1. you define those ip addresses that are considered 'internal'. in my world that is the company mailserver, since james is acting as an intelligent filtering mx (yes, i still owe the list some docs on this, i haven't forgotten! :o)
2. you extend your "RecipientIS" mailet to consider the ip address of the sender: anything that matches the subnet of the 'internal' address becomes 'outgoing' mail, anything doesn't becomes 'incoming' mail.
3. you only allow 'outgoing' mail that matches the naming scheme you currently have defined in "RecipientIS" to be delivered.
b
Vincenzo Gianferrari Pini wrote:
I need a matcher that checks if the sender of a message is a local user. I wrote (very simple task indeed) such matcher ("SenderIsLocal", a kind of mix of "SenderIs" and "RecipientIsLocal"). If anyone is ever interested in it just let me know.But there is a possible "hole" in it. Here follows my problem and question. The reason why I need this matcher is to have, in the config.xml file, a message coming from a local user of my company go to a special processor that will try to match against some "RecipientIS" conditions that will have the message spread (using either class="AvalonListserv" or class="Redirect") to one or more large lists of local users and/or customers. As just said, it is imperative for me that only *local users* may send messages to such lists, and it must be verifiable in the logs. The matcher I wrote works perfectly, but anyone from outside could just fake the sender email address using a legitimate local user address and have a spam or nasty message sent to lots of people, even customers, acting as someone else (also someone from inside could use someone else's name and damage). I can (and have) set both SMTP <authRequired> and <verifyIdentity> to true in my config.xml file, but unfortunately this is not enough, as such checks are being done only for messages not going to local recipients, and my lists are local recipients themselves. So here is my question: is there any way in the matcher Java code to check for the sender having been authenticated and verified (even when all recipients are local), instead of checking "if (mailetContext.isLocalServer(senderMailAddress.getHost()) && mailetContext.isLocalUser(senderMailAddress.getUser()))"? I would need the equivalent of something like "if (mailetContext.isSenderAuthenticated() && mailetContext.isSenderVerified())". Or is there any other way to obtain my goal? Can someone help me? Thanks, Vincenzo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
