PolicyMBean

Purpose

The policy MBean allows us to provide a global set of security information regardless of the listeners and components making up the mail setup.

interface

public interface PolicyMBean {

 //dependencies 
 void setUserRepositories(String[] urs); //user reporitory mbean names
 String[] getUserReporitories(); 

 //configuration
 void setLocalDomains(Element domains);
 Element getLocalDomains(Element domains);

 void setLocalRelayDomains(Element domains);
 Element getLocalRelayDomains();


 //policy configuration
                                        //default true
 void setRequireAuthenticationForRemote(boolean requireAuth); //require authentication for all remote relay (no means open relay)
 void setRequireAuthenticationForLocal(boolean requireAuth); //require authentication for delivering local (default false)
 void setRequireAuthenticationForLocalRelay(boolean requireAuth); //require authentication for localRelay domains (default false)

 //all default false)
 void setRequireTLSForAll(boolean requireTLS); // require TLS for all operations (requires you start TLS before doing ANYTHING
                                               // after HELO/EHLO)
 void setRequireTLSForRemote(boolean requireTLS); //require TLS for all remote relay (if you attempt to mail to a remote domain we
                                                  will balk if you're not TLSing)
 void setRequireTLSForLocal(boolean requireTLS); //require TLS to send mail to local users (on RCPT TO we'll balk unless you are 
                                                 //in a TLS session)
 void setRequireTLSForLocalRelay(boolean requireTLS); //if you don't have TLS, we'll balk if you try and deliver to a local relay
                                                      //domain

 void setRequireTLSForReceive(boolean requireTLS);  //require TLS to receive mail via POP or IMAP


 //internal use operations (not for config)
 boolean isLocalUser(String username); //is this a local user on this server
 boolean canRelay(String address, String user); //are we allowed to relay to this address (without authenticating)
 boolean canDeliverLocal(String address, String user); // can we deliver mails to this address (locally or as a local relay)
 boolean requiresAuth(String address, String user); // do we require authentication to deliver to this address

 boolean TLSRequired(); 
 boolean TLSRequired(String user, String operation);
}

Notes

Presently we have a disconnect between authentication and mail listeners.  This would give us a unified policy service that all mail listeners and componenets could check against rather than having policy scattered throughout.  Its a bit static and I'm conflicted between whether it is better to be static or have something more like a conf file (maybe embedded in the mbean descriptor).  I fear such a thing will devolve into sendmail.cf so I lean towards static (though this means that all beans must be recompiled/changed if the policy interface changes -- I'm not sure that is bad because it is contract).

-

FEEDBACK!  - Please give feedback on this proposal and propose alternatives.  Be detailed in your explanations of the drawbacks, advantages, etc.