Restricting access to locally defined PDL's issue ?

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

nissimpenias

Restricting access to locally defined PDL's issue ?

Postby nissimpenias » Wed Apr 11, 2007 6:28 am

Hello all,

I am installed the latest scalix package 11.0.2 under FC-5 and everything
passed fine according to Scalix great documentation!!! Good for them :) .

Right now I am having a problem restricting access to local PDL's to only those who are defined in them. I am not interested in external users to be able to send an e-mail for example to : all@domain.com , this should be kept locally to authenticated users only.


I read the ACL chapter in the Administrative Guide but couldn't really understand how do I do it .

I found a small procedure in the scalix community forum that gives a solution to this problem but it doesn't really work.

I did:
1. omdelaci -l all -g default
2. omaddaci -l all -n user -c read

the first one should remove the all pdl from group default and the second should enable only user to post/read to all pdl.

after removing the all from groupd default I am getting an error in /var/log/maillog and massage is not delivered.
when I remove all pdl and redefine it in 'sac' it works again.


I would appreciate any help from scalix support / community users to solve this issue since I thing restrecting local PDL's is a very basic feature that scalix should have.

nissimpenias

here some more information that might help.

Postby nissimpenias » Wed Apr 11, 2007 7:29 am

I followed one of the threads in this mailing list that should have solve my problem:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here are the step by step instructions using your example of a public distribution list of Joke and Scalix user Ernest Cespedes.

Note: this can be accomplished in as short as three commands. But, the first try is easier with more information:

Run the following command to check the aci levels on the Public Distribution List called "joke"

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users config modify read remove
Default config modify read remove

Next, remove the default access with this command

# omdelaci -l joke -g default

Check the permission levels

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users config modify read remove
Default none

Notice the last line, this removes access to "joke" for the outside world.

Next remove access for all Local Scalix users with this command:

# omdelaci -l joke -g local

check the permission levels again

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users none
Default none

Now local all messages sent by Scalix users to the Joke Public distribution list will be bounced.

Now we can add back the specific users that can send to this list.

# omaddaci -l joke -n "Ernest Cespedes" -c read

Verify the permissions

# omshowaci -l joke
Ernest Cespedes read

Scalix Administrators config modify read remove
Local Users none
Default none

Now login to the client of as Mansfield and verify you can send a message to joke -
Verify it arrives correctly.

Next login and try to send from another user - the message will bounce.

Finally add each user that requires access.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++

when I type 'omshowaci -l test' my current test_pdl is: test
I get this output that should allow "Nissim Penias" to post messages to test PDL:

[root@mail ~]# omshowaci -l test
Nissim Penias read

Scalix Administrators config modify read remove
Local Users none
Default none
[root@mail ~]#


/var/log/mailog gives me this error:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Apr 11 14:19:45 mail sendmail[9082]: l3BBJjCT009082: from=<Nissim.Penias@domain.com>, size=1609, class=0, nrcpts=1, msgid=<24188282.1821176290385463.JavaMail.root@mail.domain.com>, proto=ESMTP, relay=root@localhost
Apr 11 14:19:45 mail sendmail[9083]: l3BBJj7k009083: from=<Nissim.Penias@domain.com>, size=1785, class=0, nrcpts=1, msgid=<24188282.1821176290385463.JavaMail.root@mail.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr 11 14:19:45 mail sendmail[9082]: l3BBJjCT009082: to=<test@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31609, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l3BBJj7k009083 Message accepted for delivery)
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: SYSERR(root): MX list for domain.com. points back to mail.domain.com
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: to=<test@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=121785, relay=domain.com., dsn=5.3.5, stat=Local configuration error
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: l3BBJj7k009089: DSN: Local configuration error
Apr 11 14:19:46 mail sendmail[9089]: l3BBJj7k009089: to=root, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=63001, dsn=2.0.0, stat=Sent
Apr 11 14:19:46 mail sendmail[9089]: l3BBJj7k009089: to=<Nissim.Penias@domain.com>, delay=00:00:01, xdelay=00:00:00, mailer=scalix_mime, pri=63001, relay=mail, dsn=2.0.0, stat=Sent (Ok)



Any suggestions ?


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 0 guests

cron