- The Mailing List Manager for cc:Mail, v4.3

• US Distribution: Johnson Consulting
• Beta Site: Rhizomatics

Index

Introduction

• Features
• Description

Getting Started

• Operational OverView
• Quick Set Up
• Sending Commands to Tristero
• Sending Messages to a List
• Creating a New List

List Robot

• User commands
• Postmaster commands
• List Owner Commands
• SuperUser Commands
• Dealing With Missent Commands
• Automatic Responses
• Emulating other mailbots
• MajorDomoisms
• Files On Demand
• Web Form Interface

Advanced Lists

• Mail Merge & Prebuilt List Commands
• Mail Digests
• Lists within Lists
• Moderated Lists
• Friendlier Messages
• File Repository

cc:Mail Integration

• Gatewaying Internet Mail to Bulletin Boards
• Folder-based conferencing
• ADE Integration
• Automatic List Generation and Maintenance
• ccMail Shadow Lists

Security and Tuning

• Reducing Mail Clutter
• Optimizing Delivery
• Controlling Access
• Dealing with mail abuse
• Potential Problems
• Tidying up the System

Configuration in Detail

• Expert Installation
• Processing Schematic
• Sample TRISTERO.INI
• TRISTERO.INI Section By Section
• Description of Supplied Files
• Description of Generated Files
• File Formats
• Creating New Language Resource Files

Supplemental Information

• Version History
• Support
• Ordering
• Licensing
• Acknowledgements
• More Information on Mailing List Management Software
• Other Rhizomatics Products

Introduction

Features

A cc:Mail MLM (Mailing List Manager) which provides similiar functionality to the Unix & VMS systems ListServ, ListProc and Majordomo for use in corporate Intranets and/or the Internet:-

• Subscriptions
  • Dynamic mailing list creation, subscription, renaming
  • Unlimited mailing list size
  • Remote subscription to cc:Mail bulletin boards from cc:mobile or internet addresses
  • Handles syntax of all common automatic listservers
  • Automatic welcome, farewell, readme messages and file lists
  • Built-in user help
  • Multiple language support
  • Open, Closed, Moderated, Hidden and custom mailing lists
  • Announcement of list creation, renaming and removal
  • Optional delivery to cc:Mail folders
  • Confirmation of posting for all or receipt requested mail
  • Prescanning of mail to lists for common listbot commands
• Mail Presentation
  • Internet RFC header minimization
  • Colourizing of message text, quotations & RFC Header
  • Mail digests at set intervals
  • Digest summaries
  • Message archiving (optionally with file attachments)
  • Upload and download of archive files
  • Indexing and searching of archives
  • Personalised and Mail Merge postings
• Integration
  • Access control by user or wildcarded address
  • Gateway internet mail to bulletin boards
  • Gateway bulletin boards to internet lists
  • Proxy command sending to server mailhosts
  • Bypass the 4Kb address limit of cc:Mail mailing lists
  • Handles non-standard mail produced by Link to SMTP
  • Send/receive ADE updates
  • Archiving of received ADE updates
  • Automatically maintain Tristero lists based on cc:Mail Directory
  • Automatically maintain cc:Mail lists based on a matching Tristero list
• Administration
  • Remote list configuration
  • Remote command processing and file fetching for superuser
  • Hierarchial lists (lists within lists)
  • List moderation
  • Detection and breaking of mail loops
  • Optional truncation of mammoth posts
  • Highly flexible access rights
  • Audit trails for list subscriptions
  • Optional password protection
  • Optional prescanning of mail
  • Message filtering by subject
  • Registering of spam authors and archiving of spam attempts
  • Redirection of admin commands missent to mailing-lists
  • Cookie support for extra protection against net abuse

Description

Tristero is a full powered Mailing List Manager (MLM) for ccMail. It brings to cc:Mail networks the functionality of advanced Internet listservers, and adds integration with cc:Mail and the ADE directory. Included within Tristero is a powerful list robot, which can respond to users queries and commands from within cc:Mail or the Internet.

With Tristero you can:

1. Break the limit (roughly 200 addresses) of ccMail lists
2. Integrate Internet users & ccMail users in the same lists
3. Have mailing lists built and maintained automatically
4. Give users control over subscription to lists
5. Offer users regular digest postings of mail
6. Archive mail and attachments posted to lists
7. Send out personalized mail shots to list users
8. Allow cc:Mobile and Internet users to join cc:Mail BBSes
9. and much more ...

All with security as strict as you wish it, audit trails, logs, sophisticated tuning and spam control options.

In addition to operating as an MLM in it's own right, Tristero can also be used as a proxy server for remote public mailing lists. This reduces external mail costs (only receive one copy of each message per mailing-list rather than per user subscribing to it), can link cc:Mail bulletin boards to mailing lists and enforce some control on list access. Similarly, Tristero may be used to allow user-controlled access to specified cc:Mail bulletin boards, or simply as a means of archiving bulletin board messages for later searching and retrieval.

Using Tristero as a proxy, or firewall ListServer in this manner also brings the benefits of RFC822 header minimization, and the colourization of both RFC headers and quoted text, which makes internet mail much more readable from cc:Mail client software - importantly, it makes a single point of contact for e-mail users with the world of internet mailing lists: one set of commands to learn, and options such as digesting available even if the host list cannot support it; and for the administrator, control over mail usage and abusage.

Tristero will operate with both cc:Mail and external mail users. It has been updated to work with both the Lotus Link to SMTP and the IMA Internet gateways - Internet users may send subscribe and other admin commands, and send and receive mail to/from lists, and has been tested in operation with the Lotus Notes CCMail MTA.

Apart from its Internet functionality, Tristero has powerful native cc:Mail features, including the ability to automatically build and maintain mailing lists of any size. These can be based on membership of a post office, mobile status or a keyword found in the address or comments fields. No more bankshot routing, riccochet routing, or manual maintenance of 'everyone' lists.

One futher use of Tristero is as a central depository of files; members of a mailing list may request indexes and individual files from the archive associated with the list - this archive contains, by default, mail digests and welcome files, but may also be used to store any other files. Additionally, users with SuperUser rights may retrieve any file, or send on such a file to another user.

All configuration files are stored in Windows(tm) style INI files - these may be manually edited by mail administrators or maintained automatically by the program in response to commands sent as mail messages to the list robot.

Getting Started

Operational OverView

Tristero sits on a cc:Mail Router PC, and is scheduled by the Router's task manager. The basic operation of each execution is:

1. Export waiting messages from cc:Mail
2. Execute Tristero
3. Import Tristero generated mail to cc:Mail
4. Import Tristero generated directory updates
5. Return to router execution

All of these steps are performed by a single batch file, example copies of which are provided in the Tristero distribution. A custom batch file can also be easily generated by using the Install program shipped with Tristero. In addition, Tristero requires the IMPORT.EXE and EXPORT.EXE cc:Mail utilities to be available - these ship as part of the cc:Mail tool set.

Minimum system requirements are an Intel 8086 or compatible processor, DOS v3, 450K of free memory and 1 Mb of disk space.

A typical directory structure looks like this:

 M:

   \CCADMIN

   \CCDATA

   \CCROUTER

            \TRISTERO

                     \LISTS

                     \LOGS

                     \ARCHIVE

Tristero will automatically create and remove it's subdirectories as needed. It can also, optionally, perform daily housekeeping tasks to remove outdated log files and archived mail, and to send out digested mail to subscribers.

Quick Setup

1. Unzip the TRISTERO.ZIP file to a working directory
2. Ensure that EXPORT.EXE and IMPORT.EXE exist on the search path (usually in M:\CCADMIN)
3. Run the INSTALL.EXE program
4. Create a call-list entry in the cc:Mail directory for the server, with Min Messages set to 1
5. Tristero is configured and ready to use

[For detailed instructions on manually configuring Tristero, see the Appendix Configuration in Detail]

Sending commands to Tristero

ADDRESSING

Send a message to the Tristero ListBot (the built-in Robot which responds to e-mails) to issue commands. This will be any of the addresses specified in the ListProcName value. By default, this includes:

If the Install program has been used, and allowed to update the cc:Mail directory, this ListBot address will be in the cc:Mail directory and directly addressable. Otherwise, post office addressing will be used, where the post office is the name of the Tristero server, as specifed by the GatewayPO value.

CONTENTS

The commands should be in the body of the message, each on a line of its own. Commands may be in upper or lower case, and any initial spacing or blank lines are ignored.

Sending the single word HELP will result in a reply being sent from the Tristero server with an explanation of available commands. Note that many of the commands have synonyms, to reduce the frequency of rejected messages, and to cope with users accustomed to the varying command sets of Internet listservers. For instance, SUBSCRIBE may also be rendered as JOIN or SUB; GET as ATTACH; FETCH as SEND, SENDFILE or FTP. Detailed help can be returned by:

• HELP COMMANDS
• HELP SUBSCRIBE
• HELP UNSUBSCRIBE
• HELP LISTS
• HELP DIGESTS
• HELP ARCHIVES
• HELP SET
• HELP CREATE
• HELP ABSENCE
• HELP MERGE

Sending Messages to a List

Address messages to: listname at <name of Tristero server>

The listserver will automatically forward this message to everyone on the list.

If a receipt is requested, Tristero will generate one, with a count of how many recipients the message had.

N.B. If Tristero is allowed to send ADE updates to the local cc:Mail system, the address of all unhidden lists will appear automatically in the main cc:Mail directory.

Otherwise, to do this manually, create a cc:Mail directory alias entry:

User	Type	Address	Comment
listname	l	Tristero	Description

Creating a new list

Send the following command to Postmaster at Tristero:-
CREATE listname description of list [HIDE]

e.g. CREATE yoyodyne-chat Discussion on Yoyodyne products

(N.B. Unless the Tristero server has been set to freely allow list creation with the CONFIG OPENCREATION admin command, it is only available to SuperUser or PostMaster equivalent users, or users assigned ListOwner privileges for the list name.)

The person creating the list is automatically subscribed to it and set as the list owner. If an announcement list has been set, all members of the list will be informed of the new list creation (unless the suffix HIDE is placed at the end of the CREATE command, or an list is created). Note that list names are not limited to 8 characters, and may contain spaces - in the latter case the list name should be enclosed in double quotation marks.

Announcements

The list may be reannounced at any time using the ANNOUNCE command:
ANNOUNCE listname [recipient] [NEW-LIST]

If the recipient is omitted, the announcement is sent to the preset announcement list. Otherwise, any destination may be specified - a Tristero list, a cc:Mail subscriber, an internet address etc. The NEW-LIST option is used to produce a standard announcement in a format suitable for sending to the Internet NEW-LIST mailing list ( new-list@vm1.nodak.edu).

