summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-11 13:33:23 (GMT)
committerJeroen van Meeuwen (Kolab Systems) <vanmeeuwen@kolabsys.com>2012-03-11 13:33:23 (GMT)
commit8fbe2e977cf2f1d67eadf5009b2cfc9a783d0ecf (patch)
tree639461f2d9819e3cc5e6c9f6fa237f736e664b86
parent92f771b768e38d8355313efd9bc655f2b9a33ad4 (diff)
downloadkolab-docs-8fbe2e977cf2f1d67eadf5009b2cfc9a783d0ecf.tar.gz
Add Feature FAQ on Kolab Groupware's abilities
Add Kolab Content Filters chapter enlightning the reader about Wallace
-rw-r--r--Architecture_and_Design/en-US/Architecture_and_Design.xml2
-rw-r--r--Architecture_and_Design/en-US/Configuration_Management.xml154
-rw-r--r--Architecture_and_Design/en-US/Feature_FAQ.xml745
-rw-r--r--Architecture_and_Design/en-US/Kolab_Content_Filters.xml577
4 files changed, 1459 insertions, 19 deletions
diff --git a/Architecture_and_Design/en-US/Architecture_and_Design.xml b/Architecture_and_Design/en-US/Architecture_and_Design.xml
index a84a81b..bded8c3 100644
--- a/Architecture_and_Design/en-US/Architecture_and_Design.xml
+++ b/Architecture_and_Design/en-US/Architecture_and_Design.xml
@@ -12,6 +12,7 @@
<xi:include href="Email.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Calendaring.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Kolab_Daemon.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Kolab_Content_Filters.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Kolab_Objects.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Authentication_amp_Authorization.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Integration_amp_Interoperability.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
@@ -25,6 +26,7 @@
<xi:include href="Enforcing_Entitlements.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Migration.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<xi:include href="Terminology.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
+ <xi:include href="Feature_FAQ.xml" xmlns:xi="http://www.w3.org/2001/XInclude" />
<index />
</book>
diff --git a/Architecture_and_Design/en-US/Configuration_Management.xml b/Architecture_and_Design/en-US/Configuration_Management.xml
index 672afff..af17bf2 100644
--- a/Architecture_and_Design/en-US/Configuration_Management.xml
+++ b/Architecture_and_Design/en-US/Configuration_Management.xml
@@ -6,32 +6,148 @@
<chapter id="chap-Architecture_and_Design-Configuration_Management">
<title>Configuration Management</title>
<para>
- TODO - also refer to integration
+ Kolab Groupware includes configuration management, so that adjusting settings for your environment can be automatically deployed to the relevant configuration files, and the corresponding services can be reloaded or restarted.
</para>
<para>
- <itemizedlist>
- <listitem>
- <para>
- Puppet
- </para>
+ To that end, Kolab Groupware employs a relational, object-oriented model.
+ </para>
+ <section id="sect-Architecture_and_Design-Configuration_Management-Configuration_Management_Objects">
+ <title>Configuration Management Objects</title>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-node">
+ <title>node</title>
+ <para>
+ A node is a single operating system instance with a unique fully qualified domain name. It is the container for roles, as each node in a deployment can be assigned one or more roles.
+ </para>
- </listitem>
- <listitem>
- <para>
- Chef
- </para>
+ </formalpara>
+ <para>
+ Additionally, a node is assigned an <xref linkend="form-Architecture_and_Design-Configuration_Management_Objects-environment" />, in order to facilitate setups with pre-production environments.
+ </para>
- </listitem>
- <listitem>
- <para>
- CFEngine
- </para>
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-role">
+ <title>role</title>
+ <para>
+ A role is a set of tasks to perform in a given environment. For example, a node can be an MTA, or an MTA of a particular type (internal, external).
+ </para>
- </listitem>
+ </formalpara>
+ <para>
+ Adding the role "mta-internal" to a node tells the configuration management that certain packages need to be installed, certain configuration settings need to be applied to certain files, and certain services need to be started.
+ </para>
- </itemizedlist>
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-file">
+ <title>file</title>
+ <para>
+ A file is related to a service, and contains its configuration settings.
+ </para>
+
+ </formalpara>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-setting">
+ <title>setting</title>
+ <para>
+ A setting is a single key-value pair of the augeas path and the desired contents. The contents can be specified as a value, or as the return value of a function to call.
+ </para>
+
+ </formalpara>
+ <para>
+ For example, the list of Cyrus IMAP administrator login names is contained within <filename>/etc/imapd.conf</filename>, setting <literal>admins</literal>. Its value is a space-separated list of login names.
+ </para>
+ <para>
+
+<screen>(...snip...)
+admins: cyrus-admin
+(...snip...)</screen>
+
+ </para>
+ <para>
+ Adding a Cyrus IMAP administrator can be performed by;
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Removing the setting from the management, and directly editing the setting in <filename>/etc/imapd.conf</filename> adding the login name for the new administrator to the space-seperated list.
