[
https://issues.apache.org/jira/browse/JAMES-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17852785#comment-17852785
]
Benoit Tellier commented on JAMES-3946:
---------------------------------------
Done in https://issues.apache.org/jira/browse/JAMES-3946
> Proposal: DropLists (akka blacklists)
> -------------------------------------
>
> Key: JAMES-3946
> URL: https://issues.apache.org/jira/browse/JAMES-3946
> Project: James Server
> Issue Type: New Feature
> Components: data, webadmin
> Reporter: Benoit Tellier
> Priority: Major
> Time Spent: 11h 20m
> Remaining Estimate: 0h
>
> h3. What?
> Blacklist are a classical email related feature.
> Having a easy to activate core module to handle this feature would IMO be
> nice.
> Ideally blacklist entries should be added globally, at the domain level, at
> the user level and should concern individual addresses as well as entire
> domains.
> h3. Disclaimer
> We identified this feature while working on TMail.
> I am convinced that this is generic enough to land on James. But might
> consensus reject this, we could still make this a TMail module :-)
> Ideally I'd like to have this fully as an option, not activated by default.
> h3. How?
> Again, proposal here. My first shot was to think of RRTs but they do not take
> sender into account (saaaaaaaad).
> Write in `/server/data/data-api` a `Droplist interfaces.
> A drop list entry is comprised of
> - **ownerScope**: `global | domain | user`
> - **owner**: String.
> - For ownerScope global: this is always `ALL`.
> - For ownerScope domain: this is the domain, eg `domain.tld`
> - For ownerScope user, this is the users, eg `[email protected]`
> - **deniedEntityType**: String. One of `address | domain`
> - **deniedEntity**: String. Either the domain or the address.
> {code:java}
> interface DropList {
> Mono<void> add(DropListEntry entry);
> Mono<void> remove(DropListEntry entry);
> Flux<DropListEntry> list(OwnerScope ownerSocpe, Owner owner);
> enum Status {
> ALLOWED,
> BLOCKED
> }
> Mono<Status> query(OwnerScope ownerSocpe, Owner owner, MailAddress
> sender);
> }
> {code}
> And provide a memory + a Cassandra implementation of the DropList.
> Write a `IsInDropList` matcher: Given `[email protected]` sends a mail to
> `target@localhost`, the following queries are done:
> - ownerScope all, owner All, deniedEntityType domain, deniedEntity evil.com
> - ownerScope all, owner All, deniedEntityType address, deniedEntity
> [email protected]
> - ownerScope domain, owner localhost, deniedEntityType domain, deniedEntity
> evil.com
> - ownerScope domain, owner localhost, deniedEntityType address, deniedEntity
> [email protected]
> - ownerScope user, owner target@localhost, deniedEntityType domain,
> deniedEntity evil.com
> - ownerScope user, owner target@localhost, deniedEntityType address,
> deniedEntity [email protected]
> Manage to do only one set of queries at scope global. Manage to do one set of
> queries at scope domain per domain!
> Webadmin APIs to manage the Drop List:
> {code:java}
> GET /droplist/global?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
> HEAD /droplist/global/evil.com
> HEAD /droplist/global/[email protected]
> 204 // 404
> PUT /droplist/global/evil.com
> PUT /droplist/global/[email protected]
> -> adds the entry into the droplist
> DELETE /droplist/global/evil.com
> DELETE /droplist/global/[email protected]
> -> removes the entry from the droplist
> ----------------
> GET /droplist/domain/target.com?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
> HEAD /droplist/domain/target.com/evil.com
> HEAD /droplist/domain/target.com/[email protected]
> 204 // 404
> PUT /droplist/domain/target.com/evil.com
> PUT /droplist/domain/target.com/[email protected]
> -> adds the entry into the droplist
> DELETE /droplist/domain/target.com/evil.com
> DELETE /droplist/domain/target.com/[email protected]
> -> removes the entry from the droplist
> ----------------
> GET /droplist/user/[email protected]?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
> HEAD /droplist/user/[email protected]/evil.com
> HEAD /droplist/user/[email protected]/[email protected]
> 204 // 404
> PUT /droplist/user/[email protected]/evil.com
> PUT /droplist/user/[email protected]/[email protected]
> -> adds the entry into the droplist
> DELETE /droplist/user/[email protected]/evil.com
> DELETE /droplist/user/[email protected]/[email protected]
> -> removes the entry from the droplist
> {code}
> Write a guice module for DropList with Cassandra and with memory but do not
> include it in the apps by default.
> Document activating the droplist extension:
> - Enable the droplist extension in `extensions.properties`
> - Plug the `IsInDropList` matcher in `mailetcontainer.xml`
> - Add the routes in `additionalRoutes` into `webadmin.properties`
> And most imprtantly remove:
> - `AbstractSQLWhitelistMatcher`
> - `IsInWhiteList`
> - `WhiteListManager`
> As we now propose a better alternative...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
