Newer
Older
Next (in order of descending priority/precedence):
* Full standards compliance review for the engine and all fully implemented
Stephan Bosch
committed
sieve extensions. Issues discovered so far:
- Include: import command must only trigger an error about unknown
exported variables at runtime, otherwise managesieve upload is
impossible.
- Imapflags: when keep/fileinto is used multiple times in a script and
duplicate message elimination is performed, the last flag list value
MUST win.
- If an address is not syntactically valid, then it will not be matched
by tests specifying ":localpart" or ":domain".
* Full security review. Enforce limits on number of created objects, script
size, execution time, etc...
- Limit the string size
- Limit the string list size
- Limit the depth of the AST, i.e. command block and test list
nesting.
- Limit the maximum number of included scripts
- Make (configurable) limit on the number of redirects
- Implement limits recommended by the variables RFC (5229)
- Malicious/Broken binary can allocate large variable storage
* Finish the test suite for the base functionality
* Make sure cmusieve can be replaced seamlessly with the new plugin.
* Fix remaining RFC deviations:
- Allow for the existance of dynamic comparators (i.e. specified by
variables).
- Allow for dynamic includes (i.e. specified by variables).
- Fix/Report issues listed in 'doc/rfc/RFC Controversy.txt'
Stephan Bosch
committed
* Imapflags: merge execution of setflags, removeflags and addflags into one
common implementation.
* Verify outgoing mail addresses at runtime when necessary (e.g. after variables
substitution)
* Warn about the use of syntactically invalid header names.
* Implement notify extension with sole support for mailto mechanism.
* Implement dropping errors in the user's mailbox as a mail message.
* Add normalize() method to comparators to normalize the string before matching
(for efficiency).
* Make this implementation conform section 2.7.2 of RFC3028 (Comparisons Across
Character Sets).
* Implement executing an arbitrary number of scripts sequentially, acting on the
* Implement comparator-i;unicode-casemap
* Make testsuite much more exhaustive and add support for testing the actual
result.
* Build a sieve tool to filter an entire existing mailbox through a sieve script.
* Build a server with test mail accounts that processes lots and lots of mail
(e.g. spam, mailing lists etc.)
* ## MAKE A SECOND RELEASE (0.2.x) ##
* Provide a solution for mail_get_headers_utf8 reparsing the whole message each
time it is called (header and address test; Timo might provide solution from
within Dovecot)
* Optimize code containing true/false tests to omit explicit JMP opcodes
(i.e. optimize the test away and any code that negatively depends on it)
* Use lib/str-find.h for :contains and :matches match types
* Add development documentation, i.e. comment on library functions and document
the binary and byte-code format.
* Make the engine and its extensions much more configurable. Possibly this can
be merged with Dovecot's new master config implementation.
* Implement editheader extension
* Implement mimeloop extension
* Give the byte code format some more thought, it is currently quite rough and
to the point.
* Try to implement proposed notify mechanisms other than mailto. Currently: xmpp
and sip
* Implement namespace support for variables extension
(possibly needed by test suite; in that case priority is much higher)