How To Change The Nym-To-Internet Block List

Freedom Mail System Documentation

Author: Roger McFarlane <roger@zks.net>
Revision: $Revision: 1.2 $
Last Modified: $Date: 2001/04/19 19:28:20 $

Contents

This document outlines the necessary steps and procedures required to modify the the Nym-to-Internet block list.

  1. The Foundation
  2. Putting it all together

1. The Foundation

The Nym-to-Internet block list facilitates the enforcement of mail refusal policy on behalf of Internet users. That is, the mail system has the capability to deny delivery of mail from particular nyms to particular addresses or domains; an action which may be requested by said address of domain.

The block list is represented by a CDB format database, a copy of which is stored on each NMTAB at:

    /freedom/qmail/control/blocklist.cdb

In order to manage the blocklist, the operator of the mail system must maintain a master list of blocking rules.

list2hashlist

This utility program converts a plain text blocking rule into a one-way hashed representation of the same rule. It reads the blocking rules one line at a time from its standard input and outpus the hashed rules one line at a time to its standard output.

    list2hashlist < source.txt > hashed.txt

or

    cat source.txt | list2hashlist > hashed.txt

The format of the blocking rules is as follows

    [sender][,recipient]

For instance, the following is a valid input stream:

    alice@freedom.net,bob@hotmail.com
    ,foo@bar.net
    aol.com

This input stream results in a list of block list keys being sent to stdout such that txt2cdbmake can read it in order to construct a cdbmake input file. Once converted into a CDB arcive, it can act as a blocklist which prohibits:

  1. alice@freedom.net from sending to bob@hotmail.com
  2. anyone from aol.com from having their mail delivered to the recipient
  3. anyone from sending mail to foo@bar.net

Typically the Nym-To-Internet block list should only contain rules of the first type (i.e., blocking specific converstions) where the sender is a particular nym and the recipient is either an e-mail address or a domain. Occasionally, a nym may request that all mail originating from the freedom network be blocked, which is a rule of the third type.

txt2cdbmake

This utility program converts a hashed list of blocking rules to the input format expected by the cdbmake utility; which can then be used to create the blocklist file. It reads the hashed blocking rules one hash at a time, seperated by any whitespace (e.g., space, tab, newline), from its standard input and outputs the cdbmake format rule file.

    txt2cdbmake < hashed.txt > cdbmake-source.txt

or

    cat hashed.txt | txt2cdbmake > cdbmake-source.txt

cdbmake

This utility program, a part of the CDB package, takes textual key-value pair and converts them into a fast hashed-lookup database file. It takes its input from its standard input and outputs the CDB file to dest-file using temp-file as an intermediary. If cdbmake is unable to complete its activities dest-file is left untouched.

    cdbmake destination temporary < cdbmake-source.txt

or

    cat cdbmake-source.txt | cdbmake dest-file temp-file

2. Putting it all together

Assumptions

Procedure

Given a collection of rules that you wish to add to the block list:

  1. represent each rule as a plain text rule of the form [sender][,recipient].
  2. concatenate all of the plain text rules into a single file; say, rules.txt
  3. use the list2hashlist utility to blind the rules to new-hashed-rules.txt
  4. concatenate the new hashed rules to the current list of hashed rules using the sort command.
        sort -b -u -o merged-hash-rules.txt new-hashed-rules.txt old-hashed-rules.txt
  5. convert the merged hash rules into a CDB file.
        txt2cdbmake < merged-hash-rules.txt | cdbmake blocklist.cdb temp.cdb
  6. use the scp command to copy the blocklist to each NMTAB host.
        scp blocklist.cdb root@nmtab-host:/freedom/qmail/control/

How to automate the process

The web facility which allows Internet users to request a blocking rule could be modified to automatically add the hashed rule to a pool of additions and subtractions (using list2hashlist). Periodically, a cron job could come along and ...

  1. concatenate all of the current and added rules, removing duplicates
  2. remove any hashed rules found in the subtraction pool
  3. turn it into a CDB file
  4. scp the file to all the NMTAB machines
  5. save the concatenated hashed rules list
  6. delete the additions pool
  7. delete the subtractions pool

Copyright © 2000 Zero-Knowledge Systems Inc.
All Rights Reserved