| Summary | identity creation auditing |
| Queue | Horde Base |
| Queue Version | Git master |
| Type | Enhancement |
| State | Accepted |
| Priority | 1. Low |
| Owners | |
| Requester | liamr (at) umich (dot) edu |
| Created | 06/17/2008 (6175 days ago) |
| Due | |
| Updated | 12/06/2011 (4908 days ago) |
| Assigned | |
| Resolved | |
| Milestone | |
| Patch | No |
Version ⇒ Git master
Queue ⇒ Horde Base
State ⇒ Accepted
trigger validation (admins will be responsible for ensuring that their
regexps don't let too much in of course)
2. I'm okay with adding a "central_validation_email" that if set would
get all confirmation requests.
- redirect the identity confirmation messages to a central address
(perhaps Horde's $conf['problems']['email'])
- only invoked identify confirmation messages if the Reply-to or From
contained a domain other than that server's "maildomain"
State ⇒ Feedback
to do it in a way that doesn't make Horde overly complicated?
Priority ⇒ 1. Low
Type ⇒ Enhancement
Summary ⇒ identity creation auditing
Queue ⇒ IMP
Milestone ⇒
Patch ⇒ No
State ⇒ New
- was only invoked when creating an identity with a non-local From / Reply-to
- could be directed to central administrative user
Spammy users often control the addresses they use as From and
Reply-to, so we don't gain a lot by having them confirm their spammy
yahoo account.
Maybe there could be a web based admin tool to approve / deny
identities.. something where the identity in question was displayed to
the admin, so they could better judge whether the id was legit.