Commodore
Commodore
1480 views

Exception list NOT preventing outgoing emails

GWIA | Access Control | Settings. Have a named Class of Service with 2 users. SMTP - prevent outgoing messages. Added an over 800 emails to the exception list. Users in this class can still email outside of the exception list.

Running on SLES 11 SP3 in a VM. GroupWise 8.03 HP5 is clustered within the VM environment, domain on separate shared HD, GWIA is part of the GroupWise cluster domain resource.

We will be upgrading to Gw2012 then to GW2014 in the near future

Don't know when the prevent outgoing messages with the exception list was last working.

If the 2 users are removed from the named Class of service, they are prevented from all outgoing email. Need to have the users be allowed the exception list and not be allowed to email anyone else.

I can save the exception list to a txt file. Is there a way to bulk load the exception list so I can try 50 to 100 at a time?

But why is the prevent outgoing normally followed but this named Class of service exception list not followed?

Any idea, suggestions, comments?

Have a good day.
hello
Labels (2)
0 Likes
6 Replies
Knowledge Partner Knowledge Partner
Knowledge Partner

In article <johngoutbeck.776qpz@no-mx.forums.microfocus.com>, Johngoutbeck
wrote:
> GWIA | Access Control | Settings. Have a named Class of Service with 2
> users. SMTP - prevent outgoing messages. Added an over 800 emails to
> the exception list. Users in this class can still email outside of the
> exception list.


Is this the only class of service?

I am a bit unclear as to what is happening. From the above description,
the 2 users should be blocked from sending outside, but the 800+ should be
permitted out. Perhaps try describing it again.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Commodore
Commodore

Thanks for responding.

We have other Class of Services. This is the only one with an issue.

OK, I think I found a bug in GWIA.

We created this Class of Service which prevents a list of users from emailing outbound with and exception list. This exception list consist of emails to send txt messages out via the GWIA, in the form of 10 digits + the phone provider txt domain. eg: 1112223333@txt.phoneprovider.com . When this form is used, then the GWIA allows email to be sent to the domain with 10 digits (any 10 digits). If the email has only 9 digits or 11 digits, then the outgoing is prevented with the expected 'Access Denied'. If the local part of the email address has 10 alphanumeric chars (eg: 111thetext) then the email is prevented.

This was working on GWIA 7.03 on NetWare last year. We upgraded to GW 8.03 HP5 earlier this year and only noticed this issue this month.

I'll check this issue out on later versions of GWIA to see if it is fixed.

Any other comments, suggestions?

Thank you.
hello
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

In article <johngoutbeck.778kdb@no-mx.forums.microfocus.com>,
Johngoutbeck wrote:
> This was working on GWIA 7.03 on NetWare last year. We upgraded to GW
> 8.03 HP5 earlier this year and only noticed this issue this month.


Did you recreate GWIA or just update it?
We've often seen issues that make it generally easier to recreate a GWIA
than to fix it. The more complex the GWIA setup, the more often
something doesn't survive the upgrade.
I know, not what you want with this particular system. But the order of
the classes counts and we've seen upgrades mess that up.

So you are basically trying to catch typos in the outbound messages. Is
it not possible to force those users to use addressbook look ups?

An alternate if you can have a second GWIA elsewhere. Set a new class to
replace the old simply blocking those users who should only be sending
to those cell phones, and then we can have an addressing rule to catch
anything with the 10 digit pattern and redirect them to the second GWIA
built for just that purpose.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Commodore
Commodore

I did make a new GWIA for GW8.03 HP5 on SELS 11 SP3, but copied the gwac.db from the old system.
We have 8 CoS, each with a lot of users and long lists. It would take a long time to recreate manually.

The users do pick 1 group with multiple (could be up to 50) txt numbers from a shared address book. The shared address book is rigorously maintained to ensure all is right. This cuts down mistakes by the users.

Thanks for the suggestion of creating a new GWIA. But the issue still remains that a user could send a txt message to anybody outside the allowed list, which is what the exception list should do.

---

As a way to test, I did create a new CoS and used a keyboard/mouse macro to fill the exception list from a saved txt file list. This dis not solve the issue but proved the issue.
hello
0 Likes
Knowledge Partner Knowledge Partner
Knowledge Partner

In article <johngoutbeck.77aaen@no-mx.forums.microfocus.com>, Johngoutbeck
wrote:
> As a way to test, I did create a new CoS and used a keyboard/mouse macro
> to fill the exception list from a saved txt file list. This dis not
> solve the issue but proved the issue.


Well since GW8 is out of support, that isn't going to be fixed. Plans on
upgrading soon to at least GW2012?

The other reason I suggested a second GWIA, is that we may well be able to
rearrange the logic flow of the CoS where those users can't use one GWIA
but are the only ones using the other which changes the limits.
Also a second GWIA on a separate server (VMs help here) could be set to
run a much earlier version of GWIA that might not have this issue.

Sorry for the delay getting back, the rest of life, including billable
work, got busy.


Andy of
http://KonecnyConsulting.ca in Toronto
Knowledge Partner
http://forums.novell.com/member.php/75037-konecnya
If you find a post helpful and are logged in the Web interface, please
show your appreciation by clicking on the star below. Thanks!

___
“i’ve sworn an oath of solitude til the blight is purged from these lands”
Andy of Konecny Consulting in Toronto
Knowledge Partner Profile
If you find a post helpful, click the Like button below. Thanks!
0 Likes
Commodore
Commodore

More Testing.

Same issue with GW 2012 SP3 HP1

Created a COS (for 1 user) with SMTP outgoing prevented. This would stop all outgoing emails including txt/SMS messages with an 'access denied'. Added and exception of 1112223333@txt.phonecompany.com - this also stopped txt messages with 'access denied'. Now edited the exception to 7112223333@txt.phonecompany.com (change the first digit to my area code and the txt messages was allowed out.

So it seems the exception fails if the first digit is the same as my txt message email and the prefix is the same length.

Tried this with GW2014 SP2, but the exception list is not retained (come back empty after saving).

Wondering if someone could test and confirm this issue.

I'll open a SR with Novell about this issue/bug?

Thanks
hello
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.