One advantage of this announcement over the standard announcement at list creation, is that it will automatically incorporate extra list information contained in a file README.TXT in the archive directory for that list, and attach any other files in the archive with the name README and any other file extension. If this feature is desired, then use the HIDE option on the CREATE command (or select the SilentCreation mode), use the SET and PUT command to set-up the list, and then use the ANNOUNCE command. N.B. The ADESYNC command must also be manually sent in this case.

Others may then join the list by sending:-
SUBSCRIBE listname

Other List Management Commands

The listowner may also add,remove or change names directly:-

• ADD listname user at PO [HIDE]
• ADD Oedipa Maas At Yoyodyne
• ADD listname user@bloggs.com at internet
• ADD listname #ccmail-bulletin-board HIDE
• ADD listname [networks-l@swh.edu At Internet]
• REMOVE listname jean at accounts
• REMOVE * jean at accounts
• RESUB listname Jean Smith At Sales TO Jean Brown At Sales
• RESUB * jean@sales.ny.com TO jean@accounts.ny.com

The HIDE suffix is used to prevent announcements being sent to the new list member. Alternatively, the SilentAdd and SilentCreate global options may be set to turn off all such announcements.

N.B. the bracketed address form is a special instance used for two-way client/server list connections - Tristero will forward to this address only mail which does not originate from the same post-office as the bracketed address. In this way a local list can be set to pass back only locally created mail back to an internet list, or two Tristero lists at separate post offices can be made members of each other, without having duplication or eternal loops of mail. See section Gatewaying Internet Mail to Bulletin Boards for more details.

Dealing With Internet Addresses

Often internet addresses come in a variety of formats, sometimes including the real name of the subscriber, with a sprinkling of quote marks and brackets of diverse shapes. Tristero automatically strips quotation marks from addresses, but there may still be a problem in using the REMOVE command to take off users if the exact format of their address is unknown. A way around this is to perform a fuzzy REMOVE (this will also work for other postmaster commands, such as LISTS, which may take a user address as a parameter). With the address marked thus by asterisks, Tristero will search for an address which includes the supplied string at any position within the address:-

• REMOVE test-list *pig.bodine@v.com*
• LISTS *oedipa.maas@waste.com*

If the user's address has altered, a resubscription can be made which preserves the user's rights and options. This can be made using a wildcard ("*") to affect all lists, or a specific listname. e.g.

• RESUB * oedipa.mass@waste.com oedipa.maas@posthorn.com

Advanced List Creation

A special version of the CREATE command is provided as a short-cut for creating a local client list for a remote host list on another listserv where both local and remote lists have the same name, e.g.

• CREATECLIENT ccmail-l listserv@vm1.okstate.edu At Internet

The first parameter is the name of the Tristero list to be created; the second is the subscription address of the remote list - Tristero will use the default syntax for the host software (ListServ, ListProc, Tristero, majordomo or Mailbase) and assume that the host list has the same name as the local one. If the post office is omitted at the end of the subscription address, "At Internet" will be automatically added.

Cloning Lists

Another command allows lists to be quickly cloned, and avoids having to repeat lengthy sequences of SET commands:

• CLONE ccmail-l lotus-mail-l

If the list has been set to CLOSED, then the ADD command is the only way in which new members may be added. Additionally, users may not mail to, or list the membership of a Closed list to which they are not subscribed. Any attempts to subscribe will be automatically forwarded to the listowner for consideration; this message is presented in such a format that the listowner need only reply to it - including the original message - and Tristero will execute the subscription.

List Robot

User commands

Users may send the following commands:-

• HELP (for a list of commands and their usage)
• LISTS (for a list of available mailing lists)
• WHICH (for a list of currently subscribed lists)
• LANG english (set the language for all admin responses)
• INFO listname (for the owner & status of a list)
• MEMBERS listname (for the list of members)
• MEMBERS * (for the list of members for all lists)

• SUBSCRIBE listname
• UNSUBSCRIBE listname
• UNSUBSCRIBE * (to leave all lists)
• RESUB listname newaddress (to change sub address)
• RESUB * newaddress
• SET listname DIGEST period (period may be DAY, WEEK, FORTNIGHT, MONTH or a numeric value. The default is 1 day; this will be set if SET list DIGEST ON is set)
• SET listname DIGEST OFF
• SET listname DIGEST SUMMARY (set to summary-only digest)
• SET listname DIGEST NOSUMMARY (switch off subject summary)
• SET listname DIGEST FULL (set back to summarized digests)
• SET listname DIGEST CATCHUP (skip unread digest postings)
• SET listname DIGEST REWIND (set digest back one period)
• SET listname NOMAIL (suspend delivery of mail)
• SET listname MAIL (switch mail delivery back on)
• SET listname POSTPONE (ListProc synonym for NOMAIL)
• SET * NOMAIL } (as above, but acts on all lists)
• SET * MAIL }
• SET NOMAIL }
• SET MAIL }
• SET LANG language (permanently set user's language)

• GET listname filename (attach an archived file)
• FTP listname filename (send a given file separately)
• PUT listname (upload attached files to archive)
• CD listname (change to a new default archive)
• INDEX listname (get directory listing of archive)
• SEARCH listname keyword (perform text search on archive)
• PASSWORD password (give password)
• SETPASS password (change password)
• START (indicate beginning of commands)
• SKIP (indicate end of command block)
• STOP (indicate end of all commands)

PostMaster Commands

PostMaster commands are only available to SuperUser, or to users assigned PostMaster or SuperUser equivalence.

• CREATE listname description [HIDE]
• CLONE oldlist newlist
• DESTROY listname
• DESTROY listname HIDE
• SET listname ARCHIVED | UNARCHIVED | COMPLETE | FILEONLY
• SET listname OWNER newowner at newpostoffice
• SET LANG language FOR user-name
• LISTS DETAIL
• SET password [FOR user]
• GRANT access-right TO user [FOR list-name]
• REVOKE access-right FROM user [FOR list-name]
• RIGHTS listname username

• SET * ACK | NOACK
• SET * RECEIPT DENY | ALLOW | TRISTERO
• SET * COPYMETHOD BCC | CC | TO
• SET * MAXLINES 0 | n
• SET * PRIORITY [ L | N | U ]
• SET * EMPTYDIGEST 0|1
• SET * TITLE new description of list
• SET * REPLY ReplyType
• SET * PREFIX forwardprefix

If a list is destroyed, all members of the list will have their subscriptions automatically cancelled, and will receive an e-mail informing them of this action. In addition, if an announcement list has been set up, all members will be informed of the removal of the list. Likewise, if the archiving of a list is switched off, all digest users will be automatically switched back to standard posting, and receive an e-mail to this effect.

If the "FOR list-name" is omitted from a GRANT or REVOKE statement the default is set to the all lists wildcard (*). Also, the TO or FROM keywords may be omitted, so long as the actual parametes appear in the standard order.

N.B. The user address for the SET LANG, GRANT and REVOKE commands may be a standard cc:Mail user address, or a wildcarded address. A single wildcard is permitted, which may be at the beginning, middle or end of the address. In addition, a special *@* wildcard is available for controlling access to Internet users. Examples:

Wildcard	Matched Address
* At Silver-HQ	Joe At Silver-HQ
Joe At *	Joe At Gold-HQ
Joe*HQ	Joe At Gold-HQ
Joe*HQ	Joe At Silver-HQ
*@*	fender.bodine@seahorse.com
*.de At Internet	kurt.mondaugen@sk.com.de At Internet

The SET * commands permit defaults to be applied which will operate on every list, unless explicitly overriden for a given list. These global defaults are stored in the [Globals] section of the TRISTERO.INI file, and a copy of them held against each list in the [LIST list-name] section.

List Owner commands

• SET HELP
• SET listname CLOSED
• SET listname OPEN
• SET listname HIDDEN
• SET listname MODERATED
• SET listname DISTRIBUTION
• SET listname SUBSCRIPTION
• SET listname INTERNAL
• SET listname APPROVAL
• SET listname PASSIVE
• SET listname EXECUTABLE
• SET listname BROADCAST
• SET listname FREE
• SET listname ACK | NOACK
• SET listname RECEIPT DENY | ALLOW | TRISTERO
• SET listname COPYMETHOD BCC | CC | TO
• SET listname MAXLINES 0 | n
• SET listname PRIORITY [ L | N | U ]
• SET listname EMPTYDIGEST 0|1
• SET listname SHADOW #ccmail_listname
• SET listname TITLE new description of list

• SET listname REPLY POSTER | LIST | TRISTERO | OWNER | FORWARDED
• SET listname REPLY POSTERPLUS | LISTPLUS
• SET listname REPLY OWNERPLUS | OWNERNAMEPLUS
• SET listname REPLY TOFROM | TOLIST Ý TOPLIST | OWNER | OWNERNAME
• SET listname REPLY yoyodyne-l@TRISTERO.com
• SET listname PROXY remote-listserver-address
• SET listname PROXY-TYPE majordomo | listserv | mailbase | etc
• SET listname PROXY-REPLY Poster Ý List Ý Owner Ý ListPlus etc

• GRANT access-right TO user FOR list-name (also accepts GRANT access-right FOR list-name TO user)
• REVOKE access-right FROM user FOR list-name (also accepts REVOKE access-right FOR list-name FROM user)
• RIGHTS listname username
• KILL listname filename
• PROXY listname command-line-for-remote-listserver
• PROXYBBS listname SUB #ccmail-bulletin-board
• PROXYBBS listname UNSUB #ccmail-bulletin-board
• RENAME listname newlistname [HIDE]
• PUT listname [subdirectory] [FORCE]
• ADESYNC listname
• AUDIT listname [WEEK Ý MONTH Ý date]
• LISTS username [BARE Ý DETAIL]
• WHICH username [BARE Ý DETAIL]

The reply address can be set to the list name, the original message poster, the list owner, the Tristero mailbot, marked as forwarded from Tristero, or to a fixed address. Setting Reply to 'Poster' (the default) encourages mailing list members to follow up to the original poster, rather than cluttering the list with replies. Setting this to a literal mail address is useful, inter alia, for setting up local relays of internet mailing lists - the site admin has the choice of directing replies to the internal list or to the internet mailing list itself. Naturally, users may override the reply address; however, these options are useful to set defaults for the user who just hits reply.

The KILL command allows the ListOwner to remove files or digests from the list archive - only ListOwner, PostMaster or SuperUser may do this.

Commands For Proxy Lists

(see section Gatewaying Internet Mail to Bulletin Boards)

Typical PROXY command lines are:-

• PROXY ccmail-l SUBSCRIBE ccmail-l
• PROXY test-l SET NOMAIL
• PROXY listserv-l WHO

The command line following the list name is in the syntax of the host listserv. The command is sent with the sender address of the list - this means that the remote listserver will choose the correct address for subscription processing, and obviates the need to create temporary cc:Mail users to send from. If the command line is omitted, Tristero will create one based on the local list name and the remote subscription address, automatically adjusting the syntax for mailbase, listproc, listserv and majordomo systems.

