Tickets :: [#6944] identity creation auditing

06/30/08	Chuck Hagenbuch	Comment #4 State ⇒ Accepted	Reply to this comment
1. we should add a "allowed_domains" regexp for addresses that don't trigger validation (admins will be responsible for ensuring that their regexps don't let too much in of course) 2. I'm okay with adding a "central_validation_email" that if set would get all confirmation requests.

06/18/08	liamr (at) umich (dot) edu	Comment #3	Reply to this comment
I think that our first pass would be to either... - redirect the identity confirmation messages to a central address (perhaps Horde's $conf['problems']['email']) - only invoked identify confirmation messages if the Reply-to or From contained a domain other than that server's "maildomain"

06/17/08	Chuck Hagenbuch	Comment #2 State ⇒ Feedback	Reply to this comment
Not to be too picky, but sure, it'd be cool - any suggestions on how to do it in a way that doesn't make Horde overly complicated?

06/17/08	liamr (at) umich (dot) edu	Comment #1 State ⇒ New Patch ⇒ Milestone ⇒ Queue ⇒ IMP Summary ⇒ identity creation auditing Type ⇒ Enhancement Priority ⇒ 1. Low	Reply to this comment
It would be cool if the identity creation confirmation email... - was only invoked when creating an identity with a non-local From / Reply-to - could be directed to central administrative user Spammy users often control the addresses they use as From and Reply-to, so we don't gain a lot by having them confirm their spammy yahoo account. Maybe there could be a web based admin tool to approve / deny identities.. something where the identity in question was displayed to the admin, so they could better judge whether the id was legit.