[jira] [Comment Edited] (JAMES-3946) Proposal: DropLists (akka blacklists)

Thu, 06 Jun 2024 06:24:06 -0700 


    [ 
https://issues.apache.org/jira/browse/JAMES-3946?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17852785#comment-17852785
 ] 

Benoit Tellier edited comment on JAMES-3946 at 6/6/24 1:23 PM:
---------------------------------------------------------------

Done in https://github.com/apache/james-project/pull/2283


was (Author: btellier):
Done in https://issues.apache.org/jira/browse/JAMES-3946

> Proposal: DropLists (akka blacklists)
> -------------------------------------
>
>                 Key: JAMES-3946
>                 URL: https://issues.apache.org/jira/browse/JAMES-3946
>             Project: James Server
>          Issue Type: New Feature
>          Components: data, webadmin
>            Reporter: Benoit Tellier
>            Priority: Major
>          Time Spent: 11h 20m
>  Remaining Estimate: 0h
>
> h3. What?
> Blacklist are a classical email related feature.
> Having a easy to activate core module to handle this feature would IMO be 
> nice.
> Ideally blacklist entries should be added globally, at the domain level, at 
> the user level and should concern individual addresses as well as entire 
> domains.
> h3. Disclaimer
> We identified this feature while working on TMail.
> I am convinced that this is generic enough to land on James. But might 
> consensus reject this, we could still make this a TMail module :-)
> Ideally I'd like to have this fully as an option, not activated by default.
> h3. How?
> Again, proposal here. My first shot was to think of RRTs but they do not take 
> sender into account (saaaaaaaad).
> Write in `/server/data/data-api` a `Droplist interfaces.
> A drop list entry is comprised of
>  - **ownerScope**: `global | domain | user`
>  - **owner**: String. 
>     - For ownerScope global: this is always `ALL`.
>     - For ownerScope domain: this is the domain, eg `domain.tld`
>     - For ownerScope user, this is the users, eg `b...@domain.tld`
> - **deniedEntityType**: String. One of `address | domain`
> - **deniedEntity**: String. Either the domain or the address.
> {code:java}
> interface DropList {
>     Mono<void> add(DropListEntry entry);
>     Mono<void> remove(DropListEntry entry);
>     Flux<DropListEntry> list(OwnerScope ownerSocpe, Owner owner);
>    enum Status {
>        ALLOWED,
>        BLOCKED
>    }
>     Mono<Status> query(OwnerScope ownerSocpe, Owner owner, MailAddress 
> sender);
> }
> {code}
> And provide a memory + a Cassandra implementation of the DropList.
> Write a `IsInDropList` matcher: Given `attac...@evil.com` sends a mail to 
> `target@localhost`, the following queries are done:
>  - ownerScope all, owner All, deniedEntityType domain, deniedEntity evil.com
>  - ownerScope all, owner All, deniedEntityType address, deniedEntity 
> attac...@evil.com
>  - ownerScope domain, owner localhost, deniedEntityType domain, deniedEntity 
> evil.com
>  - ownerScope domain, owner localhost, deniedEntityType address, deniedEntity 
> attac...@evil.com
>  - ownerScope user, owner target@localhost, deniedEntityType domain, 
> deniedEntity evil.com
>  - ownerScope user, owner target@localhost, deniedEntityType address, 
> deniedEntity attac...@evil.com
> Manage to do only one set of queries at scope global. Manage to do one set of 
> queries at scope domain per domain!
> Webadmin APIs to manage the Drop List:
> {code:java}
> GET /droplist/global?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
> HEAD /droplist/global/evil.com
> HEAD /droplist/global/bad_...@murder.org
> 204 // 404
> PUT /droplist/global/evil.com
> PUT /droplist/global/bad_...@murder.org
> -> adds the entry into the droplist
> DELETE /droplist/global/evil.com
> DELETE /droplist/global/bad_...@murder.org
> -> removes the entry from the droplist
> ----------------
> GET /droplist/domain/target.com?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
> HEAD /droplist/domain/target.com/evil.com
> HEAD /droplist/domain/target.com/bad_...@murder.org
> 204 // 404
> PUT /droplist/domain/target.com/evil.com
> PUT /droplist/domain/target.com/bad_...@murder.org
> -> adds the entry into the droplist
> DELETE /droplist/domain/target.com/evil.com
> DELETE /droplist/domain/target.com/bad_...@murder.org
> -> removes the entry from the droplist
> ----------------
> GET /droplist/user/b...@target.com?deniedEntityType=null|domain|address
> [ "evil.com", "devil.com", "bad_...@crime.com", "hac...@murder.org" ]
> HEAD /droplist/user/b...@target.com/evil.com
> HEAD /droplist/user/b...@target.com/bad_...@murder.org
> 204 // 404
> PUT /droplist/user/b...@target.com/evil.com
> PUT /droplist/user/b...@target.com/bad_...@murder.org
> -> adds the entry into the droplist
> DELETE /droplist/user/b...@target.com/evil.com
> DELETE /droplist/user/b...@target.com/bad_...@murder.org
> -> removes the entry from the droplist
> {code}
> Write a guice module for DropList with Cassandra and with memory but do not 
> include it in the apps by default.
> Document activating the droplist extension:
>  - Enable the droplist extension in `extensions.properties`
>  - Plug the `IsInDropList` matcher in `mailetcontainer.xml`
>  - Add the routes in `additionalRoutes` into `webadmin.properties`
> And most imprtantly remove:
>  - `AbstractSQLWhitelistMatcher`
>  - `IsInWhiteList`
>  - `WhiteListManager`
> As we now propose a better alternative...



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: server-dev-unsubscr...@james.apache.org
For additional commands, e-mail: server-dev-h...@james.apache.org

Reply via email to