The PROXYBBS commands will add the specified list into, or remove from, the named cc:Mail bulletin-board on the post office from which Tristero is run. In order for this function to operate, aliases for Tristero lists must be present in the post office directory, and the ADE import line enabled in the Tristero batch file - the section on ADE Integration describes these. For Tristero, the bulletin board is just another contributing subscriber; several bulletin boards may be gatewayed into a single list, or one into several, and combined with proxy subscriptions to remote lists. Additionally, bulletin board mail may be archived and filtered.

SuperUser Commands

Note that care should be taken that remote command execution does not result in a condition which prevents Tristero or the cc:Mail Router from continuing. As a preventative measure, Tristero will answer Y to any command, e.g. DEL, requesting a yes/no response. Output from the execution of the command will be returned in the automatic reply. Attempts by anyone else to execute SuperUser commands will be logged, and a warning sent to the SuperUser.

The CONFIG SENDFILE can also take an address as an additional parameter after the filename. In this case the file will not be sent back to the sender, but to the address specified; a useful method for remote administrators to distribute files or ADE imports. The CONFIG PUTFILE will save all attached files to the specified directory - a FORCE parameter may be added as a suffix to force Tristero to overwrite existing files of the same name.

Automatic Responses

Tristero will send an automatically generated mail on the following circumstances:-

• Mail To User
  • Post to a mailing list rejected
  • Mail received for an unknown mailing list
  • Over-long post truncated
  • Return of cookie as a result of sub or unsub request
  • Added to a mailing list by superuser, listowner or postmaster
  • Removed from a mailing list by superuser, listowner or postmaster
  • Destruction of mailing list to which user subscribed
  • Renaming of mail list
  • Removal of archiving from list, and subsequent switch from digest mode
  • Post to mailing-list sent with Receipt Requested set
  • User specified as recipient in a CONFIG SENDFILE command by superuser
  • File sent in response to FTP command
  • Digest and/or summary of digest posting
• Mail To SuperUser
  • Tristero <-> Tristero mail loop
  • Mail generating unknown error conditions
  • Security violation attempt of superuser only functions
  • CONFIG SENDFILE command requested
• Mail to Announcement List
  • Creation of mailing list
  • Removal of mailing list
  • Renaming of a mailing list
• Mail to ListOwner
  • Forwarding of subscription request for closed list
  • Notification of mail from a superior list rejected by a inferior security controlled or nonexistent list within an hierarchical list.

Dealing With Missent Commands

Often users send subscription commands to the list itself and not to the listbot, to the annoyance of list members. This can be tackled using the [Admin Subjects] section of the INI file to specifiy certain message subjects which usually indicate command messages, or by using the PreScanning power of Tristero to check for certain commands in the body of the message.

Emulating other mailbots

Tristero has built in aliases for all the most frequently used commands of the major mailing list managers - majorodomo, ListServ ListProc and Mailbase. In addition, the INI file allows the default names of both the Tristero Server and the mail robot to be customized and for any number of aliases to be set up. Suggested values are:-

• ListProcNames
  • ListProc,majordomo,postmaster,administrator,mailbase,listserv
• GateWayPO
  • Tristero,ListServ,majordomo,ListProc, mailbase

The first name in each of the lists is used as the default, and appears on any outgoing correspondence from the server.

A summary of the command aliases is given in the file TRISTERO.SUM enclosed in the same ZIP distribution as this document. As described above, the '-owner','-approval' and '-request' suffixes are recognized and processed appropriately by Tristero. The password method of MajorDomo is also supported, and may be used as a prefix to any Tristero command, e.g.

• approve BennyProfane subscribe yoyodyne Oedipa At Maas
• approve BennyProfane INFO *

Additionally, the multiple language files (.LRI) which Tristero supports may be used to provide customized Help and command responses by providing 'Mailbase' or 'ListServ' as pseudo-languages in addition to the supplied 'English' and 'German'.

MajorDomo-Isms

Users accustomed to majordomo systems may send sub and unsub commands in that format, e.g., to yoyodyne-chat-request rather than to "Tristero" or "ListBot" - these will automatically be redirected to the automatic mailbox, and if the listname is omitted from the subscribe, unsubscribe, index, info or get commands it will automatically be filled in with the -request prefix, e.g. yoyodyne-chat.

If the user has specified no commands, the message subject will be read as a command line. Tristero takes into account the '-l' suffix commonly used on Internet lists, and will test for yoyodyne-request and yoydyne-l-request for list yoyodyne-l.

Other majordomo supported suffixes are '-owner' and '-approval' - the latter is used for the moderators of Moderated Lists, and the former may be used to send mail to the owner of the prefixed list. These three automatic suffixes are only recognized if there is not already a Tristero list ending thus. 'Owner-' is also recognized as a prefix.

Example - Possible ways to subscribe to "funlist"

Standard
To: ListProc At Tristero
Subject: please let me on
Message: SUBSCRIBE funlist
majordomo
To: funlist-request At Tristero
Subject: please let me on
Admin Subjects
To: funlist At Tristero
detection Subject: subscribe
Message: SUBSCRIBE
PreScanning
To: funlist At Tristero
Message: SUBSCRIBE

Files on Demand

Special Tristero lists can be set up to respond to any user's message with a standard set of files, or execute a standard set of listbot commands.

This feature makes use of the Executable type of Tristero list. These can work in two different ways:-

1. Respond with a standard set of files.

   A message is returned to the user with a set of attached files. The list of the files to be attached is a simple ASCII file, named FILELIST.TXT, held in the archive directory of the list. This can be placed there directly by operating system access, or sent remotely using the Tristero listbot PUT command.

   If the files listed are simple filenames, they will be taken from the list's archive directory. Full path-names may also be specified, in which case they should be specified from the perspective of the PC executing the Tristero server. Note that the security limitations on which files may be attached is equivalent to the security rights of the Tristero server PC. For this reason, only privileged users may actually write to this file.

2. Execute a standard set of listbot commands.

   Tristero looks for a file called LISTBOT.TXT in the appropriate list's archive directory, and executes each listbot command it finds in the file, just as if they had been sent to the Tristero list robot in the standard fashion. This feature can also be used as a macro facility, to allow administrators to quickly execute a whole list of commands.

Executable lists default to a similar security mechanism to closed lists. Non-members have no rights, not even to subscribe; members have the right to receive files and execute listbot commands only. Administrators may give access to users either by adding them to the list as members, using the standard ADD command, or by using a GRANT command to give access to everyone or to a whole group of users.

e.g., to allow everyone to retrieve documents on demand from a list:
GRANT W TO * FOR CorporatePolicyRequest
e.g., to allow a user to see who can receive documents from a list:
GRANT M TO * FOR CorporatePolicyRequest

Web Form Interface

The Tristero command robot can accept parameters sent to it in a specified manner from World Wide Wev forms and CGI scripts. This interface makes use of the mailto: action supported directly by some browsers for web form submission (it is also possible to mimic this operation using scripting for browsers which do not internally support this action. The mailto action requires no CGI-BIN scripts, no Web server configuration, no need to expose the Tristero server to the Internet itself.

Two methods of passing parameters are supported:-

1. A special command address, CGI, appended to which are the CGI variables, e.g.:-
   

           cgi?action=subscribe&list=new-list@tristero.maincorp.com
   

   
   N.B. The Tristero listserver must be directly addressable as a post office from the Internet for this to function, since the CGI parameters are passed as part of the e-mail address, which cannot be matched by the cc:Mail directory for the purposed of mail routing. Also, if internet addresses are passed as parameters, the "@;quot; sign must be escaped according to the standard CGI specification.
2. Alternatively, the CGI parameters may be passed as the first line of the message body. This is the method used by Netscape Navigator(tm) when processing a "mailto:" submission using the POST method.

Tristero supports 4 possible parameters, each of which has a shorter synonym to make maximum use of the 126 characters maximum cc:Mail user name. Each parameter is separated by an &, all spaces are replaced by + signs, and special characters escaped (i.e.replaced with their hexadecimal ASCII value prefixed by a '%'):-

Parameter	Synonym	Sample
Action	1	Subscribe, ADD, INFO
List	2	new-list, tristero-l
Address	3	Joe+User+At+Silver+HQ
Option	4	HIDE, Closed

Tristero strings the paramters together into a standard ListBot command line, in the following order:-

        Action List Address Option

Using this method, any of the standard ListBot commands may be passed by this mechanism, as in these examples:-

Parameters	Command Line
action=Subscribe&List=sales-west	SUBSCRIBE sales-west
1=Subscribe&2=sales-west	SUBSCRIBE sales-west
action=SET&List=sales-west&option=NOMAIL	SET sales-west NOMAIL
action=Subscribe&List=sales-west	SUBSCRIBE sales-west
action=ADD&List=news-l&Address=New+User+At+Sales&Option=Hide	ADD news-l New User At Sales HIDE
1=ADD&2=news-l&3=New+User+At+Sales&4=Hide	ADD news-l New User At Sales HIDE
1=SET&2=news-l&4=DIGEST+DAILY	SET news-l DIGEST DAILY

Each CGI post received will be logged in the standard Tristero LOG file and statistics maintained for every execution. A sample Web form is supplied in the ZIP distribution file, sampform.htm.

Advanced Lists

Mail Merge & Prebuilt List Commands

Mailmerge support in Tristero allows customized messages to be sent to all members of a list. The message can have the date and/or time of posting, the name of the list, the list owner, recipient's current security rights and more automatically included and merged into the text. This can have many uses in daily server management - as the example below illustrates - and also for personalizing business mail shots.

Personalized mail may be sent to users by either:

1. setting a list to have a CopyMethod of P or M
2. sending to an ordinary list using the suffix -merge

In the body of the message itself, special "place-holder" values are entered where the name, date, list owner etc are to appear in the resulting messages.

Two different types of mail merge lists are supported:

1. Mass ("M") - each message is sent out in a unique batch but is identified as a bulk mailing by being blind carbon-copied (BCC)
2. Personal ("P") - messages are sent out in an identical fashion to Mass, except that each user is addressed as a "To" recipient.

Personal mail may also be used in non mail-merge scenarios, wherever individuals are to receive mail without learning of the other recipients, yet not having the impersonal BCC form of addressing.

N.B. Both Personal and Mass mail are highly inefficient compared to standard Tristero distribution methods. Because each outgoing message is unique, it must be sent out in a batch of its own, whereas usually Tristero can send one message to a 100 or more recipients at one time. Due to the consequence of greater transmission and storage volume associated with such mail, it is recommended that it is used only for mail merge or where it is imperative that mail be addressed personally.

