Sieve forwarding loop destroys e-mail

Bron Gondwana brong at
Mon Mar 31 21:14:44 EDT 2008

On Mon, 31 Mar 2008 15:51:17 -0700 (PDT), "Andrew Morgan" <morgan at> said:
> On Tue, 1 Apr 2008, Bron Gondwana wrote:
> > On Mon, Mar 31, 2008 at 04:21:20PM +0200, Alain Spineux wrote:
> >> On Mon, Mar 31, 2008 at 2:40 PM, Joseph Brennan <brennan at> wrote:
> >>>
> >>>  Jo Rhett <jrhett at> wrote:
> >>>
> >>> >  I would ask that you spend some time determining how the
> >>> > program could determine it is a bad rule, and provide a patch to fix this
> >>> > behavior.  (in short -- it's harder than you think)
> >>>
> >>>  A mail delivery system that loses mail is buggy.  I don't need to look
> >>>  at the code to know that.
> >>>
> >>>  You can tell me no one has time to fix it, and in an open source project
> >>>  I can respect that.  But it is a bug.
> >>
> >> Look at this:
> >>
> >> If my script is
> >>
> >> redirect another.address at somewhere.else
> >>
> >> I expect my mailbox to stay empty, because this is what redirect is
> >> supposed to do!
> >> If I found and email in my mailbox this is a BUG, because the script I wrote
> >> should never let an email come in!
> >
> > I know, I know - pick me.  How about this one?
> >
> > discard;
> >
> >
> > It turns out that a mail delivery system that has been configured in a
> > way that loses mail has a bug _in_the_person_who_configured_it_.  Now
> > it may be that the language makes it easy to shoot yourself in the foot,
> > but that's different from being buggy.
> Just for reference - we provide a web interface (custom, we wrote it)
> that 
> provides the features most people want to configure in their sieve rules 
> such as email forwarding, filtering based on From/To address, vacation 
> messages, and spam blocking.  Of course, they have no idea it is actually 
> sieve behind the scenes.  They just point and click the web interface.
> This web interface has sanity checks to prevent people from doing silly 
> things like forwarding mail to themselves or the other common email 
> aliases on their accounts.
> We also offer direct sieveshell access for users that ask if they can do 
> more than the web interface offers.  If these "smart" users shoot 
> themselves in the foot, oh well.

Sounds remarkably like what we have, except we don't provide a timsieved that
listens to the world - people have to paste their sieve scripts into a web
interface that does syntax tests before uploading it.  Mainly for proxying
reasons, we don't have anything set up that can proxy the sieve protocol,
and we don't allow direct connections to our backend servers.

Yeah, sieve is a weird language in some ways, but it mostly gets the job done
and it's the "cyrus way".  We could probably get much the same by delivering
to plus addresses from our perl lmtp proxy, but why re-design the wheel?


  Bron Gondwana
  brong at

More information about the Info-cyrus mailing list