./mail/dovecot2-pigeonhole, Support for the Sieve language and the ManageSieve protocol

[ CVSweb ] [ Homepage ] [ RSS ] [ Required by ] [ Add to tracker ]

Branch: CURRENT, Version:, Package name: dovecot-pigeonhole-, Maintainer: adam

This package is part of the Pigeonhole project (http://pigeonhole.dovecot.org).
It adds support for the Sieve language (RFC 5228) and the ManageSieve protocol
(RFC 5804) to the Dovecot Secure IMAP Server.

The Sieve language is used to specify how e-mail needs to be processed. By
writing Sieve scripts, users can customize how messages are delivered, e.g.
whether they are forwarded or stored in special folders. Unwanted messages can
be discarded or rejected, and, when the user is not available, the Sieve
interpreter can send an automated reply. Above all, the Sieve language is meant
to be simple, extensible and system independent. And, unlike most other mail
filtering script languages, it does not allow users to execute arbitrary
programs. This is particularly useful to prevent virtual users from having full
access to the mail store. The intention of the language is to make it impossible
for users to do anything more complex (and dangerous) than write simple mail

Using the ManageSieve protocol, users can upload their Sieve scripts remotely,
without needing direct filesystem access through FTP or SCP. Additionally,
aManageSieve server always makes sure that uploaded scripts are valid,
preventing compile failures at mail delivery.

This package provides Sieve support as a plugin to Dovecot's Local Delivery
Agent (LDA) and Dovecot's LMTP service. The ManageSieve protocol is provided is
an additional service, next to Dovecot's own POP3 and IMAP services.

Required to run:

Required to build:

Master sites:

Filesize: 1906.938 KB

Version history: (Expand)

CVS history: (Expand)

   2021-12-07 17:58:04 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to
- managesieve: Dovecot failed to start if ssl_ca was too large.
- lib-sieve-tool: Binaries failed to run if ssl_ca was too large.
   2021-11-02 13:04:39 by Adam Ciarcinski | Files touched by this commit (2) | Package updated
Log message:
dovecot2-pigeonhole: updated to 0.5.17

- duplicate: The Sieve duplicate test is prone to false negatives when
  the user receives many e-mails concurrently, meaning that duplicate
  deliveries can still occur.
- fileinto: v2.3.16 regression: Sieve delivery crashes if mail is
  delivered to non-existing and existing folder.
- imap-filter-sieve: v2.3.15 regression: The CPU limits on Sieve
  execution are too easily exceeded in IMAP context (the IMAPSieve and
  FILTER=SIEVE capabilities). Changed the default to unlimited CPU time
  for IMAP context, since similar excessive resource usage can be caused
  by other means as well. The CPU limits on Sieve scripts executed at
  LDA/LMTP delivery are still enforced by default.
- redirect:  The Sieve redirect action has protections against users
  triggering mail loops. Unfortunately, the detection of a redirect mail
  loop sometimes causes the message to get lost if no other Sieve action
  is applied that delivers the message somewhere else.
- redirect: v2.3.16 regression: With certain Sieve scripts if redirect
  fails due to temporary failure, the lmtp process may crash after the
  delivery. Fixes:
  Panic: file mail-user.c: line 229 (mail_user_deinit):
  assertion failed: ((*user)->refcount == 1).
   2021-10-26 12:54:34 by Nia Alarie | Files touched by this commit (356)
Log message:
mail: Replace RMD160 checksums with BLAKE2s checksums

All checksums have been double-checked against existing RMD160 and
SHA512 hashes

The following distfiles were unfetchable (possibly fetched

./mail/qmail/distinfo netqmail-1.05-TAI-leapsecs.patch
   2021-10-07 16:25:52 by Nia Alarie | Files touched by this commit (357)
Log message:
mail: Remove SHA1 hashes for distfiles
   2021-08-08 17:51:18 by Amitai Schleier | Files touched by this commit (2)
Log message:
Update to 0.5.16. From the changelog:

* .dovecot.sieve.log file now includes year in the header.
* Change Sieve script result execution to delay definitive action
  execution to the end of a successful Sieve script execution session.
  This is part of an effort to solve problems with the Sieve duplicate
  test. As a side-effect, some rare temporary-error cases yield
  different results, in which partial failure is more likely.
   2021-06-21 17:34:59 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.15

Security release.

v0.5.15 2021-06-21  Aki Tuomi <aki.tuomi@open-xchange.com>

* CVE-2020-28200: Sieve interpreter is not protected against abusive
  scripts that claim excessive resource usage. Fixed by limiting the
  user CPU time per single script execution and cumulatively over
  several script runs within a configurable timeout period. Sufficiently
  large CPU time usage is summed in the Sieve script binary and execution
  is blocked when the sum exceeds the limit within that time. The block
  is lifted when the script is updated after the resource usage times out.
* Disconnection log messages are now more standardized across services.
  They also always now start with "Disconnected" prefix.
- managesieve: Commands pipelined together with and just after the
  authenticate command cause these commands to be executed twice.
   2021-03-07 09:28:21 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.14

v0.5.14 2021-03-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	* IMAP FILTER command: cmd-filter-sieve - Do not allow NIL as
	  script name argument.
   2021-01-04 15:58:26 by Takahiro Kambe | Files touched by this commit (2) | Package updated
Log message:
mail/dovecot2-pigeonhole: update to 0.5.13

Update dovecot2-pigeonhole package to 0.5.13.

v0.5.13 2021-01-04  Aki Tuomi <aki.tuomi@open-xchange.com>

	- duplicate: The test was handled badly in a multiscript (sieve_before,
	  sieve_after) scenario in which an earlier script in the sequence with
	  a duplicate test succeeded, while a later script caused a runtime
	  failure. In that case, the message is recorded for duplicate tracking,
	  while the message may not actually have been delivered in the end.
	- editheader: Sieve interpreter entered infinite loop at startup when
	  the "editheader" configuration listed an invalid header name. This
	  problem can only be triggered by the administrator.
	- relational: The Sieve relational extension can cause a segfault at
	  compile time. This is triggered by invalid script syntax. The segfault
	  happens when this match type is the last argument of the test command.
	  This situation is not possible in a valid script; positional arguments
	  are normally present after that, which would prevent the segfault.
	- sieve: For some Sieve commands the provided mailbox name is not
	  properly checked for UTF-8 validity, which can cause assert crashes at
	  runtime when an invalid mailbox name is encountered. This can be
	  caused by the user by writing a bad Sieve script involving the
	  affected commands ("mailboxexists", "specialuse_exists").
	  This can be triggered by the remote sender only when the user has
	  written a Sieve script that passes message content to one of the
	  affected commands.
	- sieve: Large sequences of 8-bit octets passed to certain Sieve
	  commands that create or modify message headers that allow UTF-8 text
	  (vacation, notify and addheader) can cause the delivery or IMAP
	  process (when IMAPSieve is used) to enter a memory-consuming
	  semi-infinite loop that ends when the process exceeds its memory
	  limits. Logged in users can cause these hangs only for their own