Tristero supports the following placeholders in mail merge postings:

Mail merge can be combined with another Tristero feature - prebuilt listbot commands for replies. For example, you may wish to periodically unsubscribe all members of an Internet mailing list to remove dead or faulty addresses from the list, whilst at the same time giving members who wish to continue as members the chance to resubscribe. Such a policy can be used in conjunction with cookie protection of lists by using the "%%K" placeholder, which generates a unique cookie value for the given user and list, which is valid for all cookie-controlled functions for 7 days from the merge.

An example run of such a resubscription exercise, with cookie support, can be easily carried out by following these stages:

1. Set the return address so that all replies go back to the listbot
   1. SET africa-list REPLY Tristero
2. send the following message:

    ------------------------------------------------------------
   
    To: africa-list-merge At Tristero-Server
   
    Subject:  Please Reply To This Message To Resubscribe
   
    Contents:
   
    ---
   
   
   
    Dear %F
   
   
   
   
   
    In order to weed out old and faulty addresses from the %L list,
   
    all users have been automatically unsubscribed. If you wish
   
    to continue on this list, simply reply to this message, ensuring
   
    that you include this original message in the reply, and
   
    respond within 7 days.
   
   
   
   
   
   
   
    Yours Sincerely,
   
   
   
   
   
   
   
   
   
    %%O
   
    Owner of the %%L list
   
   
   
   
   
    [The commands needed to resubscribe are prebuilt for you below.
   
    There is no need to alter them, simply replying is sufficent]
   
   
   
    START
   
    COOKIE %%K
   
    SUBSCRIBE %%L
   
    STOP
   
   
   
    ------------------------------------------------------------
   
   

3. Unsub everybody by copying the list structure, destroying it, then renaming the copy

   CLONE africa-list test-list
DESTROY africa-list
RENAMELIST test-list africa-list


   Set the reply type back to its original value:

   SET africa-list PosterPlus


   When users send back the reply with the original text included, the Tristero listbot will automatically pick out the commands at the bottom of the message and execute them to perform the subscription. Tristero will automatically sense and remove any Internet style "quotation" prefixes that the remote mail system inserts at the beginning of the original text in the reply (controlled by contents of QuoteChars setting).

   The "---" at the very top of the mail is used to instruct the listbot to ignore all text until it finds the START command - this prevents the listbot attempting to interpret each line of the reply, and sending back unnecessary error messages back.

   Mail Digests

   Any list which has the archiving option set on may have digest mail sent at periods determined by the user. At the top of each digest is a tally of the number of messages, and number of individual subjects, and a list of all the subjects. The complete post for each day of the period is attached as a text item (file item if greater than 20K).

   In addition to automatic digest sending, users may request manually any given day using the GET command, and use the INDEX command to search for keywords.

   If archiving is later switched off, all users with digest mail for that list are informed, and their subscription automatically adjusted to the standard method.

   For lists which have the COMPLETE or FILEONLY archive options set, non-summary-only digests will have any file attachments in the original messages added to the end of the message.

   Digests are sent out the first time that Tristero is run on any day, i.e. the first execution after midnight. Since digests are sent whether or not there are any messages to be propagated (i.e. a TRISTERO.EXP file present), it is advantageous to run Tristero at a set time early in the morning; this will shift the processing load away from office hours, and guarantee that digests are processed every day. A suggested call entry is:-

%%A	actual address (full SMTP or cc:Mail)
%%B	listbot address for this server
%%C	recipient's first name
%%D	posting date
%%F	full address of user as held in INI file
%%G	gateway name of Tristero server
%%I	internet domain of Tristero server
%%K	new cookie for list & user within next 7 days
%%L	list name
%%N	recipient's full name
%%O	list owner
%%P	recipient's post office
%%R	recipient's access rights to this list
%%S	recipient's surname
%%T	time of posting
%%%	literal %%

Time	Post Office	Conditions
02:00	Tristero	[None]

Topics Du Jour

Digest summaries present a topics du jour list at the top of every digest. Each subject is listed in order of occurrence, and multiple subjects indicated with a count in brackets. Prefixes such as 'Re:' and 'Re [3]:' are ignored for the purposes of summarization. Users may request summarized, unsummarized or summary only digests, and may also set the 'last digest date' back or forward using REWIND & CATCHUP.

For users who receive only the 'topics du jour' list, a set of Tristero commands to retrieve the relevant files is attached to the bottom of the message. Users may request these simply by replying to the message, including the original text - some Internet mailers will add a quote character to the beginning of a line; the listbot can automatically detect and strip this off if it is included in the QuoteChars= value (see the section on Mail Merge for more details on these prebuilt command strings and how to create them).

Lists within Lists

Any Tristero list can itself include other Tristero lists as members, to any desired depth. This permits lists to be matched in structure to the corporate structure, with posting and subscription rights set accordingly.

A master list may contain a list of departmental lists, which contain lists of team lists, which contain lists of team members, and so on. The members of the sub-lists receive all mail sent to the master list, but have no other rights to the master list, unless it is set to type Open or they are explicitly granted rights via the GRANT command. This can be used to implement both 'bankshot' type lists, and an alternative means of setting up Moderated Lists.

Extra Reply-Types are available which are sensitive to lists within lists - TOPLIST and TOPLISTPLUS can be used to ensure that messages are received as if from the top list of the hierachry, no matter how many sub-lists it is sent through. Also, the TOLIST and TOLISTPLUS will add in the top-most list as an additional *TO address to allow easy reply to the list.

Tristero displays full, indented, user lists for hierarchial lists in response to the MEMBERS (aka RECIPIENTS, REVIEW, WHO) command, up to a maximum depth set by the INI value MaxListDepth. In executing this command, Tristero also analyzes its list structure for mail loops and reports these both to the screen and to the log, as it also does in propagating posts to each list.

Note For Upgraders

Versions of Tristero previous to Release 4 required repeated execution of the server executable in order to process hierarchical lists, and used a semaphore file (TRISTERO.FLG) and DOS ErrotLevel to signify this to the operating system. Tristero now processes posts to hierarchical lists, however deep, in a single pass and no longer requires any other customization.

N.B. If this functionality is desired, the BreakLoop value of TRISTERO.INI MUST be set to 0. This flag should only be set if you wish to prevent hierarchical lists being used on a server; Tristero then discards all mail it receives from itself, with the sole exception of messages to the automatic announcement list; such messages are logged and redirected to the superuser. This is an ultra-safe setting to prevent the loop which would result if two mailing lists were made members of each other. If set to 0, Tristero will accept messages from one list to another, and check each post for loops; error messages sent from the listbot back to itself will be logged and redirected to the gateway superuser. Further, the two features of forwarding subject prefix and subject keyword filtering, may be combined as an alternative method of loop prevention.

Moderated Lists

Tristero offers direct, but limited, support for moderated lists - the current features are described as limited, in that there is no mechanism to prevent multiple moderators forwarding a single post several times to a list, and no means of preserving the original sender's address after forwarding - this is a result of the limitations of cc:Mail vis-a-vis SMTP mail; improved support is under active consideration for inclusion in future releases of Tristero. However, such lists can be set up already within the existing feature set:

Current Moderated-Related Features

• List type Moderated - as an Open list in all respects with the exception of posting and file uploading, which are restricted to membership of the equivalent '-approval' list, if present, or to users explicitly GRANTed access
• List type Approval - as Hidden type with the exception that postings and file uploads are accepted from non-members. However, all other actions are restricted and the list does not appear on the 'LISTS' display, nor can its membership be displayed by a non-member.
• Automatic diversion - if a user attempts to post to a list of any type to which she is barred, Tristero will check for the presence of an '-approval' suffixed version of the list, and send mail to that instead, permissions allowing. Note that neither the original, nor the '-approval' list need be of the Moderated and Approval types.
• -approval lists - these are a special case in two situations - a) diversion of mail sent to Closed/ Moderated lists to an '-approval' suffixed version, and b) used as a membership lookup for posting permission for sends to Moderated only lists. Also, if the original list has the common '-l' suffix, this will be automatically stripped off, before the '-approval' is added. If a list is created with such a suffix, it will automatically be set to type Approval rather than the usual Open default, and it's creation will not be announced to the automatic announcment list.

Other relevant existing features

• GRANT and REVOKE: 'Recipient' and 'Poster' rights may be assigned to any list, user or group of users. These provide the equivalents of Moderated and Approval lists respectively.
• Hierarchical lists: People may be made recipients of a sub-list rather than members of the list itself, thus making them recipients without necessarily having posting rights, while moderators or others with direct access are made members of the list itself - an alternative to Moderated type lists.
• NOMAIL: The NOMAIL commands, which may also be set by manual INI file editing with braces,{ and }, around the names of list members who are present on the list for access purposes but do not receive mail - an alternative to Approval lists.

An example, with sample mailbot commands, is given below:-

1. Create a list, e.g. paranoia-l, with type Moderated
   • CREATE paranoia-l "Paranoia Discussion"
   • SET paranoia-l MODERATED
2. Create another list called paranoia-approval with type approval
   • CREATE paranoia-approval "Paranoia-l Moderator's List"
   • SET paranoia-l APPROVAL
3. Add subscribers to the moderated list, paranoia-l
4. Add moderators to the Approval list, paranoia-approval

Tristero will automatically check for an '-approval' version of a list if a user attempts to post to the moderated list and will redirect the mail to, e.g. paranoia-approval if the user has access to this one, or is Open.

Moderators receive mail from paranoia-approval and forward approved mail to paranoia-l.

Lists with type Moderated are identical to Open lists with the exception that posts cannot be made to them by anyone other than a SuperUser, PostMaster the ListOwner or member of the related '-approval' list. Anyone may subscribe to this list, and members may search the archives or get files. Lists with type Approval are similar to Closed lists with the exception that non-members may post messages to them. As with closed lists, non-members may not REVIEW the membership or perform any archive commands. It is recommended that the Reply method for the moderated list is set to List, and for the Approval list that the Reply be set to Poster and the ForwardPrefix used to inform the moderator of the destination list. If Reply is set to Poster for the moderated list, then the moderator will appear as the sender rather than the original sender.

It is also possible to set up moderated lists using the standard features mentioned above - the flexibility of Tristero's configuration provides a number of means of separating mail-receipt from posting access. For instance, closed lists may be useful for a list with both moderation and strictly controlled access. Equally, the Moderated and Approval lists may be used for purposes other than moderated lists; e.g. an approval list can be useful as a replacement for a cc:Mail mailing list, to which anyone may post, but the membership of which is controlled by the administrator. A summary of their features is given below:-

List	Type	Subscription	Posting
Open	O	Open	Open
Free	F	Open	Open (security file ignored)
Internal	I	Open	Open (hidden from lists display)
Closed	C	Closed	Members only
Moderated	M	Open	Members of -approval list only
Subscription	S	Open	Members only
Approval	A	Closed	Open
Distribution	D	Closed	Open (as approval, but unhidden)
Executable	E	Closed	Closed
Passive	P	Closed	Closed
Broadcast	B	Open	Only by privileged user
Hidden	H	Closed	Members only

Security Profiles for Each List

Explanation of Security Profiles

See Controlling Access section for detailed descriptions.

