v0.5.9:
+ Added events for Sieve and ManageSieve, see
https://doc.dovecot.org/admin_manual/list_of_events/#pigeonhole
+ Pigeonhole: Implement the Sieve "special-use" extension described in
RFC 8579.
- duplicate: Test only compared the handles which would cause
different values to be cached as the same duplicate test. Fix to also
compare the actual hashes.
- imap_sieve_filter: IMAP FILTER Command had various bugs in error
handling. Errors may have been duplicated for each email, errors
may have been missing entirely, command tag and ERRORS/WARNINGS
parameters were swapped.
Changelog v0.5.3:
- Fix assertion panic occurring when managesieve service fails to open
INBOX while saving a Sieve script. This was caused by a lack of
cleanup after failure.
- Fix specific messages causing an assert panic with actions that
compose a reply (e.g. vacation). With some rather weird input from the
original message, the header folding algorithm (as used for composing
the References header for the reply) got confused, causing the panic.
- IMAP FILTER=SIEVE capability: Fix FILTER SIEVE SCRIPT command parsing.
After finishing reading the Sieve script, the command parsing
sometimes didn't continue with the search arguments. This is a time-
critical bug that likely only occurs when the Sieve script is sent in
the next TCP frame.
v0.5.2:
+ Implement plugin for the a vendor-defined IMAP capability called
"FILTER=SIEVE". It adds the ability to manually invoke Sieve filtering
in IMAP. More information can be found in
doc/plugins/imap_filter_sieve.txt.
- The Sieve addess test caused an assertion panic for invalid addresses
with UTF-8 codepoints in the localpart. Fixed by properly detecting
invalid addresses with UTF-8 codepoints in the localpart and skipping
these like other invalid addresses while iterating addresses for the
address test.
- Make the length of the subject header for the vacation response
configurable and enforce the limit in UTF-8 codepoints rather than
bytes. The subject header for a vacation response was statically
truncated to 256 bytes, which is too limited for multi-byte UTF-8
characters.
- Sieve editheader extension: Fix assertion panic occurring when it is
used to manipulate a message header with a very large header field.
- Properly abort execution of the sieve_discard script upon error.
Before, the LDA Sieve plugin attempted to execute the sieve_discard
script when an error occurs. This can lead to the message being lost.
- Fix the interaction between quota and the sieve_discard script. When
quota was used together with a sieve_discard script, the message
delivery did not bounce when the quota was exceeded.
Changes:
v0.5.1 28-03-2018 Stephan Bosch <stephan@rename-it.nl>
- Explicitly disallow UTF-8 in localpart in addresses parsed from Sieve
script.
- editheader extension: Corrected the stream position calculations
performed while making the modified message available as a stream.
Pigeonhole Sieve crashed in LMTP with an assertion panic when the
Sieve editheader extension was used before the message was redirected.
Experiments indicate that the problem occurred only with LMTP and that
LDA is not affected.
- fileinto extension: Fix assert panic occurring when fileinto is used
without being listed in the require line, while the copy extension is
listed there. This is a very old bug.
- imapsieve plugin: Do not assert crash or log an error for messages
that disappear concurrently while applying Sieve scripts. This event
is now logged as a debug message.
- Sieve extprograms plugin: Large output from "execute" command crashed
delivery. Fixed buffering issue in code that handles output from the
external program.
* editheader extension: The implementation of header modifications is
heavily updated. Although the functionality has not changed, the
underlying code was updated to address several static analysis
warnings, runtime integer arithmetic warnings (Clang), and to match
updates in the Dovecot stream API.
+ variables extension: Made the maximum scope and variable size
configurable.
+ subaddress: Support multiple recipient_delimiters.
- enotify extension: mailto method: Fixed parsing of mailto URI with
only a header part.
- enotify plugin: mailto method: Make sure the "From:" header is set to
a usable address and not "(null)".
- Fixed writing address headers to outgoing messages. Sometimes headers
were MIME-encoded twice, yielding invalid results.
