[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [cobalt-users] POP3/IMAP Mailboxes
- Subject: RE: [cobalt-users] POP3/IMAP Mailboxes
- From: Jeff Lasman <jblists@xxxxxxxxxxxxx>
- Date: Sun Jan 16 14:18:59 2000
At 06:22 PM 1/15/00 David Harris wrote:
Was I foolish in thinking
it is safe to give my users siteadmin access?
Not if it fits your business model to let your clients do the various
things that siteadmin lets them do.
What danger is there in allowing siteadmin access?
I'm not sure it's danger so much as confusion...
If a siteadmin for <mycustomer.com> can set up an email address such as
<joe@xxxxxxxxxxxxxx>, then another customer, named Joe wants to set up
<joe@xxxxxxxxxxxxxxxxxxx>, then yet another...
It results in customer support issues I really don't want. I really want
to know, at all times, who the users are on my RaQ(s). As one example, if
I get a complaint that <joe@xxxxxxxxxxxxxx> is spamming, I want to know he
is, not have to search the box to find out.
How else could I allow
my end users to add/remove email boxes etc?
This is just what I don't want. (My business model, yours may
differ.) When we set up what our clients want, we document it in our own
database.
Like many IPPs (Internet Presence Providers) we differentiate between
forwards and actual mailboxes. We give most accounts unlimited forwards,
but little in the way of actual mailboxes. You can't differentiate this
way using a RaQ because you have to give each forward a mailbox.
Just some of the issues.
As long as I disable shell
access for the virtual site, is there really anything destructive a user can
do via siteadmin that they couldnt do anyway (ie ftp etc)?
Not sure, since I haven't tried. But unless you consider setting up an
email box and then spamming from it and getting you blocked from half the
sites on the Internet before you can find the guilty party destructive, I
don't think so.
OR, are you talking about users under YOUR domain? I would understand why
you wouldnt want to giveout siteadmin access to them, of course, but I am
referring to a whole new virtual domain account. Was I foolish in thinking
it is safe to give my users siteadmin access?
Not if it matches your business model and you're willing to take the
risks. Plenty of people do it every day.
A big issue for us was that most of our customers offer "unlimited
forwarding", and we can't offer that using the RaQ gui interface unless we
also offer "unlimited" mailboxes.
I also don't like the idea of my clients knowing I'm on a RaQ unless they
have to. If a major security hole is ever published for RaQs, I don't want
my clients to know they can go in and abuse it.
Maybe at some time in the future we'll offer, through our own gui, the
ability for our customers to set up mailboxes and/or forwards.
Jeff
--
Jeff Lasman, nobaloney.net
<jblists@xxxxxxxxxxxxx>
<www.nobaloney.net>, <www.mailtraqna.com>, <www.email-lists.com>