Restricting sending to everyone@company.com distribution lis

Discuss the Scalix Server software

Moderators: ScalixSupport, admin

ernestc

Restricting sending to everyone@company.com distribution lis

Postby ernestc » Tue Oct 31, 2006 1:41 pm

I'm trying to restrict all users from sending email to the everyone@company.com list as it
is being abused by users in our company. The end result would only be a group
people with authority (ie, HR, management, IT) to be able to send to this alias.


Thanks in advanced.

-Ernest

chris
Scalix Star
Scalix Star
Posts: 321
Joined: Mon May 09, 2005 2:56 pm
Location: Freiburg, Germany

Postby chris » Wed Nov 01, 2006 11:28 am

Hi Ernestc,

you can set ACI's on PDL's which should be able to handle this.

Look at: http://www.scalix.com/community/viewtop ... ht=pdl+acl for more.

It's a somwhat complex topic, so read that and give it a shot, and if you have problems post back here - I'll monitor the thread.

Cheers,

Chris

mabadjiev
Posts: 30
Joined: Thu Feb 23, 2006 12:57 am

only certain GROUP to access PDLs

Postby mabadjiev » Fri Nov 03, 2006 1:19 pm

What we are trying to do is: allow only certain GROUPS with their members to be able to send rmail to PDL called 'everyone'
The refered URL gives just an idea but nothing more, ideally an example will be very usefull
Any help will be greatly appreciated.

dkelly
Scalix
Scalix
Posts: 593
Joined: Thu Mar 18, 2004 2:03 pm

Postby dkelly » Fri Nov 03, 2006 8:14 pm

Scalix v 10 doesn't provide this ability but the good news is that Scalix 11 will.

So, for the moment, you need to add the names manually but make sure that you remove the default capability with:

omaddaci -l "PDL Name" -g default -c "-read"

Cheers

Dave

ernestc

Postby ernestc » Wed Nov 08, 2006 7:50 pm

We tried the commands above and still didn't work. Did a 'man' on the command to try to understand what we're doing, but description and example is quite vague. What we
need is a real-life command(s) that will do the actual job. For example, we would like
to prevent ALL users from sending mail to the "everyone@company.com" alias (or group).

Also, we were told that it would take 3 lines of codes (commands) to perform the
above task, but there's only one simple command given.

Thanks,

-Ernest

dkelly
Scalix
Scalix
Posts: 593
Joined: Thu Mar 18, 2004 2:03 pm

Postby dkelly » Wed Nov 08, 2006 7:53 pm

Please help us out and tell us exactly what you've done.

Cheers

Dave

ernestc

Postby ernestc » Wed Nov 08, 2006 9:45 pm

As a test, we first created a group called "joke", which include a user named "ecespedes"
as a member of this new group.

Then entered commands below to test.


ommodaci -gjoke -c -read ecespedes
ommodaci -gjoke/mailint -c -read ecespedes
ommodaci -g "joke/mailint" -c -read ecespedes
ommodaci -g "joke/mailint" -c -read ecespedes

Next, the user ecespedes sent a mail to the new group, joke@company.com, and
still able to send the mail through. Our goal is to prevent the user from sending mail
to the group.

Thanks,

-Ernest

dkelly
Scalix
Scalix
Posts: 593
Joined: Thu Mar 18, 2004 2:03 pm

Postby dkelly » Wed Nov 08, 2006 10:53 pm

Did you cut and paste those commands ?

You haven't specified the name of the PDL using the -l switch. Look at the postings just above this one, the structure is:

Code: Select all

ommodaci -l "PDL Name" -g group -c capabilities
or

Code: Select all

ommodaci -l "PDL Name" -n "User Name" -c capabilities


Cheers

Dave

mabadjiev
Posts: 30
Joined: Thu Feb 23, 2006 12:57 am

Please clearify

Postby mabadjiev » Thu Nov 09, 2006 3:02 am

Okay the User Name is: ecespedes the Fullname is "Ernest Cespedes" the mail node is "mailint,8x8" we would like ONLY Ernest to be able to send mail to an group called 'joke' and NOBODY else. How do we do this?
Thanks foa all the help.

achavez
Scalix
Scalix
Posts: 16
Joined: Mon Nov 17, 2003 1:53 pm
Contact:

Step by step instructions for limiting permissions to a pdl

Postby achavez » Fri Nov 10, 2006 7:49 pm

Here are the step by step instructions using your example of a public distribution list of Joke and Scalix user Ernest Cespedes.

Note: this can be accomplished in as short as three commands. But, the first try is easier with more information:

Run the following command to check the aci levels on the Public Distribution List called "joke"

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users config modify read remove
Default config modify read remove

Next, remove the default access with this command

# omdelaci -l joke -g default

Check the permission levels

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users config modify read remove
Default none

Notice the last line, this removes access to "joke" for the outside world.

Next remove access for all Local Scalix users with this command:

# omdelaci -l joke -g local

check the permission levels again

# omshowaci -l joke

Scalix Administrators config modify read remove
Local Users none
Default none

Now local all messages sent by Scalix users to the Joke Public distribution list will be bounced.

Now we can add back the specific users that can send to this list.

# omaddaci -l joke -n "Ernest Cespedes" -c read

Verify the permissions

# omshowaci -l joke
Ernest Cespedes read

Scalix Administrators config modify read remove
Local Users none
Default none

Now login to the client of as Mansfield and verify you can send a message to joke -
Verify it arrives correctly.

Next login and try to send from another user - the message will bounce.

Finally add each user that requires access.

mabadjiev
Posts: 30
Joined: Thu Feb 23, 2006 12:57 am

Thanks that works.

Postby mabadjiev » Fri Nov 10, 2006 10:43 pm

Thanks you that works GREAT.


Return to “Scalix Server”



Who is online

Users browsing this forum: No registered users and 1 guest