- LDA Sieve plugin: Fixed handling of an early explicit keep during
multiscript execution. Action side-effects and the message snapshot would be
lost at the final stage where the implicit keep is evaluated. This could
result in the IMAP flags assigned to the message to be forgotten or that
headers modified by the "editheader" extension would revert to their
original state.
- file script storage: Amended the up-to-date time stamp comparison for
on-disk binaries to include nanoseconds. This will fix problems occurring
when both binary and script are saved within the same second. This fix is
ineffective on older systems that have no support for nanoseconds in stat()
timestamps, which should be pretty rare nowadays.
- file script storage: Improve saving and listing permission error to include
more details.
- imapsieve plugin: Make sure "INBOX" is upper case in static mailbox rules.
Otherwise, the mailbox name would never match, since matching is performed
case-sensitively and Dovecot only returns the upper-cased "INBOX".
- imapsieve plugin: Fixed assert failure occurring when used with virtual
mailboxes.
- doveadm sieve plugin: Fixed crash when setting Sieve script via attribute's
string value.
* Part of the Sieve extprograms implementation was moved to Dovecot, which
means that this release depends on Dovecot v2.2.26+.
* ManageSieve: The PUTSCRIPT command now allows uploading empty Sieve scripts.
There was really no good reason to disallow doing that.
+ Sieve vnd.dovecot.report extension:
+ Added a Dovecot-Reporting-User field to the report body, which contains
the e-mail address of the user sending the report.
+ Added support for configuring the "From:" address used in the report.
+ LDA sieve plugin: Implemented support for a "discard script" that is run
when the message is going to be discarded. This allows doing something other
than throwing the message away for good.
+ Sieve vnd.dovecot.environment extension: Added vnd.dovecot.config.*
environment items. These environment items map to sieve_env_* settings from
the plugin {} section in the configuration. Such values can of course also
be returned from userdb.
+ Sieve vacation extension: Use the Microsoft X-Auto-Response-Suppress header
to prevent unwanted responses from and to (older) Microsoft products.
+ ManageSieve: Added rawlog_dir setting to store ManageSieve traffic logs.
This replaces at least partially the rawlog plugin (mimics similar IMAP/POP3
change).
- doveadm sieve plugin: synchronization: Prevent setting file timestamps to
unix epoch time. This occurred when Dovecot passed the timestamp as
'unknown' during synchronization.
- Sieve exprograms plugin: Fixed spurious '+' sometimes returned at the end
of socket-based program output.
- imapsieve plugin: Fixed crash occurring in specific situations.
- Performed various fixes based on static analysis and Clang warnings.
v0.4.14 26-04-2016 Stephan Bosch <stephan@rename-it.nl>
* The address test now allows specifying the X-Original-To header.
+ Implemented the Sieve imapsieve extension and its IMAP counterpart
(RFC 6785) as a set of plugins. This allows running Sieve scripts at IMAP
activity, rather than at delivery. There are also facilities for the
familiar sieve_before/sieve_after administrator scripts. A user script is
defined for a mailbox using an IMAP METADATA entry, whereas administrator
scripts are configured using mailbox matching rules defined in the plugin
settings.
+ Adjusted the Sieve ihave extension to allow capability tests to be performed
at runtime. This way, scripts can be written that work both at delivery and
from IMAP.
+ Implemented support for runtime trace debugging. This means that detailed
information about which commands, actions and tests are performed is written
to a file. That file is created in the configured directory, but only if
that directory exists. This way, a particular user can be easily singled out
for debugging. This works much like the Dovecot rawlog facility. The trace
output is identical to what is produced using sieve-test with its "-t"
command line option.
+ Added a "sieve_user_email" setting that configures the user's primary email
address. This is mainly useful to have a user email address available in
IMAP, where envelope data is unavailable.
+ Implemented the dovecot-specific "vnd.dovecot.report" extension. This allows
sending report messages in the Message Abuse Reporting Format (RFC 5965).
- extprograms plugin: Fixed epoll() panic caused by closing the output FD
before the output stream.
- Made sure that the local part of a mail address is encoded properly using
quoted string syntax when it is not a dot-atom.