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ Adding the new administrator to the list of login names returned by the function called to get to the value of the setting.
+ </para>
+ <para>
+ By default, we consider a role <emphasis>cyrus-admins</emphasis> to exist in LDAP, and list the uid attribute values of the accounts with that role.
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+ <para>
+ Because a setting can contain a setting specific for a particular role, while contained within the same file, you can associate the setting with one or more roles and thereby restrict its application to nodes with these roles only.
+ </para>
+ <para>
+ Additionally, settings can vary per environment. Set the environment property on a setting to only apply the setting to nodes in that environment.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-service">
+ <title>service</title>
+ <para>
+ A service is a (set of) task(s) to perform in a role.
+ </para>
+
+ </formalpara>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-package">
+ <title>package</title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-task">
+ <title>task</title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Configuration_Management_Objects-environment">
+ <title>environment</title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+
+ </section>
- </para>
<section id="sect-Architecture_and_Design-Configuration_Management-Kolab_Configuration_File">
<title>Kolab Configuration File</title>
<para>
diff --git a/Architecture_and_Design/en-US/Feature_FAQ.xml b/Architecture_and_Design/en-US/Feature_FAQ.xml
new file mode 100644
index 0000000..d119500
--- /dev/null
+++ b/Architecture_and_Design/en-US/Feature_FAQ.xml
@@ -0,0 +1,745 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE appendix PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "Architecture_and_Design.ent">
+%BOOK_ENTITIES;
+]>
+<appendix id="appe-Architecture_and_Design-Feature_FAQ">
+ <title>Feature FAQ</title>
+ <para>
+ Kolab Groupware receives many feature requests, questions about features, and questions as to whether one or the other thing would be possible.
+ </para>
+ <para>
+ This appendix answers, or at least gives some insight, on the questions asked most frequently regarding features and integration.
+ </para>
+ <section id="sect-Architecture_and_Design-Feature_FAQ-What_Kolab_Groupware_Is_Not">
+ <title>What Kolab Groupware Is (Not)</title>
+ <para>
+ A couple of questions can be answered relatively quickly, by explaining what Kolab Groupware is, and what it is not.
+ </para>
+ <para>
+ Kolab Groupware provides the glue between a variety of components that enable users to electronically communicate through email, and manage their lives by providing Calendaring, Tasks, Notes and Journals. It also provides Address Books with specifically individual contact records and distribution lists.
+ </para>
+ <para>
+ It is not a document management system, not a work-flow management system, not an audio- nor video-communication platform, and does not include instant messaging nor microblogging capabilities.
+ </para>
+ <para>
+ That said, Kolab Groupware can be extended to include the functionality provided by third party applications.
+ </para>
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-Feature_FAQ-Detailed_Questions">
+ <title>Detailed Questions</title>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_have_some_sort_of_a_centralized_Address_Book">
+ <title>Does Kolab have some sort of a centralized Address Book?</title>
+ <para>
+ Kolab Groupware is strongly LDAP-based. For groups of users and organizations alike, including Kolab Groupware deployments for family, small, medium and large enterprises, LDAP often contains much of the information needed for a Global Address Book.
+ </para>
+
+ </formalpara>
+ <para>
+ The information eligible to be contained within LDAP is tremendous, but Kolab Groupware also includes so-called Contact folders, which contain contacts. Since these folders are available over IMAP, they can be shared and restricted access to just like any other IMAP folder. At your option, you can create and maintain several address books, each (possibly) available to different groups of people.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_Import_Export_data_intofrom_Kolab">
+ <title>Can I Import / Export data into/from Kolab?</title>
+ <para>
+ Import and export of the data contained within Kolab Groupware is perfectly possible, as it storage format is Open. Our clients include interfaces for data to be imported into and/or exported from Kolab.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_have_external_sources_for_Contacts">
+ <title>Can I have external sources for Contacts?</title>
+ <para>
+ TDB.
+ </para>
+
+ </formalpara>
+ <para>
+ Think Akonadi (server-side, client-side), SugarCRM connectors, Kolab, CardDAV, external directory trees (to import / synchronize with).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-As_a_user_can_I_mark_contacts_as_favorites">
+ <title>As a user, can I mark contacts as favorites?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_mark_contacts_as_favorite_for_groups_of_users">
+ <title>Can I mark contacts as favorite for groups of users?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_for_context_aware_integration_of_contacts_into_documents">
+ <title>Does Kolab allow for context-aware integration of contacts into documents?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ There's currently no Free Software document editing software with an interface to integrate Kolab contacts (or other sources of contacts for that matter), let alone context-aware.
+ </para>
+ <para>
+ This seems to be an OLE based, Microsoft Active Directory and Microsoft Office specific feature.