Friendlier Messages

The following files may be stored in the archive directory for a list (this has the same name as the member file, e.g. 00000002.ini & directory 000000002) either by copying into the directory using operating system commands, or attaching the files to a message sent to Tristero with a PUT command:-

readme.txt	Sent on an INFO list-name command & ANNOUNCE
welcome.txt	Sent to new subscribers
farewell.txt	Sent to unsubscribing members
index.txt	Sent when requesting a list index with INDEX

These files are only sent if present; no error will ensue if they are missing. Also, a list need not be set for archiving to use these features, since the directory is always created. To avoid having to send these files every time a new list is created, send the standard readme.txt,welcome.txt or farewell.txt to the default archive (this appears as directory 00000000) - these will then be copied into the archive of every new list created. A sample WELCOME.TXT is supplied in the ZIP package.

Additionally, binary files can be attached to subscribe, add, unsubscribe, info and announce messages. When sending such messages Tristero will check the list archive for files in the following subdirectories, and attach them to the end of the message:

\readme	Sent on an INFO list-name command & ANNOUNCE
\welcome	Sent to new subscribers
\farewell	Sent to unsubscribing members

Files may be placed here directly using file system commands, or sent via e-mail messages, using the subdirectory option of the PUT command. For instance, to send a collection of files to welcome users to the new-people list:

PUT new-people welcome

(new files attached to command message)

File Repository

Every mailing list has an associated subdirectory created for it beneath the directory in which Tristero executes. In here may be stored the subscriber message files described above; Tristero also uses it as a place to archive messages, creating a file per day. This directory can be used to store any number of other files, text, binary, ZIP, graphics etc. Files may be placed in the archive remotely using the PUT commands or by copying the files into the directory using the operating system commands. The PUT command also permits files to be stored in subdirectories, which are automatically created as required.

• PUT test-list farewell (store file in FAREWELL subdir)
• GET test-list welcome\welcome.wav (get file from WELCOME subdir)

Users may request an INDEX of the files, and send the GET or FTP commands to retrieve a file - the GET (synonym ATTACH) returns the files requested as attachments to the command returned message; the FTP (synonyms FETCH, SEND, SENDFILE) returns each file as a separate message with no text items - ideal for sending CCMUPDAT files to mobile users. Further, the `index.txt' file may be used to give descriptions of the files present. The exact nature of the automated index is controlled by the TRISTERO.INI value IndexCommand; the default is for a DOS dir - suggested alternatives are:-

• IndexCommand=dir /od (to give a list in reverse-date order)
• IndexCommand=ndir (display using the Novell NDIR command)
• IndexCommand=type index.fil (take list from the file `index.fil')

Likewise, the results of the SEARCH (synonyms GREP & FIND) command are determined by the value of the SearchCommand INI value. This defaults to grep, and a batch file of that name is supplied which provides basic file searching using the DOS find command; more sophisticated grep programs may be used in place of the search.bat file. The command must take parameters in the format, and send output either to the console or the file SEARCH.TMP :-

• command.exe wildcarded-path search-expression

e.g. grep 00000001\*.* "this text" SearchCommand=grep
SearchCommand=FileFind /X /O=search.tmp


A default archive is maintained in the 00000000 directory. This is defined as the equivalent of an Open list archive, with owner set to SuperUser. The list name is omitted for this archive, e.g.

• GET filea.txt
• GET \ filea.txt (equivalent to above)
• PUT \
• PUT \ FORCE (overwrite files)
• INDEX
• SEARCH xyz

The default archive may be changed to a list archive for the session using the CD or CHDIR command:-

• CD paranoia-l (set paranoia-l as the new default)
• LS (get an index of files)
• CD / (set the default back to public archive)

The SuperUser may retrieve any file accessible by the cc:Router agent; the CONFIG ATTACH command will send files back as attachments to the automatic command response. Alternatively (and usefully for cc:mobile based users requesting directory update files) the CONFIG SEND command will send a file as a separate message without a text attachment. This command can also take an appended address for another user to receive the file; the valid syntax forms are as illustrated:-

• CONFIG ATTACH m:\ccrouter\agent004.log
• CONFIG SENDFILE m:\ccrouter\router.log
• CONFIG SENDFILE m:\ccdir\ccmupdat Oedipa Maas At YoyoDyne
• CONFIG SENDFILE m:\ccdir\ccmupdat "Oedipa Maas At YoyoDyne"

Access rights for file uploading and downloading follow those for posting and subscribing - post rights imply upload rights and subscribe rights imply download, search and index rights. These are set either implicitly by the list type, or explicitly by means of GRANT commands. Example settings are:-

List Type	Upload Rights	Download Rights
Open	Full	Full
Free	Full	Full
Internal	Full	Full
Closed	Members	Members
Hidden	Members	Members
Approval	Full	Full
Subscription	Members	Members
Distribution	Full	Full
Passive	None	None
Executable	None	Members
Broadcast	Privileged Users	Full
Moderated	Approval Members	Full

Granted Right	Upload Rights	Download Rights
Member	Full	Full
Poster	Full	None
Recipient	None	Full
Subscriber	None	None
ListOwner	Full	Full
Distribution	Full	Full
PostMaster	Full	Full
SuperUser	Full	Full

cc:Mail Integration

Gatewaying Internet Mail to Bulletin Boards

There is a common requirement to gateway Internet mailing lists onto cc:Mail bulletin boards - this usually involves some complicated aliasing. With Tristero, it's simple:-

• create a mailing list in the usual way.
• use the SET list PROXY command to register the full cc:Mail address of the foreign ListServer.
• use the PROXY list command to send the subscription command to the remote internet listserver.
• use the PROXYBBS list command to subscribe to the cc:Mail bulletin board; this will enable two-way integration between the BBS and the Tristero list.

(A short-cut of this is available using the CREATECLIENT command)

Optionally, the external mailing-list address may be added as a list recipient, to enable two-way list gatewaying between the Tristero list and the remote internet list (it is quite possible to combine this with PROXYBBS in order to have 4-way integration between a cc:Mail BBS, a remote internet list and a local Tristero list) - if doing this, use the ADD command as normal and place brackets, [ and ], around the address; this will prevent Tristero from looping external mail back to the external list, and also enables the ReplyType override set in the PROXIES.INI file.

Summary of bidirectional integration

A	Tristero-> cc:Mail BBS	ADD list #test_bbs
B	Tristero-> remote listserver	ADD list [list@test.edu]
C	Remote ListServer->Tristero	PROXY list SUBSCRIBE test-l
D	cc:Mail BBS ->Tristero	PROXYBBS list SUB #test_bbs
E	cc:Mail BBS ->Remote Listserver via Tristero	- d) and b)
F	Remote Listserver->cc:Mail BBS via Tristero	- c) and a)

Any combination of these may be used, up to all four, in which all messages from any one source (BBS, remote list, Tristero list subscribers) is automatically distributed to the other sources.

Note

1. Some remote lists only accept postings from subscribed members: for such lists, set the Reply Address to List (or ListPlus) rather than Poster - if it must be Poster (e.g. for bulletin board presentation) then set the ReplyType override for the list, using the SET list PROXY-REPLY command. The recommended setting for such lists is ListPlus.
2. If two-way BBS <-> mailing-list gatewaying is to be used, it is essential both to have a c/o call-list entry (see the ADE Integration section), and that the ReplyType is such that cc:Mail can identify Tristero as the originator of the mail sent to BBSes. This may be done by choosing the List or ListPlus types; if the poster-name is required then choose the Forwarded rather than the Poster/PosterPlus types; the presentation of mail on the BBS with 'Forwarded' is identical to that with 'poster', but cc:Mail is provided with background information which enables it to prevent BBS mail being repropagated back to Tristero.
3. Add the bulletin board to be used to the mailing list, either by direct editing of the INI file or sending an ADD command to the list robot.

Since this is a standard mailing list, users may also subscribe to it in the usual fashion and receive the mail privately rather than via a bulletin board - this is ideal for non-cc:Mail users interfaced to the system, or cc:mobile/cc:remote users.

Example of using Tristero to set up a two-way client mailing list, which gateways internet mailing-list mail to a cc:Mail bulletin board:

• CREATE ccmail-l cc:Mail discussion list
• SET ccmail-l PROXY listserv@vm1.okstate.edu At Internet
• PROXY ccmail-l SUBSCRIBE ccmail-l
• PROXYBBS ccmail-l SUB #bit.listserv.ccmail-l
• ADD ccmail-l #bit.listserv.ccmail-l
• ADD ccmail-l [ccmail-l@vm1.okstate.edu At Internet]
• SET ccmail-l PROXY-REPLY ListPlus
• SET ccmail-l REPLY PosterPlus

N.B. - if a list is set to be Closed then only mail from defined members will be accepted for propagation. Many internet mailing-lists set the sender address to be the name of the original poster, not the actual list sending address; to accept such mail, use the GRANT command to define the access as in this example:-

• GRANT Poster To * At Internet FOR ccmail-l

Or edit the ACCESS.INI file to add this line:-

"* At Internet","Poster","ccmail-l","","",""

The advantages of using Tristero as an interface to Internet mailing lists:-

• Reduced transmission costs - receive just one copy of each mail
• Strip unwieldy RFC headers
• Make internet mail easier to read by colour-coding headers & quotes
• Add cc:Mail bulletin boards or mailing lists as recipients
• Local control over subject filtering, return address setting
• Proxy command sending of subscription/unsub commands
• Standardization of admin commands for local users
• Single point of subscription for users
• Offer digests and topic summaries whether or no original list can
• Build up archives of list mail for future searching and retrieval

Folder-based conferencing

For cc:Mail subscribers, additional ease of use can be offered by delivering list mail directly to folders rather than to the inbox with all other mail. This can be achieved in two ways:

1. Using a ForwardPrefix in Tristero, so that cc:Mail or 3rd party rules processors can shift the message
2. using the "Folder" Copy Method, together with the FolderPrefix and FolderSuffix to identify the folders

The latter can be activated for any list either by manually editing the TRISTERO.INI file or by sending administrative commands to the listbot. The maunal method involves adding a "F" flag to the end of the CopyMethod variable either globally, or for an individual list. The command method is:
SET listname COPYMETHOD FOLDER

and to cancel:
SET listname COPYMETHOD INBOX


Tristero will only deliver mail to folders where these have been set up by users - it will not "take over" a user's mailbox and create them itself. If there is no folder for a given list, the mail will be delivered to the inbox in the ordinary fashion. Internet users automatically have this feature disabled, to prevent confusing outgoing gateway software.

