Benoit Tellier created JAMES-3946:
-------------------------------------
Summary: Proposal: DropLists (akka blacklists)
Key: JAMES-3946
URL: https://issues.apache.org/jira/browse/JAMES-3946
Project: James Server
Issue Type: New Feature
Components: data, webadmin
Reporter: Benoit Tellier
h3. What?
Blacklist are a classical email related feature.
Having a easy to activate core module to handle this feature would IMO be nice.
Ideally blacklist entries should be added globally, at the domain level, at the
user level and should concern individual addresses as well as entire domains.
h3. Disclaimer
We identified this feature while working on TMail.
I am convinced that this is generic enough to land on James. But might
consensus reject this, we could still make this a TMail module :-)
Ideally I'd like to have this fully as an option, not activated by default.
h3. How?
Again, proposal here. My first shot was to think of RRTs but they do not take
sender into account (saaaaaaaad).
Write in `/server/data/data-api` a `Droplist interfaces.
A drop list entry is comprised of
- **ownerScope**: `global | domain | user`
- **owner**: String.
- For ownerScope global: this is always `ALL`.
- For ownerScope domain: this is the domain, eg `domain.tld`
- For ownerScope user, this is the users, eg `[email protected]`
- **deniedEntityType**: String. One of `address | domain`
- **deniedEntity**: String. Either the domain or the address.
{code:java}
interface DropList {
Mono<void> add(DropListEntry entry);
Mono<void> remove(DropListEntry entry);
Flux<DropListEntry> list(OwnerScope ownerSocpe, Owner owner);
enum Status {
ALLOWED,
BLOCKED
}
Mono<Status> query(OwnerScope ownerSocpe, Owner owner, MailAddress sender);
}
{code}
And provide a memory + a Cassandra implementation of the DropList.
Write a `IsInDropList` matcher: Given `[email protected]` sends a mail to
`target@localhost`, the following queries are done:
- ownerScope all, owner All, deniedEntityType domain, deniedEntity evil.com
- ownerScope all, owner All, deniedEntityType address, deniedEntity
[email protected]
- ownerScope domain, owner localhost, deniedEntityType domain, deniedEntity
evil.com
- ownerScope domain, owner localhost, deniedEntityType address, deniedEntity
[email protected]
- ownerScope user, owner target@localhost, deniedEntityType domain,
deniedEntity evil.com
- ownerScope user, owner target@localhost, deniedEntityType address,
deniedEntity [email protected]
Manage to do only one set of queries at scope global. Manage to do one set of
queries at scope domain per domain!
Webadmin APIs to manage the Drop List:
{code:java}
GET /droplist/global?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
HEAD /droplist/global/evil.com
HEAD /droplist/global/[email protected]
204 // 404
PUT /droplist/global/evil.com
PUT /droplist/global/[email protected]
-> adds the entry into the droplist
DELETE /droplist/global/evil.com
DELETE /droplist/global/[email protected]
-> removes the entry from the droplist
----------------
GET /droplist/domain/target.com?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
HEAD /droplist/domain/target.com/evil.com
HEAD /droplist/domain/target.com/[email protected]
204 // 404
PUT /droplist/domain/target.com/evil.com
PUT /droplist/domain/target.com/[email protected]
-> adds the entry into the droplist
DELETE /droplist/domain/target.com/evil.com
DELETE /droplist/domain/target.com/[email protected]
-> removes the entry from the droplist
----------------
GET /droplist/user/[email protected]?deniedEntityType=null|domain|address
[ "evil.com", "devil.com", "[email protected]", "[email protected]" ]
HEAD /droplist/user/[email protected]/evil.com
HEAD /droplist/user/[email protected]/[email protected]
204 // 404
PUT /droplist/user/[email protected]/evil.com
PUT /droplist/user/[email protected]/[email protected]
-> adds the entry into the droplist
DELETE /droplist/user/[email protected]/evil.com
DELETE /droplist/user/[email protected]/[email protected]
-> removes the entry from the droplist
{code}
Write a guice module for DropList with Cassandra and with memory but do not
include it in the apps by default.
Document activating the droplist extension:
- Enable the droplist extension in `extensions.properties`
- Plug the `IsInDropList` matcher in `mailetcontainer.xml`
- Add the routes in `additionalRoutes` into `webadmin.properties`
And most imprtantly remove:
- `AbstractSQLWhitelistMatcher`
- `IsInWhiteList`
- `WhiteListManager`
As we now propose a better alternative...
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
