From: Furnish, T. G <TGF...@he...> - 2003-12-10 17:45:29
|
A prototype (ie something of an experimental and unfinished nature) interface to mailwatch for non-administrative users has been added to cvs under the luser subdirectory. This interface is meant to let a single, non-administrative user see the list of messages sent to or from his email address. Email addresses are used for authentication, with randomly generated passwords. The interface is deliberately simple and leaves out lots of nice features (for now). Please feel free to try it out and please let me know if you have problems. Corrections and improvements welcome. If you like it, the good stuff all comes from Steve's original mailwatch files. Any bad stuff you find is undoubtedly my fault. :-) The readme section of the INSTALL file is below. -- Trever ============================================================= Please read: This is meant to provide a non-administrative, single-email-address interface to the MailWatch database -- and only a SIMPLE one at that. In particular, this interface has no support for searching, no way to let a user view a detail page for a message, and no way for a user to release a message from quarantine or to run sa-learn. Those features *will* be added later. So what is this good for then, you may be asking... It's good for letting a user determine whether a message they never received was blocked by MailScanner. That was my original primary objective, since at my site we don't notify senders OR recipients when a message is blocked - it just goes into the quarantine, where it sits for a few days till it's deleted. In such a set-up the only other way for a user to figure out that mailscanner blocked a message is to ask the email admin to check on it for him. Requirements: If you have mailwatch working, then you ought to be able to get this working. You'll have to add a "lusers" table to the mailscanner database to hold "lusernames" (described below). Authentication: For "luser" authentication, a new table, "lusers", is created in the mailscanner database. Lusernames are actually email addresses and passwords are pseudo-randomly generated. There is no provision for letting a user set their own password, although they can get a new random password at any time. There is no provision for intergrating the authentication with another user database, such as Active Directory or the /etc/passwd file. That's intentional - everything's a whole lot simpler (and safer) if access restrictions are based only on the email address in question. A user initially connects to the login page and then clicks on "create an account", which prompts him for his email address. A message containing a random password is sent to that email address. If they user doesn't own the address, they never get the password. A note about "random" passwords: With the routine included for generating passwords, the resulting passwords are more likely to be easy to remember than they would be if they were truely random. We use patterns to produce "pronounceable" passwords. Sometimes however some passwords might raise an eyebrow or too - there's nothing that can be done to prevent that, but just be aware of it. For example, if the president of your company gets his password randomly set to "m0ron12" and takes it personally... well, I doubt he'll forget it, and that's the whole point. ;^) |