JMAP for Sieve ScriptsFastmail US LLC1429 Walnut Street - Suite 1201PhiladelphiaPA19102USAmurch@fastmailteam.com
ART
JMAPJMAPJSONSieveThis document specifies a data model for managing Sieve
scripts on a server using the JSON Meta Application Protocol (JMAP).
JMAP (JSON Meta Application
Protocol) is a generic protocol for synchronizing data, such as
mail, calendars or contacts, between a client and a server.
It is optimized for mobile and web environments, and aims to
provide a consistent interface to different data types.
This specification defines a data model for managing
Sieve scripts on a server using
JMAP.
The data model is designed to allow a server to provide
consistent access to the same scripts via
ManageSieve as well as JMAP,
however the functionality offered over the two protocols may
differ.
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL",
"SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT
RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be
interpreted as described in BCP 14 when, and only when, they appear in
all capitals, as shown here.
Type signatures, examples, and property descriptions in
this document follow the conventions established in Section
1.1 of . Data types defined in the
core specification are also used in this document.
Servers MUST support all properties specified for the new
data type defined in this document.For compatibility with publishing requirements, line breaks
have been inserted inside long JSON strings, with the
following continuation lines indented. To form the valid JSON
example, any line breaks inside a string must be replaced with
a space and any other white space after the line break
removed.The same terminology is used in this document as in the
core JMAP specification, see , Section
1.6.
The term SieveScript (with this specific capitalization) is
used to refer to the data type defined in this document and
instances of those data types.
The capabilities object is returned as part of the JMAP
Session object; see , Section 2. This
document defines one additional capability URI.
This represents support for the SieveScript data type and
associated API methods.
The value of this property in the JMAP Session
capabilities property is an empty object.
The value of this property in an account’s
accountCapabilities property is an object that MUST contain
the following information on server capabilities:
supportsTest:
Boolean
If true, the server supports the
SieveScript/test method.
maxSizeScriptName:
UnsignedInt
The maximum length, in (UTF-8) octets, allowed for the
name of a SieveScript.
For compatibility with ManageSieve, this MUST be at
least 512 (up to 128 Unicode characters).
maxSizeScript:
UnsignedInt|null
The maximum size (in octets) of a Sieve script the
server is willing to store for the user,
or null for no limit.
maxNumberScripts:
UnsignedInt|null
The maximum number of Sieve scripts the server is
willing to store for the user,
or null for no limit.
maxNumberRedirects:
UnsignedInt|null
The maximum number of Sieve "redirect" actions a
script can perform during a single evaluation
or null for no limit.
Note that this is different from the total number of
"redirect" actions a script can contain.
sieveExtensions:
String[]
A list of case-sensitive Sieve capability strings (as
listed in Sieve "require" action; see
, Section 3.2) indicating the
extensions supported by the Sieve engine.
notificationMethods:
String[]|null
A list of URI schema parts
for notification methods supported by the Sieve
"enotify" extension,
or null if the extension
is not supported by the Sieve engine.
externalLists:
String[]|null
A list of URI schema parts
for externally stored list types supported by the
Sieve "extlists" extension,
or null if the extension
is not supported by the Sieve engine.
A SieveScript object represents
a single Sieve script for
filtering email messages at time of final delivery.
A SieveScript object has the
following properties:
id:
Id
(immutable; server-set)
The id of the script.
name:
String|null
(optional; default is server-dependent)
User-visible name for the SieveScript.
If non-null, this MUST be a Net-Unicode
string of at least 1 character in length, subject to the
maximum size given in the capability object.
For compatibility with ManageSieve, servers MUST reject
names that contain control characters. Servers MAY reject
names that violate server policy (e.g., names containing
slash (/)).
The name MUST be unique among all SieveScripts within an
account.
blobId:
Id
The id of the blob containing the raw octets of the script.
The script MUST be UTF-8
content of at least 1 character in length, subject to the
syntax of Sieve.
The script MUST NOT contain any "require" statement(s)
mentioning Sieve capabiltity strings not present in the
capability object.
Note that if the Sieve "ihave"
capability string is present in the capability object,
the script MAY mention unrecognized/unsupported extensions
in the "ihave" test.
isActive:
Boolean
(server-set; default: false)
A user may have multiple SieveScripts on the server, yet
only one script may be used for filtering of incoming
messages. This is the active script. Users may have zero
or one active script.
The SieveScript/set method
is used for changing the active script or disabling Sieve
processing.
This is a standard "/get" method as described in
, Section 5.1.
The ids argument may be
null to fetch all at once.
This method provides similar functionality to the GETSCRIPT
and LISTSCRIPTS commands in .
This is a standard "/set" method as described in
, Section 5.3 but with the following
additional request argument, which may be omitted:
onSuccessActivateScript:
Id|null
(optional)
If null, the currently active
SieveScript (if any) will be deactivated if and only if
all of the creations, modifications, and destructions (if
any) succeed.
