
List Backscatter Filter, v1.0, for Communigate Pro 5.1+

Communigate Pro LIST module processes the received messages only after it has
been accepted at SMTP level. When a message is received to be sent to the list,
and the sender doesn't have the permission to do so, the LIST module generates
a bounce which is sent back to the sender.

When spammers attack a server, they may attack a list address, and use random
third-party addresses as return-path. This will likely cause backscatter to be
sent to random people who never tried to post to your list. In some case, this
can even cause your server to be listed in a few DNSBL which lists
backscatterers. Such listing may disrupt the function of your server as people
may become unable to send you messages.

The List Backscatter Filter tries to reduce the LIST module backscatter to the
minimum, by matching the message sender with the subscriber list, and rejecting
it if there's no match, or if the sender is not authorized.

As the Filter is triggered by a rule, when CGP sync rules are enabled, the
ERROR external helper action will make CGP reject the message at SMTP level,
instead of having to generate a bounce.

Communigate Pro 5.1 and up is required, as previous version does not contain the
sync rules settings.

Follow the instructions in the INSTALL file to install the filter and proceed
to the initial configuration.

Make sure CGP sync rules feature is enabled, or this filter will be useless:
Webadmin / Settings / Mail / Queue: Uncheck "Enqueue Asynchronously". You may
want to fully understand the implication of changing this setting (this
information is beyond the scope of this README file, you can see
Transfer.html#Enqueue in your CGP help files).

Create a server-wide rule to trigger the filter:

Condition: Any Route  is  LIST*
Action: ExternalFilter  listbackscatter

The internal logic of the filter is as such:

accept if (recipient is not list)
accept if (return-path is list owner)
reject if (list posting is "from owner")
accept if (list posting is "anybody" or "moderate guests")
reject if (From is not subscribed)
reject if (From is not allowed to post ("prohibited"))

When the filter rejects a message, the sender will receive a similar error
message as the one he would have read in the list bounce, either
   "You are not allowed to post messages on this list" or
   "You cannot post messages because you are not subscribed to this list"

The filter doesn't add headers to messages, except when running without a
license.

The filter re-reads the subscriber list and the list settings file when
they are modified.

NOTE: For performance reasons, the subscriber list is read only when the file
SIZE changed, not just the file MTIME. This means the filter may not notice
when an existing subscriber permission is changed from or to "prohibit", or
when an address is unsubscribed (until CGP flushes the unsubscribed addresses).
While this shouldn't cause a real problem in most cases, it can cause one when
the permission is changed from "prohibit" to something else. In this case, you
may want to restart the filter to force a reload, or subscribe then unsubscribe
a dummy email address to the list to force a file size change.

If you have questions regarding this filter or its installation, please contact
info@niversoft.com.