The folder names can either be identical to the list names, or customized with special prefixes and/or suffixes. The INI values FolderPrefix and FolderSuffix are used for this function. For example, if you wish all the list folders which Tristero to use to be of the form Conference-Listname, set the INI values thus:

FolderPrefix=Conference-
FolderSuffix=


Additionally, standard DOS wildcards ('*' for any number of characters and a '?' to match a single character) can be used, and the folder name itself is subject to the 30 character limitation of the cc:Mail client. For example, if you wish to have folders with a descriptive annotation such as:

listname (discussion forum on paranoia)

then set up the INI values as:

FolderPrefix=

FolderSuffix=*

and Tristero will deliver to the folder, so long as it finds the listname at the beginning of the name and regardless of what follows.

ADE Integration

Tristero supports the cc:Mail Automatic Directory Exchange (ADE) protocol for these functions:-

• Maintaining aliases for Tristero lists on a cc:Mail PO
• Automatically removing deleted users from Tristero lists
• Automatically updating of renamed users in Tristero lists
• Propagation of bulletin board messages
• Automatic maintenance of "AutoAll" lists
• Day-by-day archiving of ADE update messages per post office
• Storage of ADE synchronization messages per post office

ADE functionality is defined by the combination of the Propagation Type defined in the entry for Tristero in the cc:Mail directory, and the Propagation Type defined in the TRISTERO.INI file. The most common and useful combination is BroadCaster-BroadCaster; this ensures full two-way ADE integration. If the cc:Mail post office should never receive ADE updates from Tristero, then define it as "Superior" in the [ADE] section of the INI file. Conversely, it may be defined there as "Subordinate", in which case Tristero will ignore all ADE updates received, but still send out its own.

There are two different methods of sending ADE updates back to cc:Mail: an IMPORT of the TRISTERO.ADE file, or by the sending of directory update messages as part of the standard import. It is highly recommended that the latter method is used - this allows fine control over which POs will have their ADE updates accepted, permits the updating of multiple & remote post offices, and enforces a higher level of security for which updates are processed. To switch on this method, set the propagation and mail system types in the [Post Offices] section, as below:

[Post Offices]
"Silver-HQ",,"ccMail","Broadcaster","All-Silver-HQ"
"Silver-Canada",,"ccMail","Subordinate",""
"Gold-HQ",,"ccMail","None",""


This information can be retrieved remotely using the CONFIG ADE command, available to superuser privileged users.

The destination of ADE update messages is by default the Administrator of the appropriate post office (with a subject of "Tristero Generated Directory Update"). It is recommended by Lotus that updates are sent to a special address "~ADE_Mailbox" for processing - to implement this, create a cc:Mail account with this name, plus a call-list entry (Auto timing with Exchange flags of MDB) and change the setting of ADERecipient in the [ADE] section of the TRISTERO.INI.

If there are no ADE settings in this section, then the default propagation type set in the [ADE] section will be used to determine which updates are sent and received. Additionally, the IMPORT statement for the TRISTERO.ADE file must be enabled in the batch file; the /PROP parameter of this IMPORT statement permits the onward distribution of these aliases.

N.B. Due to limitations in cc:Mail, mailing list updates (i.e. for shadowed lists) and bulletin board subscription messages cannot be handled by ADE messages ands still require IMPORT to function - if the message sending method is selected, Tristero will automatically separate ADE updates into a CCMUPDAT file for sending and a TRISTERO.ADE file (for BBS and mailing list updates) to be imported.

Outgoing ADE updates happen when:-

• A new list is created
• A list description is changed
• A list is removed
• An ADESYNC command is issued
• A tristero list is subscribed to a cc:Mail bulletin board

The ADESYNC command is available in two forms, as 'ADESYNC' available only to SuperUsers, which sends out ADE entries for all lists; or in the form 'ADESYNC listname' which sends out only the specified update, and is available as a command to ListOwners and PostMasters.

Tristero ADE integration also works the other way, in accepting directory updates and processing users deleted or renamed in cc:Mail post offices from all Tristero lists. In order for this to function, a separate router call list entry must be made for the Tristero server, with a connection type of "c/o" and an exchange type of "D". N.B. If if Tristero is being used to give e-mail access to bulletin boards, then the EXCH type of "B" should also be set, or a separate call-list entry with this type scheduled for BBS message export.

It is recommended that the directory update call is made out of normal processing hours. Also note that this call-list entry simply creates a synchronization message for Tristero, it does not actually execute the program - the directory updates and/or bulletin board messages will be received by Tristero when it is next run.

Example Call-List

In this example, Tristero will be called in every cycle of the router is a message is waiting for it. In addition, every hour the bulletin boards will be examined for mail to be propagated to Tristero lists, and such mail sent to the queue as waiting messages for Tristero. Early every morning at 3am, ADE will build up a list of all updates to the directory and pass this to Tristero.

Users with Enterprise addressing may have to adjust the post office name for mail being sent back to users in another domain. The [Post Offices] section may be used for this purpose, e.g.

[Post Offices] "","Silver-HQ",,"" (change addresses without PO to Silver-HQ)
"Bronze","",,"" (change Bronze addresses to username only)
"Gold-HQ","Gold",,""
"Gold-Sales,"Gold",,"" (change Gold-xxx POs to PO Gold)
"Gold-Accts","Gold",,""
"Gold-Info","Gold",,""

The final parameter defines an associated list name for the post office. This can be any Tristero list: most usefully it can be a single dedicated ADE update list, or alternatively the AutoAll list of each post office. This archive will contain the most recent CCMSYNCH message received from the linked cc:Mail post office, and a daily archive of CCMUPDAT messages in a CCMUPDAT subdirectory of the archive. Amongst other uses, this is particularly handy for cc:Mobile users, who can request a full synchronization of any post office by sending a SENDFILE command.

Automatic List Generation and Maintenance

If ADE is enabled, Tristero can also maintain automatically AutoAll lists of everyone within a given post office. This is done by selecting the update types required in AutoAllSelect in the [ADE] section.

AutoAllSelect=P	Maintain all 'L' (local LAN users) using their PO addresses
AutoAllSelect=PB	Also maintain lists based on a PO value contained in brackets within the comments field of the directory
AutoAllSelect=I	Autoadd only lists based on the first word in the comments field, if in the format "Department:" or "Department-"
AutoAllSelect=A	Autoadd based on the contents of a bracketed field with the address
AutoAllSelect=R	Update only remote/mobile users to a list specified by AutoAllRemote.
AutoAllSelect=S	Send SMTP subscriber addresses back to cc:Mail as ADE alias updates

Any or all of these options may be specified. For types other than R, the name of the automatically maintained list is determined by the formula:-

AutoAllPrefix + PostOfficeName + AutoAllSuffix

Where PostOfficeName is a bracketed value for type B updates, and the post office name for type P. If both types are selected, then multiple mailing lists may be maintained. For instance, if a user is a member of a department within a post office, an everyone list may be maintained both for the post office, and for the department - if the department is held bracketed somewhere in the address comments field

N.B. These lists must already exist in Tristero. If a user is encountered for a post office which does not have a list, this update will be ignored. Hence, the Tristero administrator retains control of exactly which everyone lists are present on the system. It is recommended that digest postings are not enabled for these lists (i.e. set the archive type to U). Dummy users - typically Organizer Resources, batch job R users etc - may be excluded using the AutoAllExclude list of characters, which are checked against the first character of the address. Additionally, the bracketed field may have a '-' prefix, in which case the address will be removed rather than added to the corresponding cc:Mail list. This is useful if somebody changes department, since ADE does not supply Tristero with the old comments field for it to remove the old department reference automatically.

Sample list building:-

Name	Address	Comments	ADE Settttins	Lists Built
Joe Bloggs	Acme	(Sales) Vicepresident	AutoAllSelect=B AutoAllPrefix=All- AutoAllSuffix=	All-Sales
Joe Bloggs	Acme	(Sales) Vicepresident	AutoAllSelect=BP AutoAllPrefix=All- AutoAllSuffix=-Users	All-Sales-Users, All-Acme-Users
Joe Bloggs	0123-2323	(Sales) Salesman	AutoAllSelect=BPR AutoAllPrefix=All- AutoAllSuffix=-Users AutoAllRemote=All-Salesmen	All-Sales-Users, All-Salesmen
Joe Bloggs	0123-2323	Sales: Salesman	AutoAllSelect=PI AutoAllPrefix=All- AutoAllSuffix=-Users AutoAllRemote=All-Salesmen	All-Sales-Users

This automatic maintenance works on the same ADE principles as the automatic list removal of deleted cc:Mail users, and requires the same cc:Router call list entries. Note, however, that this option increases the processing requirements, and is best scheduled for out-of-band running.

Synchronization

Tristero automatically maintains lists, but in order to create the lists initially, it must be initially primed with all the existing addresses. This may be performed in a number of ways, including the EXCH/S option in the cc:Router call list, which will create a synchronization file enqueued for Tristero. To do this manually, send a CCMUPDAT file as an attachment in the same way that a cc:Mobile user would have a directory initialized (this will have heavy initial processing load for large directories). This message must be addressed to user Administrator at the Tristero server, must originate either from another Administrator user or from the SuperUser, and should have a subject with an "ADE" prefix. Alternatively, an export of the cc:Mail directory could be converted using the freeware Rhizomatocs EXPCON software to directly create a list.

For a full synchronization to take place from cc:Mail to a Tristero list, set the owner of the list to be user "ADE". Any such list will be competely erased and rebuild whenever a synchronization is performed - this ensures that any users who should no longer be in the list (e.g. a keyword in the comments field has been changed) will be removed. Tristero will not automatically erase any list that has not been given ADE as the owner - this allows the administrator to decide whether management of the list is given entirely to Tristero/ADE, or whether Tristero is only allowed to add and remove users as prompted by ADE.

Automatic Internet Users Lists

Additionally, Tristero can maintain its own AutoAll lists for Internet subscribers to its lists. To enable this feature, set a value for the INI setting AutoAllSMTP, and CREATE a list with that name, for example:

AutoAllSMTP=All-Internet-Posters

N.B. If you use a name that matches an existing post office, e.g. if you have a SMTPgate or Internet PO in the cc:Mail directory, then this will also have added to it directory entries by cc:Mail ADE. If you wish to keep this list, as is recommended, only for Tristero Internet subscribers, then choose a name that does not match a AutoAllPrefix+POName+AutoAllSuffix pattern.

Whenever a user subscribes or is added, the address will also be added to this list, if not already present. When a user unsubscribes or is removed, and is not a member of any other list, then the address will be automatically removed from this list. This enables the postmaster to easily know what external users are currently active on the Tristero server, and to send them news or announcements as required. All updates to this list are also reflected in the standard list audit trails.

