> > 1. you define those ip addresses that are considered 'internal'. in my > > world that is the company mailserver > > > 2. you extend your "RecipientIS" mailet to consider the ip address of > > the sender > > I was also going to suggest IP filtering, but the matcher already exists: > RemoteAddrInNetwork or RemoteAddrNotInNetwork. Instead of just using that > to control access to the RemoteDelivery mailet, it could control access to > the mailing lists. > > --- Noel > Hi,
I've been away for a few days; now I'm back to this thread. First of all, I would like to make clear that for "local user" I'm intending a user (connecting to SMTP either from inside or outside my network) know to the server, in the sense that can be authenticated through SMTP AUTH, and not a user with an IP number considered internal to my network (let's call the latter an "internal user" - just to have a common terminology), that obviously could be filtered using "RemoteAddrInNetwork" etc. I'm using the term "local" in the same sense used in the "RecipientIsLocal" matcher, from which I wrote a "SenderIsLocal" matcher that did not fulfill my needs, being forgeable. Now I think that I found a very simple "solution". Let's recap: 1) I have a "normal" James server, already using SMTP AUTH to prevent relaying, and accepting messages from local-internal users to everywhere, from local-external users to everywhere, and from non-local users to local users. 2) In addition to that, I want that only users authenticated through SMTP AUTH be allowed to send messages to certain protected recipient addresses, mainly lists; 3) Because of (2), the domain part of such recipient address does not need to be known "in the open world", but will be managed only by my James server; it can and *should* be then a fake domain known only to my server and my users. 4) Then, it is enough to use for such protected recipient addresses a special domain name, like "local", *not* listed in <servername>, and that's it: I just need to match to the right domain using match="RecipientIs=listname@local" or match="CommandForListserv=listname@local" or other matcher/mailet variations. As the recipient domain is not listed in <servername>, James will enforce SMTP AUTH. 5) The legitimate users should just know that the address to use for the list is "listname@local" instead of "[EMAIL PROTECTED]", and connect directly to my server to send the message. Unless there is something I haven't thought about, it should work. Thanks for the help, Vincenzo --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
