[MU] Access control for groups

[chibenwa]

What

GIVEN a group all@linagora.com

I want to restrict who can access that group.

CF https://james.staged.apache.org/james-project/3.9.0/servers/distributed/operate/webadmin.html#_address_group

We will define in Twake Mail an API for enabling and defining such an Access control.

How

This is a Twake mail extention enabled via module chooser. It is comprised of :

• [ ] A storage component SenderControlRepository
• [ ] A webadmin API for enabling / adding / removing sender controls
• [ ] And a mailet to enforce sender controls

Storage API

interface SenderControlRepository {
    Publisher<Void> enableSenderControls(MailAddress recipient, Optional<List<MailAddress>> allowedSenders);

    Publisher<Void> disableSenderControls(MailAddress recipient, Optional<List<MailAddress>> allowedSenders);

    // Throws if sender controls had not been enabled for the given recipient?
    Publisher<Void> addAllowedSender(MailAddress recipient, MailAddress allowedSender);

    // Throws if sender controls had not been enabled for the given recipient?
    Publisher<Void> removeAllowedSender(MailAddress recipient, MailAddress allowedSender);

    Publisher<MailAddress> recipientsWithSenderControls();

    Publisher<MailAddress> allowedSenders(MailAddress recipient);
}

Provide a Cassandra implementation. PGSQL implementation will be done later.

PK recipient
CK allowed-sender

Webadmin API

GET /senderControls
["minister@gov.mu", "vvip@gov.mu"]

GET /senderControls/minister@gov.mu/allowedSender
["secretary@gov.mu", "vvip@gov.mu", "cabinet@gov.mu"]

PUT /senderControls/minister@gov.mu/allowedSender/collaborator@gov.mu

DELETE /senderControls/minister@gov.mu/allowedSender/collaborator@gov.mu

DELETE /senderControls/minister@gov.mu

Mailet

Given a mail from for each recipient load the list of allowed senders and for each one of these recipients validate that the actual sender is in the allowed list.

If the sender is not allowed the mail needs to be split:

• remove the restricted mail address from the recipient mailing list and let the current mail continue processing
• and clone the mail, set the recipients to the rejected one and post it to the rejected-sender processor.

Module chooser

In extensions.property:

sender.controls.enables=true|false

ETA

Should take around 5 days of development, can polish later.

[chibenwa]

After discussions with @quantranhong1999 and @guimard we think that simpler alternatives based on a mailet querying the LDAP exists and are likely to be more straightforward.

Hence I move this ticket back into backlog and will open an alternative one.