+ </para>
+ <para>
+ Think Calligra w/ Nepomuk, or extending LibreOffice w/ plugin.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_search_contacts_with_Kolab">
+ <title>Can I search contacts with Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_me_to_define_enforce_and_provide_forms_for_pre_defined_andor_ad_hoc_processes_procedures_or_workflows">
+ <title>Does Kolab allow me to define, enforce and provide forms for pre-defined and/or ad-hoc processes, procedures or workflows?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab Groupware does not currently provide these capabilities. Think <ulink url="http://www.cuteflow-project.org" /> and/or <ulink url="http://freecode.com/projects/processmaker" />. Consider <ulink url="http://www.softwareforenterprise.us/2009/03/13/list-of-top-open-source-bpm-workflow-solution/" />.
+ </para>
+ <para>
+ Additionally, requests have been made to have workflow management include digital signatures for approval, and prevent the use of media other then digital - at least until processes have been completed.
+ </para>
+ <para>
+ Kolab should examine the opportunities to integrate these solutions.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_to_display_a_work_flow_in_some_digestible_sense">
+ <title>Does Kolab allow to display a work-flow (in some digestible sense)?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ As mentioned before, Kolab does not do workflow management and may need an external application to provide such capabilities - it is therefore also the external application that would need to provide said functionality.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_have_a_personalized_portal_to_the_Groupware_environment_contents_applications">
+ <title>Can I have a personalized portal to the Groupware environment / contents / applications?</title>
+ <para>
+ TDB.
+ </para>
+
+ </formalpara>
+ <para>
+ Kontact allows for the customization of one's Summary page, as does Horde allow the user to position and add/remove widgets on it's main page. Roundcube however does not allow for such configuration, and perhaps nor does Kontact Touch.
+ </para>
+ <para>
+ Additional thoughts:
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ Display divisions by context and/or content, not application.
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ Links to actual documents instead of copies. Think also Document Management Systems. De-duplication.
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_send_electronic_messages_with_Kolab">
+ <title>Can I send electronic messages with Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_attach_files_to_electronic_messages_I_send_usingthroughtofrom_Kolab">
+ <title>Can I attach files to electronic messages I send using/through/to/from Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Is_the_layout_for_messages_preserved_when_I_send_electronic_messages_usingthroughtofrom_Kolab">
+ <title>Is the layout for messages preserved when I send electronic messages using/through/to/from Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_issue_signals_for_events_that_occur">
+ <title>Can Kolab issue signals for events that occur?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab 3.0 can issue signals for events that occur in IMAP, and will be able to issue signals for events that happen in its various server-side components as well.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_ensure_the_creation_of_unique_documents">
+ <title>Can Kolab ensure the creation of unique documents?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab is not a document editor (suite). It requires other components to do document creation and editing. It's possible ensuring the creation of unique documents is something best left to yet another component than is document creation/editing.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_create_maintain_and_provide_version_control_change_history_andor_locks_on_documents">
+ <title>Can Kolab create, maintain and provide version control, change history and/or locks on documents?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab Groupware is not, nor does it currently integrate with, document creation/editing software nor management systems.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_process_archive_secure_documents_and_provide_an_interface_to_such_archive_if_any">
+ <title>Can Kolab process, archive, secure documents, and provide an interface to such archive, if any?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab Groupware can process and archive contents contained within IMAP. As illustrated before, Kolab Groupware does not currently provide interfaces to nor integration with document creation/editing software, nor document management systems, and as such does also not currently process, archive nor have an interface to that data.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_me_to_define_a_free_structure_in_which_to_contain_data">
+ <title>Does Kolab allow me to define a free structure in which to contain data?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Using IMAP folders the possibilities are endless.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_de_duplicate_data_attachments_documents_across_structures">
+ <title>Can Kolab de-duplicate data (attachments, documents) across structures?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ The only de-duplication currently available is on initial message delivery (to the same IMAP server).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_provide_secure_storage_for_sensitive_data">
+ <title>Can Kolab provide secure storage for sensitive data?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Think SELinux, private annotations.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_an_interface_to_previously_deleted_email">
+ <title>Does Kolab provide an interface to previously deleted email?</title>
+ <para>
+ At your option, Kolab Groupware can be made to delete data from disk only after a certain period of time, including eternity.
+ </para>
+
+ </formalpara>
+ <para>
+ Currently no interface exists that discloses the information on disk to a user.
+ </para>
+ <para>
+ We seek to implement Excellent Archiving and e-Discovery for this purpose (already named "Bonnie") instead.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_integration_of_data_sources_work_spaces_andor_applications">
+ <title>Does Kolab provide integration of data sources, work-spaces and/or applications?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_the_user_with_Calendaring">
+ <title>Does Kolab provide the user with Calendaring?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ One or more calendar is available to the user, permissions can be set on each calendar individually.
