Are the people sending messages on the same network in your office or are they distributed out on the internet? If they are in an office situation, you can simply restrict the logic based on the network. There is an example of it in the default james config.xml
<mailet match="RemoteAddrNotInNetwork=127.0.0.1" class="ToProcessor">
<processor> spam </processor>
</mailet>
This sends anything that isn't from localhost to the spam processor. You could use this to control access to your lists.
Kenny Smith
JournalScape.com
Vincenzo Gianferrari Pini wrote:
I need a matcher that checks if the sender of a message is a local user.
I wrote (very simple task indeed) such matcher ("SenderIsLocal", a kind of
mix of "SenderIs" and "RecipientIsLocal"). If anyone is ever interested in
it just let me know.
But there is a possible "hole" in it. Here follows my problem and question.
The reason why I need this matcher is to have, in the config.xml file, a
message coming from a local user of my company go to a special processor
that will try to match against some "RecipientIS" conditions that will have
the message spread (using either class="AvalonListserv" or class="Redirect")
to one or more large lists of local users and/or customers.
As just said, it is imperative for me that only *local users* may send
messages to such lists, and it must be verifiable in the logs. The matcher I
wrote works perfectly, but anyone from outside could just fake the sender
email address using a legitimate local user address and have a spam or nasty
message sent to lots of people, even customers, acting as someone else (also
someone from inside could use someone else's name and damage).
I can (and have) set both SMTP and to true
in my config.xml file, but unfortunately this is not enough, as such checks
are being done only for messages not going to local recipients, and my lists
are local recipients themselves.
So here is my question: is there any way in the matcher Java code to check
for the sender having been authenticated and verified (even when all
recipients are local), instead of checking "if
(mailetContext.isLocalServer(senderMailAddress.getHost()) &&
mailetContext.isLocalUser(senderMailAddress.getUser()))"? I would need the
equivalent of something like "if (mailetContext.isSenderAuthenticated() &&
mailetContext.isSenderVerified())". Or is there any other way to obtain my
goal?
Can someone help me?
Thanks,
Vincenzo
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
