Sat, 22 Nov 2008 10:05:14 -0500 http://bugs.horde.org/ticket/6944 identity creation auditing It would be cool if the identity creation confirmation email... - was only invoked when creating an identity with a non-local From / Reply-to - could be directed to central administrative user Spammy users often control the addresses they use as From and Reply-to, so we don't gain a lot by having them confirm their spammy yahoo account. Maybe there could be a web based admin tool to approve / deny identities.. something where the identity in question was displayed to the admin, so they could better judge whether the id was legit. Tue, 17 Jun 2008 18:49:17 -0400 http://bugs.horde.org/ticket/6944#t46618 Not to be too picky, but sure, it'd be cool - any suggestions on how to do it in a way that doesn't make Horde overly complicated? Tue, 17 Jun 2008 21:37:51 -0400 http://bugs.horde.org/ticket/6944#t46620 I think that our first pass would be to either... - redirect the identity confirmation messages to a central address (perhaps Horde's $conf['problems']['email']) - only invoked identify confirmation messages if the Reply-to or From contained a domain other than that server's "maildomain" Wed, 18 Jun 2008 16:13:28 -0400 http://bugs.horde.org/ticket/6944#t46647 1. we should add a "allowed_domains" regexp for addresses that don't trigger validation (admins will be responsible for ensuring that their regexps don't let too much in of course) 2. I'm okay with adding a "central_validation_email" that if set would get all confirmation requests. Mon, 30 Jun 2008 14:58:42 -0400 http://bugs.horde.org/ticket/6944#t47029