+ </para>
+ <para>
+ In Kolab 3.0, calendars and events contained within each calendar can be displayed in Free/Busy under configurable conditions.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_all_users_in_Kolab_see_the_calendars_of_all_other_users">
+ <title>Can all users in Kolab see the calendars of all other users?</title>
+ <para>
+ At your option, this can be made to happen. A user individually could set their calendar to be available to one or more users, one or more groups, or anyone authenticated to the system, provided they are permitted to 'administer' the calendar. The rights to edit access control on a folder could also be revoked, applying what could arguably be called 'mandatory access control'.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_restrict_access_to_Calendars_in_Kolab">
+ <title>Can I restrict access to Calendars in Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_mark_events_as_private_in_Kolab">
+ <title>Can I mark events as private in Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Kolab 3.0 can actually make the event details unreadable to other users, literally, while other groupware solutions have its clients respect a private flag (the data can still be read if the client only chooses to ignore the flag).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_have_Calendars_for_groups_in_Kolab">
+ <title>Can I have Calendars for groups in Kolab?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-How_scalable_are_Public_Folders_or_Shared_Folders_in_Kolab_Groupware">
+ <title>How scalable are "Public Folders" or "Shared Folders" in Kolab Groupware?</title>
+ <para>
+ As public folders or shared folders can be spread across multiple servers, there's no restriction on the number of, or size of, or number of transactions per second against, public or shared folders (other then int64_t).
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_syncronize_one_Calendar_with_another_Calendar">
+ <title>Can I syncronize one Calendar with another Calendar?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ What is the use-case here? Read-only access is insufficient? Perhaps the number of calendars would otherwise convulate one's interface. We have no read-only nor linked (copied) events within a read-write calendar folder.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Is_the_Calendaring_integrated_into_Kolab_Groupware_client_interfaces">
+ <title>Is the Calendaring integrated into Kolab Groupware client interfaces?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_links_to_documents_and_other_content_in_its_Calendaring">
+ <title>Does Kolab provide links to documents and other content in its Calendaring?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ The way Kolab Groupware stores information related to events is through attachments contained within the same RFC822 message as the event. It currently has no linking / reference capabilities (to data contained within nor external to Kolab Groupware).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_task_management">
+ <title>Does Kolab provide task management?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Think basic Kolab Tasks folders containing individual tasks with sub-tasks, each of which can have an assignee, without or without \Seen state maintained in a fashion shared across all users, IMAP access control, etc.
+ </para>
+ <para>
+ For Kolab 3.0, also think Zanshin, conversations (and thus project management - but no reporting).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Task_management_be_performed_within_Groups">
+ <title>Can Task management be performed within Groups?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Whether users are eligible to read/write tasks is (currently) a matter of IMAP folder permissions, not whether the user is the actual creator/assignee of any of the tasks contained within such a folder.
+ </para>
+ <para>
+ Read permissions on the IMAP folder currently include disclosure of the full task details. Think private annotations to render a Task private, though, but such happens on an individual user basis (i.e. not per permission group).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_structure_tasks_to_have_sub_tasks">
+ <title>Can I structure tasks to have sub-tasks?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_make_one_task_depend_on_one_or_more_other_tasks">
+ <title>Can I make one task depend on one or more other tasks?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_the_task_management_allow_for_estimated_durations_due_dates_deadlines_reminders">
+ <title>Does the task management allow for (estimated) durations / due dates / deadlines / reminders?</title>
+ <para>
+ TDB.
+ </para>
+
+ </formalpara>
+ <para>
+ I think yes, BTW.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_tasks_be_linked_to_events_in_a_Calendar">
+ <title>Can tasks be linked to events in a Calendar?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Linked, no. Associated (requires client capabilities to deal with it), yes (provided conversations or format extension/implementation).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_tasks_link_to_other_content">
+ <title>Can tasks link to other content?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ The way Kolab Groupware stores information related to tasks is through attachments contained within the same RFC822 message as the event. It currently has no linking / reference capabilities (to data contained within nor external to Kolab Groupware).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_sort_tasks">
+ <title>Can I sort tasks?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_categorize_tasks">
+ <title>Can I categorize tasks?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_tag_tasks">
+ <title>Can I tag tasks?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_search_tasks">
+ <title>Can I search tasks?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_get_overviews_of_tasks_from_multiple_sources">
+ <title>Can I get overviews of tasks from multiple sources?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ The exact implementation details may be subject to the extent to which one or more of the "multiple sources" are external. If contained within Kolab, the answer is "yes".
