Mercurial > hg > mlmmj
annotate README.access @ 919:e371a935a0cd default tip master
Added tag RELEASE_1_3_0 for changeset 570dd6d4942b
| author | Ben Schmidt |
|---|---|
| date | Thu, 25 May 2017 09:08:47 +1000 |
| parents | c6fe438f3e60 |
| children |
| rev | line source |
|---|---|
| 387 | 1 README.access present in mlmmj versions >= 0.8.0 |
| 2 (moderate tag since 1.1.0-RC3) | |
| 256 | 3 Access control in mlmmj |
| 4 ======================= | |
| 5 | |
| 6 If the file listdir/control/access is present, access control is enabled. | |
| 7 | |
| 8 NOTE: the default action is to deny access (reject the mail), so an empty | |
| 261 | 9 access control file will cause mlmmj to reject all posts, whereas a non- |
| 10 existant file will change nothing, and mlmmj will behave as usual. | |
| 256 | 11 |
| 12 Each header in the mail is tested against each rule, rule by rule. That is, | |
| 13 all headers are first tested against the first rule, then all headers are | |
| 14 tested against the second rule, and so on. | |
| 15 | |
|
640
3770bb64ea17
Added support for 'discard' keyword in access rules (Sascha Sommer)
mortenp
parents:
387
diff
changeset
|
16 The first rule to match a header decides which action to take - allow, deny, |
|
3770bb64ea17
Added support for 'discard' keyword in access rules (Sascha Sommer)
mortenp
parents:
387
diff
changeset
|
17 discard or moderate the post. |
| 256 | 18 |
| 19 The syntax is quite simple: action[ [!]regexp] | |
|
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
20 - "Action" can be "allow", "send", "deny", "discard" or "moderate". |
| 256 | 21 - The optional "!" makes the rule a match, if NO header matches the regular |
| 22 expression. | |
| 23 - "Regexp" is a POSIX.2 extended regular expression. Matching is done case | |
| 24 insensitive. | |
| 25 | |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
26 The action "allow" will pass the mail on to the next step in processing. The |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
27 mail may still be held for moderation, if it would have been so without access |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
28 rules. |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
29 |
|
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
30 The action "send" will send the mail unconditionally. It will not be |
|
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
31 moderated, nor subject to subonlypost, nor modnonsubposts. |
|
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
32 |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
33 The action "deny" will not send the mail to the mailing list, but will send a |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
34 rejection mail to the sender. |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
35 |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
36 The action "discard" will not send the mail to the list, and will not send a |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
37 rejection mail. |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
38 |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
39 The action "moderate" will hold the mail for moderation. |
|
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
40 |
| 387 | 41 IMPORTANT: if "moderate" is used then don't forget to add people who should |
| 42 function as moderators in listdir/control/moderators | |
| 256 | 43 |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
44 |
|
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
45 The flow through the access system is something like this: |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
46 |
|
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
47 deny +------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
48 +----------------->| deny | |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
49 | +------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
50 | |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
51 | discard +---------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
52 | +-------------->| discard | |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
53 | | +---------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
54 | | ^ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
55 | | | expire |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
56 +--------+ moderate +------+ +------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
57 --->| access |----------->| hold |---------->| send |---> |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
58 +--------+ +------+ confirm +------+ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
59 | | ^ ^ ^ |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
60 | | | yes | | |
|
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
61 | | allow +--------------+ no | | |
|
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
62 | +-------------->| moderation * |-----+ | |
|
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
63 | +--------------+ | |
|
719
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
64 | send | |
|
30e6e309891d
Added "send" keyword to control/access handling (Ben Schmidt)
mortenp
parents:
717
diff
changeset
|
65 +------------------------------------------+ |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
66 |
|
842
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
67 * modnonsubposts is also processed here, and subonlypost (the flow |
|
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
68 may be to deny or discard for subonlypost without modnonsubposts). |
|
c6fe438f3e60
Fix access logic so subonlypost doesn't override a send access rule.
Ben Schmidt
parents:
719
diff
changeset
|
69 |
|
717
7e1127e22936
added description of the keywords, added flow graph
mortenp
parents:
640
diff
changeset
|
70 |
| 256 | 71 First a simple example. This rule set will reject any mail that is NOT plain |
| 72 text, or has a subject that contains "BayStar", and allow anything else: | |
| 73 | |
| 387 | 74 deny !^Content-Type: text/plain |
| 75 deny ^Subject:.*BayStar | |
| 76 allow | |
| 256 | 77 |
| 387 | 78 To allow only text mails, but have the moderators moderate every html mail one |
| 79 would use this: | |
| 80 | |
| 81 allow ^Content-Type: text/plain | |
| 82 moderate ^Content-Type: text/html | |
| 83 deny | |
| 256 | 84 |
| 85 Now on to a more advanced example. Morten can post anything, Mads Martin can | |
| 86 post if the subject does not contain "SCO". Everything else is denied: | |
| 87 | |
| 387 | 88 allow ^From: Morten |
| 89 deny ^Subject:.*SCO | |
| 90 allow ^From: Mads Martin | |
| 91 deny | |
| 256 | 92 |
| 93 The last rule (deny) can be left out, as deny is the default action. | |
| 94 | |
| 95 A third example. Deny any mails with "discount", "weightloss", or "bonus" in | |
| 96 the subject. Allow PGP signed and plain text mails. Anything else is denied: | |
| 97 | |
| 387 | 98 deny ^Subject:.*discount |
| 99 deny ^Subject:.*weightloss | |
| 100 deny ^Subject:.*bonus | |
| 101 allow ^Content-Type: multipart/signed | |
| 102 allow ^Content-Type: text/plain | |
| 103 |