Benoit Tellier created JAMES-3946:
-------------------------------------
Summary: Proposal: DropLists (akka blacklists)
Key: JAMES-3946
URL: https://issues.apache.org/jira/browse/JAMES-3946
Project: James Server
Issue Type: New Feature
Components: data, webadmin
Reporter: Benoit Tellier
h3. What?
Blacklist are a classical email related feature.
Having a easy to activate core module to handle this feature would IMO be nice.
Ideally blacklist entries should be added globally, at the domain level, at the
user level and should concern individual addresses as well as entire domains.
h3. Disclaimer
We identified this feature while working on TMail.
I am convinced that this is generic enough to land on James. But might
consensus reject this, we could still make this a TMail module :-)
Ideally I'd like to have this fully as an option, not activated by default.
h3. How?
Again, proposal here. My first shot was to think of RRTs but they do not take
sender into account (saaaaaaaad).
Write in `/server/data/data-api` a `Droplist interfaces.
A drop list entry is comprised of
- **ownerScope**: `global | domain | user`
- **owner**: String.
- For ownerScope global: this is always `ALL`.
- For ownerScope domain: this is the domain, eg `domain.tld`
- For ownerScope user, this is the users, eg `b...@domain.tld`
- **deniedEntityType**: String. One of `address | domain`
- **deniedEntity**: String. Either the domain or the address.
{code:java}
interface DropList {
Mono<void> add(DropListEntry entry);
Mono<void> remove(DropListEntry entry);
Flux<DropListEntry> list(OwnerScope ownerSocpe, Owner owner);
enum Status {
ALLOWED,
BLOCKED
}
Mono<Status> query(OwnerScope ownerSocpe, Owner owner, MailAddress sender);
}
{code}
And provide a memory + a Cassandra implementation of the DropList.
Write a `IsInDropList` matcher: Given `attac...@evil.com` sends a mail to
`target@localhost`, the following queries are done:
- ownerScope all, owner All, deniedEntityType domain, deniedEntity evil.com
- ownerScope all, owner All, deniedEntityType address, deniedEntity
attac...@evil.com
- ownerScope domain, owner localhost, deniedEntityType domain, deniedEntity
evil.com
- ownerScope domain, owner localhost, deniedEntityType address, deniedEntity
attac...@evil.com
- ownerScope user, owner target@localhost, deniedEntityType domain,
deniedEntity evil.com
- ownerScope user, owner target@localhost, deniedEntityType address,
deniedEntity attac...@evil.com
Manage to do only one set of queries at scope global. Manage to do one set of
queries at scope domain per domain!
Webadmin APIs to manage the Drop List:
{code:java}
GET /droplist/global?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
HEAD /droplist/global/evil.com
HEAD /droplist/global/bad_...@murder.org
204 // 404
PUT /droplist/global/evil.com
PUT /droplist/global/bad_...@murder.org
-> adds the entry into the droplist
DELETE /droplist/global/evil.com
DELETE /droplist/global/bad_...@murder.org
-> removes the entry from the droplist
----------------
GET /droplist/domain/target.com?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
HEAD /droplist/domain/target.com/evil.com
HEAD /droplist/domain/target.com/bad_...@murder.org
204 // 404
PUT /droplist/domain/target.com/evil.com
PUT /droplist/domain/target.com/bad_...@murder.org
-> adds the entry into the droplist
DELETE /droplist/domain/target.com/evil.com
DELETE /droplist/domain/target.com/bad_...@murder.org
-> removes the entry from the droplist
----------------
GET /droplist/user/b...@target.com?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
HEAD /droplist/user/b...@target.com/evil.com
HEAD /droplist/user/b...@target.com/bad_...@murder.org
204 // 404
PUT /droplist/user/b...@target.com/evil.com
PUT /droplist/user/b...@target.com/bad_...@murder.org
-> adds the entry into the droplist
DELETE /droplist/user/b...@target.com/evil.com
DELETE /droplist/user/b...@target.com/bad_...@murder.org
-> removes the entry from the droplist
{code}
Write a guice module for DropList with Cassandra and with memory but do not
include it in the apps by default.
Document activating the droplist extension:
- Enable the droplist extension in `extensions.properties`
- Plug the `IsInDropList` matcher in `mailetcontainer.xml`
- Add the routes in `additionalRoutes` into `webadmin.properties`
And most imprtantly remove:
- `AbstractSQLWhitelistMatcher`
- `IsInWhiteList`
- `WhiteListManager`
As we now propose a better alternative...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org
