Mercurial > hg > mlmmj

view README.access @ 790:e05f92db6857 BRANCH_1_2_17

Find changesets by keywords (author, files, the commit message), revision number or hash, or revset expression.
Added tag RELEASE_1_2_17_1 for changeset dc0f9614c839
author Ben Schmidt
date Sun, 21 Nov 2010 01:00:59 +1100
parents 7e1127e22936
children 30e6e309891d
line wrap: on
line source

README.access                           present in mlmmj versions >= 0.8.0
                                        (moderate tag since 1.1.0-RC3)
Access control in mlmmj
=======================

If the file listdir/control/access is present, access control is enabled.

NOTE: the default action is to deny access (reject the mail), so an empty
access control file will cause mlmmj to reject all posts, whereas a non-
existant file will change nothing, and mlmmj will behave as usual.

Each header in the mail is tested against each rule, rule by rule. That is,
all headers are first tested against the first rule, then all headers are
tested against the second rule, and so on.

The first rule to match a header decides which action to take - allow, deny,
discard or moderate the post.

The syntax is quite simple: action[ [!]regexp]
- "Action" can be "allow", "deny", "discard" or "moderate".
- The optional "!" makes the rule a match, if NO header matches the regular
  expression.
- "Regexp" is a POSIX.2 extended regular expression. Matching is done case
  insensitive.

The action "allow" will pass the mail on to the next step in processing. The
mail may still be held for moderation, if it would have been so without access
rules.

The action "deny" will not send the mail to the mailing list, but will send a
rejection mail to the sender.

The action "discard" will not send the mail to the list, and will not send a
rejection mail.

The action "moderate" will hold the mail for moderation.

IMPORTANT: if "moderate" is used then don't forget to add people who should
           function as moderators in listdir/control/moderators


The flow out of the access system is like this:

                      |
                      v
+--------+   deny +--------+ discard   +---------+
| reject |<-------| access |---------->| discard |
+--------+        +--------+           +---------+
               allow |  | moderate
                     |  +-----------+
                     v              v
               +------------+    +------+
               | moderation |--->| hold |
               +------------+    +------+
                     |              |
                     v              |
                  +------+          |
                  | send |<---------+
                  +------+


First a simple example. This rule set will reject any mail that is NOT plain
text, or has a subject that contains "BayStar", and allow anything else:

 deny !^Content-Type: text/plain
 deny ^Subject:.*BayStar
 allow

To allow only text mails, but have the moderators moderate every html mail one
would use this:

 allow ^Content-Type: text/plain
 moderate ^Content-Type: text/html
 deny

Now on to a more advanced example. Morten can post anything, Mads Martin can
post if the subject does not contain "SCO". Everything else is denied:

 allow ^From: Morten
 deny ^Subject:.*SCO
 allow ^From: Mads Martin
 deny

The last rule (deny) can be left out, as deny is the default action.

A third example. Deny any mails with "discount", "weightloss", or "bonus" in
the subject. Allow PGP signed and plain text mails. Anything else is denied:

 deny ^Subject:.*discount
 deny ^Subject:.*weightloss
 deny ^Subject:.*bonus
 allow ^Content-Type: multipart/signed
 allow ^Content-Type: text/plain