It is v0.4.12 release of Pigeonhole for Dovecot v2.2.21.
v0.4.12 06-02-2016 Stephan Bosch <stephan@rename-it.nl>
+ Implemented the Sieve extracttext extension (RFC 5703; Section 7). It is now
possible to extract body text from a message into a variable.
* Increased ABI version due to changes in the Sieve interpreter's object
definitions.
- multiscript: Fixed bug in handling of (implicit) keep; final keep action was
always executed as though there was a failure. This caused the keep action
to revert back to the initial message, causing editheader actions to be
ignored.
- managesieve-login: Fixed proxy to allow SASL mechanisms other than PLAIN.
Before, the proxy would fail if the server did not support the PLAIN
mechanism.
- ldap storage: Prevent segfault occurring when assigning certain (global)
configuration options.
v0.4.11 08-01-2016 Stephan Bosch <stephan@rename-it.nl>
- Sieve mime extension: Fixed the header :mime :anychild test to work properly
outside a foreverypart loop.
- Several fixes in message body part handling:
- Fixed assert failure occurring when text extraction is attempted on a
empty or broken text part.
- Fixed assert failure in handling of body parts that are converted to text.
- Fixed header unfolding for (mime) headers parsed from any mime part.
- Fixed trimming for (mime) headers parsed from any mime part.
- Fixed erroneous changes to the message part tree structure performed when
re-parsing the message.
- LDA Sieve plugin: Fixed logging of actions; sometimes the configured log
format was not followed.
- LDA Sieve plugin: Fixed bug in error handling of script storage
initialization.
- Sieve Extprograms plugin: Ignored ENOTCONN error in shutdown(fd, SHUT_WR)
call.
- Fixed duplication of discard actions in the script result. Each discard was
counted as a separate action, which means that action limit would be crossed
too early.
- Made sure that quota errors never get logged as errors in syslog.
- Fixed handling of implicit keep for a partially executed transaction that
yielded a temporary failure.
- Fixed handling of global errors. If master and user error handler were
identical, in some cases the log message could be lost.
- Fixed AIX compile issue in message body parser.
v0.4.10 13-12-2015 Stephan Bosch <stephan@rename-it.nl>
+ Implemented the Sieve mime and foreverypart extensions (RFC 5703). These
are fully implemented. The interaction with the editheader extension needs
some work, but this should not influence most uses; i.e., changes by the
editheader extension are not always visible using foreverypart/mime.
+ Sieve body extension: Properly implemented the `:text' body transform. It
now extracts text for HTML message parts.
+ Sieve enotify extension: mailto method: Implemented the
sieve_notify_mailto_envelope_from setting. This allows configuring the
source of the notification sender address for e-mail notifications. This is
similar to what already can be configured for redirect.
+ Added a sieve_enabled (defaults to 'yes') setting that allows explicitly
disabling Sieve processing for particular users. This used to be possible by
setting `sieve=', but ever since the sieve_before, sieve_after and
sieve_default settings were added, this method was not reliable anymore.
- variables extension: Fixed handling of empty string by the `:length' set
modifier. An empty string yielded an empty string rather than "0".
- Fixed memory leak in the Sieve script byte code dumping facility. Extension
contexts were never actually freed.
- Fixed handling of implicit keep when the last Sieve script is a global one.
In that case the implicit keep action was executed in global context, which
could mean that trivial (quota) errors ended up in the system log file,
rather than the user log file.
- doveadm sieve plugin: Fixed crashes caused by incorrect context allocation
in the sieve command implementations.
v0.4.8 15-05-2015 Stephan Bosch <stephan@rename-it.nl>
* LDA Sieve plugin: Dovecot changed the deliver_log_format setting to include
%{delivery_time}. This prompted changes in Pigeonhole that make this release
dependent on Dovecot v2.2.17.
+ Implemented magic to make sieve_default script visible from ManageSieve
under a configurable name. This way, users can see the default rules, edit
them and store a private adjusted version. This could also be achieved by
copying the default script into the user's script storage, but updates to
the global sieve_default script would be ignored that way.
