Mailing list multiple access control interpretation

Note that when specifying multiple sorts of posting access control parameters on a  mailing list address (or other address),  the effect is normally cumulative (a logical AND operation). For instance, specifying both    and    (in legacy configuration, &#x5b;CANT_LIST&#x5d; and &#x5b;AUTH_LIST&#x5d;)  on a list  normally means that only those addresses that are in the    and not in the   may post to the list. But the interpretation of combining access control settings may be altered via the    MTA option;  that is, with , the  interpretation defaults to a logical OR. The interpretation of combining individual access controls on mailing lists can also be  controlled for individual access controls on individual lists by using  the    or   alias options (in legacy configuration &#x5b;AND&#x5d; or &#x5b;OR&#x5d;  alias file named parameters);  the use of such an option causes subsequent access controls (up until another  occurrence of    or   ) to be interpreted as specified.

Note also that the ,  ,  , and   alias options (the &#x5b;AUTH_LIST&#x5d;, &#x5b;AUTH_MAPPING&#x5d;, &#x5b;CANT_LIST&#x5d;, and  &#x5b;CANT_MAPPING&#x5d;  parameters in legacy configuration) provide a separate sort of control from    and   alias options  (the &#x5b;MODERATOR_LIST&#x5d; and &#x5b;MODERATOR_MAPPING&#x5d;  parameters in legacy configuration); they do different things and  may be used effectively in conjunction. The   and   options control who can post at all; only addresses that make it  through those access filters then get checked for the next question, namely  the   access filter, which controls whether the sender can post  directly vs. whether their attempted posting is referred to   (&#x5b;MODERATOR_ADDRESS&#x5d; in legacy configuration).

In the direct LDAP environment, multiple list access controls are again normally essentially cumulative (a short-circuited logical AND  operation) between different types of controls, although multiple  values for a single type of allow control are ORed. (That is, multiple values of   are effectively ORed with  each other. And similarly, multiple values of    are effectively ORed with each other.)  Specifically, the value(s) of the attribute named by the    MTA option  (by default,  ) is/are  checked first, and if that check passes (the attempting poster does not  match any   value) then next the  value of the attribute named by the    MTA option (by default,   ) is checked (ORing the  possibilities if multiple   values  are specified; that is, an attempted poster who matches any of the    values will be allowed), and if  that check passes then next the value of the attribute named by the    MTA option  (by default,  )  is checked, and if that check passes (the attempting poster does not  match any   value) then next the value  of the attribute named by the    MTA option  (by default,   ) is checked (ORing the possibilities if  multiple   values are specified; that is,  an attempted poster who matches any of the    values will be allowed). So this is essentially a "short-circuited" logical AND of the posting  access restriction conditions. But the interpretation of combining different types of access control settings may be altered via the    MTA option; that is, with  ,  the interpretation defaults to a logical OR. Individual mailing lists or groups can override the general setting of the MTA option     via a value of " " or  " " as one of the values of the attribute  named by the    MTA option  (by default,   ). Note that the configuration choice of combining different types of controls with OR vs.  AND does not affect the interpretation of multiple values of a  single type of control: for instance, multiple values of    are always ANDed together (a  poster must pass all the conditions) while multiple values of    are always ORed together (a poster  may post if their address matches any of the conditions).

See also:
 * Alias file named parameters
 * alias_and Option
 * alias_or Option
 * or_clauses MTA Option
 * ldap_auth_policy MTA Option
 * Mailing list addresses
 * Moderated mailing lists