Next: , Previous: Local case in email addresses, Up: Overview of ezmlm function


4.13 Testing SENDER to allow posts only from list subscribers

This mode of operation is automatically set up if you specify the ezmlm-make(1) -u switch. Since there may be some addresses that should be allowed to post, but are not subscribers of list or list-digest, ezmlm-make(1) sets up an additional address database in DIR/allow/. Use ezmlm-sub(1), ezmlm-unsub(1), and ezmlm-list(1) to manipulate these addresses. If the list is configured for remote administration (see Remote administration), you can add/remove addresses from the DIR/allow/ database by mailing ‘list-allow-subscribe@listhost’ and ‘list-allow-unsubscribe@listhost’, respectively. Other commands that access subscriber databases work in the same manner.

To similarly restrict archive access, use the ezmlm-make(1) -g switch.

Since SENDER is under the control of a potential attacker, it is not secure to use tests of SENDER for anything important. However, when replies are always sent to SENDER (such as for archive access), a check of SENDER can prevent the sending of information to email addresses not in the database.

To test sender, use the program ezmlm-issubn(1). It will return 0 (true for the shell, success for qmail deliveries) if SENDER is in at least one of a set of subscriber databases. If not, it will return 99 (false for the shell: success, but skip remainder of .qmail file for qmail deliveries). The basedirs of the subscriber lists (i.e. the directories in which the ‘subscriber’ dirs are located) are given as arguments. ezmlm-issubn(1) can take any number of arguments.

Thus, to permit an action if SENDER is a subscriber to the list in any of DIR/, DIR/digest/, or DIR/allow/ and exit silently, put the following into the relevant .qmail file:

     |/usr/local/bin/ezmlm/ezmlm-issubn DIR DIR/digest DIR/allow [...]
     |/path/action_program

Restricting your list to posts from your subscribers is as easy as that. If your ezmlm binaries are in a different directory, you may have to modify the ezmlm-issubn(1) path.

ezmlm-issubn(1) has a -n switch which ‘negates/reverses’ the exit code. To do an action if SENDER is NOT a subscriber of any of the lists:

     |/usr/local/bin/ezmlm/ezmlm-issubn -n DIR/deny [dir2 ...]
     |/path/other_program

To automatically configure the list with a blacklist address database in DIR/deny, use the ezmlm-make(1) -k switch. If the list is configured for remote administration (see Remote administration) and if you are a remote administrator, you can manipulate the ‘deny’ database remotely by sending mail to ‘list-deny-subscribe-user=userhost@listhost’, etc.