+ ManageSieve: Implemented support for reporting command statistics at
disconnect. Statistics include the number of bytes and scripts uploaded/
downloaded/checked and the number of scripts deleted/renamed.
- Fixed problem in address test: erroneously decoded mime-encoded words in
address headers.
- extprograms plugin: Fixed failure occurring when connecting to script
service without the need to read back the output from the external program.
- Fixed bug in script storage path normalization occurring with relative
symbolic links below root.
- Fixed and updated various parts of the documentation
- ManageSieve: Used "managesieve" rather than "sieve" as login service name,
which means that all managesieve-specific settings where ignored.
- Managesieve: Storage quota was not always enforced properly for scripts
uploaded as quoted string. Nobody uses that, but it is allowed in the
specification and we support it, so it should work properly.
needed to dovecot2-pigeonhole compatible with Dovecot 2.2.16.
v0.4.7 19-03-2015 Stephan Bosch <stephan@rename-it.nl>
* editheader extension: Made protection against addition and deletion of
headers configurable separately. Also, the `Received' and `Auto-Submitted'
headers are no longer protected against addition by default.
* Turned message envelope address parse errors into warnings.
* The interpreter now accepts non-standard domain names, e.g. containing '_'.
+ Implemented the Sieve index extension (RFC 5260).
+ Implemented support for the mboxmetadata and servermetadata extensions
(RFC 5490).
+ Implemented new sieve commands for the doveadm command line utility. These
commands are currently limited to ManageSieve operations, but the other
current sieve tools will be migrated to doveadm in the near future as well.
+ Added more debug output about binary up-to-date checking.
+ Added script metadata to binary dump output.
- Fixed Sieve script binary up-to-date checking by normalizing the script
location.
- The Sieve interpreter now flushes the duplicate database during start phase
of result execution rather than commit phase. This makes sure locks on the
duplicate database are released as soon as possible, preventing contention.
- Performed a few optimizations in the lexical scanner of the language.
- Fixed bug in `:matches' match-type that made a pattern without
wildcards match as if there were a '*' at the beginning.
- Fixed crash in validation of the string parameter of the comparator tag.
- extprograms extension: Made sure supplemental group privileges are also
dropped. This was a problem reported by Debian lintian.
- Fixed bug in handling of binary errors for action side-effects and message
overrides.
- file script storage: Restructured storage initialization to address
backwards compatibility issues.
- dict script storage: Fixed small memory allocation bug.
Changelog v0.4.5:
+ Added a Pigeonhole version banner to doveconf output. This way, future
bug reports will also include Pigeonhole version information.
- Fixed handling of implicit keep. Last version erroneously reported
that implicit keep succeeded after an earlier failure, while it in
fact had failed. Particularly occurred for mailbox quota errors.
- Fixed segfault occurring on SunOS systems when there is no active
script.
Changelog v0.4.4:
* Added support for Japanese mail addresses with dots at non-standard
places in localpart.
* Changed handling of ENOSPACE into a normal temporary failure and added
handling of ENOQUOTA as a user error.
* Restructured result execution, so that all actions which involve mail
storage are always committed before all others.
+ Implemented support for generic Sieve storages. Using alternative
storages now also possible for sieve_before/sieve_after.
+ Implemented storage driver for retrieving Sieve scripts from LDAP.
This currently cannot be used with ManageSieve.
+ Implemented sieve_redirect_envelope_from setting, which allows
configuring the envelope sender of redirected messages.
- Fixed handling of mail storage errors occurring while evaluating the
input message.
- managesieve-login:
- Removed bogus ALERT response code returned for AUTHENTICATE
command.
- Fixed handling of invalid initial response argument to AUTHENTICATE
command.
- Fixed handling of stream errors in lexical scanner.
- Fixed handling of SMTP errors. Permanent and temporary errors were
mixed up.
- Fixed several problems reported by CLang 3.4.
- duplicate extension: Fixed erroneous compile error about conflicting
tags when `:handle' argument was used last.
- relational extension: Fixed error handling of `:value' match.
- editheader extension: Fixed header unfolding and header iteration.
