Ecosyste.ms: Awesome

An open API service indexing awesome lists of open source software.

Awesome Lists | Featured Topics | Projects

https://github.com/philpennock/sieve-connect

A client for the MANAGESIEVE Protocol
https://github.com/philpennock/sieve-connect

gssapi managesieve perl sasl sieve tls

Last synced: about 2 months ago
JSON representation

A client for the MANAGESIEVE Protocol

Host: GitHub
URL: https://github.com/philpennock/sieve-connect
Owner: philpennock
License: other
Created: 2013-04-22T02:32:08.000Z (over 11 years ago)
Default Branch: main
Last Pushed: 2022-01-26T06:30:07.000Z (almost 3 years ago)
Last Synced: 2024-10-14T13:56:14.244Z (2 months ago)
Topics: gssapi, managesieve, perl, sasl, sieve, tls
Language: Perl
Size: 194 KB
Stars: 78
Watchers: 9
Forks: 6
Open Issues: 1
Metadata Files:
- Readme: README.md
- License: LICENSE

Awesome Lists containing this project

README

sieve-connect
=============

[![FreeBSD](https://img.shields.io/badge/distros-freebsd-8c0707.svg)](https://www.freshports.org/mail/sieve-connect)
[![Debian](https://img.shields.io/badge/distros-debian-c70036.svg)](https://buildd.debian.org/status/package.php?p=sieve-connect&suite=buster)
[![Ubuntu](https://img.shields.io/badge/distros-ubuntu-db4923.svg)](https://launchpad.net/ubuntu/bionic/+package/sieve-connect)
[![Gentoo](https://img.shields.io/badge/distros-gentoo-4e4371.svg)](https://packages.gentoo.org/packages/mail-filter/sieve-connect)
[![Arch Linux](https://img.shields.io/badge/distros-archlinux-1792d0.svg)](https://aur.archlinux.org/packages/sieve-connect)

This is sieve-connect. A client for the ManageSieve protocol, as
specifed in RFC 5804. Historically, this was MANAGESIEVE as implemented
by timsieved in Cyrus IMAP. This software is licensed and the terms are
provided in the file "LICENSE" as supplied with this software (BSD
3-clause license).

SIEVE is an RFC-specified language for mail filtering, which at time of
writing is specified in a list of RFCs at the end of this document, plus
various drafts, both IETF and individual submissions. It's designed
to be regular enough for machines to be able to manipulate, whilst still
being editable by humans. Alas, not many clients actually implement
this instead of embedding their own internal codes in sieve comments,
defeating the goal of being able to edit with a client of your choice.

This is not yet fully compatible with RFC 5804, but is moving towards
that from the timsieved baseline; some issues to be worked on are
documented in the "TODO" file.

sieve-connect speaks ManageSieve and supports TLS for connection privacy
and also authentication if using client certificates. sieve-connect
will use SASL authentication; SASL integrity layers are not supported,
use TLS instead. GSSAPI-based authentication should generally work,
provided that client and server can use a common underlaying protocol.
If it doesn't work for you, please report the issue.

sieve-connect is designed to be both a tool which can be invoked from
scripts and also a decent interactive client. It should also be a
drop-in replacement for "sieveshell", as supplied with Cyrus IMAP.

New Versions
------------

There is an announcement-only mailing-list for new releases. The list
is and you can subscribe via one of:
*
*

Official announcements should be PGP-signed (by a key in the strong set).

Installing
----------

You'll need Perl5 installed and various Perl modules from CPAN, as
detailed below. None of the mandatory modules are unusual. A man-page is
provided.

SSL certificates are assumed to be in /etc/ssl/certs/ but this is
configured at the very start of the script.

### MacOS

For MacOS, a Homebrew Tap is provided; run:

```console
$ sudo cpan -i Mozilla::PublicSuffix
$ brew tap philpennock/protocols
$ brew options sieve-connect
$ brew install sieve-connect
```

Note that by default, GSSAPI is disabled (see Problems below) and readline can
optionally be disabled. At time of writing, a `:recommended` `:perl`
dependency appears to be a hard requirement, not merely recommended, thus the
need to manually install `Mozilla::PublicSuffix`.

Pre-Requisites
--------------

* `Perl5`
* `Authen::SASL`
* `IO::Socket::INET6`
* `IO::Socket::SSL` 1.14 or greater
* `Mozilla::PublicSuffix` optional; automatic server location
* `Net::DNS`
* `Pod::Usage`
* `Term::ReadKey` optional; password prompting without echo
* `Term::ReadLine` optional; improves interactive mode
* `Term::ReadLine::Gnu` optional; adds tab-completion
* various other Perl modules which are shipped with Perl itself

Problems
--------

If Perl segfaults upon exit, then this is very probably a Perl/Readline
interaction. You can confirm this by using an option such as --list to
avoid entering a command-loop, and then by passing `PERL_RL=Perl` in the
environment to sieve-connect. Eg:

```console
$ env PERL_RL=Perl sieve-connect
```

If that avoids the failure on exit, then you appear to be affected by:

Rather than rebuild Perl with `-DPERL_USE_SAFE_PUTENV`, when this affected me I
chose to avoid having readline mess with `$LINES`/`$COLUMNS` and just edited
`readline-$VER/terminal.c` to disable the call to `sh_set_lines_and_columns()`.

