PolicyMBean
Purpose
The policy MBean allows us to provide a global set of security information regardless of the listeners and components making up the mail setup.
interface
public interface PolicyMBean { //dependencies void setUserRepositories(String[] urs); //user reporitory mbean names String[] getUserReporitories(); //configuration void setLocalDomains(Element domains); Element getLocalDomains(Element domains); void setLocalRelayDomains(Element domains); Element getLocalRelayDomains(); //policy configuration //default true void setRequireAuthenticationForRemote(boolean requireAuth); //require authentication for all remote relay (no means open relay) void setRequireAuthenticationForLocal(boolean requireAuth); //require authentication for delivering local (default false) void setRequireAuthenticationForLocalRelay(boolean requireAuth); //require authentication for localRelay domains (default false) //all default false) void setRequireTLSForAll(boolean requireTLS); // require TLS for all operations (requires you start TLS before doing ANYTHING // after HELO/EHLO) void setRequireTLSForRemote(boolean requireTLS); //require TLS for all remote relay (if you attempt to mail to a remote domain we will balk if you're not TLSing) void setRequireTLSForLocal(boolean requireTLS); //require TLS to send mail to local users (on RCPT TO we'll balk unless you are //in a TLS session) void setRequireTLSForLocalRelay(boolean requireTLS); //if you don't have TLS, we'll balk if you try and deliver to a local relay //domain void setRequireTLSForReceive(boolean requireTLS); //require TLS to receive mail via POP or IMAP //internal use operations (not for config) boolean isLocalUser(String username); //is this a local user on this server boolean canRelay(String address, String user); //are we allowed to relay to this address (without authenticating) boolean canDeliverLocal(String address, String user); // can we deliver mails to this address (locally or as a local relay) boolean requiresAuth(String address, String user); // do we require authentication to deliver to this address boolean TLSRequired(); boolean TLSRequired(String user, String operation); }
Notes
Presently we have a disconnect between authentication and mail listeners. This would give us a unified policy service that all mail listeners and componenets could check against rather than having policy scattered throughout. Its a bit static and I'm conflicted between whether it is better to be static or have something more like a conf file (maybe embedded in the mbean descriptor). I fear such a thing will devolve into sendmail.cf so I lean towards static (though this means that all beans must be recompiled/changed if the policy interface changes -- I'm not sure that is bad because it is contract).
-
FEEDBACK! - Please give feedback on this proposal and propose alternatives. Be detailed in your explanations of the drawbacks, advantages, etc.
Comments