This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I give an AD-synced user account the ability to manage the quarantine for a mailing list?

I'd like to give one of our AD-synced user accounts the ability to manage the quarantine for several mailing lists, but I am not sure how to do so--or if it can be done at all.

While I can add the mailing list addresses as alternate addresses for this account (as suggested in the online manual), these additions are overwritten upon the next directory sync. It seems this method will only work if using a local user account.

Of course, I can give this user account Mail Manager access in WebAdmin Settings>Access Control, but this gives system-wide access, and that's not optimal.

Is there another way?



This thread was automatically locked due to age.
Parents
  • This reply was deleted.

    Sachin Gurung
    Team Lead | Sophos Technical Support
    Knowledge Base  |  @SophosSupport  |  Video tutorials
    Remember to like a post.  If a post (on a question thread) solves your question use the 'This helped me' link.

  • This reply was deleted.

    -----------------------
    SG210/UTM 9.407-3

  • Matthew, it is possible to create a cron job that adds an address back in.  You should check with Sophos Support for approval before you do it though.  Schedule it to run a few minutes after your Prefetch runs.

    Assuming the user is jsmith, you can get the REF_ of the User object with:

    cc get_object_by_name jsmith

    Assuming we find REF_AaaUseJsmith, add the following line to /etc/crontab-static (where you want the command to run at 05:10 every day):

    10 5 * * * root confd-client.plx change_object REF_AaaUseJsmith email_secondary 'maillist@domain.com'

    To get that line added to /etc/crontab, go to 'Management >> Up2Date' 'Configuration' and change one of the Intervals, [Apply] and then change it back, [Apply].

    Again, you will want to get explicit approval from Support for this.

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks, Bob! That's an interesting way to approach the problem. I may give this a shot.

    -----------------------
    SG210/UTM 9.407-3

  • BAlfson said:

    Assuming we find REF_AaaUseJsmith, add the following line to /etc/crontab-static (where you want the command to run at 05:10 every day):

    10 5 * * * root confd-client.plx change_object REF_AaaUseJsmith email_secondary 'maillist@domain.com' 

     

    Quick question, Bob. What does this line look like if I need to add multiple secondary addresses?

    Thanks!

    -----------------------
    SG210/UTM 9.407-3

  • If you have more than two, you might want to run several jobs at one minute intervals:

    10 5 * * * root confd-client.plx change_object REF_AaaUseJsmith email_secondary 'maillist@domain.com' && confd-client.plx change_object REF_AaaUseJsmith email_secondary 'otherlist@domain.com'

    Cheers - Bob

     
    Sophos UTM Community Moderator
    Sophos Certified Architect - UTM
    Sophos Certified Engineer - XG
    Gold Solution Partner since 2005
    MediaSoft, Inc. USA
  • Thanks, Bob. Unfortunately, Sophos has refused my request to go this route.

    I'm trying a different approach:

    1. Create a local UTM account, called list.manager@mydomain.com. Populate the alternate email addresses of this account with my distro lists, making this account a "mail manager".
    2. Create an Exchange account (disabled to prevent account logon) for list.manager@mydomain.com, in an OU that will not be synchronized with UTM. (Having an account in AD allows recipient verification to work properly.)
    3. Create a transport rule in Exchange that redirects quarantine notifications for list.manager@mydomain.com to the real person who should manage these lists. (A simple "forward" would work as well.)

    This is not as flexible as I would like, but it should work for us.

    -----------------------
    SG210/UTM 9.407-3

Reply
  • Thanks, Bob. Unfortunately, Sophos has refused my request to go this route.

    I'm trying a different approach:

    1. Create a local UTM account, called list.manager@mydomain.com. Populate the alternate email addresses of this account with my distro lists, making this account a "mail manager".
    2. Create an Exchange account (disabled to prevent account logon) for list.manager@mydomain.com, in an OU that will not be synchronized with UTM. (Having an account in AD allows recipient verification to work properly.)
    3. Create a transport rule in Exchange that redirects quarantine notifications for list.manager@mydomain.com to the real person who should manage these lists. (A simple "forward" would work as well.)

    This is not as flexible as I would like, but it should work for us.

    -----------------------
    SG210/UTM 9.407-3

Children
No Data