[ZendTo] authLDAPEmailAttr instead of internaldomains.conf

MICHAEL R MASSE mrm at medicine.wisc.edu
Mon Mar 11 18:54:59 GMT 2019 

Thanks Jules,

My preference would be to utilize the LDAP authenticator since that 
already has the email addresses in it.   Maintaining 
internaldomains.conf on an individual email address basis would be a lot 
of work.   I only mentioned it as a possible way around the issue if you 
weren't willing to incorporate code to utilize LDAP.

-Mike


On 3/11/2019 12:12 PM, Jules Field wrote:
> Michael,
>
> Currently you can't put userabc at gmail.com in internaldomains.conf, but 
> it would be a pretty easy change to allow that.
> How many of this type of user do you have?
> Are you really happy to have to maintain that list in 
> internaldomains.conf by hand?
> (Or by a little script that you write yourself?)
>
> Otherwise I'll need to extend the authenticator so it can look for an 
> email address and return true/false on whether it finds it via the 
> authentication system. It would call that if the check in 
> internaldomains.conf failed to find a matching domain.
>
> Cheers,
> Jules.
>
> On 11/03/2019 16:20, MICHAEL R MASSE via ZendTo wrote:
>> We have users that use our own internal email domains and using the 
>> internaldomains.conf file works well for those cases, but I also have 
>> users that do not use our email domains and use something like 
>> gmail.com and I would really rather not add gmail.com to our 
>> internaldomains.conf file. We consider our authLDAPEmailAttr as 
>> definitive, so it contains the user's correct email address 
>> regardless of whether it is an internal or external email domain.    
>> So essentially, if a lookup of authLDAPEmailAttr finds a match, then 
>> they are an internal user.    I'm not so worried about sending, 
>> because legitimate users can always just log in to Zendto, but if I 
>> have a gmail email user, they cannot receive from an outside user 
>> unless I add gmail.com to internaldomains.conf.     That does bring 
>> up a question though.   Does internaldomains.conf allow you to 
>> specify individual email addresses?   Could I specify 
>> userabc at gmail.com in internaldomains.conf without having to allow 
>> every other gmail.com automatically?
>>
>> Mike
>>
>>
>>
>> -----Original Message-----
>> From: Jules Field <Jules at Zend.To>
>> Sent: Monday, March 11, 2019 4:08 AM
>> To: ZendTo Users <zendto at zend.to>
>> Cc: MICHAEL R MASSE <mrm at medicine.wisc.edu>
>> Subject: Re: [ZendTo] authLDAPEmailAttr instead of internaldomains.conf
>>
>> Michael,
>>
>> Do your users have several different email addresses? Here we have 
>> multiple ones that work, e.g. among others I have jkf at soton.....
>> jkf at southampton...
>> jkf at ecs.soton.....
>> J.K.Field at soton.....
>> J.K.Field at southampton.....
>>
>> and so on.
>>
>>
>>
>>
>> What appears in your authLDAPEmailAttr attribute?
>> It's all very well sending an email to the contents of that 
>> attribute, but is there enough information there to be able to prove 
>> the user should be allowed / denied sending a drop-off to some other 
>> address?
>>
>> If all I have is *an* email address of an internal recipient, can I 
>> guarantee being able to find that in the authLDAPEmailAttr attribute 
>> of your LDAP?
>>
>> Cheers,
>> Jules.
>>
>> On 08/03/2019 21:11, MICHAEL R MASSE via ZendTo wrote:
>>> I currently have a working system which utilizes internaldomains.conf
>>> to restrict outside users from sending to any domain except ones our
>>> users use.    The problem is that some of those email domains listed
>>> have users we do not manage, and therefore those users should not be
>>> capable of receiving an email from Zendto from an outside user.    My
>>> understanding is that if a domain is included in internaldomains.conf,
>>> then any email address which matches is capable of receiving said
>>> email.    I also utilize ldap for user authentication.    Each user in
>>> my ldap directory has their correct email address which could be made
>>> up of a number of different domains.    Is it possible for Zendto to
>>> check for specific valid recipient email addresses by utilizing
>>> authLDAPEmailAttr instead of the very broad and general
>>> internaldomains.conf?
>>>
>>>
>>>
>>> _______________________________________________
>>> ZendTo mailing list
>>> ZendTo at zend.to
>>> http://jul.es/mailman/listinfo/zendto
>> Jules
>>
>> -- 
>> Julian Field MEng CEng CITP MBCS MIEEE MACM
>>
>> The current UK shipping forecast:
>> Viking, North Utsire, South Utsire, Northeast Forties: Cyclonic, 
>> mainly westerly, 5 to 7, backing southerly 7 to severe gale 9 later. 
>> Moderate or rough, occasionally very rough later. Showers, rain 
>> later. Good, occasionally poor.
>>
>> www.Zend.To
>> Twitter: @JulesFM
>>
>> _______________________________________________
>> ZendTo mailing list
>> ZendTo at zend.to
>> http://jul.es/mailman/listinfo/zendto
>
> Jules
>

More information about the ZendTo mailing list