The mailing list for listmasters using Sympa

[Benjamin Renard <address@concealed>]

Hi

Le 10/04/2024 à 17:12, Chris Kay (via en Mailing List) a écrit :
> Hello all!
>
> I’ve been tasked with setting up Sympa as a POC in my company. Here are 
> some specifics:
>
>   * Proofpoint is our spam/malware gateway
>   * Office 365/Exchange Online is our mail service; we already have a
>     bunch of DLs, M365 groups, etc.
>   * Okta is our IDP
>
> Here’s what I’d like to accomplish:
>
>   * Login does not require being on VPN, but does prompt user for Okta
>     credentials
>   * We’ll use subdomain like listserver.contoso.com and point MX to
>     Proofpoint
>
> Here are a few questions:
>
>   * How do I nest EXO/M365 groups in Sympa lists? Just use email address
>     and make sure it is able to accept external email?
Exactly.

>   * How do I integrate Sympa lists into our Global Address List (GAL)?
>   * Anyone have experience using Okta, perhaps with CAS?
I don't use Okta but I integrated CAS with different CAS & SAML IDPs :

* for CAS authentication handle by Sympa, you will need an extra LDAP 
server too (to retrieve user's email address from his login). If you 
have one, just use the CAS built-in support :

https://www.sympa.community/manual/customize/cas.html

* To use SAML, we use an authentication handle by Apache2 & its 
mod_mellon. With authentication handle by Apache, you could use the 
generic_sso module :

https://www.sympa.community/manual/customize/authentication-web.html#generic-sso-authentication

Here a working example for a SAML authentication that return an "mail" 
attribute :

generic_sso
        auth_service_name       My SSO
        service_name            My SSO
        service_id              my_sso
        http_header_list        MELLON_mail
        email_http_header       MELLON_mail

>   * I’m pretty sure the Proofpoint workflow will work but does anyone
>     have experience with that setup?
Not specifically on that setup, but what you want to do is pretty a 
standard setup for us.

Regards,

PS: be sure to configure SPF & DKIM on your setup & sympa's mail domain.

--
Benjamin Renard                  -                   Easter-eggs
44-46 rue de l'Ouest  -  75014 Paris   -   France -  Métro Gaité
Phone: +33 (0) 1 43 35 00 37   -  mailto:address@concealed