This is sieve-connect.  A client for the MANAGESIEVE protocol, as
implemented by timsieved in Cyrus IMAP.  This software is licensed and
the terms are provided in the file "LICENSE" as supplied with this
software (BSD license without the advertising clause).

SIEVE is an RFC-specified language for mail filtering, which at time of
writing is specified in the following RFCs:

  RFC 5228 Sieve: An Email Filtering Language
  RFC 5229 Sieve Email Filtering: Variables Extension
  RFC 5230 Sieve Email Filtering: Vacation Extension
  RFC 5231 Sieve Email Filtering: Relational Extension
  RFC 5232 Sieve Email Filtering: Imap4flags Extension
  RFC 5233 Sieve Email Filtering: Subaddress Extension
  RFC 5235 Sieve Email Filtering: Spamtest and Virustest Extensions
  RFC 3894 Sieve Extension: Copying Without Side Effects

and various drafts, both IETF and individual submissions.  It's designed
to be regular enough for machines to be able to manipulate, whilst still
being editable by humans.  Alas, not many clients actually implement
this instead of embedding their own internal codes in sieve comments,
defeating the goal of being able to edit with a client of your choice.

Whilst the timsieved implementation remains the baseline, sieve-connect
is expected to be a compatible implementation of MANAGESIEVE as
documented in "draft-martin-managesieve-08.txt"; some issues to be
worked on are documented in the "TODO" file.

sieve-connect speaks MANAGESIEVE and supports TLS for connection privacy
and also authentication if using client certificates.  sieve-connect
will use SASL authentication; SASL integrity layers are not supported,
use TLS instead.  GSSAPI-based authentication should generally work,
provided that client and server can use a common underlaying protocol.
If it doesn't work for you, please report the issue.

sieve-connect is designed to be both a tool which can be invoked from
scripts and also a decent interactive client.  It should also be a
drop-in replacement for "sieveshell", as supplied with Cyrus IMAP.


Installing
==========

You'll need Perl5 installed and various Perl modules from CPAN, as
detailed below.  None of the modules are unusual.  A man-page is
provided.

SSL certificates are assumed to be in /etc/ssl/certs/ but this is
configured at the very start of the script.


Pre-Requisites
==============

 Perl5
 Authen::SASL
 IO::Socket::INET6
 IO::Socket::SSL      0.97 or greater
 Pod::Usage
 Term::ReadKey 	      optional; password prompting without echo
 Term::ReadLine       optional; improves interactive mode
 Term::ReadLine::Gnu  optional; adds tab-completion
 various other Perl modules which are shipped with Perl itself


Problems
========

If Perl segfaults upon exit, then this is very probably a Perl/Readline
interaction.  You can confirm this by using an option such as --list to
avoid entering a command-loop, and then by passing PERL_RL=Perl in the
environment to sieve-connect.  Eg:
  $ env PERL_RL=Perl sieve-connect

If that avoids the failure on exit, then you appear to be affected by:
  http://rt.cpan.org/Public/Bug/Display.html?id=37194

Rather than rebuild Perl with -DPERL_USE_SAFE_PUTENV, when this affected me I
chose to avoid having readline mess with $LINES/$COLUMNS and just edited
readline-$VER/terminal.c to disable the call to sh_set_lines_and_columns().


If you experience any other problems, or have better solutions to the above,
please report them.


Notes about release and packaging
=================================

The first release of the X.YY tarball corresponds to version 114 in the
old svn repository, where this was just one script amongst others.

Please excuse the 'XXX' for user identifier in the ChangeLog -- I'm
keeping my email address slightly less spam-harvestable (GSSAPI
authentication to svn/DAV leaves your entire user identifier in the
logs, which includes the realm).  There's an email address in the
man-page, which might be excessively spam-filtered, and other email
addresses in the PGP key used for signing the distribution.

The PGP key used for signing is in the strong set, so if you can't
verify the key then attend a PGP keysigning party.  It's where all the,
uhm, uncool people are.  No, wait wait!  The _cool_ people.  That's it.
Yeah.  *cough*

