Commit a51f2c82 authored by IKEDA Soji's avatar IKEDA Soji
Browse files

Update subscribe.* and unsubscribe.* scenarios: Authentication is required...

Update subscribe.* and unsubscribe.* scenarios: Authentication is required when anonymous/other user requested these actions.  Previously, if "open" scenario was used, an anonymous user on web interface could add subscriber without confirmation.
parent 9ff32080
# subscribe.auth
title.gettext subscription request confirmed
is_subscriber([listname],[sender]) smtp,dkim,smime -> do_it
true() smtp,dkim -> request_auth
true() md5,smime -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim -> request_auth([email])
true() md5,smime -> do_it
# subscribe.auth_notify
title.gettext need authentication (notification is sent to owners)
# do not authentify nor notify updates
is_subscriber ([listname],[sender]) smtp,dkim,smime,md5 -> do_it
true() smtp,dkim -> request_auth
true() md5,smime -> do_it,notify
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim -> request_auth([email])
true() md5,smime -> do_it,notify
# subscribe.auth_notifydkim
title.gettext need authentication unless DKIM signature is OK (notification is sent to owners)
# do not authentify nor notify updates
is_subscriber ([listname],[sender]) smtp,dkim,smime,md5 -> do_it
true() smtp -> request_auth
true() dkim,md5,smime -> do_it,notify
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it,notify
# subscribe.auth_owner
title.gettext requires authentication then owner approval
# subscription under owner control but previously email are checked by auth
true() smtp,dkim -> request_auth
is_subscriber([listname],[previous_email]) md5,smime -> do_it
true() md5,smime -> owner
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim -> request_auth([email])
true() md5,smime -> owner
# subscribe.auth_ownerdkim
title.gettext requires authentication unless DKIM signature is OK, then owner approval
# subscription under owner control but previously email are checked by auth
true() smtp -> request_auth
is_subscriber([listname],[previous_email]) dkim,md5,smime -> do_it
true() dkim,md5,smime -> owner
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp -> request_auth([email])
true() dkim,md5,smime -> owner
# subscribe.authdkim
title.gettext subscription request confirmed
is_subscriber([listname],[sender]) smtp,dkim,smime -> do_it
true() smtp -> request_auth
true() dkim,md5,smime -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it
# subscribe.closed
title.gettext subscription is impossible
true() smtp,dkim,md5,smime -> reject(reason='subscribe_closed')
true() smtp,dkim,md5,smime -> reject(reason='subscribe_closed')
# subscribe.intranet
title.gettext restricted to local domain users
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
# if subscriber request come from local domain do_it else reject
is_subscriber([listname],[sender]) smtp,dkim,smime,md5 -> do_it
match([sender],/[domain]$/) smtp,dkim,smime,md5 -> do_it
match([email],/[domain]$/) smtp,dkim,md5,smime -> do_it
#
# this is example of a rule to check local adresses
# verify_netmask('1.12.123.0/24') smtp,dkim,md5,smime -> do_it
#
true() smtp,dkim,md5,smime -> reject(reason='subscribe_local_user')
true() smtp,dkim,md5,smime -> reject(reason='subscribe_local_user')
# subscribe.intranetorowner
title.gettext local domain users or owner approval
# if subscriber request come from local domain do_it else reject
is_subscriber([listname],[sender]) smtp,smime,md5 -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
#
# this is example of a rule to check local adresses
# verify_netmask('1.12.123.0/24') smtp,md5,smime -> do_it
match([sender],/[domain]$/) smtp,dkim,smime,md5 -> do_it
true() smtp,dkim,smime,md5 -> owner
#
# if subscriber request come from local domain do_it else reject
match([email],/[domain]$/) smtp,dkim,md5,smime -> do_it
true() smtp,dkim,md5,smime -> owner
# subscribe.open
title.gettext for anyone without authentication
true() smtp,dkim,smime,md5 -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
true() smtp,dkim,md5,smime -> do_it
# subscribe.open_notify
title.gettext anyone, notification is sent to list owner
# do not notify if it is just an update
is_subscriber([listname],[sender]) smtp,dkim,smime,md5 -> do_it
true() smtp,dkim,smime,md5 -> do_it,notify
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
true() smtp,dkim,md5,smime -> do_it,notify
# subscribe.open_quiet
title.gettext anyone, no welcome message
true() smtp,dkim,smime,md5 -> do_it,quiet
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
true() smtp,dkim,md5,smime -> do_it,quiet
# subscribe.owner
title.gettext owners approval
# if subscriber request come from a subscriber, it's just an update, do it
is_subscriber([listname],[sender]) smtp,smime,md5 -> do_it
# if subscribtion request is just a change email, it is open :
is_subscriber([listname],[previous_email]) smtp,smime,md5 -> do_it
true() smtp,dkim,smime,md5 -> owner
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim,md5,smime -> owner
# subscribe.smime
title.gettext requires S/MIME signed
is_subscriber([listname],[sender]) smtp,dkim,smime -> do_it
true() smime -> do_it
true() smtp,dkim,md5 -> reject(reason='subscribe_smime')
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smime -> do_it
true() smtp,dkim,md5 -> reject(reason='subscribe_smime')
# subscribe.smimeorowner
title.gettext requires S/MIME signed or owner approval
# if subscriber request come from a subscriber, it's just an update, do it
is_subscriber([listname],[sender]) smtp,dkim,smime,md5 -> do_it
true() smtp,dkim,md5 -> owner
true() smime -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim,md5 -> owner
true() smime -> do_it
# unsubscribe.auth
title.gettext need authentication
!is_subscriber ([listname],[email]) smtp,dkim,smime,md5 -> do_it
true() smtp, dkim -> request_auth([email])
true() md5,smime -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
!is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp,dkim -> request_auth([email])
true() md5,smime -> do_it
# unsubscribe.auth_notify
title.gettext authentication requested, notification sent to owner
!is_subscriber ([listname],[email]) smtp,dkim,md5,smime -> do_it,notify
true() smtp,dkim -> request_auth([email])
true() md5,smime -> do_it,notify
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
!is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it,notify
true() smtp,dkim -> request_auth([email])
true() md5,smime -> do_it,notify
# unsubscribe.auth_notifydkim
title.gettext authentication requested unless DKIM signature is OK, notification sent to owner
!is_subscriber ([listname],[email]) smtp,dkim,md5,smime -> do_it,notify
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it,notify
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
!is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it,notify
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it,notify
# unsubscribe.authdkim
title.gettext need authentication unless DKIM signature is OK
!is_subscriber ([listname],[email]) smtp,dkim,smime,md5 -> do_it
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it
!equal([sender],[email]) smtp,dkim,md5,smime -> request_auth([email])
!is_subscriber([listname],[email]) smtp,dkim,md5,smime -> do_it
true() smtp -> request_auth([email])
true() dkim,md5,smime -> do_it
# unsubscribe.closed
title.gettext impossible
true() smtp,dkim,md5,smime -> reject(reason='unsub_closed')
true() smtp,dkim,md5,smime -> reject(reason='unsub_closed')
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment