Page 1 of 1
Restricting sending to everyone@company.com distribution lis
Posted: Tue Oct 31, 2006 1:41 pm
by ernestc
I'm trying to restrict all users from sending email to the
everyone@company.com list as it
is being abused by users in our company. The end result would only be a group
people with authority (ie, HR, management, IT) to be able to send to this alias.
Thanks in advanced.
-Ernest
Posted: Wed Nov 01, 2006 11:28 am
by chris
Hi Ernestc,
you can set ACI's on PDL's which should be able to handle this.
Look at:
http://www.scalix.com/community/viewtop ... ht=pdl+acl for more.
It's a somwhat complex topic, so read that and give it a shot, and if you have problems post back here - I'll monitor the thread.
Cheers,
Chris
only certain GROUP to access PDLs
Posted: Fri Nov 03, 2006 1:19 pm
by mabadjiev
What we are trying to do is: allow only certain GROUPS with their members to be able to send rmail to PDL called 'everyone'
The refered URL gives just an idea but nothing more, ideally an example will be very usefull
Any help will be greatly appreciated.
Posted: Fri Nov 03, 2006 8:14 pm
by dkelly
Scalix v 10 doesn't provide this ability but the good news is that Scalix 11 will.
So, for the moment, you need to add the names manually but make sure that you remove the default capability with:
omaddaci -l "PDL Name" -g default -c "-read"
Cheers
Dave
Posted: Wed Nov 08, 2006 7:50 pm
by ernestc
We tried the commands above and still didn't work. Did a 'man' on the command to try to understand what we're doing, but description and example is quite vague. What we
need is a real-life command(s) that will do the actual job. For example, we would like
to prevent ALL users from sending mail to the "everyone@company.com" alias (or group).
Also, we were told that it would take 3 lines of codes (commands) to perform the
above task, but there's only one simple command given.
Thanks,
-Ernest
Posted: Wed Nov 08, 2006 7:53 pm
by dkelly
Please help us out and tell us exactly what you've done.
Cheers
Dave
Posted: Wed Nov 08, 2006 9:45 pm
by ernestc
As a test, we first created a group called "joke", which include a user named "ecespedes"
as a member of this new group.
Then entered commands below to test.
ommodaci -gjoke -c -read ecespedes
ommodaci -gjoke/mailint -c -read ecespedes
ommodaci -g "joke/mailint" -c -read ecespedes
ommodaci -g "joke/mailint" -c -read ecespedes
Next, the user ecespedes sent a mail to the new group,
joke@company.com, and
still able to send the mail through. Our goal is to prevent the user from sending mail
to the group.
Thanks,
-Ernest
Posted: Wed Nov 08, 2006 10:53 pm
by dkelly
Did you cut and paste those commands ?
You haven't specified the name of the PDL using the -l switch. Look at the postings just above this one, the structure is:
Code: Select all
ommodaci -l "PDL Name" -g group -c capabilities or
Code: Select all
ommodaci -l "PDL Name" -n "User Name" -c capabilitiesCheers
Dave
Please clearify
Posted: Thu Nov 09, 2006 3:02 am
by mabadjiev
Okay the User Name is: ecespedes the Fullname is "Ernest Cespedes" the mail node is "mailint,8x8" we would like ONLY Ernest to be able to send mail to an group called 'joke' and NOBODY else. How do we do this?
Thanks foa all the help.
Step by step instructions for limiting permissions to a pdl
Posted: Fri Nov 10, 2006 7:49 pm
by achavez
Here are the step by step instructions using your example of a public distribution list of Joke and Scalix user Ernest Cespedes.
Note: this can be accomplished in as short as three commands. But, the first try is easier with more information:
Run the following command to check the aci levels on the Public Distribution List called "joke"
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users config modify read remove
Default config modify read remove
Next, remove the default access with this command
# omdelaci -l joke -g default
Check the permission levels
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users config modify read remove
Default none
Notice the last line, this removes access to "joke" for the outside world.
Next remove access for all Local Scalix users with this command:
# omdelaci -l joke -g local
check the permission levels again
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users none
Default none
Now local all messages sent by Scalix users to the Joke Public distribution list will be bounced.
Now we can add back the specific users that can send to this list.
# omaddaci -l joke -n "Ernest Cespedes" -c read
Verify the permissions
# omshowaci -l joke
Ernest Cespedes read
Scalix Administrators config modify read remove
Local Users none
Default none
Now login to the client of as Mansfield and verify you can send a message to joke -
Verify it arrives correctly.
Next login and try to send from another user - the message will bounce.
Finally add each user that requires access.
Thanks that works.
Posted: Fri Nov 10, 2006 10:43 pm
by mabadjiev
Thanks you that works GREAT.