PMDF System Manager's Guide


Previous Next Contents Index

30.5.3 Rightslist Identifiers and Group ids

The SEND_ACCESS and related mapping tables provide a general and flexible way to control who can send to whom. However, the use of rightslist identifiers (OpenVMS) or group ids (UNIX) to control who can send to whom is another possible approach. See Section 2.3.4.90 for details.

For instance, give the account under which PMDF runs --- normally the SYSTEM account on OpenVMS --- a rightslist identifier no one else has and put that identifier on all channels. Then only SYSTEM can use PMDF.

Or as another example, with a directory channel setup as above in Section 30.4.4.1 where one goal is to reject mail originally addressed to internal addresses, put a rightslist identifier on tcp_internal and grant that to SYSTEM, but have a different account run the SMTP server. Then at the rightslist identifier level also, external users cannot send straight to internal addresses (straight to the tcp_internal channel).


Previous Next Contents Index