Re: [exim] User Control of Blacklists, Whitelists, Blocklis…

Top Page
Delete this message
Reply to this message
Author: Kelley Reynolds
Date:  
To: Exim Mailing List
Subject: Re: [exim] User Control of Blacklists, Whitelists, Blocklists, features, etc.
On Aug 28, 2005, at 3:17 PM, Marc Perkel wrote:

> OK - I have an idea of a way to give users control of their own
> configuration through email messages. This could probably be coded
> up in perl really easilly. But I think I'll through the idea out
> there for comment first.
>
> You set up a special email account called setting@???. This
> will be the interface for reading and changing settings.
>
> If you email that account it reads your from address and gets your
> settings and emails it back to you. It also contains some sort of
> code so that if you reply to the message it knows that it is really
> you and it makes changes.
>
> The message contains all your setting - for now it is just the
> personal white list and black list. Message looks like this:
>
> From: settings@???
> To: user@???
>
> Dear user - here are your current settings. Instructions ... blah
> blah blah
>
> verification code 45BC673C <- do not remove this
>
> whitelist *@spamassassin.org
> whitelist *@exim.org
>
> blacklist *@porn.com
> blacklist hacker@???
> blacklist *@*.co.kr
>
> block-8-bit-headers yes
>
> So - to change your setting you reply to the email - adding editing
> and deleting lines. When the message is received because it has the
> verification code it then picks out the information and updates the
> users config files.
>
> The users config files are flat text files stored in say /etc/exim/
> settings. In that directory are files called:
>
> user@???
> user@???
>
> Then you write an ACL to access these files and process the
> messages accordingly.
>
> Information that contains yes/no might be done by creating and
> deleting 0 byte flag files or using a lookup.
>
> And - this doesn't have to be limited to just whitelists and
> blacklists. It can be any kind of setting including forward files,
> Turning features on and off - vacation messages .....
>
> The idea again is you send a message to settings - get a response
> with your settings - edit and reply - and the setting are changed.
>
> Who likes this idea?
>
> If I design it and write the ACLs - is there a perl programmer out
> there who will volunteer to write the perl responder? I will keep
> it simple.


It might be a simpler matter to code up a web interface for users to
change their own settings. We have a system much like you propose,
but with a web interface for changing settings instead of having to
go through exim and mucking about with parsing e-mail text.

One reason I would advise against this particular method is that the
number of different ways that response can come back to you make it a
somewhat error-prone process. Encoded messages, html (valid or not),
tnef/rtf, quoted, all sorts of craziness to deal with.

Ruby on Rails would make it trivial to code up an interface like you
propose, as well as many other PHP/Perl/whatever frameworks. If you
absolutely *have* to have their settings sent to them in an e-mail
and you don't want to make them login, then I suggest generating ah
HTML form and sending it to them, then letting that form submit to a
page that would then muck about with the settings as you suggest.
Easier to control, validate, secure (thtough only halfway/marginally
through https)

Kelley Reynolds
President
Inside Systems, Inc.