[xmail] Re: Idea: Policy levels
On Wed, 30 Jun 2004 [EMAIL PROTECTED] wrote: > Davide - to fully support the way you just said it should be done - we need > you to change the way domain and user mailproc.tabs are processed. It's in my queue. - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Idea: Policy levels
We do exactly these very things, using filters as Davide suggests. We give each user the chance to change their settings via web interface. But in the case of some domains, things like virus checks are preferred to be turned on or off at the DOMAIN level, not the USER level. The current logic of the domain and user mailproc.tabs make it very hard to offer both DOMAIN LEVEL and USER level controls - because use of one of the mailproc.tab files means you can not use the other one. Davide - to fully support the way you just said it should be done - we need you to change the way domain and user mailproc.tabs are processed. Most list users seem to have agreed. Would this take a great effort to make the change? Is there a down side that I am not seeing? - Original Message - From: "Davide Libenzi" <[EMAIL PROTECTED]> To: <[EMAIL PROTECTED]> Sent: Wednesday, June 30, 2004 9:24 PM Subject: [xmail] Re: Idea: Policy levels > On Mon, 28 Jun 2004, Tracy wrote: > > > > > This is not a feature request - it's as yet too inchoate. More a request > > for the various people on the list to kick the idea around and see if it > > has any value to anyone other than me. If it does, perhaps we can firm it > > up into a feature request for a future version of XMail. > > > > I'm looking for a way to set, for lack of a better term, a policy level on > > local recipient accounts. The best way to explain this is by example. > > > > Let's say that I have four users: Larry ([EMAIL PROTECTED]), Moe > > ([EMAIL PROTECTED]), Curly ([EMAIL PROTECTED]) and Shep ([EMAIL PROTECTED]). > > Now, Larry wants to receive *all* email addressed to his account, > > regardless of what it contains (spam, viruses, correspondence, dynamite, > > whatever). Moe, on the other hand, is perfectly happy to receive spam, but > > has absolutely no use for viruses. Curly doesn't want to receive either > > spam or viruses, and Shep, well, Shep only wants to receive email from a > > specific list of sources - no worries about what's in those emails, but > > nothing from anyone who's not on his list. > > > > Now, obviously, each of these users requests would represent a policy level > > on the types and sources of mail that can be sent to those accounts. For > > instance, Larry might represent policy level 0 (unrestricted), Moe might be > > policy level 1 (virus filtering), Curly would be policy level 2 (spam and > > virus filtering), and Shep policy level 3 (whitelist only). > > Why do you want to bolt this kind of policies into XMail? What's wrong > with per-user filters, that you already have in mailproc.tab? > > > - Davide > > - > To unsubscribe from this list: send the line "unsubscribe xmail" in > the body of a message to [EMAIL PROTECTED] > For general help: send the line "help" in the body of a message to > [EMAIL PROTECTED] > > - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Idea: Policy levels
At 00:39 7/1/2004, Rob Arends wrote: >Tracy - your at it again!! > >Now I follow what your trying to do and I *know* what Davide will say - "use >pre-data filters". > >It sounds like a good idea if not a little esoteric. >I think there is a very small market out there for this and as such will not >be included in xmail itself. >Your trying to do to much whilst in the SMTP session. I don't see it as "too much" - I see it as "just enough". I'm not asking XMail to enforce the policies, or even to know what they are. I just want recipients on messages to all have the same policy level - so that when I get around to enforcing the policies (later, in mailprocs or wherever), I don't have to deal with the possibility of having to send back bounce notices or dump messages as locally undeliverable. And pre-data filters won't work - because the recipients have already been accepted by that point. It's reject for all, or for none, at that point - unless I want to send back bounce messages to (possibly forged) senders and remove recipients from the temp file available to pre-data filters. Which brings us right back to the problem of bounce spam (such as we're all getting from AV software that sends notices back to forged senders). Temp-failing recipients let's me separate out the recipients into different sessions, so that I can *enforce* the policies during pre-data and post-data filtering - thus allowing me to reject (not bounce) only for those recipients that need it. - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Idea: Policy levels
At 00:24 7/1/2004, Davide Libenzi wrote: > > Now, obviously, each of these users requests would represent a policy > level > > on the types and sources of mail that can be sent to those accounts. For > > instance, Larry might represent policy level 0 (unrestricted), Moe > might be > > policy level 1 (virus filtering), Curly would be policy level 2 (spam and > > virus filtering), and Shep policy level 3 (whitelist only). > >Why do you want to bolt this kind of policies into XMail? What's wrong >with per-user filters, that you already have in mailproc.tab? Because I don't want to have to bounce messages after receiving them - I want to be able to reject them during the protocol session. If I accept the message with recipients at different policy levels, then it turns out to be undeliverable to one of the recipients, I then have to figure out what to do with the message (in terms of sending back - or not sending back, depending on the type of message - a notification to the original sender, or delivering it anyway in contradiction of policy, or just dumping it on the floor, or whatever). Whereas if I can temp-fail a recipient for not being at the same policy level, I don't have this problem because I can do policy related rejects during the protocol session (using pre-data and post-data filters) when warranted. I've done a custom mod to 1.20 to handle this - it took adding one member variable to the SMTPS structure, lines to init or reset that variable in the InitSession and ResetSession routines, and about 8 lines of code in the CheckForwardPath routine. And it temp-fails with a 471, which I've verified works fine with several different mail servers I have access to. So, I'm a happy camper myself - I just thought it might be something useful to others, and wanted to open the floor to discussion. But since no one else has chimed in, I'm guessing it's probably not a "high demand" item, so probably shouldn't be added to the main distro. I can maintain my own little branch of the code base, carrying the code for this forward locally for new versions. Unless you just want to add it in...:) - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Idea: Policy levels