Otherwise, the id of the SieveScript to activate if and
only if all of the creations, modifications, and
destructions (if any) succeed.
(For references to SieveScript creations, this is
equivalent to a creation-reference, so the id will be the
creation id prefixed with a "#".)
If this argument is not present in the request, the
currently active SieveScript (if any) will remain as such.
The id of any activated SieveScript MUST be reported in
either the "created" or "updated" argument in the response
as appropriate.
The id of any deactivated SieveScript MUST be reported in
the "updated" argument in the response.
This method provides similar functionality to the
PUTSCRIPT, DELETESCRIPT, RENAMESCRIPT, and SETACTIVE commands
in .
Script content must first be uploaded as a blob using
either the standard upload mechanism (see
Section 6.1) or the JMAP Blob management extension
(see Section 3.1).
If the SieveScript can not be created or updated because it
would result in two SieveScripts with the same name, the
server MUST reject the request with an "alreadyExists"
SetError.
An "existingId" property of type "Id" MUST be included on the
SetError object with the id of the existing SieveScript.If the SieveScript can not be created or updated because
its size exceeds the "maxSizeScript" limit, the server MUST
reject the request with a "tooLarge" SetError.If the Sieve Script can not be created because it would
exceed the "maxNumberScripts" limit, the server MUST
reject the request with an "overQuota" SetError.The active SieveScript MUST NOT be destroyed
unless it is first deactivated in a separate SieveScript/set
method call.The following extra SetError types are defined:
For "create" and "update":
invalidScript:
The SieveScript content violates the
Sieve grammar and/or one
or more extensions mentioned in the script's "require"
statement(s) are not supported by the Sieve interpreter.
The description property on
the SetError object SHOULD contain a specific error
message giving at least the line number of the first error.
For "destroy":
scriptIsActive:
The SieveScript is active.
This is a standard "/query" method as described in
, Section 5.5.
A FilterCondition object has the
following properties, either of which may be omitted:
name:
String
The SieveScript "name" property contains the given string.
isActive:
Boolean
The "isActive" property of the SieveScript must be
identical to the value given to match the condition.
The following SieveScript properties MUST be supported for
sorting:
nameisActiveThis method is used by the client to verify Sieve script
validity without storing the script on the server,
providing similar functionality to the
CHECKSCRIPT command in .
The method takes the following arguments:
accountId:
Id
The id of the account to use.
blobId:
Id
The id of the blob containing the raw octets of the
script to validate,
subject to the same requirements in
.
The response has the following arguments:
accountId:
Id
The id of the account used for this call.
error:
SetError|null
A "invalidScript" SetError object if the script content
is invalid (see ),
or null if the
script content is valid.
As with the SieveScript/set method,
script content must first be uploaded as a blob using either
the standard upload mechanism (see
Section 6.1) or the JMAP Blob management extension
(see Section 3.1).
This method is used by the client to ask the Sieve
interpreter to evaluate a Sieve script against a set of emails
and report the actions that would be performed for each.
When calling this method the "using" property of the
Request object MUST contain the capabilities
"urn:ietf:params:jmap:sieve" and "urn:ietf:params:jmap:mail".
The latter is required due to the use of blob ids which may
reference Email objects and the use of the Envelope object, as
described below.The SieveScript/test method
takes the following arguments:
accountId:
Id
The id of the account to use.
scriptBlobId:
String
The id of the blob containing the raw octets of the
script to validate,
subject to the same requirements in
.
emailBlobIds:
Id[]
The ids representing the raw octets of the
messages to test against.
envelope:
Envelope|null
Information that the Sieve interpreter should assume was
present in the SMTP transaction that delivered the
message when evaluating "envelope" tests.
If null, all "envelope"
tests MUST evaluate to false.
See Section 7 of for
the contents of the Envelope object.
lastVacationResponse:
UTCDate|null
The UTC date-time at which the Sieve interpreter should
assume that it last auto-replied to the sender of the
message, or null if the Sieve
interpreter should assume that it has not auto-replied
to the sender.
The response has the following arguments:
accountId:
Id
The id of the account used for this call.
completed:
Id[Action[]]|null
A map of the blob id to a set of
Action types for each message
successfully processed by the script, or
null if none.
The Action data type is a
tuple, represented as a JSON array containing three elements:
A Stringname of the Sieve
action (e.g., "keep").
A String[*] object
containing any named (tagged) arguments for the action.
The name MUST be the tag for the argument as given
in the specification of the action (e.g., ":flags").
This may be an empty object if the action does not
have any tagged arguments, or none were specified in
the Sieve script
(e.g., discard or
ereject action).
An *[] array containing
any positional arguments for the action in the
order as given in the specification of the action.