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_exchange_short_messages_with_Kolab">
+ <title>Can I exchange (short) messages with Kolab?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Think statusnet (identi.ca) software for microblogging, and/or XMPP/IRC for full chatting capabilities.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_the_communication_channels_be_secured">
+ <title>Can the communication channels be secured?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Yes, for the most part. Statusnet though may not allow user/group access control for microblog-like short messages.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_I_send_short_messages_to_groups">
+ <title>Can I send (short) messages to groups?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Think statusnet '!' groups, or XMPP/IRC chat-rooms.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_real_time_user_statusavailability_information">
+ <title>Does Kolab provide (real-time) user status/availability information?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ This is an instant messaging capability more so then a Kolab (IMAP) capability. Also relates to Voice and Video.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_a_user_change_indicate_their_own_statusavailability_information">
+ <title>Can a user change / indicate their own status/availability information?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Currently not a Kolab capability, more to instant messaging, voice and video.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Is_the_users_status_availability_information_visible_in_context">
+ <title>Is the user's status / availability information visible in context?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Currently not a Kolab capability, more to instant messaging, voice and video.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_or_make_available_documents_outside_of_any_application_structure">
+ <title>Can users send or make available documents outside of any application structure?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ We only deal with attachments at the moment, and we have little opportunity to strip attachments, make them available somewhere (through external storage), set the correct permissions on them, or check contents vs. access control policies (Data-Loss Prevention).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_faxes_with_Kolab">
+ <title>Can users send faxes with Kolab?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Think mail-(attachment(s)-)to-fax asterisk interface.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_text_messages_SMS">
+ <title>Can users send text messages (SMS)?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Think mail-to-sms asterisk interface.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_receive_faxes">
+ <title>Can users receive faxes?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Think fax-to-mail asterisk interface.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_over_print..._interfaces">
+ <title>Can users send over "print..." interface(s)?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_over_email_send..._interfaces">
+ <title>Can users send over email "send..." interface(s)?</title>
+ <para>
+ Yes (provided mail-to-{fax,sms} asterisk interface or equivalent.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_receive_SMS_on_mobile_phones">
+ <title>Can users receive SMS on mobile phones?</title>
+ <para>
+ Euh, yes?
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-_Can_groups_of_users_have_video_andor_video_conference_calls">
+ <title> Can groups of users have video- and/or video-conference calls?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_send_video_messages_to_other_users">
+ <title>Can users send video messages to other users?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Do_users_have_access_to_start_video_based_communication_in_the_Address_Books_Calendars_Websites_...">
+ <title>Do users have access to start video-based communication in the Address Book(s), Calendars, Websites, ...?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_users_with_telephony_internal_and_external">
+ <title>Does Kolab provide users with telephony (internal and external)?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_integrate_audio_communication_into_Address_Books_Calendaring_Websites_...">
+ <title>Does Kolab integrate audio communication into Address Book(s), Calendaring, Websites, ...?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-p2p_conference_broadcast_...">
+ <title>p2p, conference, broadcast, ...?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Voicemail">
+ <title>Voicemail?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Voicemail_to_email">
+ <title>Voicemail to email?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_de_centralized_resource_management">
+ <title>Does Kolab provide (de-)centralized resource management?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_users_view_details_about_the_resources_managed">
+ <title>Can users view details about the resources managed?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Think read-only access to calendar, (extended) free/busy, ...
+ </para>
+ <para>
+ Keep in mind details may include a series of parameters to a resource or group of resources (car is automatic, beamer is HDMI/VGA/PAL, etc.).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Can_Kolab_manage_acccess_to_resources">
+ <title>Can Kolab manage acccess to resources?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Probably a yes, but pictures or it didn't happen.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_for_resources_to_be_bound_to_a_specific_location_physical_proximity_of_the_user">
+ <title>Does Kolab allow for resources to be bound to a specific location / physical proximity of the user?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_for_centralized_administration_of_user_roles_and_permissions">
+ <title>Does Kolab allow for centralized administration of user roles and permissions?</title>
+ <para>
+ Yes.
+ </para>
+
+ </formalpara>
+ <para>
+ Think also; mandatory access control plugins (LDAP Schema Extension, interface thereto, application to IMAP (and other resources)).
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_have_support_tools">
+ <title>Does Kolab have support tools?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_allow_for_collaborative_joint_processing_of_components">
+ <title>Does Kolab allow for collaborative (joint) processing of components?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Gobby? That other thing over SIP?
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_document_versioning_approval_change_notifications">
+ <title>Does Kolab provide document versioning, approval, change notifications?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_easy_to_use_comprehensive_and_accurate_search_functionality">
+ <title>Does Kolab provide easy to use, comprehensive and accurate search functionality?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ For those objects currently contained within IMAP, sure it does.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_a_coherent_approach_to_information_technology_security">
+ <title>Does Kolab provide a coherent approach to information technology security?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_support_for_Public_Key_Infrastructure">
+ <title>Does Kolab provide support for Public Key Infrastructure?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <para>
+ Our PGP-based capabilities are not complete with Roundcube not yet supporting encryption/signing using PGP. Another topic is S/MIME.
+ </para>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_the_level_of_security_integrity_to_comply_with_security_standards_and_policies">
+ <title>Does Kolab provide the level of security integrity to comply with security standards and policies?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+ <formalpara id="form-Architecture_and_Design-Detailed_Questions-Does_Kolab_provide_means_for_Single_Signon">
+ <title>Does Kolab provide means for Single-Signon?</title>
+ <para>
+ TBD.
