Confused about access policies: internals, filter

[Zhang Huangbin]

Hi, all.

I'm still confused about access policies: internals, filter.

Does 'internals' mean mail list member/subscriber? 'filter' means mail
list owner?

And if sender is not mail list owner, why it doesn't return REJECT
instead of DEFER_IF_PERMIT?

--
Best regards.

Zhang Huangbin

- Open Source Mail Server Solution for RHEL/CentOS 5.x:
http://code.google.com/p/iredmail/

[Giulio Fidente]

On Apr 5, 4:10 am, Zhang Huangbin <michaelbi...@gmail.com> wrote:
> Hi, all.
>
> I'm still confused about access policies: internals, filter.
>
> Does 'internals' mean mail list member/subscriber? 'filter' means mail
> list owner?

Hi Zhang,
as per issue #2, which is still open, the idea is to make the those
values configurable

for now internals means that _only_ the subscribers are allowed to
post messages and filter means that only the addresses explicitly
defined as allowed can post messages, as per table at:
http://code.google.com/p/mlapd/wiki/HowToDeployMLAPD

> And if sender is not mail list owner, why it doesn't return REJECT
> instead of DEFER_IF_PERMIT?

ideally there are no owners of a mailing list, but just subscribers
and/or submitters which can eventually not be subscribed

if you're getting a DEFER it's, as you should get in the logfile,
probably because the data on ldap is not correctly populated

could you please provide an ldif export of your mailing list entry
specifying which is the sender using which you receive the DEFER
message?

thanks for helping,
Giulio

[Zhang Huangbin]

On Apr 5, 4:24 pm, Giulio Fidente <giulivo.naviga...@gmail.com> wrote:
> for now internals means that _only_ the subscribers are allowed to
> post messages and filter means that only the addresses explicitly
> defined as allowed can post messages, as per table at:http://code.google.com/p/mlapd/wiki/HowToDeployMLAPD

In the wiki page:

filter => only the addresses explicitly found as allowed on the LDAP
server will be allowed

What do you mean 'allowed'?

My mail list object dn:
----
dn:
mail=a...@domain.ltd,ou=Groups,domainName=domain.ltd,dc=iredmail,dc=org
listMember: ww...@domain.ltd
listMember: ww...@domain.ltd
listMember: ww...@domain.ltd
listMember: ww...@domain.ltd
listOwner: zh...@domain.ltd
----

How can i make it only allow zh...@domain.ltd mail to mail list
'a...@domain.ltd'?

[Giulio Fidente]

On Apr 8, 8:37 am, Zhang Huangbin <michae...@gmail.com> wrote:
> In the wiki page:
>
> filter => only the addresses explicitly found as allowed on the LDAP
> server will be allowed
>
> What do you mean 'allowed'?

allowed to send messages to the list; mlapd will reply to postfix with
"OK"

> My mail list object dn:
> ----
> dn:
> mail=a...@domain.ltd,ou=Groups,domainName=domain.ltd,dc=iredmail,dc=org
> listMember: ww...@domain.ltd
> listMember: ww...@domain.ltd
> listMember: ww...@domain.ltd
> listMember: ww...@domain.ltd
> listOwner: zh...@domain.ltd
> ----
>
> How can i make it only allow zh...@domain.ltd mail to mail list
> 'a...@domain.ltd'?

I don't see in there the attribute which defines the kind of policy
you're using, but assuming you've "listPolicy: filter", than you just
have to configure your ldapmodel.conf with:
ALLWDATTRIBUTE=listMember
SUBSCRATTRIBUTE=listOwner

that should do the job

[Giulio Fidente]

On Apr 8, 4:05 pm, Giulio Fidente <giulivo.naviga...@gmail.com> wrote:
> ALLWDATTRIBUTE=listMember
> SUBSCRATTRIBUTE=listOwner

auch, just find out my mistake, the two values must be used exactly in
the opposite order for you!

ALLWDATTRIBUTE=listOwner
SUBSCRATTRIBUTE=listMember

sorry about that :+)