--On Tuesday, July 8, 2003 9:38 PM -0700 Michael Fair <[EMAIL PROTECTED]> wrote:
| What do others think about this? | Would this simple "pass through" filtering be useful? | I'm primarily thinking of Spam catchers, Virus Scanners, | and any other use where shoving the email through an | external application would be useful.
First off there is a general reluctance, from a security standpoint, of allowing sieve to call out to arbitrary bits of code. I suspect that would frighten most sysadmins if users were allowed to write their own bits of code to run via sieve.
The alternative is to build specific extensions in sieve to accomplish particular tasks. In particular I have written a 'spamtest' and 'virustest' draft (link below) that proposes adding two new tests that return a fixed numeric range of values that can be tested against. Its up to each sieve implementation to choose how the results themselves are actually determined - I would envisage a plugin architecture that allows different spam/virus check systems to be used, but the user does not get to choose which - that would be a compile/configuration option for the server admin. The main goal for these extensions was to actually remove the need for end-users to know about the particular spam/virus test system in use, which would otherwise require them to tailor scripts specifically for those systems. The new tests allow scripts that do spam/virus checking to be portable across different systems, and to also allow sysadmins to change spam/virus checkers without having to have users change all their scripts. Given that spam checking tools are changing so rapidly right now, this solution would be really useful.
<http://www.ietf.org/internet-drafts/draft-daboo-sieve-spamtest-03.txt>
-- Cyrus Daboo