+ </para>
+
+ </formalpara>
+
+ </section>
+
+
+</appendix>
+
diff --git a/Architecture_and_Design/en-US/Kolab_Content_Filters.xml b/Architecture_and_Design/en-US/Kolab_Content_Filters.xml
new file mode 100644
index 0000000..dc173d6
--- /dev/null
+++ b/Architecture_and_Design/en-US/Kolab_Content_Filters.xml
@@ -0,0 +1,577 @@
+<?xml version='1.0' encoding='utf-8' ?>
+<!DOCTYPE chapter PUBLIC "-//OASIS//DTD DocBook XML V4.5//EN" "http://www.oasis-open.org/docbook/xml/4.5/docbookx.dtd" [
+<!ENTITY % BOOK_ENTITIES SYSTEM "Architecture_and_Design.ent">
+%BOOK_ENTITIES;
+]>
+<chapter id="chap-Architecture_and_Design-Kolab_Content_Filters">
+ <title>Kolab Content Filters</title>
+ <para>
+ Kolab Groupware ships with two content filters:
+ </para>
+ <para>
+ <orderedlist>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Kolab_Content_Filters-Amavisd">
+ <title>Amavisd</title>
+ <para>
+ Amavisd is a popular, high-performance interface between an MTA and content checkers, such as anti-virus suite ClamAV and anti-spam suite SpamAssasin.
+ </para>
+
+ </formalpara>
+ <para>
+ Homepage: <ulink url="http://www.amavis.org/" />
+ </para>
+ <para>
+ Amavisd is commonly deployed on at least external mail exchangers, to make sure no virus and spam is received or sent out by Kolab users.
+ </para>
+ <para>
+ In addition, especially within environments that run Windows clients, Amavisd is typically deployed to scan internal traffic as well, on the internal mail exchangers.
+ </para>
+ <note>
+ <para>
+ Deploying Amavisd for virus-scanning on both the internal and external mail exchangers can cause virus-scanning to occur twice; once on the internal mail exchanger used by a Kolab user to send a message, and once on the external mail exchanger. (for outgoing messages).
+ </para>
+ <para>
+ One way to circumvent the issue is to let Wallace sit in between the internal mail exchanger MTA, and the Amavisd service. Wallace can re-inject messages to be delivered locally back into the internal mail exchanger MTA, while injecting messages to be delivered remotely directly into the external mail exchanger MTA. Read more about Wallace in <xref linkend="sect-Architecture_and_Design-Kolab_Content_Filters-The_Wallace_Content_Filter" />.
+ </para>
+ <para>
+ Such scenario however does not serve use-cases for messages that are sent to both internal as well as external recipients - the same message would still be scanned for virusses twice. It therefore makes no sense to split the message, and any message with any internal recipients are simply re-injected into the internal mail exchanger MTA.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Kolab_Content_Filters-Wallace">
+ <title>Wallace</title>
+ <para>
+ Wallace is a Kolab Groupware content filter, enabling Kolab Groupware to interrupt a message flow, perform complex and/or lengthy checks, data collection and processes, possibly altering the contents of the message's content or future flow.
+ </para>
+
+ </formalpara>
+ <para>
+ Homepage: <ulink url="http://www.kolab.org/" />
+ </para>
+
+ </listitem>
+
+ </orderedlist>
+
+ </para>
+ <section id="sect-Architecture_and_Design-Kolab_Content_Filters-The_Wallace_Content_Filter">
+ <title>The Wallace Content Filter</title>
+ <para>
+ The Wallace content filter consists of a master framework, and a number of modules. Modules can be enabled through configuration in <filename>/etc/kolab/kolab.conf</filename>, by adding the name of the module to the comma-separated list of modules in section <literal>[wallace]</literal>, key <literal>modules</literal>.
+ </para>
+ <example id="exam-Architecture_and_Design-The_Wallace_Content_Filter-Example_Configuration_Enabling_Modules_in_Wallace">
+ <title>Example Configuration Enabling Modules in Wallace</title>
+ <para>
+
+<screen>[kolab]
+(...generic kolab settings...)
+
+[wallace]
+modules=conversations,optout
+</screen>
+
+ </para>
+ <para>
+ In this example, the <literal>conversations</literal> and <literal>optout</literal> modules are enabled.
+ </para>
+
+ </example>
+ <para>
+ For a list of modules available, please refer to <xref linkend="sect-Architecture_and_Design-The_Wallace_Content_Filter-List_of_Wallace_Modules" />.
+ </para>
+ <para>
+ Wallace is a multi-process, multi-threaded daemon. It runs a minimum of two processes:
+ </para>
+ <para>
+ <orderedlist>
+ <listitem>
+ <para>
+ The first process accepts new messages and puts them in the 'incoming' queue.
+ </para>
+ <para>
+ When this process starts, before this process accepts any new messages, it finds all messages inside the spool that are not already deferred (have not been deferred before), and executes the function(s) closest to the message's last known state.
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ The second process picks up any messages in 'deferred' queues.
