Restricting access to locally defined PDL's issue ?
Posted: Wed Apr 11, 2007 6:28 am
by nissimpenias
Hello all,
I am installed the latest scalix package 11.0.2 under FC-5 and everything
passed fine according to Scalix great documentation!!! Good for them
.
Right now I am having a problem restricting access to local PDL's to only those who are defined in them. I am not interested in external users to be able to send an e-mail for example to :
all@domain.com , this should be kept locally to authenticated users only.
I read the ACL chapter in the Administrative Guide but couldn't really understand how do I do it .
I found a small procedure in the scalix community forum that gives a solution to this problem but it doesn't really work.
I did:
1. omdelaci -l all -g default
2. omaddaci -l all -n user -c read
the first one should remove the all pdl from group default and the second should enable only user to post/read to all pdl.
after removing the all from groupd default I am getting an error in /var/log/maillog and massage is not delivered.
when I remove all pdl and redefine it in 'sac' it works again.
I would appreciate any help from scalix support / community users to solve this issue since I thing restrecting local PDL's is a very basic feature that scalix should have.
here some more information that might help.
Posted: Wed Apr 11, 2007 7:29 am
by nissimpenias
I followed one of the threads in this mailing list that should have solve my problem:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Here are the step by step instructions using your example of a public distribution list of Joke and Scalix user Ernest Cespedes.
Note: this can be accomplished in as short as three commands. But, the first try is easier with more information:
Run the following command to check the aci levels on the Public Distribution List called "joke"
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users config modify read remove
Default config modify read remove
Next, remove the default access with this command
# omdelaci -l joke -g default
Check the permission levels
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users config modify read remove
Default none
Notice the last line, this removes access to "joke" for the outside world.
Next remove access for all Local Scalix users with this command:
# omdelaci -l joke -g local
check the permission levels again
# omshowaci -l joke
Scalix Administrators config modify read remove
Local Users none
Default none
Now local all messages sent by Scalix users to the Joke Public distribution list will be bounced.
Now we can add back the specific users that can send to this list.
# omaddaci -l joke -n "Ernest Cespedes" -c read
Verify the permissions
# omshowaci -l joke
Ernest Cespedes read
Scalix Administrators config modify read remove
Local Users none
Default none
Now login to the client of as Mansfield and verify you can send a message to joke -
Verify it arrives correctly.
Next login and try to send from another user - the message will bounce.
Finally add each user that requires access.
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
when I type 'omshowaci -l test' my current test_pdl is: test
I get this output that should allow "Nissim Penias" to post messages to test PDL:
[root@mail ~]# omshowaci -l test
Nissim Penias read
Scalix Administrators config modify read remove
Local Users none
Default none
[root@mail ~]#
/var/log/mailog gives me this error:
+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Apr 11 14:19:45 mail sendmail[9082]: l3BBJjCT009082: from=<Nissim.Penias@domain.com>, size=1609, class=0, nrcpts=1, msgid=<24188282.1821176290385463.JavaMail.root@mail.domain.com>, proto=ESMTP, relay=root@localhost
Apr 11 14:19:45 mail sendmail[9083]: l3BBJj7k009083: from=<Nissim.Penias@domain.com>, size=1785, class=0, nrcpts=1, msgid=<24188282.1821176290385463.JavaMail.root@mail.domain.com>, proto=ESMTP, daemon=MTA, relay=localhost.localdomain [127.0.0.1]
Apr 11 14:19:45 mail sendmail[9082]: l3BBJjCT009082: to=<test@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=relay, pri=31609, relay=[127.0.0.1] [127.0.0.1], dsn=2.0.0, stat=Sent (l3BBJj7k009083 Message accepted for delivery)
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: SYSERR(root): MX list for domain.com. points back to mail.domain.com
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: to=<test@domain.com>, delay=00:00:00, xdelay=00:00:00, mailer=esmtp, pri=121785, relay=domain.com., dsn=5.3.5, stat=Local configuration error
Apr 11 14:19:45 mail sendmail[9089]: l3BBJj7k009083: l3BBJj7k009089: DSN: Local configuration error
Apr 11 14:19:46 mail sendmail[9089]: l3BBJj7k009089: to=root, delay=00:00:01, xdelay=00:00:00, mailer=local, pri=63001, dsn=2.0.0, stat=Sent
Apr 11 14:19:46 mail sendmail[9089]: l3BBJj7k009089: to=<Nissim.Penias@domain.com>, delay=00:00:01, xdelay=00:00:00, mailer=scalix_mime, pri=63001, relay=mail, dsn=2.0.0, stat=Sent (Ok)
Any suggestions ?