Noel - Thanks for your interest. Here is the issue - I am using the James
server to support several mailing lists for some local organizations. Up to
this point, I have set up web pages with links on them to allow a user to
subscribe or unsubscribe from these lists. What I am finding is that I get
bogus subscriptions added to the lists from a spammer, with a bogus return
email address. I strongly suspect this is being done by web bots that find
the links on a web page and automatically subscribe to them. I have
configured James to only allow subscribers to send messages to the mail
list, but this is inadequate to prevent the spammers to send spam to the
members of the list, once they too have subscribed.
So I have decided to change the paradigm so that the subscribe link on the
web pages point to a new subscription verification mailet instead of
directly to the list subscription mailet - AvalonListservManager. My new
subscription verification mailet will respond by sending back an email to
the subscriber which contains the actual link (or a From address so the
subscriber can simply reply to it) to the actual list subscription mailet
handled by the AvalonListservManager class. In this way the subscriber has
to go through a two step process to subscribe to a list, and in the process
verifies that the email address he is subscribing from is indeed valid.
If I can successfully write this new mailet, I will be willing to donate it
to the groups new mailet library if it becomes a reality. ;-) I think others
may find it useful for this purpose as well. I have written my first rough
prototype attempt and include it below... My problem with getting it to work
is that I require users to use SMTP authorization in order to send mail
through my server. (Allows users to roam) But I have been unsuccessful at
getting the James server to recognize my new mailet as an authorized user..
If you are anyone else in the group would care to look this over, (it is not
complicated) I would appreciate any pointers as to where I have gone
wrong... The devil may be in the details such as what is a proper user name
for the authenticator, or maybe the From name and the user name must be the
same (even though I have left the config.xml parameter,
<verifyIdentity>true</verifyIdentity> commented out) unfortunately the
examples for this code that I have found don't show this kind of detail and
I haven't guessed at what is the right configuration setting...
Here is my java code for the prototype mailet -
import javax.mail.*;
public class MyAuthenticator extends javax.mail.Authenticator {
public MyAuthenticator() {
super();
}
public javax.mail.PasswordAuthentication getPasswordAuthentication() {
// MyMailetsName with aPassword were added to the James user list.
return new PasswordAuthentication("MyMailetsName", "aPassword");
}
}
/**
* This class handles the subscription and verification of the email address
of a subscriber to a
* Jakarta James email list server. When invoked, this mailet will respond
with an email sent back
* to the subscriber to verify the validity of the sender's email address.
(Hopefully this will foil
* spammers who use bots to find and subscribe to email lists) The user will
in turn reply to the email
* thus completing the subscription process.
* Creation date: (5/19/02 11:50:30 AM)
* @author: Marc Chamberlin
*/
import java.util.*;
import java.io.*;
import org.apache.mailet.*;
import javax.mail.*;
import javax.mail.internet.*;
public class MyListSubscribeMailet extends org.apache.mailet.GenericMailet {
public MyListSubscribeMailet() {
super();
}
public void postMail(
String recipient,
String subject,
String message,
String from)
throws javax.mail.MessagingException {
boolean debug = false;
//Set the host SMTP address
Properties props = new Properties();
props.put("mail.smtp.host", "mail.mydomainname.com");
// create some properties and get the default Session
Authenticator auth = new MyAuthenticator();
Session session = Session.getDefaultInstance(props, auth); //
exceptions here
session.setDebug(debug);
// create a message
Message msg = new MimeMessage(session);
// set the from and to address
InternetAddress addressFrom = new InternetAddress(from);
msg.setFrom(addressFrom);
InternetAddress[] addressTo = new InternetAddress[1];
addressTo[0] = new InternetAddress(recipient);
msg.setRecipients(Message.RecipientType.TO, addressTo);
// Setting the Subject and Content Type
msg.setSubject(subject);
msg.setContent(message, "text/plain");
Transport.send(msg);
}
public void service(org.apache.mailet.Mail mail)
throws javax.mail.MessagingException {
try {
MailAddress sender = mail.getSender();
String recipient = sender.toString();
String subject = "Mail List Subscription";
String message = "Test message";
String from = "[EMAIL PROTECTED]";
postMail(recipient, subject, message, from);
} catch (javax.mail.MessagingException e) {
System.out.println(e.toString());
throw new javax.mail.MessagingException(e.toString());
}
}
}
When I try to send email to this mailet, I get the following exception which
shows that the mailet is at least running.... ;-)
Exception in processor <transport>
java.lang.SecurityException: Access to default session denied
at javax.mail.Session.getDefaultInstance(Session.java:175)
Anyone know what I am doing wrong? Much appreciate the help... Marc...
P.S. > Did you turn on the anti-SPAM filters Yes...
P.P.S > ... and did you apply the recent fix to InSpammerBlacklist? No,
didn't know about this, where do I find the info?
----- Original Message -----
From: "Noel J. Bergman" <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Sent: Sunday, May 19, 2002 11:37 PM
Subject: RE: Mailing list verification mailet?
> Did you turn on the anti-SPAM filters, and did you apply the recent fix to
> InSpammerBlacklist? Otherwise, it would not have discarded any spam.
>
> How do you want your hypothetical mailing list verifier to work?
>
> --- Noel
>
> -----Original Message-----
> From: Marc Chamberlin [mailto:[EMAIL PROTECTED]]
> Sent: Friday, May 17, 2002 13:39
> To: james-user
> Subject: Mailing list verification mailet?
>
>
> OK I give up! *!!%#$ spammers! I have a couple mail lists set up for my
> James server, with links for our users to subscribe/unsubscribe to them
from
> our web pages. Trouble is that there are bots for some spammers which are
> finding these links and automatically subscribing to our lists, then
sending
> out spam to everyone in the lists... I don't have time to write a mailet
to
> deal with the verification of valid user email addresses right now, and I
> know the Jakarta mailing lists use a verification process whereby the
> subscriber must send back an email to the mail list server before actually
> being added to a mailing list... I suspect Jakarta groups are using the
> James servers? If so, then there is probably a mailet already written for
> this purpose, and I am wondering if some kind soul would send it to me? I
> will probably need the .java files so I can make any necessary
> modifications. Much appreciate it, I am under some time pressures at the
> moment and hope this will save me a few hours... ;-)
>
> Marc.....
>
>
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
