Hi,
On Wed, Nov 16, 2011 at 2:15 PM, Andrew Colin Kissa
<[email protected]> wrote:
>
> On 16 Nov 2011, at 3:04 PM, Mikael Syska wrote:
>
>> Authentication is another issue. We dont have account for every user,
>> only admins. So we need a nice and clean way for doing this. Maybe ip
>> based or some other sort that can only reports spam. Maybe a queue so
>> an admin first have to ackowlegde the incoming as also rightfully
>> being spam.
>
> This is where NTLM and SPNEGO come in for SSO, once the user is logged
> in to their machine meaning they are logged in to the windows domain,
> authentication to baruwa should them be transparent.
You do test my skills of all the acronyms you are using :-)
Does this not mean that authentication in baruwa should be using ldap
to the AD? or am I missing something here. What if the mail gateway
handles mail for a few in house Exchange servers not related?
>
> You can implement an approval system, for the admin but that means you would
> have to quarantine the message for the admin to be able to tell if the
> request is
> legit or not
I'm not sure i'm following you here ... this should be a seperate
table only takings care of aproving the sa-learn actions that are send
from clients machines.
Qurantine what massage? Messages are allready in the system. baruwa
gets a json request like: {messageId: "1JKLK4Æ324.J434J32L", learn:
"spam" } and which action should be taken. Ether discard(if its maybe
a anonymous user, from a banned network), needs approval(allowed
network but needs approval) or allow (which should just queue it to
sa-learn).
Hopes this makes it more clean what I'm trying to do.
I'm not sure this is the right way. Just some thoughts on the subject.
>
> --
> Baruwa - www.baruwa.org
>
> _______________________________________________
> Keep Baruwa FREE - http://pledgie.com/campaigns/12056
>
_______________________________________________
Keep Baruwa FREE - http://pledgie.com/campaigns/12056
