Benoit Tellier created JAMES-3946: ------------------------------------- Summary: Proposal: DropLists (akka blacklists) Key: JAMES-3946 URL: https://issues.apache.org/jira/browse/JAMES-3946 Project: James Server Issue Type: New Feature Components: data, webadmin Reporter: Benoit Tellier
h3. What? Blacklist are a classical email related feature. Having a easy to activate core module to handle this feature would IMO be nice. Ideally blacklist entries should be added globally, at the domain level, at the user level and should concern individual addresses as well as entire domains. h3. Disclaimer We identified this feature while working on TMail. I am convinced that this is generic enough to land on James. But might consensus reject this, we could still make this a TMail module :-) Ideally I'd like to have this fully as an option, not activated by default. h3. How? Again, proposal here. My first shot was to think of RRTs but they do not take sender into account (saaaaaaaad). Write in `/server/data/data-api` a `Droplist interfaces. A drop list entry is comprised of - **ownerScope**: `global | domain | user` - **owner**: String. - For ownerScope global: this is always `ALL`. - For ownerScope domain: this is the domain, eg `domain.tld` - For ownerScope user, this is the users, eg `b...@domain.tld` - **deniedEntityType**: String. One of `address | domain` - **deniedEntity**: String. Either the domain or the address. {code:java} interface DropList { Mono<void> add(DropListEntry entry); Mono<void> remove(DropListEntry entry); Flux<DropListEntry> list(OwnerScope ownerSocpe, Owner owner); enum Status { ALLOWED, BLOCKED } Mono<Status> query(OwnerScope ownerSocpe, Owner owner, MailAddress sender); } {code} And provide a memory + a Cassandra implementation of the DropList. Write a `IsInDropList` matcher: Given `attac...@evil.com` sends a mail to `target@localhost`, the following queries are done: - ownerScope all, owner All, deniedEntityType domain, deniedEntity evil.com - ownerScope all, owner All, deniedEntityType address, deniedEntity attac...@evil.com - ownerScope domain, owner localhost, deniedEntityType domain, deniedEntity evil.com - ownerScope domain, owner localhost, deniedEntityType address, deniedEntity attac...@evil.com - ownerScope user, owner target@localhost, deniedEntityType domain, deniedEntity evil.com - ownerScope user, owner target@localhost, deniedEntityType address, deniedEntity attac...@evil.com Manage to do only one set of queries at scope global. Manage to do one set of queries at scope domain per domain! Webadmin APIs to manage the Drop List: {code:java} GET /droplist/global?deniedEntityType=null|domain|address [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ] HEAD /droplist/global/evil.com HEAD /droplist/global/bad_...@murder.org 204 // 404 PUT /droplist/global/evil.com PUT /droplist/global/bad_...@murder.org -> adds the entry into the droplist DELETE /droplist/global/evil.com DELETE /droplist/global/bad_...@murder.org -> removes the entry from the droplist ---------------- GET /droplist/domain/target.com?deniedEntityType=null|domain|address [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ] HEAD /droplist/domain/target.com/evil.com HEAD /droplist/domain/target.com/bad_...@murder.org 204 // 404 PUT /droplist/domain/target.com/evil.com PUT /droplist/domain/target.com/bad_...@murder.org -> adds the entry into the droplist DELETE /droplist/domain/target.com/evil.com DELETE /droplist/domain/target.com/bad_...@murder.org -> removes the entry from the droplist ---------------- GET /droplist/user/b...@target.com?deniedEntityType=null|domain|address [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ] HEAD /droplist/user/b...@target.com/evil.com HEAD /droplist/user/b...@target.com/bad_...@murder.org 204 // 404 PUT /droplist/user/b...@target.com/evil.com PUT /droplist/user/b...@target.com/bad_...@murder.org -> adds the entry into the droplist DELETE /droplist/user/b...@target.com/evil.com DELETE /droplist/user/b...@target.com/bad_...@murder.org -> removes the entry from the droplist {code} Write a guice module for DropList with Cassandra and with memory but do not include it in the apps by default. Document activating the droplist extension: - Enable the droplist extension in `extensions.properties` - Plug the `IsInDropList` matcher in `mailetcontainer.xml` - Add the routes in `additionalRoutes` into `webadmin.properties` And most imprtantly remove: - `AbstractSQLWhitelistMatcher` - `IsInWhiteList` - `WhiteListManager` As we now propose a better alternative... -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org For additional commands, e-mail: server-dev-h...@james.apache.org