Version 2





    The policy MBean allows us to provide a global set of security information regardless of the listeners and components making up the mail setup.




    public interface PolicyMBean {
     void setUserRepositories(String[] urs); //user reporitory mbean names
     String[] getUserReporitories(); 
     void setLocalDomains(Element domains);
     Element getLocalDomains(Element domains);
     void setLocalRelayDomains(Element domains);
     Element getLocalRelayDomains();
     //policy configuration
                                            //default true
     void setRequireAuthenticationForRemote(boolean requireAuth); //require authentication for all remote relay (no means open relay)
     void setRequireAuthenticationForLocal(boolean requireAuth); //require authentication for delivering local (default false)
     void setRequireAuthenticationForLocalRelay(boolean requireAuth); //require authentication for localRelay domains (default false)
     //all default false)
     void setRequireTLSForAll(boolean requireTLS); // require TLS for all operations (requires you start TLS before doing ANYTHING
                                                   // after HELO/EHLO)
     void setRequireTLSForRemote(boolean requireTLS); //require TLS for all remote relay (if you attempt to mail to a remote domain we
                                                      will balk if you're not TLSing)
     void setRequireTLSForLocal(boolean requireTLS); //require TLS to send mail to local users (on RCPT TO we'll balk unless you are 
                                                     //in a TLS session)
     void setRequireTLSForLocalRelay(boolean requireTLS); //if you don't have TLS, we'll balk if you try and deliver to a local relay
     void setRequireTLSForReceive(boolean requireTLS);  //require TLS to receive mail via POP or IMAP
     //internal use operations (not for config)
     boolean isLocalUser(String username); //is this a local user on this server
     boolean canRelay(String address, String user); //are we allowed to relay to this address (without authenticating)
     boolean canDeliverLocal(String address, String user); // can we deliver mails to this address (locally or as a local relay)
     boolean requiresAuth(String address, String user); // do we require authentication to deliver to this address
     boolean TLSRequired(); 
     boolean TLSRequired(String user, String operation);




    Presently we have a disconnect between authentication and mail listeners.  This would give us a unified policy service that all mail listeners and componenets could check against rather than having policy scattered throughout.  Its a bit static and I'm conflicted between whether it is better to be static or have something more like a conf file (maybe embedded in the mbean descriptor).  I fear such a thing will devolve into so I lean towards static (though this means that all beans must be recompiled/changed if the policy interface changes -- I'm not sure that is bad because it is contract).




    FEEDBACK!  - Please give feedback on this proposal and propose alternatives.  Be detailed in your explanations of the drawbacks, advantages, etc.