expiration of web interface links
- Thread starter AvdN
- Start date
As long as the email are in the quarantine, links will work.
See "Configuration/Spam Detector/Quarantine: LIfetime (days)"
There are no longer any emails in the quarantine ( I checked from before the date that proxmox was started/license bought ) for the user involved.
The links to a (black listed) email does still get me to the (empty) Quarantine Page.
The link "web interface" at the bottom of the page user still works as well.
I tried this in a private browsing window to make sure the cookies in my webrowser for me as an admin are not interfering with what I see.
As I understand it the "Lifetime (days) entry" determines the length of time something stays in the quarantine (so the emails there don't take too much space). That is not what I want to change.
I want to make sure someone getting her/his hands on a, say 3 months old, Spam Report email from a stolen laptop, cannot use any of those links to get to the white and blacklist information. In other applications I have the creation date in plaintext in the URL, but there is a hash attached to the URL information that makes tampering with the date result in an invalid URL. The URL is only valid 48 hours.
The links to a (black listed) email does still get me to the (empty) Quarantine Page.
The link "web interface" at the bottom of the page user still works as well.
I tried this in a private browsing window to make sure the cookies in my webrowser for me as an admin are not interfering with what I see.
As I understand it the "Lifetime (days) entry" determines the length of time something stays in the quarantine (so the emails there don't take too much space). That is not what I want to change.
I want to make sure someone getting her/his hands on a, say 3 months old, Spam Report email from a stolen laptop, cannot use any of those links to get to the white and blacklist information. In other applications I have the creation date in plaintext in the URL, but there is a hash attached to the URL information that makes tampering with the date result in an invalid URL. The URL is only valid 48 hours.
The ticket lifetime for the quarantine (the ticket is encoded in the url) have an expiration time equal to the quarantine life-time
The reason for this is that ... if you have a mail in your quarantine you should be able to access it - and this is given by setting the ticket life-time to the quarantine lifetime (once the quarantine lifetime expires the mail will be gone anyway)
I hope this explains it!
The reason for this is that ... if you have a mail in your quarantine you should be able to access it - and this is given by setting the ticket life-time to the quarantine lifetime (once the quarantine lifetime expires the mail will be gone anyway)
I hope this explains it!
Yes that makes sense, and of course I had not waited the (default) seven days to try and re-use the links.
This satisfies my concern about the links and I am glad I don't have to setup LDAP.
Thank you
Anthon