+ </para>
+
+ </listitem>
+
+ </orderedlist>
+
+ </para>
+ <para>
+ Wallace uses threading to allow a continuous stream of messages to be processed in parallel (rather then sequential). Each incoming message is written out to the main incoming queue, and subsequently dispatched for processing to such a thread.
+ </para>
+ <para>
+ Wallace uses thread throttling to prevent the application from overloading the system or any other systems and/or services the enabled modules need to consult in order to perform its job(s). The default maximum number of threads Wallace processes will spawn for each of the processes it runs is 25.
+ </para>
+ <note>
+ <para>
+ The maximum number of threads per process is currently not configurable.
+ </para>
+
+ </note>
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-Message_Flow_and_Processing_in_Wallace">
+ <title>Message Flow and Processing in Wallace</title>
+ <para>
+ A message delivered to Wallace is written to a master thread spool file in <filename>/var/spool/pykolab/wallace/</filename>. The use of tempfile.mktemp() ensures that the file created is unique.
+ </para>
+ <note>
+ <para>
+ The base path used for the spool directories is currently not configurable.
+ </para>
+
+ </note>
+ <para>
+ For each incoming message successfully spooled to disk, Wallace creates a thread for processing. This thread is started right-away, in order to allow the master thread to continue to accept new incoming messages.
+ </para>
+ <para>
+ The processing thread (the thread created by the master thread in order to process an incoming message) only actually starts processing the message if the total number of threads is below the set threshold.
+ </para>
+ <para>
+ The processing thread, once starting to process the message, iterates over the list of modules configured.
+ </para>
+ <para>
+ Each module's execute function is called with the full path to the message file as a parameter, and is to return either of;
+ </para>
+ <para>
+ <orderedlist>
+ <listitem>
+ <para>
+ A tuple containing the following:
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ (string) the module that was processing the file,
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ (string) full path to processed message file,
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+ <para>
+ When such tuple is returned, Wallace is to continue processing the message using the next module in the list of modules, if any.
+ </para>
+ <para>
+ If no other modules are listed for further processing, the message is re-injected to the MTA as-is.
+ </para>
+
+ </listitem>
+ <listitem>
+ <para>
+ <literal>None</literal>
+ </para>
+
+ </listitem>
+
+ </orderedlist>
+
+ </para>
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-Module_API_Requirements">
+ <title>Module API Requirements</title>
+ <para>
+ A module requires the following in order to be eligible for execution as a Wallace module;
+ </para>
+ <para>
+ <itemizedlist>
+ <listitem>
+ <para>
+ The module's (main) Python code file must live in the Wallace main directory, and have a filename that starts with <filename>module_</filename>, contains the module name, and ends with <filename>.py</filename>.
+ </para>
+ <example id="exam-Architecture_and_Design-Module_API_Requirements-Example_Wallace_Module_Python_Code_File_Location">
+ <title>Example Wallace Module Python Code File Location</title>
+ <para>
+ An example location for a module named <literal>optout</literal> would be:
+ </para>
+ <para>
+ <filename>/usr/lib/python2.7/site-packages/wallace/module_optout.py</filename>
+ </para>
+
+ </example>
+
+ </listitem>
+ <listitem>
+ <para>
+ The module file MUST contain a function <literal>init(*args, **kw)</literal>.
+ </para>
+ <para>
+ The <literal>init()</literal> function MUST call <literal>modules.register(<replaceable>module_name</replaceable>, <replaceable>execute_function</replaceable>[, <replaceable>description</replaceable>])</literal>, where <replaceable>module_name</replaceable> is the module name, and <replaceable>execute_function</replaceable> is the pointer to the function to execute when Wallace is to execute the module.
+ </para>
+ <example id="exam-Architecture_and_Design-Module_API_Requirements-init_function_for_module_optout">
+ <title><literal>init()</literal> function for module <literal>optout</literal></title>
+ <para>
+
+<screen language="Python">def __init__():
+ if not os.path.isdir(mybasepath):
+ os.makedirs(mybasepath)
+
+ modules.register('optout', execute, description=description())
+
+def description():
+ return """Consult the opt-out service."""
+
+def execute(*args, **kw):
+ (...abbreviated for clarity...)
+ pass</screen>
+
+ </para>
+
+ </example>
+
+ </listitem>
+ <listitem>
+ <para>
+ The module file MUST contain a function to execute, separate from the <literal>init</literal> function. We strongly recommend calling this function <literal>execute</literal> to avoid confusion.
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-Wallace_Module_Interfaces">
+ <title>Wallace Module Interfaces</title>
+ <para>
+ In a module's <emphasis>execute</emphasis> function, callbacks may be placed to indicate the message's processing has reached a certain state.
+ </para>
+ <para>
+ The following callbacks are available;
+ </para>
+ <para>
+ <itemizedlist id="item-Architecture_and_Design-Wallace_Module_Interfaces-Available_Wallace_Module_Callbacks">
+ <title>Available Wallace Module Callbacks</title>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_ACCEPTmodule_filepathfinalFalse">
+ <title><literal>cb_action_ACCEPT(<replaceable>module</replaceable>, <replaceable>filepath</replaceable>[,final=False])</literal></title>
+ <para>
+ Modules place a callback to this function to indicate they are accepting the message.
