I think you will be happier with what is possible in Mailman 3. In mm3 we have a working LMTP server, those it's based on asyncore and its scalability is questionable. Although I have not yet done this, I plan to tie the rule chain checker into LMTP so that if your MTA supports LMTP delivery the following can happen:
worldwildwonderland -> SMTP -> MM's LMTP -> rule checks
The rule checks then could tell LTMP to reject the message right there, which would return 5xx to SMTP and /it/ would return 5xx to whatever upstream SMTP its talking to.
Now, I wouldn't want to do a lot of work at that point, but some simple checks would definitely be possible. You can reject messages as early in the process as possible and do it at the SMTP layer.
It needs to be done after RCPT TO. LMTP allows you to sensibly do this later, and get return codes for individual recipients. However, it we're doing this with call forwards from an MTA which is receiving email over SMTP, then the MTA will have to check the sender/recipient pair at RCPT TO time.
on connect: accept the connection HELO/EHLO: reject if the sending MTA isn't known MAIL FROM: accept (perhaps unless the sender address is forbidden to post to all lists). RCPT TO: accept if the sender has permissions to post to the list, otherwise reject. This is the last chance to give a list specific response to an MTA that is engaged in a callout. DATA: reject null senders here if appropriate. Rejecting a null sender at RCPT TO or earlier might break callouts. ............. . Check the data, reject if inappropriate for a specific list (but this is likely to cause a bounce from our MTA). Because we've decided to trust the sender, we should be OK to bounce a message here, unless the list is an open list.
While I think the LMTP code could be backported to 2.2, the rule chains stuff cannot.
-- Ian Eiloart IT Services, University of Sussex x3148