Access Control Lists
The www4mail ACL system consists of several levels of checking. The first level check involves checking the sender's email address against a list of blacklisted users. For example, majordomo and postmaster are blacklisted users. Next, a check is made against a list of allowed users. This permits the use of the server with only a set of registered users. The absence of the allowed user's list indicates a public server open to anyone.
The next level of checking is performed when the requested URL has been determined. This check basically involves a regrex check of a list of denied URLs, if a match is detected, then the URL is checked against a second list (if it matches this second list, then it is permitted), otherwise it is denied.
The final level of checking is done after the URL has been successfully retrieved. This check is more extensive and includes a test against a list of denied filename extensions, a MIME type test, and a keyword test.
Most of the building and maintenance of these denial lists are up to the local www4mail administrators. A key feature in the Version 3.0 handling of ACLs is that the configuration file could point to a directory. All files within the directory will affect the particular ACL list. This provides the possibility of periodic updates to the ACLs from a remote central server such as www4mail.org. However, this feature may be turned off.