james-server-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vincenzo Gianferrari Pini" <vincenzo.gianferrarip...@praxis.it>
Subject SMTP AUTH checking matchers
Date Thu, 17 Jul 2003 15:03:13 GMT
I just committed a new functionality that uses the new "mail attributes" feature.

It's the ability to check from within any mailet if, when SMTP AUTH is active, the sender
user has been successfully authenticated and also his name.

The name is passed along with the mail as a mail attribute named "org.apache.james.SMTPAuthUser",
and can be get with a command like:

	String authUser = (String) mail.getAttribute("org.apache.james.SMTPAuthUser");

If no authentication was done the command returns null.

I added two matchers that do already such work: SMTPAuthUserIs and SMTPAuthSuccessful.

I was since long time waiting for this functionality: until now I have been defining in my
production config.xml some "restricted use" addresses (as company wide distribution lists)
as having a domain name not listed in <servernames> just to enforce authentication (for
example "all.users@internal.use", where "internal.use" does not exist): remember, the "SenderIs"
and "SenderHostIs" checks can be forged by anyone - imagine a spammer spamming to all my users
in a single shot. Now it is possible to attain a higher security using my true domain name.

I understand that we might need to do some CVS juggling, to better tag the old code (perhaps
the Mailet API). But as I'm going away for a long weekend (until Monday) I just wanted to
turn it in before leaving.

I hope that others will consider this useful.

A second more general topic regarding mail attributes: as I just said I've used an attribute
named "org.apache.james.SMTPAuthUser", defined in SMTPHandler and in two new matchers using
a "private final static String" constant in each of them (and using the constant name instead
of the string - mail.getAttribute(SMTP_AUTH_USER_ATTRIBUTE_NAME)):

    private final static String SMTP_AUTH_USER_ATTRIBUTE_NAME = "org.apache.james.SMTPAuthUser";

It would be better to start using a "org.apache.mailet.Attributes" class in v3 and a "org.apache.james.util.Attributes"
class in v2, similar to the RFC2822Headers class, just to hold any such new attribute name
constant and reference it from everywhere. Or perhaps something else.

What is your suggestion about all this?


To unsubscribe, e-mail: server-dev-unsubscribe@james.apache.org
For additional commands, e-mail: server-dev-help@james.apache.org

View raw message