Edgewall Software
Modify

Opened 11 years ago

Last modified 6 years ago

#11644 new enhancement

Add an email domain blacklist/whitelist to prevent proprietary info leaks in notifications

Reported by: jeffrey.yoder@… Owned by:
Priority: normal Milestone: unscheduled
Component: ticket system Version: 0.12.2
Severity: major Keywords: email notification
Cc: Branch:
Release Notes:
API Changes:
Internal Changes:

Description (last modified by Ryan J Ollos)

For organizations potentially dealing with proprietary information within their tickets, it is necessary to be able to block notification emails outside designated domains. Otherwise a user could inadvertently (or not) include a Cc to an email address that would leak proprietary information to non-need-to-know persons.

I tried using the admit_domains attribute in the trac.ini [notifications] section to no avail. rjollos responded to me in gdiscussion:trac-users:7NJDOpvmTCE that this doesn't appear to be the intent of the admit_domains attribute and suggested submitting this for possible consideration as a future enhancement.

Attachments (0)

Change History (3)

comment:1 by Jun Omae, 11 years ago

Milestone: unscheduled

PatchWelcome. #10846 is the same confusion.

comment:2 by Jun Omae, 11 years ago

But I think that simple solution is to filter recipients on SMTP server, e.g. smtpd_sender_restrictions and smtpd_recipient_restrictions on Postfix.

comment:3 by Ryan J Ollos, 10 years ago

Description: modified (diff)

Modify Ticket

Change Properties
Set your email in Preferences
Action
as new The ticket will remain with no owner.
The ticket will be disowned.
as The resolution will be set. Next status will be 'closed'.
The owner will be changed from (none) to anonymous. Next status will be 'assigned'.

Add Comment


E-mail address and name can be saved in the Preferences .
 
Note: See TracTickets for help on using tickets.