On some platforms, bad interactions between the `Authen::SASL::Perl` module's
GSSAPI support and the platform GSSAPI libraries have been observed to cause
Perl to segfault during authentication. If you observe this and fixing your
libraries is not an option, take a look at the `%blacklist_auth_mechanisms`
definition in the user-editable part of the script and force-disable the
mechanism which has broken platform Perl support.

The root-cause issue is that the `perlgssapi-code` repo, and the `GSSAPI`
module, is unmaintained with bug fixes from their mailing-list not having been
applied for several years. The project appears defunct and I'm not aware of a
better alternative for Perl. Details can be found at
and I run
with a locally-patched module. The core of the fix is to avoid calling
`gss_release_oid()` on a bunch of additional static values.
I've published my existing workaround patch at
in case
it helps anyone else.

If you experience any other problems, or have better solutions to the above,
please report them.

Notes about release and packaging
---------------------------------

The first release of the X.YY tarball corresponds to version 114 in the
old svn repository, where this was just one script amongst others.

Please excuse the 'XXX' for user identifier in the ChangeLog -- I'm
keeping my email address slightly less spam-harvestable (GSSAPI
authentication to svn/DAV leaves your entire user identifier in the
logs, which includes the realm). There's an email address in the
man-page, which might be excessively spam-filtered, and other email
addresses in the PGP key used for signing the distribution.

The PGP key used for signing is in the strong set, so if you can't
verify the key then attend a PGP keysigning party. It's where all the,
uhm, uncool people are. No, wait wait! The _cool_ people. That's it.
Yeah. *cough*

Up to (and including) v0.85, the release version was just the number of the
svn commit, so there would be gaps in release numbers. After that release,
the source moved to Git for revision control, and release numbers are
sequential, with gaps for major occurances (such as a v1.0, one day).

Revision Control
----------------

sieve-connect uses Git for revision control. The public-facing canonical repo
is currently GitHub, with the authoritative repository being:

Pull-requests, etc, are accepted there.

Note that GitHub's "Releases" feature does not provide the same tarballs as are
distributed. The "real" tarballs are prepared with `make dist`, which
generates a tarball and a PGP detached armored signature file.

The `make tarball` step depends upon Git metadata to prepare the ChangeLog file
and get the release date and version; those are put into the file (so that
`sieve-connect --version` reports a real version) and into the manual-page.

If you clone the git repository in full, *not* work from the releases offered
by GitHub, you should be able to use `make tarball` to prepare the same tarball
I release, and audit/compare them.

RFCs
----

For this tool:

* RFC 5804 A Protocol for Remotely Managing Sieve Scripts

For the scripts this tool moves around:

* RFC 5228 Sieve: An Email Filtering Language
* RFC 5229 Sieve Email Filtering: Variables Extension
* RFC 5173 Sieve Email Filtering: Body Extension
* RFC 5230 Sieve Email Filtering: Vacation Extension
* RFC 5231 Sieve Email Filtering: Relational Extension
* RFC 5232 Sieve Email Filtering: Imap4flags Extension
* RFC 5233 Sieve Email Filtering: Subaddress Extension
* RFC 5235 Sieve Email Filtering: Spamtest and Virustest Extensions
* RFC 3894 Sieve Extension: Copying Without Side Effects
* RFC 5183 Sieve Email Filtering: Environment Extension
* RFC 5260 Sieve Email Filtering: Date and Index Extensions
* RFC 5293 Sieve Email Filtering: Editheader Extension
* RFC 5435 Sieve Email Filtering: Extension for Notifications
* RFC 5436 Sieve Notification Mechanism: mailto
* RFC 5437 Sieve Notification Mechanism: Extensible Messaging and Presence Protocol (XMPP)
* RFC 5463 Sieve Email Filtering: Ihave Extension
* RFC 5429 Sieve Email Filtering: Reject and Extended Reject Extensions
* RFC 5490 The Sieve Mail-Filtering Language -- Extensions for Checking Mailbox Status and Accessing Mailbox Metadata
* RFC 5703 Sieve Email Filtering: MIME Part Tests, Iteration, Extraction, Replacement, and Enclosure
* RFC 5784 Sieve Email Filtering: Sieves and Display Directives in XML

(End of README)