This may be an empty array if the action does not
have any positional arguments
(e.g., discard or
keep action).
notCompleted:
Id[SetError]|null
A map of the blob id to a SetError object for each message
that was not successfully processed by the script, or
null if none.
A "serverFail" SetError (see Section 3.6.2 of
) MUST be used to indicate a
Sieve interpreter run-time error.
The following additional errors may be returned instead of
the "SieveScript/test" response:
"invalidScript": The script content is invalid
(see ).
"notFound": The script referenced by the id could
not be found.
"rateLimit": The number of recent test method calls has
reached a server-defined limit.
"requestTooLarge": The total number of emailBlobIds
exceeds the maximum number the server is willing to
process in a single test method call.
"serverFail": The script failed preparation to
be executed for some other reason.
The JSON data type to use for each argument value is a
direct mapping from its Sieve data type, per the following
table:
Sieve TypeJSON TypeNumberNumberStringStringString ListString[]tag with no valueBoolean (true)
Recommendations for constructing the list of arguments are
as follows:
Optional arguments in which the value is supplied by
the Sieve interpreter SHOULD be included (e.g., ":from" and
":subject" arguments to the
"vacation" action).Optional arguments in which the value is implicitly
supplied by
a Sieve variable SHOULD be included (e.g., "keep" or
"fileinto" actions without an explicit ":flags" argument,
but "imap4flags" have been
set on the internal variable).Optional arguments in which the value is the specfied
default MAY be omitted.Tagged arguments that are only used to determine
whether the action will be executed and have no impact on
the result of the action MAY be omitted (e.g., ":days" and
":addresses" arguments to the vacation action).Section 8 of defines a
VacationResponse object to represent an autoresponder to
incoming email messages.
Servers that implement the VacationResponse as a Sieve script
that resides amongst other user scripts are subject to the
following requirements:
MUST allow the VacationResponse Sieve script to be fetched
by the SieveScript/get method.
MUST allow the VacationResponse Sieve script to be
[de]activated via the "onSuccessActivateScript" argument to
the SieveScript/set method.
MUST NOT allow the VacationResponse Sieve script to be
destroyed or have its content updated by the
SieveScript/set method.
Any such request MUST be rejected with a "forbidden" SetError.
A "description" property MAY be present with an explanation
that the script can only be modified by a VacationResponse/set
method.
All security considerations of JMAP
and Sieve apply to this specification.
IANA will register the "sieve" JMAP Capability as follows:
Capability Name:
urn:ietf:params:jmap:sieveSpecification document: this document
Intended use: common
Change Controller: IETF
Security and privacy considerations: this document,
The following sub-sections register two new error codes in the
JMAP Error Codes registry, as defined in .
JMAP Error Code: invalidScript Intended use: common Change controller: IETF Reference: This document, Description: The SieveScript violates the
Sieve grammar and/or one
or more extensions mentioned in the script's "require"
statement(s) are not supported by the Sieve interpreter.JMAP Error Code: scriptIsActive Intended use: common Change controller: IETF Reference: This document, Description: The client tried to destroy the active
SieveScript.The concepts in this document are based largely on those in
.
The author would like to thank the authors of that document for
providing both inspiration and some borrowed text for this
document.The author would also like to thank the following
individuals for contributing their ideas and support for
writing this specification: Bron Gondwana, Neil Jenkins, Alexey
Melnikov, and Ricardo Signes.Changes since ietf-03:
SieveScript/test: Moved positional arguments into their own
array (because the specfications don't use a consistent method for
defining the action syntax or naming of positional arguments).Changes since ietf-02:
Removed open issues.Reverted back to using only blob ids for script content.Added "rateLimit" and "requestTooLarge" to the list of
possible error codes for /set method.Added Compatibility with JMAP Vacation Response
section.Added RFC5228 to Security Considerations.Miscellaneous editorial changes.Changes since ietf-01:
Removed normative references to ManageSieve (RFC 5804).Added the 'maxSizeScriptName' capability.Made the 'name' property in the SieveScript object
optional.Added requirements for the 'name' property in the
SieveScript object.Removed the 'blobId' property from the SieveScript
object.Removed the 'replaceOnCreate' argument from the /set
method.Removed the 'blobId' argument from the /validate method.Removed the 'scriptBlobId' argument from, and added the
'scriptContent' argument to, the /test method.Editorial fixes from Neil Jenkins and Ricardo Signes.Other miscellaneous text reorganization and editorial fixes.Changes since ietf-00:
Specified that changes made by onSuccessActivateScript MUST
be reported in the /set response as created and/or updated as
appropriate.Reworked and specified more of the /test response based on
implementation experience.Changes since murchison-01:
Explicitly stated that Sieve capability strings are
case-sensitive.errorDescription is now String|null.Added /query method.Added /test method.Changes since murchison-00:
Added IANA registration for "scriptIsActive" JMAP error code.Added open issue about /set{create} with an existing script name.