Tracy - your at it again!! Now I follow what your trying to do and I *know* what Davide will say - "use pre-data filters". It sounds like a good idea if not a little esoteric. I think there is a very small market out there for this and as such will not be included in xmail itself. Your trying to do to much whilst in the SMTP session. Rob :-) _ Censorship can't eliminate evil; it can only kill freedom. -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Tracy Sent: Tuesday, 29 June 2004 12:14 AM To: [EMAIL PROTECTED] Subject: [xmail] Idea: Policy levels This is not a feature request - it's as yet too inchoate. More a request for the various people on the list to kick the idea around and see if it has any value to anyone other than me. If it does, perhaps we can firm it up into a feature request for a future version of XMail. I'm looking for a way to set, for lack of a better term, a policy level on local recipient accounts. The best way to explain this is by example. Let's say that I have four users: Larry ([EMAIL PROTECTED]), Moe ([EMAIL PROTECTED]), Curly ([EMAIL PROTECTED]) and Shep ([EMAIL PROTECTED]). Now, Larry wants to receive *all* email addressed to his account, regardless of what it contains (spam, viruses, correspondence, dynamite, whatever). Moe, on the other hand, is perfectly happy to receive spam, but has absolutely no use for viruses. Curly doesn't want to receive either spam or viruses, and Shep, well, Shep only wants to receive email from a specific list of sources - no worries about what's in those emails, but nothing from anyone who's not on his list. Now, obviously, each of these users requests would represent a policy level on the types and sources of mail that can be sent to those accounts. For instance, Larry might represent policy level 0 (unrestricted), Moe might be policy level 1 (virus filtering), Curly would be policy level 2 (spam and virus filtering), and Shep policy level 3 (whitelist only). And that's all great and wonderful - except... What happens if someone sends a spam addressed to Moe, Curly and Shep, in the same envelope? I have no way to handle it except to accept then bounce - which, for spam, is almost a guaranteed forged sender for the bounce. But according to the user's requested policies, I can't deliver the spam (if it's detected as spam) to Curly, and I definitely can't deliver it to Shep, because it came from a source not on his whitelist. So, what I need is a way to have a policy level set on individual users, so that recipients can be temp-failed if their policy setting is more restrictive than the other recipients. Now, obviously, I don't know exactly where and how to implement this, but I was thinking that it might be implemented as a variable in the user.tab for the recipient similar to the "ReceiveEnabled" or "PopEnable" settings - something along the lines of "PolicyLevel" with an integer value. Obviously it doesn't matter what significance the user (or admin) attaches to the various policy levels, so long as it's consistent that a lower number means a less restrictive policy - or perhaps temp-fail all recipients who's policy setting isn't identical to previous recipients. To carry this back to our example, let's say that the first recipient on an incoming email is Curly, at policy level 2. Using whatever means, XMail retrieves and stores the policy level number when Curly is accepted as a recipient. Now the second recipient is Moe, at policy level 1. At this point, we could either accept Moe as a recipient (since his policy level is lower than Curly's), or we could temp-fail (417 User has different policy level - retry separately) this recipient. And the third recipient, Shep, has policy level 3 - this would definitely result in a temp-fail, since policy level 3 is more restrictive than any previously encountered recipient's policy level. While the specific examples I've presented are contrived, they do represent the situation that I find myself in - needing to be able to accept or temp-fail specific recipients of a specific email transaction based on local policies. Any thoughts? Does this sound useful enough to consider implementing, or am I out on a limb here and about to fall into a very big kettle of stew? - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED] - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
[xmail] Re: Idea: Policy levels
On Mon, 28 Jun 2004, Tracy wrote: > > This is not a feature request - it's as yet too inchoate. More a request > for the various people on the list to kick the idea around and see if it > has any value to anyone other than me. If it does, perhaps we can firm it > up into a feature request for a future version of XMail. > > I'm looking for a way to set, for lack of a better term, a policy level on > local recipient accounts. The best way to explain this is by example. > > Let's say that I have four users: Larry ([EMAIL PROTECTED]), Moe > ([EMAIL PROTECTED]), Curly ([EMAIL PROTECTED]) and Shep ([EMAIL PROTECTED]). > Now, Larry wants to receive *all* email addressed to his account, > regardless of what it contains (spam, viruses, correspondence, dynamite, > whatever). Moe, on the other hand, is perfectly happy to receive spam, but > has absolutely no use for viruses. Curly doesn't want to receive either > spam or viruses, and Shep, well, Shep only wants to receive email from a > specific list of sources - no worries about what's in those emails, but > nothing from anyone who's not on his list. > > Now, obviously, each of these users requests would represent a policy level > on the types and sources of mail that can be sent to those accounts. For > instance, Larry might represent policy level 0 (unrestricted), Moe might be > policy level 1 (virus filtering), Curly would be policy level 2 (spam and > virus filtering), and Shep policy level 3 (whitelist only). Why do you want to bolt this kind of policies into XMail? What's wrong with per-user filters, that you already have in mailproc.tab? - Davide - To unsubscribe from this list: send the line "unsubscribe xmail" in the body of a message to [EMAIL PROTECTED] For general help: send the line "help" in the body of a message to [EMAIL PROTECTED]
