SA Bugzilla – Bug 5295
RFE: "whitelist_authenticated"
Last modified: 2007-01-25 04:59:03 UTC
http://taint.org/2007/01/10/144318a.html#comments : Craig Hughes said: 'fwiw, “whitelist_from_spf, whitelist_from_dkim, and whitelist_from_dk” is a user nightmare. How about one list called “whitelist_if_authenticated”? Users don’t have any frigging idea if the other end is spf, DKIM or DK. Actually, they probably don’t know about authentication. How about “whitelist_from” and only apply the whitelist is authenticated? Actually, that latter thing is probably bad, in the case where the sender isn’t doing auth, the receiver will think something’s broken if whitelisting doesn’t work… Maybe whitelist_from and whitelist_authenticated is the best… ultimately probably moving to just whitelist_from where it only applies to auth’d mail once more senders are auth’ing.' He's quite right too ;) So here's a feature request for "whitelist_authenticated", which apes the UI of "whitelist_from", but under the covers translates into all of: whitelist_from_spf, whitelist_from_dkim, whitelist_from_dk, and whatever other whitelist_from_xxx methods we may add in future, for the email addr specified.
I'm going to try to get this into 3.2.0.
I've been thinking about this since whitelist_from_dkim was added... I've yet to think of a name I'm happy with though. It's not "whitelist_authenticated" since there's no authentication involved. "whitelist_authorized" sounds dumb. Maybe. I dunno. "whitelist_auth" is better, but not really accurate (but people can consider it authorized or authenticated... whatever matches their confusion). "whitelist_verified" is the closest I can think of that actually reflects what is going on. In any case... I'd figured we'd just add a config structure identical to the "whitelist_from" config sturcture on {conf} and then have the various plugins use it. I think we should avoid an accessor in the plugin API that leads to plugins making copies of the same whitelist... some people have huge whitelists so the memory bloat would be horrible.
ok, implemented -- I went for "whitelist_auth", and took onboard the note about authorization v authentication (good point). Also, the design (a single shared addrlist on Conf) was the right way to do it, too. : jm 367...; svn commit -m "bug 5295: add 'whitelist_auth', to whitelist addresses that send mail using sender-authorization systems like SPF, Domain Keys, and DKIM" Sending lib/Mail/SpamAssassin/Conf.pm Sending lib/Mail/SpamAssassin/Plugin/DKIM.pm Sending lib/Mail/SpamAssassin/Plugin/DomainKeys.pm Sending lib/Mail/SpamAssassin/Plugin/SPF.pm Sending t/spf.t Transmitting file data ..... Committed revision 499774.