- mailbox extension: Fixed the `:create' tag, which erroneously
subscribed an existing folder.
- extprograms plugin: Fixed handling of error codes.
- doveadm-sieve plugin: Fixed several bugs. Synchronization of symbolic
link in the file storage should now also work properly.
* Editheader extension: Made control characters allowed for editheader,
except NUL. Before, this would cause a runtime error.
+ Upgraded Dovecot-specific Sieve "vnd.dovecot.duplicate" extension to
match the new draft "duplicate" extension.
- Fixed sieve_result_global_log_error to log only as i_info in
administrator log (syslog) if executed from multiscript context.
- Sieve redirect extension: Adjusted loop detection to show leniency to
resent messages.
- Sieve include extension: Fixed problem with handling of duplicate
includes with different parameters :once or :optional.
- Sieve spamtest/virustest extensions: Tests were erroneously performed
against the original message. When used together with extprograms
filter to add the spam headers, the changes were not being used by
the spamtest and virustest extensions.
- Deprecated Sieve notify extension: Fixed segfault problems in message
string substitution.
- ManageSieve: Fixed active link verification to handle redundant path
slashes correctly.
- Sieve vacation extension:
- Fixed interaction of sieve_vacation_dont_check_recipient with
sieve_vacation_send_from_recipient setting.
- Fixed log message for discarded response.
- Sieve extprograms plugin:
- Forgot to disable the alarm() timeouts set for script execution.
- Fixed fd leak and handling of output shutdown.
- Fixed 'Bad filedescriptor' error occurring when disconnecting
script client.
- Made sure that programs are never forked with root privileges.
v0.4.0 09-05-2013 Stephan Bosch <stephan@rename-it.nl>
+ Added doveadm-sieve plugin that provides the possibility to synch Sieve
scripts using doveadm sync along with the user's mailboxes.
+ Added the Sieve extprograms plugin to the main Pigeonhole package. It is
still a plugin, but it is now included so that a separate compile is no
longer necessary and distributors are likely to include it. The extprograms
plugin provides Sieve language extensions that allows executing
(administrator-controlled) external programs for message delivery,
message filtering and string manipulation. Refer to
doc/plugins/sieve_extprograms.txt for more information.
+ Added debug message showing Pigeonhole version at initialization. Makes it
very clear that the plugin is properly loaded.
+ Finished implementation of the Sieve include extension. It should now
fully conform to RFC 6609. The main addition is the new :optional tag which
makes the include command ignore missing included scripts without an error.
+ Finished implementation of the Sieve environment extension as much as
possible. Environment items "location", "phase" and "domain" now also
return a usable value.
* Added support for retrieving Sieve scripts from dict lookup. This
means that Sieve scripts can now be downloaded from a database.
Compiled script binaries are still put on disk somewhere if used.
The INSTALL documentation is updated with information on this new
feature and the (backwards-compatible) changes to the configuration.
Note that his feature is currently not supported for
sieve_before/sieve_after or script management through ManageSieve.
+ Incorporated the sieve_duplicate plugin into main Pigeonhole tree as
a normal extension (vnd.dovecot.duplicate). This Dovecot-specific
extension adds the ability to check for duplicate deliveries based
on message ID. Specification can be found in:
doc/rfc/spec-bosch-sieve-duplicate.txt
+ Added support for specifying multiple sieve_before and sieve_after
paths. This adds much more flexibility to the multiscript
configuration. One application is to have user-specific Sieve
scripts outside the user's normal control through ManageSieve.
+ Added a "session ID" string for managesieve connections, available in
%{session} variable (analogous to Dovecot change).
- Fixed several small issues, including a few potential segfault bugs,
based on static source code analysis.
- ManageSieve: changed use of EPROTO error to EIO in ManageSieve
string stream implementation because it is apparently not known in
BSD.
- Gave stamp.h.in (needed for autotools) some content to prevent it
from disappearing in patch files.
- Fixed bug that caused a SunStudio CC compile failure (reported by
Piotr Tarnowski).
* Renamed sieve_global_path setting to sieve_default for clarity. Old name is
still recognized for backwards compatibility. Support for the ancient (pre
v1.1) name for this setting "global_script_path" is now dropped.
