[#6944] identity creation auditing
Summary identity creation auditing
Queue Horde Base
Queue Version Git master
Type Enhancement
State Accepted
Priority 1. Low
Requester liamr (at) umich (dot) edu
Created 2008-06-17 (4874 days ago)
Updated 2011-12-06 (3607 days ago)
Patch No

2011-12-06 04:53:53 Michael Slusarz Comment #5
Version ⇒ Git master
Queue ⇒ Horde Base
Reply to this comment
This is a Horde/Core feature request.
2008-06-30 18:58:42 Chuck Hagenbuch Comment #4
State ⇒ Accepted
Reply to this comment
1. we should add a "allowed_domains" regexp for addresses that don't 
trigger validation (admins will be responsible for ensuring that their 
regexps don't let too much in of course)

2. I'm okay with adding a "central_validation_email" that if set would 
get all confirmation requests.
2008-06-18 20:13:28 liamr (at) umich (dot) edu Comment #3 Reply to this comment
I think that our first pass would be to either...

- redirect the identity confirmation messages to a central address 
(perhaps Horde's $conf['problems']['email'])

- only invoked identify confirmation messages if the Reply-to or From 
contained a domain other than that server's "maildomain"

2008-06-18 01:37:51 Chuck Hagenbuch Comment #2
State ⇒ Feedback
Reply to this comment
Not to be too picky, but sure, it'd be cool - any suggestions on how 
to do it in a way that doesn't make Horde overly complicated?
2008-06-17 22:49:17 liamr (at) umich (dot) edu Comment #1
Type ⇒ Enhancement
State ⇒ New
Priority ⇒ 1. Low
Summary ⇒ identity creation auditing
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
Reply to this comment
It would be cool if the identity creation confirmation email...

- was only invoked when creating an identity with a non-local From / Reply-to

- could be directed to central administrative user

Spammy users often control the addresses they use as From and 
Reply-to, so we don't gain a lot by having them confirm their spammy 
yahoo account.

Maybe there could be a web based admin tool to approve / deny 
identities.. something where the identity in question was displayed to 
the admin, so they could better judge whether the id was legit.

Saved Queries