Mercurial > hg > mlmmj
annotate README.access @ 887:3032cb926799 BRANCH_1_2_18
Added tag RELEASE_1_2_18_1 for changeset c1b22b049682
author | Ben Schmidt |
---|---|
date | Wed, 05 Feb 2014 17:14:22 +1100 |
parents | c6fe438f3e60 |
children |
rev | line source |
---|---|
387 | 1 README.access present in mlmmj versions >= 0.8.0 |
2 (moderate tag since 1.1.0-RC3) | |
256 | 3 Access control in mlmmj |
4 ======================= | |
5 | |
6 If the file listdir/control/access is present, access control is enabled. | |
7 | |
8 NOTE: the default action is to deny access (reject the mail), so an empty | |
261 | 9 access control file will cause mlmmj to reject all posts, whereas a non- |
10 existant file will change nothing, and mlmmj will behave as usual. | |
256 | 11 |
12 Each header in the mail is tested against each rule, rule by rule. That is, | |
13 all headers are first tested against the first rule, then all headers are | |
14 tested against the second rule, and so on. | |
15 | |
640
3770bb64ea17
Added support for 'discard' keyword in access rules (Sascha Sommer)
mortenp
parents:
387
diff
changeset
|
16 The first rule to match a header decides which action to take - allow, deny, |
3770bb64ea17
Added support for 'discard' keyword in access rules (Sascha Sommer)
mortenp
parents:
387
diff
changeset
|
17 discard or moderate the post. |
256 | 18 |
19 The syntax is quite simple: action[ [!]regexp] | |
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
20 - "Action" can be "allow", "send", "deny", "discard" or "moderate". |
256 | 21 - The optional "!" makes the rule a match, if NO header matches the regular |
22 expression. | |
23 - "Regexp" is a POSIX.2 extended regular expression. Matching is done case | |
24 insensitive. | |
25 | |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
26 The action "allow" will pass the mail on to the next step in processing. The |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
27 mail may still be held for moderation, if it would have been so without access |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
28 rules. |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
29 |
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
30 The action "send" will send the mail unconditionally. It will not be |
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
31 moderated, nor subject to subonlypost, nor modnonsubposts. |
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
32 |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
33 The action "deny" will not send the mail to the mailing list, but will send a |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
34 rejection mail to the sender. |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
35 |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
36 The action "discard" will not send the mail to the list, and will not send a |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
37 rejection mail. |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
38 |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
39 The action "moderate" will hold the mail for moderation. |
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
40 |
387 | 41 IMPORTANT: if "moderate" is used then don't forget to add people who should |
42 function as moderators in listdir/control/moderators | |
256 | 43 |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
44 |
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
45 The flow through the access system is something like this: |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
46 |
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
47 deny +------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
48 +----------------->| deny | |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
49 | +------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
50 | |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
51 | discard +---------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
52 | +-------------->| discard | |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
53 | | +---------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
54 | | ^ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
55 | | | expire |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
56 +--------+ moderate +------+ +------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
57 --->| access |----------->| hold |---------->| send |---> |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
58 +--------+ +------+ confirm +------+ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
59 | | ^ ^ ^ |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
60 | | | yes | | |
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
61 | | allow +--------------+ no | | |
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
62 | +-------------->| moderation * |-----+ | |
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
63 | +--------------+ | |
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
64 | send | |
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
65 +------------------------------------------+ |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
66 |
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
67 * modnonsubposts is also processed here, and subonlypost (the flow |
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
68 may be to deny or discard for subonlypost without modnonsubposts). |
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
69 |
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
70 |
256 | 71 First a simple example. This rule set will reject any mail that is NOT plain |
72 text, or has a subject that contains "BayStar", and allow anything else: | |
73 | |
387 | 74 deny !^Content-Type: text/plain |
75 deny ^Subject:.*BayStar | |
76 allow | |
256 | 77 |
387 | 78 To allow only text mails, but have the moderators moderate every html mail one |
79 would use this: | |
80 | |
81 allow ^Content-Type: text/plain | |
82 moderate ^Content-Type: text/html | |
83 deny | |
256 | 84 |
85 Now on to a more advanced example. Morten can post anything, Mads Martin can | |
86 post if the subject does not contain "SCO". Everything else is denied: | |
87 | |
387 | 88 allow ^From: Morten |
89 deny ^Subject:.*SCO | |
90 allow ^From: Mads Martin | |
91 deny | |
256 | 92 |
93 The last rule (deny) can be left out, as deny is the default action. | |
94 | |
95 A third example. Deny any mails with "discount", "weightloss", or "bonus" in | |
96 the subject. Allow PGP signed and plain text mails. Anything else is denied: | |
97 | |
387 | 98 deny ^Subject:.*discount |
99 deny ^Subject:.*weightloss | |
100 deny ^Subject:.*bonus | |
101 allow ^Content-Type: multipart/signed | |
102 allow ^Content-Type: text/plain | |
103 |