Right now, we can have many combinations and permutations of allowed e-mail addresses per user and/or distribution list. The problem is, it's either all or one. We can lock down to just one domain, override to just one address but we can't select which one(s) among the list of permitted combinations we actually want to use. This is a huge handicap.
We use this primarily for LDAP accept queries in our antispam appliance but it would solve a lot of problems with regards to which addresses are allowed for which user.
Implementation should be easy, simply adding a property field to each permitted combination.
If you go to any Internet Addressing page and click "e-mail addresses" it shows a list of permitted addresses. Add checkboxes here and radio buttons. The radio buttons would be used to designate one of them as the primary but checkboxes to select which ones are actually used to receive mail.
The permitted combinations can be used by the MTA LDAP server to show (with multiple mail= attributes, as before) which addresses can be used to receive. The primary would be used as the default for outgoing.
This would be useful for many reasons.
Multi-tenancy:
Systems with no directory can have multi tenancy - a cloud-based GroupWise system could host many domains. These users would be for domain X, these users for domain Y, Z or AA. Just pick in the list which domains you want to use. (in the domain drop down, have check boxes and radio button for permitted and primary). This would help populate the Internet addresses list.
MTA LDAP server
This would give ultimate usability to the MTA LDAP server for incoming address lookups, allowing external entities (ie: non-associated users) to be easily looked up with an LDAP accept query, also groups (as distribution lists) -- and would solve many problems with regards to associating to directory objects.
Instead of associating groups and external entities to a directory object, the MTA LDAP server would solve that problem.
Directory publishing:
Currently, we have to publish all combinations, then manually go to the directory (eDir or AD) and delete the ones we don't want. This is time consuming, error prone and laborious. With this solution, on a directory sync, or deliberate e-mail address publish event, all the correct (desired) e-mail addresses would be published.
PLEASE implement this!
by: Willem B. | over a year ago | Administration
Comments
I found a solution with the use of alias for a primary object with one domain and use a alias who reponse to an another domain for that object. It is a pain but it work.