Hi Chris,
Because you're trying to stop abuse, you need to make sure that you design
things so that they can't be easily gotten around. The first question to
ask
is do you want to determine good users by IP address or by user id. IMHO,
IP
addresses are easier to implement, but harder to manage. To implement an
"internalOnly" flag on the user objects as you describe you'd first have
to
make sure that people are validated to send as the user in the from line.
This would mean implementing OFMIP (old Fashioned Mail Injection Protocol)
which is basically SMTP on another port that requires validation. Your
OFMIP
daemon would then simply check the LDAP database and now allow mail to be
sent
externally if it's turned on. This can be done without touching any of
the
qmail-ldap code at all. You might try hacking the TMDA OFMIPD code. I'm
sure
there are other OFMIPD implementations out there as well, some of which
might
be trivial to hack in this way.
Well, I'm not (still) this hacker that could hack here and there. And this
is not what i'm looking for. I'd like qmail-ldap to provide a smooth
solution to this problem, I'd like qmail-ldap to issue this as one of its
features.
I heard that some commercial mailservers, Domino and Exchange, already
implement this feature, I and don't want qmail-ldap to stay behind these
commercial servers.
In vpomail mailling list I'm debating this same issue, and one of the guys
told me that this feature would require vpomail integration with Qmail and
Chkuser patch. Since qmail-ldap like "superseeds" all those products, I
think is qmail-ldap role to implement this feature.
regards,
bnegrao
