Full-kilter filter
 
|
|||
 | |||
|
Avid readers of Network World that you are, we are certain you saw in a recent issue an interesting item titled "Standard may bring order to e-mail chaos".
The standard in question (which is technically a "proposed Internet standard") is the Internet Engineering Task Force's RFC 3028: Sieve: A Mail-Filtering Language.
According to the Sieve home page: "Sieve is a language that can be used to create filters for electronic mail. It is not tied to any particular operating system or mail architecture. It requires the use of RFC 822-compliant messages, but otherwise should generalize to other systems that meet these criteria".
Advertisement: |
Sieve is a descendent of an earlier attempt at a mail-filtering system called Flame, an extension to the Andrew Mail System from Carnegie Mellon University. As Flame scripts were written in Lisp, this was not something that system administrators could get excited about, and in 1994 work on Sieve began.
The potential power of Sieve is that when implementations become commonplace we'll have a basic filtering system that is independent of any vendor's bizarre ideas of rules (or whatever they choose to call their filtering system) that fails to work reliably and is only barely manageable (and we all know what product we're talking about here, don't we?).
Moreover, Sieve scripts will be portable so it's conceivable that your e-mail client will routinely download updated filters from Internet and intranet sources so common spam messages and anything else undesirable can be efficiently detected and dealt with appropriately.
Again, from the Sieve home page: "The language is powerful enough to be useful, but limited in power in order to allow for a safe server-side filtering system. The intention is to make it impossible for users to do anything more complex (and dangerous) than write simple mail filters, along with facilitating [graphical user interface]-based editors. The language is not Turing-complete, and provides no way to write a loop or a function. Variables are not provided."
So what we have in the RFC is a specification of a basic scripting system and here's a sample script:
if header ["From"] contains ["coyote"] {
forward "acm@frobnitzm.edu";
} else if header "Subject" contains "$$$" {
forward "postmaster@frobnitzm.edu";
} else {
forward "field@frobnitzm.edu";
}
If the header contains the string "coyote" the message is forwarded to an address. Otherwise, if the subject contains "$$$" (a common string found in spam message subjects) then it goes to a different address. Failing either of those tests, the message is forwarded to yet another address. Click here for a much more ambitious example.
The RFC is quite easy to understand and we recommend you read it. It makes the architecture of Sieve quite clear.
But it will take some time for Sieve to become commonplace because there are lots of issues that are yet to be ironed out. For example, how can you prevent scripts from doing bad things? Even though the language doesn't support loops there is still the possibility for all sorts of hacks that could cause problems (for example, multiple message rejections by a script could result in the creation of a mail bomb).
While Sieve is obviously a potentially powerful tool on the client side it is really interesting as an adjunct to an IMAP or SMTP server. Sieve scripts common to all users can automatically examine and manage user mailboxes, reducing workstation overhead, making large-scale distribution of scripts unnecessary and ensuring that corporate standards are maintained in a timely fashion.
There are only a few Sieve implementations available but we suspect that others will appear as add-ons to existing mail servers in short order.
A client-side implementation (claimed to be the first to market) we have yet to try can be found in the Mulberry mail client from Cyrusoft International.
If you are desperate to try a server-side version, check out the Cyrus mail server from Carnegie Mellon University's Computing Services Department. This server, which runs under Unix, supports IMAP, POP3 and KPOP along with a Sieve implementation.
Unfiltered messages to gearhead@gibbs.com.
Comments and suggestions to gh@gibbs.com.
Gibbs Forum
The place to discuss Gibbs's columns.
Check out this week's edition of
Backspin for more musings from Gibbs.
RELATED LINKS
A puzzle, some junk, electric sheep
05/29/06
Yep, when you start poking around in Windows, it is staggering what you can find that is running but doesn't need to be. What
brought this topic to mind was finding the Java Update utility, jusched.exe, running on one of our PCs.
Better security: New VoIP system adds authentication, improved tracking
05/29/06
With headquarters in Singapore, Chartered Semiconductors Manufacturing's U.S. sales, marketing and engineering teams log a
lot of international miles and even more international calls. Trying to manage all those calls through the company's two PBXs
in California and Texas was proving to be an auditing and security nightmare for Ron Yan, the company's IT manager in Milpitas,
Calif., so he turned to VoIP.
Spamming and phishing with pictures and voice
05/25/06
Last week, Commtouch announced its new defense against image-only spam, a problem that Commtouch has found to be on the increase
over the past several months. Complicating the problem is the fact that spammers who send image-only spam can vary their content
slightly in an effort to fool conventional anti-spam defenses. Commtouch's Recurrent Pattern Detection technology uses a variety
of sophisticated algorithms that can detect image-based spam, including variations in the same message.
F-Secure adds CommTouch’s Zero-Hour technology to security products
05/24/06
Security vendor F-Secure announced on Tuesday plans to integrate CommTouch’s real-time anti-virus and anti-spam technology
into its offerings.
Spam filter blamed in lost bid for telecom services
05/24/06
The spam filter ate my contract.That’s what happened to the president of a telecom dealer in Cobb County, Ga., who recently
bid on a local and long-distance service contract for the school district. But unlike the popular dog-homework excuse, the
spam filter really did eat his contract.Or so, that’s what school officials say. Mike Russell, president of Elite Telecom
Services in Kennesaw, says he was surprised that his bid made in February on the five-year school district contract didn’t
win. When Russell inquired with the school district, he was told an e-mail clarifying the terms of the bid was never received,
and so his offer was not considered. Russell’s formal bid was produced in hard copy, but the school district e-mailed Russell
back asking for a number of clarifications and insisting those clarifications be made via e-mail.All of the clarifications
requested by the school district, including issues such as maintenance and escalation policies, were clearly spelled out in
the initial bid, Russell says.When Russell was told the clarification e-mail – actually sent by ITC Deltacom, the communications
provider for which Elite is a dealer – was never received, Russell produced a copy of the e-mail and a return receipt issued
by the school district’s server. That’s when the school district found the missing e-mail trapped in the spam filter. Russell
asked for his bid to be reconsidered, which he points out came in at $250,000 a year below the winning BellSouth bid, and
has been denied. Given that all other e-mail communication with the school district regarding the bid was not trapped by its
spam filters, Russell says it’s very hard to believe that this one piece of e-mail was sent directly to the quarantine folder.Russell
alerted news outlets to make public what he calls the “inadequacies and deficiencies” of the school district’s handling of
the bidding process. In response, Russell says the school district has suggested he bring them court, a process Russell says
that a small business such as his could not undertake.Cobb County board of education officials did not immediately return
calls seeking comment.
 |
 |
 |
|||||
|
 |
|
|
|
|||