Additionally, if the S flag is included in the AutoAllSelect INI setting, all additions and deletions to the AutoAllSMTP list will be sent on as ADE updates to the cc:Mail directory. Such users will appear as alias users, with the Internet address stored as a FAN (Foreign Alias Name) in the directory. This also permits Internet addresses to be shadowed to cc:Mail mailing lists.

To retrospectively build this list, or to synchronize it to register any manually added internet addresses in lists, use the standard ADESYNC command. For example,

ADESYNC All-Internet-Posters FULL

cc:Mail Shadow Lists

The AutoAll method may be reversed by list shadowing to maintain cc:Mail Mailing Lists up to date. This is controlled by setting the name of the cc:Mail list in the ccMailShadowList parameter for the appropriate list in the TRISTERO.INI file. This may be used in two ways:

1. ListShadowing on its own, to allow users to sub or unsub onto cc:Mail Mailing Lists, or postmasters to ADD/REMOVE
2. ListShadowing combined with AutoAll, to update cc:Mail mailing lists based on post office and/or field in the comments.

CAVEAT While Tristero has unlimited subscriber capacity on it's lists, cc:Mail is restricted to a mere 200 addresses. Hence a shadowed list will contain only the first 200 addresses of the Tristero list.

These lists are automatically maintained every time a user subscribes or unsubscribes, a postmaster adds or removes a name, or ADE passes a new or updated address to Tristero. The lists may be rebuilt by a ADE synchronization entry in the call list, or using the ADESYNC command. This has the extra parameters

ADESYNC listname | * [ FULL | RELOAD]

A single list may be synched, or the '*' wildcard used to update all shadowed lists. The FULL command specifies that all subscriber addresses are to be sent to cc:Mail in addition to the list titles.

The RELOAD alternative does the same job as FULL, but destroys the cc:Mail list first, before recreating it and repopulating it from scratch with Tristero updates.

Security and Tuning

Reducing Mail Clutter

All mailing lists seem to suffer from members who send subscription and other admin commands to the entire mailing list, rather than to the automatic command processing mailbox. The [Admin Subjects] section of the TRISTERO.INI file permits detection of these based on the subject contents. The mail will be automatically rediverted and an entry made in the log. N.B. that this feature operates differently when Tristero is being used as a client for a remote host: if a Proxy address has been set, any messages with admin subjects detected will be filtered out - this prevents foreign mail users maladroit attempts to subscribe to the host list from being doubly processed by the local list. A log will be made of the event.

Another common cause of mail clutter are automatic receipt and delivery messages; the [Kill Subjects] and [Kill Authors] sections may be used to filter these out. More powerful filtering may be performed by running Tristero in tandem with the Emptor preprocessing gateway from Rhizomatics - a single batch file may run Emptor followed by Tristero. Kill subjects may be used in combination with forwarding prefixes to prevent mail loops; another use is to add the posting address of a host list to the mailing list, and use prefixes and kill lines to prevent mail from the host being sent back to the host. Mail filtered by kill subjects is returned with a warning to the user, unless the user's address is an internet address, or is at the post office of a proxy server.

Some common Internet mail bounce subjects as suggested filters:-

mail warning
Mail Item Format Warning
Waiting Mail
WARNING: message delayed at
Warning From uucp
Returned mail: warning: cannot send message for
Undeliverable RFC822 mail: temporarily unable to deliver
Warning: could not send message for past
Mail not delivered yet, still trying
Delivery failure
Delivery error


Some common cc:Mail bounce subjects:- Message not deliverable
RCPT:
Auto:


Messages filtered by either subject or author will be discarded.

However, it is also possible to have Tristero scan these messages before discarding to check for standard address rejection codes and automatically unsubscribe the reported address. Use the section in the INI file called [PreScan Strings] to specify these. e.g.

With a PreScan text section such as:

[PreScan Strings]
BOUNCE,550 %1 User Unknown
SPAM,make money fast!!!
ADMIN,#{unsubscribe


a rejected mail will be scanned for the string, and if

550 <pig.bodine@waste.com> User Unknown

is reported by the remote mail server, Tristero will automatically unsubscribe this user from all lists, and resubscribe onto a special bounce list, as determined by the BounceList setting.

If the string "make money fast" is specified, Tristero will search for this string, unsub any person using it, and add the address to the special Spam List, as determined by SpamCheckList.

If the string "unsubscribe" is specified, Tristero will search for this string, and redirect any messages containing it to the list robot instead.

Optimizing Delivery

Tristero has a number of options and features to optimize both the performance of the server itself, and the delivery of the resultant mail. Three separate cacheing methods are used to cut down on processing time and bandwidth:

• All responses read from the default language resource (.LRI) file are cached, with the cache size set by the ResourceCacheSize INI value.
• Digest postings are rebuilt from a cache for users with identical list, period and last-sent settings, if the Digest.INI file is ordered by user and period.
• User access rights are cached (prevents unnecessary scanning of list membership and ACCESS.INI)

Delivery is optimized by maximizing the number of recipients per mail message while remaining within the cc:Mail address header limits for each batch of a large posting. The routing of such mail is further expedited by having the propagation list bunched by post office - as of v3.1.0 of Tristero, all new subscriptions are placed automatically in such an order. A remote command called CONFIG OPTIMIZE (which may take either a list name or the '*' wildcard as an argument) can be used to order existing lists, or to sort INI propagation files generated by other programs; note that this command can take several minutes to process for large and unsorted lists, but there is very little overhead for lists which have been previously optimized.

The number of destination addresses per header can be maximized by shortening the addresses. The PostAddressForm allows control over this, with a "S" flag to indicate mandatory short-form addresses on all non Internet destinations, and a "F" flag which cuts down Internet addresses to the actual address only, and ignores any name or comments.

Optimization of mail routing is also affected on many sites by the priority of mail. The ForcePriority setting (which is available globally in the [Globals] section of the INI file, or individually in each [LIST list-name] section) can be used to set all mail to Low, Normal or Urgent priority. A null value (i.e. ForcePriority=) preserves the original priority of the message.

Security checking imposes an overhead on mail propagation - this is lighter for Open and Approval lists (which can be posted to by anybody not explicitly refused access by GRANT or REVOKE); for lists which have no security equivalences assigned, this overhead may be further reduced by defining them as type Free; lists of this type have all security checks skipped - only the real ListOwner and Tristero SuperUser have any additional rights to these lists; security equivalences are not respected.

Controlling Access

Security privileges are assigned in two ways - implicitly from the default rights for a given list, and explicitly by means of the ACCESS.INI control file. Implicit rights include for the Superuser rights for the person specifed in the 'SuperUser' INI keyword, ListOwner access for the ListOwner of each list, and Member access by the membership status of users.

ACCESS.INI FILE

The access control file allows users, or groups of users, to be assigned explicit rights. These can include superuser-equivalence, postmaster, and listowner-equivalence rights. SuperUser and PostMaster status affect the entire system, with the difference that SuperUser has access to security-sensitive commands such as CONFIG SHELL. ListOwner rights are given for individual lists on the system. Wildcards may be used for the user name to assign by entire post office, or one user across many post offices.

Examples of valid wildcards:

*	Match all addresses
*At Silver-HQ	Match all "Silver-HQ" users
Benny Profane*	Match "Benny Profane" wherever he is
*@* Match any SMTP	(i.e. Internet) address

The format of the ACCESS.INI file is as follows:-

user name,status,list,language,encrypted_password,flag

Sample ACCESS.INI file

Benny Profane at Silver-HQ,SuperUser,"","","",""
Administrator At *,PostMaster,"","","",""
* At Accounts,ListOwner,money-l,"","",""
*.jp At Internet,"","",Japanese,"",""
Kurt Mondaugen At Accounts,ListOwner,*,English,"",""


The flag field is for future expansion; future releases of Tristero may add further levels or types of access.

One line may be used to define the access level, or set the default language, or both. If, due to wildcarding, a user fits several definitions, the access type will be computed from a combination of the various rights - see the section on custom access rights below for the possible permutations. Tristero will apply multiple sets of rights derived from wildcards in the order:

Priority	Address Match	List Match
1	Exact	Exact
2	Exact	Wildcard
3	Partial Wildcard	Exact
4	Partial Wildcard	Wildcard
5	Single wildcard,(* or *@*)	Exact
6	Single wildcard,(* or *@*)	Wildcard

Privileges

Access privileges may be automatically set using the GRANT and REVOKE commands. Note that if the file is left in an incomplete state after a manual edit, this condition will be recitified by a GRANT, REVOKE or SET LANG statement, with a warning placed in the log. GRANT commands may be used by SuperUsers, PostMasters and ListOwners (for their own lists) - no user, however, may grant rights above their own, and only SuperUsers may grant SuperUser status. The RIGHTS command will report a user's access.

Valid Privileges:-

Privilege	Description
SuperUser	SuperUser equivalence (global)
PostMaster	Postmaster equivalence (global)
ListOwner	ListOwner equivalence (for a given list)
Member	Full subscription and posting rights for a list
Poster	Posting but no subscription rights (as Approval)
Recipient	Subscription but no posting rights (as Moderated)
Subscriber	Subscription but no posting or file rights
Distribution	All rights with the exception of sub/unsub
FTP	Upload, download, search and index
AnonFTP	Download, search and index
None	No rights
Barred	No rights, and no mailbot access
Custom	As described below

Custom rights consist of a series of flags giving access to specific sets of commands. The flags are:-

C	Mailbot command access
D	File downloading
G	Archive grep / search
I	Archive Indexing
U	Upload files to archive
M	Membership (sub / unsub)
O	Options (SET user options)
R	Review Membership (WHO, MEMBERS commands)
W	Write (Post messages to list)
L	ListOwner privilege
P	PostMaster privilege
S	SuperUser privilege

The standard access levels are macros for particular common sets of flags, in detail these are:-

SuperUser	CDGILMOPRSUW
PostMaster	CDGILMOPR-UW
ListOwner	CDGILMO-R-UW
Member	CDGI-MO-R-UW
Poster	C---------UW
Recipient	CDGI-MO-R---
Subscriber	C--I-M--R---
Distribution	CDGI----R-UW
FTP	CDGI------U-
AnonFTP	CDGI--------
None	C-----------
Barred	------------

Custom strings may be set with GRANT/REVOKE commands, or by directly editing the ACCESS.INI file, in the same fashion as standard macro strings. Where a user has several applicable access rights - either as a result of list or address wildcarding - the individual rights will be combined. Particular access rights can also be masked out by placing an 'X' in the appropiate position in the string. This can be useful in revoking rights implicitly granted by membership of a list.

For example, a user who was assigned FTP rights for all lists, denied search rights for all lists, and given Recipient rights for 'money-l' would have the following access:-

List	Rights	Macro
*	CDGI------U-	FTP
*	--X---------	Custom rights to deny 'G'
money-l	CD-I-MO-R-U-	Custom (FTP+RECIPIENT)

Access to the list as a whole is controlled by the SET TYPE command, available to the Postmaster and Superuser. This defaults to Open, which allows anyone to REVIEW, SUBSCRIBE or post to that list.

