This mode of operation is automatically set up if you specify the ezmlm-make(1) -u switch. Since there may be some addresses that should be allowed to post, but are not subscribers of list or list-digest, ezmlm-make(1) sets up an additional address database in DIR/allow/. Use ezmlm-sub(1), ezmlm-unsub(1), and ezmlm-list(1) to manipulate these addresses. If the list is configured for remote administration (see Remote administration), you can add/remove addresses from the DIR/allow/ database by mailing ‘list-allow-subscribe@listhost’ and ‘list-allow-unsubscribe@listhost’, respectively. Other commands that access subscriber databases work in the same manner.
To similarly restrict archive access, use the ezmlm-make(1) -g switch.
Since SENDER is under the control of a potential attacker, it is not secure to use tests of SENDER for anything important. However, when replies are always sent to SENDER (such as for archive access), a check of SENDER can prevent the sending of information to email addresses not in the database.
To test sender, use the program ezmlm-issubn(1). It will return 0 (true for the shell, success for qmail deliveries) if SENDER is in at least one of a set of subscriber databases. If not, it will return 99 (false for the shell: success, but skip remainder of .qmail file for qmail deliveries). The basedirs of the subscriber lists (i.e. the directories in which the ‘subscriber’ dirs are located) are given as arguments. ezmlm-issubn(1) can take any number of arguments.
Thus, to permit an action if SENDER is a subscriber to the list in any of DIR/, DIR/digest/, or DIR/allow/ and exit silently, put the following into the relevant .qmail file:
|/usr/local/bin/ezmlm/ezmlm-issubn DIR . digest allow [...] |/path/action_program
Restricting your list to posts from your subscribers is as easy as that. If your ezmlm binaries are in a different directory, you may have to modify the ezmlm-issubn(1) path.
ezmlm-issubn(1) has a -n switch which ‘negates/reverses’ the exit code. To do an action if SENDER is NOT a subscriber of any of the lists:
|/usr/local/bin/ezmlm/ezmlm-issubn -n DIR deny [dir2 ...] |/path/other_program
To automatically configure the list with a blacklist address database in DIR/deny, use the ezmlm-make(1) -k switch (always enabled with version 7 or later). If the list is configured for remote administration (see Remote administration) and if you are a remote administrator, you can manipulate the ‘deny’ database remotely by sending mail to ‘list-deny-subscribe-user=userhost@listhost’, etc.