 Jul 2003 19:56

Re: GTUBE/Re: Quizzic: Spam equivalent to EICAR test virus proposal.


Kjetil Torgrim Homme wrote:

>[Matthew Elvey (FM)]:
>  
>
>>  Matt Sergeant of SpamAssassin posted very relevantly to the ASRG about
>>  GTUBE in March:
>>  https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html+gtube
>>
Correction: (take off the +gtube - the URL stopped working with that)

https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01527.html

>>  
>>  There were a couple replies that are meritless from Vernon
>>  Schryver and Kee Hinckley.  A valid complaint was what about
>>  antispam systems that aren't content filters?
>>    
>>
>
>that's a bit harsh on Vernon Schryver, his idea of setting up an
>auto-responder from a fixed IP-address is exactly what you propose.
>
Great. I haven't seen him propose that. I guess I missed it. He's got 
lots of good ideas, just not on that thread, as far as I saw.
Tact and collegiality were missing. My intent was to make others' 
reading of the thread go quicker by echoing what's said at
https://www1.ietf.org/mail-archive/working-groups/asrg/current/msg01678.html 
- he seemed to have misunderstood the purpose.
(Continue reading)

Permalink | Reply | 1 comment |
headers
Kjetil Torgrim Homme | 3 Jul 2003 23:49
Picon
Picon

Re: GTUBE/Re: Quizzic: Spam equivalent to EICAR test virus proposal.


[Matthew Elvey (FM)]:
>
>   Kjetil Torgrim Homme wrote:
>   
>   > might as well leave SMTP out of it.  connect to a port, enter a
>   > recipient address,
>
>   Whatever is easier to implement and use.  A web form would work too.
>   
>   But I think SMTP is probably best.

I'm just worried about the service being abused by spammers.

>   For example, say you want to test a system that scans for spam on
>   the way OUT.

interesting point.

>   You'd set your client's (outoging) smtp server to
>   QuizzicServer.MIT.edu or whatever.  If there's an SMTP proxy run
>   by your system or ISP, this gives it a chance to be shown to work.

running transparent SMTP proxies is not very common, is it?  in any
case, you could use _any_ other e-mail address on the Internet to test
outbound.

>   I also think it's simplest to implement with existing software.

this is where I disagree strongly :-)
(Continue reading)

Permalink | Reply | 0 comments |
headers
Kjetil Torgrim Homme | 3 Jul 2003 17:39
Picon
Picon

Re: changing the address from a redirect of sieve


[hm]:
>
>   I like to know howto change the address when I redirect an email,
>   of course the sender email address is like cyrus <at> host; but I want
>   to have myname <at> specialhost

it's not clear what you want to do, so I'll guess.

Sieve can't currently change the content of an e-mail, so you can only
change the envelope address for the recipient.  Jutta Degener has
however written a draft for an extension to do so.

 <http://www.ietf.org/internet-drafts/draft-degener-sieve-editheader-00.txt>

--

-- 
Kjetil T.			|  read and make up your own mind
				|  http://www.cactus48.com/truth.html
Permalink | Reply | 0 comments |
headers
hm | 5 Jul 2003 14:59
Picon

Protocol GRE(47)-packets are blocked from outside

Hi,

I've the problem, that my configuration did block the GRE protocol when I
try to connect to a pptp server from my net (the returning packets). I've
sniffed
and I saw that icmp-packets with protocol unreachable went back to the
server.
The same thing for protocol icmp did work. I'm using also the modules from
netfilter for pptp and gre, but also without them the problem occurs...
I have my configuration attached...thanx ahead...

Flushing all current rules: - OK
Removing user defined chains: - OK
Changing target policies to DROP:  - OK
Allowing 192.168.1.0/24 traffic out: - OK
Allowing 192.168.7.0/24 traffic out: - OK
Allowing 217.88.183.59/32 traffic out: - OK
Allowing response traffic: - OK
Allowing localhost communications: - OK
Allowing connections to udp port 4672: - OK
Allowing connections to tcp port 22: - OK
Allowing connections to tcp port 80: - OK
Allowing connections to tcp port 443: - OK
Allowing connections to tcp port 4662: - OK
Allowing connections to tcp port 1720: - OK
Allowing connections to tcp port 1723: - OK
Forwarding 217.88.183.59(4662) to 192.168.1.3(4662): - OK
Forwarding 217.88.183.59(4672) to 192.168.1.3(4672): - OK
Forwarding 217.88.183.59(1720) to 192.168.1.2(1720): - OK
Masq'ing 192.168.1.0/24: - OK
(Continue reading)

Permalink | Reply | 0 comments |

Gmane