[ZendTo] authLDAPEmailAttr instead of internaldomains.conf

MICHAEL R MASSE mrm at medicine.wisc.edu
Mon Mar 11 16:20:27 GMT 2019

We have users that use our own internal email domains and using the internaldomains.conf file works well for those cases, but I also have users that do not use our email domains and use something like gmail.com and I would really rather not add gmail.com to our internaldomains.conf file.     We consider our authLDAPEmailAttr as definitive, so it contains the user's correct email address regardless of whether it is an internal or external email domain.    So essentially, if a lookup of authLDAPEmailAttr finds a match, then they are an internal user.    I'm not so worried about sending, because legitimate users can always just log in to Zendto, but if I have a gmail email user, they cannot receive from an outside user unless I add gmail.com to internaldomains.conf.     That does bring up a question though.   Does internaldomains.conf allow you to specify individual email addresses?   Could I specify userabc at gmail.com in internaldomains.conf without having to allow every other gmail.com automatically?


-----Original Message-----
From: Jules Field <Jules at Zend.To> 
Sent: Monday, March 11, 2019 4:08 AM
To: ZendTo Users <zendto at zend.to>
Cc: MICHAEL R MASSE <mrm at medicine.wisc.edu>
Subject: Re: [ZendTo] authLDAPEmailAttr instead of internaldomains.conf


Do your users have several different email addresses? Here we have multiple ones that work, e.g. among others I have jkf at soton.....
jkf at southampton...
jkf at ecs.soton.....
J.K.Field at soton.....
J.K.Field at southampton.....

and so on.

What appears in your authLDAPEmailAttr attribute?
It's all very well sending an email to the contents of that attribute, but is there enough information there to be able to prove the user should be allowed / denied sending a drop-off to some other address?

If all I have is *an* email address of an internal recipient, can I guarantee being able to find that in the authLDAPEmailAttr attribute of your LDAP?


On 08/03/2019 21:11, MICHAEL R MASSE via ZendTo wrote:
> I currently have a working system which utilizes internaldomains.conf 
> to restrict outside users from sending to any domain except ones our 
> users use.    The problem is that some of those email domains listed 
> have users we do not manage, and therefore those users should not be 
> capable of receiving an email from Zendto from an outside user.    My 
> understanding is that if a domain is included in internaldomains.conf, 
> then any email address which matches is capable of receiving said 
> email.    I also utilize ldap for user authentication.    Each user in 
> my ldap directory has their correct email address which could be made 
> up of a number of different domains.    Is it possible for Zendto to 
> check for specific valid recipient email addresses by utilizing 
> authLDAPEmailAttr instead of the very broad and general 
> internaldomains.conf?
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto



The current UK shipping forecast:
Viking, North Utsire, South Utsire, Northeast Forties: Cyclonic, mainly westerly, 5 to 7, backing southerly 7 to severe gale 9 later. Moderate or rough, occasionally very rough later. Showers, rain later. Good, occasionally poor.

Twitter: @JulesFM

More information about the ZendTo mailing list