[Kolab-devel] finely grained access to part of kolab : spam, virus, smtpdpolicy

Fri Apr 13 18:10:04 CEST 2007

On Friday 13 April 2007 16:05, Alain Spineux wrote:
> I thing it should be interesting to disable separately some port of kolab.
> With 2.1 it not possible to disable spamassassin without disabling
> virus checking !
> While Spam checking is optional, I thing Virus checking is essential
> and in case of
> problems (like heavy load) it should be possible do disable them
> separately. I thing it was possible in 2.0 ? Wasn't ?

No it was not by default possible to enable disable this seperately.
You can still disable and enable it using the amavisd configuration.

> Now about smtpdpolicy.
> I read in /kolab/etc/kolab/kolab_smtpdpolicy :
>
> # 1) Only authenticated users can use sender <username>@$domain
>
> This is a good idea, but this collide with some habit people have. Like
> sending email using its company's domain from home using ISP smtp !

They could just send it from home over the Kolab Server and be fine.

> The email will be accepted by the ISP and rejected by Kolab server !
> But any email send to address <username>@$another_domain, will
> be accepted and reach final destination without error.
> This could confuse people (like I was) !

The default setting is to have those emails be marked as "untrusted",
because otherwise it would be possible from somebody outside
of your company network to send email from
boss at your.company.example.org and it would look real.

> Give the choice in the GUI console will draw the attention of the
> administrator on
> this possible problem !

I think there is a choice, we are happy to improve the help texts
of course.

> A note about "554 <username>@$domain: Sender address rejected: Invalid
> sender" in the documentation or the wiki will ne be too luxurious

We are still fixing one problems with this:
https://intevation.de/roundup/kolab/issue954

> May I notice that the exactly same feature could be reached using the
> more standard and more general www.openspf.org !
> This will also let other take benefice of the same protection.

It is not exactely the same feature as 
Kolab Server has a much stronger concept 
about which servers it will trust to deliver a correct header and envelope
From: address.

Bernhard

-- 
Managing Director - Owner: www.intevation.net       (Free Software Company)
Germany Coordinator: fsfeurope.org. Coordinator: www.Kolab-Konsortium.com.
Intevation GmbH, Osnabrück, DE; Amtsgericht Osnabrück, HRB 18998
Geschäftsführer Frank Koormann, Bernhard Reiter, Dr. Jan-Oliver Wagner
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.kolab.org/pipermail/devel/attachments/20070413/26b1a36d/attachment.sig>