* Added means to prohibit use of redirect action. Setting sieve_max_redirects
to 0 now means that redirect is disallowed in stead of unlimited. Default
value remains four.
* Fixed interaction of Sieve include extension with ManageSieve. It is updated
to match new requirements in the draft include specification. Missing
included scripts are no longer an error at upload time.
* Updated RFC2822 header field body verification to exclude non-printing
characters (RFC5322). Only Sieve actions that can create unstructured header
values (currently enotify/mailto and editheader) are affected by this change.
+ Completed sieve-filter tool to a useful state. The sieve-filter tool provides
a means to (re)filter messages in a mailbox through a Sieve script.
+ Implemented the Sieve editheader extension. It is now possible to add and
remove message headers from within Sieve.
+ ManageSieve: added support for reading quoted and literal strings as a
stream. Fixes support for handing large SASL responses (analogous to similar
changes in Dovecot). It is now also allowed to use a quoted string for the
PUTSCRIPT script argument.
+ Added code to cleanup tmp directory in Sieve storage directory (sieve_dir)
every once in a while.
+ Added support for substituting the entire message during Sieve processing.
This is used for the filter action provided by the new sieve_extprograms
plugin (provided separately for now). The filter action allows passing the
message through an external program.
+ Added support for restricting certain Sieve language extensions to
(admin-controled) global scripts. Restricted extensions can be configured
using the new sieve_global_extensions setting. This is particularly useful
for some of the Dovecot-specific (plugin-based) Sieve extensions, that can
be somewhat hazardous when under direct control of users (e.g.
sieve_extprograms).
* Sieve filter tool: finished implementing basic functionality. It is not
quite ready yet, but it is available for those willing to experiment
with it (needs --with-unfinished-features config to compile). Also
includes man page.
* Vacation extension now inhibits replies to messages from sender listed
in :addresses, thus preventing replies to one of the user's other known
addresses.
* Vacation extension: implemented the (draft) vacation-seconds extension.
This also adds min/max period configuration settings. Refer to
doc/vacation.txt for configuration information.
* ManageSieve: fixed bug in UTF-8 checking of string values. This is done
by discarding the original implementation and migrating to the Dovecot
API's UTF-8 functionality.
* Sieve command line tools now avoid initializing the mail store unless
necessary. This prevents sievec and sieve-dump from failing when
executed by root for example.
* Enotify extension: fixed inappropriate return type in mailto URI parse
function, also fixing ARM compiler warning.
* Vacation extension: fixed handling of sendmail errors. It produced an
additional confusing success message in case of error.
* Removed header MIME-decoding to fix erroneous address parsing. Applies to
address test and vacation command.
* Fixed segfault bug in extension configuration, triggered when unknown
extension is mentioned in sieve_extensions setting.
It adds support for the Sieve language (RFC 5228) and the ManageSieve protocol
(RFC 5804) to the Dovecot Secure IMAP Server.
The Sieve language is used to specify how e-mail needs to be processed. By
writing Sieve scripts, users can customize how messages are delivered, e.g.
whether they are forwarded or stored in special folders. Unwanted messages can
be discarded or rejected, and, when the user is not available, the Sieve
interpreter can send an automated reply. Above all, the Sieve language is meant
to be simple, extensible and system independent. And, unlike most other mail
filtering script languages, it does not allow users to execute arbitrary
programs. This is particularly useful to prevent virtual users from having full
access to the mail store. The intention of the language is to make it impossible
for users to do anything more complex (and dangerous) than write simple mail
filters.
Using the ManageSieve protocol, users can upload their Sieve scripts remotely,
without needing direct filesystem access through FTP or SCP. Additionally,
aManageSieve server always makes sure that uploaded scripts are valid,
preventing compile failures at mail delivery.
This package provides Sieve support as a plugin to Dovecot's Local Delivery
Agent (LDA) and Dovecot's LMTP service. The ManageSieve protocol is provided is
an additional service, next to Dovecot's own POP3 and IMAP services.
