./mail/dovecot2-pigeonhole, Support for the Sieve language and the ManageSieve protocol

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version: 0.5.16, Package name: dovecot-pigeonhole-0.5.16, Maintainer: adam

This package is part of the Pigeonhole project (http://pigeonhole.dovecot.org).
It adds support for the Sieve language (RFC 5228) and the ManageSieve protocol
(RFC 5804) to the Dovecot Secure IMAP Server.

The Sieve language is used to specify how e-mail needs to be processed. By
writing Sieve scripts, users can customize how messages are delivered, e.g.
whether they are forwarded or stored in special folders. Unwanted messages can
be discarded or rejected, and, when the user is not available, the Sieve
interpreter can send an automated reply. Above all, the Sieve language is meant
to be simple, extensible and system independent. And, unlike most other mail
filtering script languages, it does not allow users to execute arbitrary
programs. This is particularly useful to prevent virtual users from having full
access to the mail store. The intention of the language is to make it impossible
for users to do anything more complex (and dangerous) than write simple mail

Using the ManageSieve protocol, users can upload their Sieve scripts remotely,
without needing direct filesystem access through FTP or SCP. Additionally,
aManageSieve server always makes sure that uploaded scripts are valid,
preventing compile failures at mail delivery.

This package provides Sieve support as a plugin to Dovecot's Local Delivery
Agent (LDA) and Dovecot's LMTP service. The ManageSieve protocol is provided is
an additional service, next to Dovecot's own POP3 and IMAP services.

Required to run:

Required to build:

Master sites:

SHA1: 4673c244c6ea73ee3da0bb61d0206a1fe3d0be0e
RMD160: 5c0002835019fbd5488e82adb9688a999e3596cb
Filesize: 1898.997 KB

Version history: (Expand)

CVS history: (Expand)

   2021-08-08 17:51:18 by Amitai Schleier | Files touched by this commit (2) | Package updated
Log message:
Update to 0.5.16. From the changelog:

* .dovecot.sieve.log file now includes year in the header.
* Change Sieve script result execution to delay definitive action
  execution to the end of a successful Sieve script execution session.
  This is part of an effort to solve problems with the Sieve duplicate
  test. As a side-effect, some rare temporary-error cases yield
  different results, in which partial failure is more likely.
   2021-06-21 17:34:59 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.15

Security release.

v0.5.15 2021-06-21  Aki Tuomi <aki.tuomi@open-xchange.com>

* CVE-2020-28200: Sieve interpreter is not protected against abusive
  scripts that claim excessive resource usage. Fixed by limiting the
  user CPU time per single script execution and cumulatively over
  several script runs within a configurable timeout period. Sufficiently
  large CPU time usage is summed in the Sieve script binary and execution
  is blocked when the sum exceeds the limit within that time. The block
  is lifted when the script is updated after the resource usage times out.
* Disconnection log messages are now more standardized across services.
  They also always now start with "Disconnected" prefix.
- managesieve: Commands pipelined together with and just after the
  authenticate command cause these commands to be executed twice.
   2021-03-07 09:28:21 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.14

v0.5.14 2021-03-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	* IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
	  script name argument.
   2021-01-04 15:58:26 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.13

Update dovecot2-pigeonhole package to 0.5.13.

v0.5.13 2021-01-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	- duplicate: The test was handled badly in a multiscript (sieve_before,
	  sieve_after) scenario in which an earlier script in the sequence with
	  a duplicate test succeeded, while a later script caused a runtime
	  failure. In that case, the message is recorded for duplicate tracking,
	  while the message may not actually have been delivered in the end.
	- editheader: Sieve interpreter entered infinite loop at startup when
	  the "editheader" configuration listed an invalid header name. This
	  problem can only be triggered by the administrator.
	- relational: The Sieve relational extension can cause a segfault at
	  compile time. This is triggered by invalid script syntax. The segfault
	  happens when this match type is the last argument of the test command.
	  This situation is not possible in a valid script; positional arguments
	  are normally present after that, which would prevent the segfault.
	- sieve: For some Sieve commands the provided mailbox name is not
	  properly checked for UTF-8 validity, which can cause assert crashes at
	  runtime when an invalid mailbox name is encountered. This can be
	  caused by the user by writing a bad Sieve script involving the
	  affected commands ("mailboxexists", "specialuse_exists").
	  This can be triggered by the remote sender only when the user has
	  written a Sieve script that passes message content to one of the
	  affected commands.
	- sieve: Large sequences of 8-bit octets passed to certain Sieve
	  commands that create or modify message headers that allow UTF-8 text
	  (vacation, notify and addheader) can cause the delivery or IMAP
	  process (when IMAPSieve is used) to enter a memory-consuming
	  semi-infinite loop that ends when the process exceeds its memory
	  limits. Logged in users can cause these hangs only for their own
   2020-12-04 05:56:20 by Taylor R Campbell | Files touched by this commit (391)
Log message:
Revbump for openpam cppflags change months ago, belatedly.
   2020-08-13 17:28:45 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: distfile changes

Distfile changes.

1. Official annoucne says "The only change here is that the configure.ac
   file has correctly formatted version number."

2. Name of distfile is changed to match previous file naming scheme.
   Old distfile is still available.

3. automake 1.15.1 is used instead of previous 1.15.  So, generated files
   by it are changed.

4. Other files are not changed, so there is no functional change.

   2020-08-12 17:58:02 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.11

Update dovecot2-pigeonhole to 0.5.11.

v0.5.11 2020-08-12  Aki Tuomi <aki.tuomi@open-xchange.com>

	* managesieve: managesieve_max_line_length setting is now a "size" type
	  instead of just number of bytes. This allows using e.g. "64k" as the
	- lib-sieve: When folding white space is used in the Message-ID header,
	  it is not stripped away correctly before the message ID value is used,
	  causing e.g. garbled log lines at delivery.
   2020-03-15 23:52:46 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.10

No changes