ACL's, public folders, and internet users

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

kluss0
Posts: 118
Joined: Sat Jan 07, 2006 1:40 pm

ACL's, public folders, and internet users

Postby kluss0 » Fri Aug 31, 2007 3:56 pm

I have started to get spam to my mail-enabled public folders. My intention was to change the ACL's on them like I did with the ACI's on my PDL's so that only local users, users of my other mail nodes, and a select few internet addresses can write to them. However, when I try to add the ACL's for internet users, I get errors:

Code: Select all

# omaddacln -t bulletin -l ":svnchanges" -n "/internet (rfc-822|user@external.com)" -c +"read create"
omaddacln: [OM 15898] Personal name is missing from the address supplied.
Usage: omaddacln -t type {-l name | -b AbsRef} [-d depth]
                 {-g group | -n OR_address | -a attribute_list}
                                 -c caps


When I added an asterisk before /internet, it took the command, but not with the desired results:

Code: Select all

  omaddacln -t bulletin -l ":svnchanges" -n "*/internet (rfc-822|user@external.com)" -c +"read create"
[root@postal ~]# omshowacl -t bb -l 1
* /internet/CN=*                         create read visible

Scalix Administrators                    create read subfolder editown deleteall owner contact visible
Local Users                              create read visible
Default                                  create visible


When I try to add permissions in Outlook, I get an error stating "The folder does not permit the inclusion of Internet addresses".

What is the correct way to limit who can send mail to a public folder address?

Thanks,
Kenny

dannyt
Scalix
Scalix
Posts: 140
Joined: Mon Aug 08, 2005 11:52 am
Location: UK

Postby dannyt » Mon Sep 03, 2007 6:18 am

Hi,

Because Scalix ACL is cumulative, the first step is to remove 'create' from the 'Default' group (e.g. ommodacln -t b -l ... -g default -c -create).

The group 'Local Users' should be modified in the same way if you don't want every Scalix user to be able to 'create'.

For each user to be given more access right, add an entry to the ACL using omaddacln. Wildcard pattern is generally not recommended as some clients don't like it.

Each internet user should be added to the directory with proper Scalix ORN fields so that these can be used to match the ACL entries correctly in the same way as Scalix users.

Regards,
Danny


Return to “Scalix Server”



Who is online

Users browsing this forum: Google [Bot] and 3 guests