Restricting posting access to large lists

From Messaging Server Technical Reference Wiki
Jump to: navigation, search


Especially with a relatively "large" mailing list, it is usually wise to enforce at least some restrictions on who is allowed to post (send) to the list, so that the list is not used as an easy mechanism by which to spam the members. The MTA supports a variety of forms and mechanisms for such restrictions. For "large" mailing lists, more secure forms of restriction such as password-protected list access, or posting restricted to explicitly listed senders who are required to authenticate (use SMTP AUTH) themselves when submitting, may be especially appropriate. (Note that setting such posting access controls also limits who is allowed to view the membership of the list via the SMTP EXPN command---which may be beneficial in limiting address harvesting by spambots.)

With large mailing lists, setting


mailDeferProcessing: AFTER_AUTH 

(which setting is only available and valid in MS 6.3p1 and later) is especially desirable. This setting causes immediate checks of any access controls, but deferred expansion of the list membership. This then allows immediate rejection of messages that do not meet posting criteria, while deferring the (possibly time consuming) list membership expansion until later, off-line, when the reprocess channel runs.

For instance, to permit postings only when the sender authenticated (using their account password) as either mailadmin1@domain.com or mailadmin2@domain.com:


mgrpBroadcasterPolicy: SMTP_AUTH_REQUIRED 
mgrpAllowedBroadcaster: mailadmin1@domain.com 
mgrpAllowedBroadcaster: mailadmin2@domain.com 

Or to permit postings only when the sender provided a secret password on an Approved: header line (which same header line the MTA will automatically remove from the message distributed to list members):


mgrpBroadcasterPolicy: PASSWORD_REQUIRED 
mgrpAuthPassword: secret-password

For many lists, an appropriate, less stringent restriction is to limit postings to members of the lists. The check on posters may be based simply on the attempting poster's e-mail address; for instance:


mgrpAllowedBroadcaster: mailto:list-address

or may further require that a poster in fact authenticated as a list member:


mgrpBroadcasterPolicy: SMTP_AUTH_REQUIRED 
mgrpAllowedBroadcaster: mailto:list-address

Note that requiring SMTP AUTH use for postings usually also implicitly requires that all members of the list be "local" members (have a local account/be able to authenticate). (Though by trusting passed-along authentication from other systems, or by combining sub-list definitions appropriately, it is possible to achieve an effect whereby "local" users must authenticate to post, while still allowing postings from external users who are not capable of authenticating against your user directory.)

Or yet another routinely useful sort of list posting restriction is to allow direct postings only by members of the list, while redirecting any attempted postings by non-members to a list moderator; for instance:


mail: list-y@domain.com 
mgrpMsgRejectAction: toModerator 
mgrpAllowedBroadcaster: mailto:list-y@domain.com 
mgrpModerator: mailto:list-y-owner@domain.com 
mgrpErrorsTo: list-y-owner@domain.com 

For additional flexibility in posting access controls, see the GROUP_AUTH mapping table.


See also: