[ZendTo] authLDAPEmailAttr instead of internaldomains.conf

Jules Field Jules at Zend.To
Mon Mar 11 17:12:43 GMT 2019


Currently you can't put userabc at gmail.com in internaldomains.conf, but 
it would be a pretty easy change to allow that.
How many of this type of user do you have?
Are you really happy to have to maintain that list in 
internaldomains.conf by hand?
(Or by a little script that you write yourself?)

Otherwise I'll need to extend the authenticator so it can look for an 
email address and return true/false on whether it finds it via the 
authentication system. It would call that if the check in 
internaldomains.conf failed to find a matching domain.


On 11/03/2019 16:20, MICHAEL R MASSE via ZendTo wrote:
> We have users that use our own internal email domains and using the internaldomains.conf file works well for those cases, but I also have users that do not use our email domains and use something like gmail.com and I would really rather not add gmail.com to our internaldomains.conf file.     We consider our authLDAPEmailAttr as definitive, so it contains the user's correct email address regardless of whether it is an internal or external email domain.    So essentially, if a lookup of authLDAPEmailAttr finds a match, then they are an internal user.    I'm not so worried about sending, because legitimate users can always just log in to Zendto, but if I have a gmail email user, they cannot receive from an outside user unless I add gmail.com to internaldomains.conf.     That does bring up a question though.   Does internaldomains.conf allow you to specify individual email addresses?   Could I specify userabc at gmail.com in internaldomains.conf without having to allow every other gmail.com automatically?
> Mike
> -----Original Message-----
> From: Jules Field <Jules at Zend.To>
> Sent: Monday, March 11, 2019 4:08 AM
> To: ZendTo Users <zendto at zend.to>
> Cc: MICHAEL R MASSE <mrm at medicine.wisc.edu>
> Subject: Re: [ZendTo] authLDAPEmailAttr instead of internaldomains.conf
> Michael,
> Do your users have several different email addresses? Here we have multiple ones that work, e.g. among others I have jkf at soton.....
> jkf at southampton...
> jkf at ecs.soton.....
> J.K.Field at soton.....
> J.K.Field at southampton.....
> and so on.
> What appears in your authLDAPEmailAttr attribute?
> It's all very well sending an email to the contents of that attribute, but is there enough information there to be able to prove the user should be allowed / denied sending a drop-off to some other address?
> If all I have is *an* email address of an internal recipient, can I guarantee being able to find that in the authLDAPEmailAttr attribute of your LDAP?
> Cheers,
> Jules.
> On 08/03/2019 21:11, MICHAEL R MASSE via ZendTo wrote:
>> I currently have a working system which utilizes internaldomains.conf
>> to restrict outside users from sending to any domain except ones our
>> users use.    The problem is that some of those email domains listed
>> have users we do not manage, and therefore those users should not be
>> capable of receiving an email from Zendto from an outside user.    My
>> understanding is that if a domain is included in internaldomains.conf,
>> then any email address which matches is capable of receiving said
>> email.    I also utilize ldap for user authentication.    Each user in
>> my ldap directory has their correct email address which could be made
>> up of a number of different domains.    Is it possible for Zendto to
>> check for specific valid recipient email addresses by utilizing
>> authLDAPEmailAttr instead of the very broad and general
>> internaldomains.conf?
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://jul.es/mailman/listinfo/zendto
> Jules
> --
> The current UK shipping forecast:
> Viking, North Utsire, South Utsire, Northeast Forties: Cyclonic, mainly westerly, 5 to 7, backing southerly 7 to severe gale 9 later. Moderate or rough, occasionally very rough later. Showers, rain later. Good, occasionally poor.
> www.Zend.To
> Twitter: @JulesFM
> _______________________________________________
> ZendTo mailing list
> ZendTo at zend.to
> http://jul.es/mailman/listinfo/zendto



The current UK shipping forecast:
Sole, Lundy, Fastnet: Southwest veering west 7 to severe gale 9. Very rough,
occasionally high. Rain then showers. Good occasionally poor.

Twitter: @JulesFM

More information about the ZendTo mailing list