Principal List Characteristics

• Subscription lists allow anyone to subscribe, but only members may post.
• Closed lists only accept posts from members, non-subscribers may not REVIEW the member list, and all subscriptions must be processed via the ListOwner or PostMaster.
• Hidden lists operate as Closed lists, with the exception that they are not displayed by the LISTS command, and are not acknowledged to exist in REVIEW commands sent by non-members.
• Approval lists operate as Hidden lists, with additional logic when operated in tandem with a matching Moderated list - only members of the Approval list may post to the Moderated list, other posts are forwarded onto the Approval members for their consideration.
• Moderated lists operate as Open lists, with additional logic when operated in tandem with a matching Approval list - members of the Moderated list may not post or upload to their own list, but may do so to the matching Approval list.
• Internal lists have the security and posting rights of Open lists, but like Hidden lists do not appear on LISTS displays, and are not automatically sent by ADE to appear in cc:Mail directories.
• Distribution lists have closed membership, but may be mailed to by anybody (as Approval lists, but not hidden from view). This is equivalent to a cc:Mail mailing list.
• Executable are not used for mail propagation. Instead, each list has one of two files in it's archive directory: a LISTBOT.TXT - which contains a sequence of list robot commands, or a FILELIST.TXT which contains the filenames of files in the list archive or the full path names of any file readable by the Router node. Whenever a message is received from an authorized user (i.e. a member of the list, or a user who receives permission from a GRANT command), the sequence of commands is executed by the list robot or the list of files sent as a separate message. Executable lists can be used as a form of macro for list administrators, or as an e-mail version of fax on demand.
• Passive PASSIVE lists have closed membership, however even members have no rights other than to receive messages. This type can also be used as a basis for custom designed sets of rights, i.e. create a PASSIVE list then use the GRANT command to specifically assign rights to some or all users.
• Broadcast lists have open subscription, but no ordinary user can post to them. Posting is only by listowners, postmasters, superusers or users with specific rights assigned by the GRANT command, e.g. "GRANT Poster To ..."
• Free lists are equivalent to Open lists with the exception that the security file (ACCESS.INI) is not consulted for access rights - this can boost performance.

Mail processing speed may also be optimized by setting the SecurePost INI value to 0 - this bypasses the checking of the ACCESS.INI file for mail propagation; Tristero will still reject mail to Closed lists from non-members, but will not check for explicitly GRANTed rights when delivering mail - command processing is unaffected.

Passwords

Passwords are set using the 'SETPASS pass' or 'SETPASS pass FOR User at PostOffice' commands.The former version allows currently passworded users to change their passwords, the latter allows SUPERUSER and POSTMASTER equivalents to set passwords for other users. The user specified may be a fully qualified address, or a wildcarded user; the password must be alphanumeric and 4 characters or greater in length and is case sensitive, e.g.

SETPASS mondaugen FOR * At Internet
SETPASS profane FOR *.edu At Internet
SETPASS stencil FOR *@*
SETPASS victoria FOR oedipa@yoyodyne.com At Internet


If a password has been set for a user, it must be provided for all ListOwner, PostMaster and SuperUser commands and additionally for file archive uploading and deletions. Passwords are only required if set for the user - if password access is to be the default method of security, then ensure that a password has been set for user '*'.

All passwords are stored in encrypted format, and are never decrypted during operation. For very secure systems it may be advisable to completely hide the identity of the mailing list management software being used; this is an option for registered users, further details available by application to Rhizomatics.

Reporting

A report on current access rights and password assignment is available for superuser-equivalent users by sending the command CONFIG SECURITY to the mailbot. In addition, an audit trail is kept for each list in standard CSV format, which details each addition or deletion from the list, plus the date, time and whether actioned by the subscriber, privileged user, or by an ADE update from a cc:Mail post office. This file may be viewed using the "AUDIT list" command - the audit trail for superuser commands (both successful and suspected hack attempts) may be reviewed by sending the AUDIT SECURITY command (it may also be examined directly as the file SECURITY.AT in the Tristero directory).

Security Overrride

Privileged users may be permitted to override the usual checks made on message size, priority, receipt requests, subject contents and reply types, by setting a value in OverRideSubject which these users may include in the subject of any message which they wish to send in this manner to a Tristero list.

Dealing with mail abuse

Administrators who use Tristero to administer internet mailing lists will inevitably have to deal with the growing number of e-mail abusers, the most common of which is the spammer - a user who sends out a message to 1000s of usenet groups or mailing lists simultaneously.

Typical abuses are:-

• Sending unsolicited advertisements to millions of addresses
• Robotic subscription to listservers to allow sending of spam
• Maliciously subscribing other users to mailing lists

Tristero offers a comprehensive set of measures for controlling access:

1. Closed, Hidden and Moderated lists
2. GRANTed and REVOKEd security rights
3. Kill subjects
4. Kill authors (a.k.a Kook Filter)
5. Multiple subscription request limiting
6. Spam list
7. Pre-scanning of mail
8. Passwords
9. Cookies

The first two are discussed under "Controlling Access"; the rest are the principal defences against such attacks. Kill Author & Kill Subject are the simplest and most efficient. The spam list is more processor intensive, but offers the same control and options for the administrator as any standard list (archiving, digest, add & remove etc).

Kill Author, Kill Subject

Kill Author and Kill Subject are the simplest and fastest method of control. The mail is simply dropped and an entry made in the log file.

Detect strings are set in the TRISTERO.INI file, either by manually editing this file or remotely maintained by superusers using the CONFIG KILLADD and CONFIG KILLLIST commands. Each line of the kill subject and kill authors section contains a string which will be matched against the subject and author respectively - optional markers ("#{" and "}#")may be used to sensitize the matching to complete, beginning or terminating strings, by default the string is searched for at any position in the field. e.g. AOL.COM would filter out all mail from any user at that on-line service, whereas "#{mailer" only affects addresses starting with "mailer", and #{test}# only matches the subject "test".

Examples:

[Kill Subjects]
kill-line-1
kill-phrase-2
#{ADE DIRECTORY
#{!AM!
#{AUTO:
#{ccMail SMTPLINK Undeliverable Message
#{CMSG CANCEL
#{DELIVERY ERROR}#
#{RETURNED MAIL

[Kill Authors]
#{MAILER-DAEMON
hacker@spam.net


Multiple Subscription Request Limiting

The multiple subscription limit ( MaxSessionSubs=) is a simple way of protecting against automated mail agents which roam the internet hunting for list servers, subscribing to all available lists, and then sending unwanted e-mail (aka spam) to the lists.

Spam List

The spam list itself is simply a Tristero list - any of the usual commands may be used on it and privileged users may use any of the SET options on it. The only thing which marks it as different is the SpamCheckList setting in the [Security] section of TRISTERO.INI. If this is set, Tristero will check every incoming mail, and if the author is a member of the spam list, will drop the mail in the same manner as the KillAuthor and KillSubject process. The overhead may be reduced by specifying a list of gateways to be checked in the SpamCheckGateways value in the TRISTERO.INI file.

The benefits of the SpamCheckList method are:-

• Privileged users may use the ADD, REMOVE, INFO etc commands to remotely maintain the list
• The addresses do not clutter up the TRISTERO.INI file
• The memory overhead is reduced (Kill Author & Subject strings are held in memory during processing)
• The list may be archived, in which case all suspected spam messages will be saved into the list archive
• Privileged users may also subscribe to the list and set themselves as digest members. Digest members do not get treated as spammers, but receive a periodic digest message containing the text of suspected spams
• Members of the spam list will be prevented from subscribing directly to any list. All attempts will be forwared to the listowner.

Prescanning

Pre-scanning is controlled by the PreScanMode command, and searches for rejected address messages from remote mail hosts, and for suspected spam text. Mail matching text contained in [PreScan Strings] will have the appropriate action (BOUNCE, SPAM, ADMIN or DROP) performed - the SPAM action causes the message to be dropped, the user unsubbed from all lists, and a subscription made to either the the SpamCheckList.

N.B. Mail will also be automatically prescanned where an invalid Internet sender address is detected. The message body will be scanned up to the PreScanLimit for a valid sender address within the RFC message header. If successful, this address will be used in place of the cc:Mail supplied internet address.

Example:

[Security]
PreScanMode=3 (scan all messages)
PreScanLimit=20 (scan first 20 lines of message)

[PreScan Strings]
SPAM,make money fast
SPAM,send $5 to each of these names


Cookies

Cookies are special 32-character codes, automatically generated by Tristero, which allow a given user to perform a specific command for a single list within a set number of days (controlled by the CookieDays INI keyword). The simplest way to use these is to set the following in the INI file:

[Security]
InternetPolicySub=2
CookiesDays=14

This can also be controlled remotely using the command:

CONFIG INTERNETPOLICYSUB 2

Whenever any Internet user makes any SUBSCRIBE request to any list that would otherwise be open for subscription (i.e. an OPEN, Free, Broadcast, Subscription etc) a cookie is generated, and a separate e-mail sent back to the originating address, containing the cookie, and the necessary commands to make the subscription. If the subscriber has given a valid return address, actually wants on the list, and returns the mail with the commands included, the subscription will be made. An example of the commands is below:

  Dear Frenesi





  To validate your address as a current Internet address, and

  your desire to be a member of this list, this message has been sent

  in response to your subscription request. In order to finalize it

  ensure that this message is returned with the commands below

  included in the reply. These include a special 'cookie' entitling

  you to join this list, which is invalid for any other person or list.





START

COOKIE 73HFDhsdjsdP**^8237fkjjZ5353jd(*

SUBSCRIBE secret-list

STOP

N.B. Cookie protection is in addition to all other security controls on lists. They only grant the right to make a subscription that would be automatic if it were a cc:Mail user making the same subscription request for the same list. Other controls, such as Closed lists and REVOKEd rights, still apply to the list.

Administrators may make cookies in advance for a user, allowing them access to one or all lists for a given period of time. The full syntax is (function defaults to "SUB" if not given): BAKE [<function>] FOR <list> TO <user> [USE BY <3> DAYS]

Examples:

BAKE FOR * TO joe.blow@waste.com

Give Joe subscription access for all lists. No use by time is given; the default of 7 days applies.

BAKE FOR private-list TO oedipa.maas@waste.com USE BY 4

Oedipa is given access to subscribe to private-list for 4 days.

The BAKE command returns the 32 character cookie code, which can then be forwarded to the user. It will not operate for any other user, nor for any other list. A single wildcard ("*") may be used in place of any of the parameters, and is the default if no name or list is given. For example, the command below will create a cookie that can be given to any internet user for any list to be used within the next 7 days:

BAKE *

(equivalent to BAKE * FOR * TO * USE BY