[Zope] sendmail policy enforcement

Kyler B. Laird laird@ecn.purdue.edu
Fri, 23 Feb 2001 11:47:11 -0500


I do not allow my users to create Mail Hosts,
but I have a Mail Host object available in the
root for everyone to use.  Right now, I even 
allow Anonymous to use it (so that users don't
need to turn on proxy roles anytime they want to
send mail.)  I wonder if this is a risk, though. 
Can non-users (authors) get to my system (via 
XML-RPC?) and send mail this way?

I'm also concerned about setting sender
information for the outgoing mail.  I'd like to
always use the ID of the owner of the calling
method as the sender.

Is this something I can do already with a
standard Mail Host?  Should/Could I do this by
modifying Mail Host or is it likely that this
functionality might be standard soon.  Is there
another way that I should consider?

Thank you.

--kyler