We cannot get this to work. Here is the scenario we are working on:
We have a "group" set up called "handheld". This is a group as set up in SAC with several members (I suppose it is known as a PDL in the command line). We want to restrict users so that only members can send to the group.
Since we do not want anyone to send to this group unless authorized, we started by executing the following:
This seems to have successfully removed the ability of any non-admins to send to the group (wither internal or external). So far so good.
Then we tried explicitly allowing a user to "read" the list:
Code: Select all
omaddaci -l handheld -n "User Name" -c read
Which worked beautifully.
Now, let's say we want to allow only the people IN the handheld group to send to the handheld group. This is where it gets tricky!
Trying to add a group/pdl as a user:
Code: Select all
ommaddaci -l handheld -n "handheld" -c read
The system accepts this command, but you still cannot send from any users in "handheld". Upon further testing, we found that if we spoofed an email from an external source, and said it came from
handheld@ourtestdomain.com, the email goes through. So it appears that by attempting to put a "group" in the ACI, it only allows read access to
groupname@domain.com and there is no mechanism in place to cross-reference the actual sender against the PDL group member list.
Trying to add the group/pdl as a group:
Code: Select all
ommaddaci -l handheld -g "handheld" -c read
The system does not accept this command because handheld is not a recognized group. The term "group" is confusing because in the commandline sense, group refers to administrators versus default users whereas in the SAC, group refers to public distribution lists.
So far the only solution to automate this that we have come up with is to cron a script which uses omshowpdl to generate a list of members which would then be added to the ACI. However, how do we handle the case where someone is removed from the distribution list?
Is there any other way that we can set a distribution list up so that only the members of the said distribution list can send to it? Is there a way we can set up a true "Group" (akin to the administrators group) which coul dbe called "power senders" who can send to every PDL? Basically we want to avoid having to micro-manage the sending permissions from the command line.
Also, is there a way to add an external email address to a PDL without creating them as a "user" on the system?
Thanks!