+ </para>
+
+ </formalpara>
+ <para>
+ The required parameter <emphasis>module</emphasis> is to contain the name of the module placing the callback. This allows hooks from other modules to be executed conditionally.
+ </para>
+ <para>
+ The required parameter <replaceable>filepath</replaceable> is a string containing the full path to the <!-- ((modified) copy of the original) // --> message to be accepted.
+ </para>
+ <para>
+ The optional parameter <emphasis>final</emphasis> is a boolean indicating the module's result is a final result or not. If the result is final (final == True), this callback function is to re-inject the message into the MTA for final delivery, and discard the message file. If the result is not final (final == False, the default), Wallace is to continue iterating the modules configured.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_DEFERmodulefilepath">
+ <title><literal>cb_action_DEFER(module,filepath)</literal></title>
+ <para>
+ Modules place a callback to this function when a module could not successfully execute (a part of) its tasks.
+ </para>
+
+ </formalpara>
+ <para>
+ A callback to this function is always considered final.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_DISCARDmodulefilepath">
+ <title><literal>cb_action_DISCARD(module,filepath)</literal></title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+ <para>
+ A callback to this function is always considered final.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_DUNNOmodulefilepath">
+ <title><literal>cb_action_DUNNO(module,filepath)</literal></title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+ <para>
+ A callback to this function is never considered final.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_HOLDmodulefilepath">
+ <title><literal>cb_action_HOLD(module,filepath)</literal></title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+ <para>
+ A callback to this function is never considered final. Wallace will stop processing the message when this callback function is called, though, pending review. Review procedures could include inserting the message back into either of the configured modules, or accepting, rejecting or discarding (parts of) the message.
+ </para>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Available_Wallace_Module_Callbacks-cb_action_REJECTmodulefilepath">
+ <title><literal>cb_action_REJECT(module,filepath)</literal></title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+ <para>
+ A callback to this function is always considered final. A non-delivery report will be sent back to the original envelope sender as a result of placing a callback to this function, and the message will be discarded.
+ </para>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-List_of_Wallace_Modules">
+ <title>List of Wallace Modules</title>
+ <para>
+ <itemizedlist id="item-Architecture_and_Design-List_of_Wallace_Modules-Modules_for_Wallace">
+ <title>Modules for Wallace</title>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-bcc">
+ <title>bcc</title>
+ <para>
+ This module allows the execution of advanced, complex rules in order to determine whether a blind carbon copy (BCC) of the original message being processed needs to be sent to an alternate location, in addition to the originally intended recipient addresses.
+ </para>
+
+ </formalpara>
+ <para>
+ The module allows Wallace to conditionally send blind carbon copies based on any content, including headers, body contents and attachments, and do to so by attaching the original message to a new message, or otherwise.
+ </para>
+ <para>
+ Additionally, the module provides hooks for other modules and hooks to be executed on action callbacks to again trigger sending a blind carbon copy conditional to the internal decisions and/or outcome of other modules.
+ </para>
+ <note>
+ <para>
+ Please note that Postfix allows for lookup tables that can send a copy of a message to an additional recipient address as well. This is the preferred method to send blind carbon copies to additional recipient addresses.
+ </para>
+
+ </note>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-conversations">
+ <title>conversations</title>
+ <para>
+ Organizations that consider electronic communications through Kolab Groupware subject to anti-spam laws and/or regulations, and/or want to prevent consumers from receiving electronic communications unless the conversation had been started by said consumer, could choose to enable the conversations module in order to allow messages sent from Kolab Groupware users to consumers (external recipient email addresses), which are part of a conversation initiated by said consumer.
+ </para>
+
+ </formalpara>
+ <para>
+ This module also provides hooks that other modules can use to query for existing conversations.
+ </para>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <!--
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-correctsentdate">
+ <title>correctsentdate</title>
+ <para>
+ para
+ </para>
+
+ </formalpara>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+// --> <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-dlp">
+ <title>dlp</title>
+ <para>
+ Short for Data-Loss Prevention, this module enables Wallace to consult external, 3rd party applications, that perform checks on the contents of the message, including any attachments.
+ </para>
+
+ </formalpara>
+ <para>
+ Data-loss Prevention, in itself an ambiguous term that has little to do with loss of data, is generally applied to prevent users from leaking information that is considered private, confidential and/or proprietary. It is generally considered a protection mechanism to prevent intellectual property (copyrighted, trademarked and/or patented materials) from falling into the hands of people unauthorized to obtain such information.
+ </para>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-footer">
+ <title>footer</title>
+ <para>
+ This module enables Kolab Groupware to insert a footer to a message.
+ </para>
+
+ </formalpara>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-googletranslate">
+ <title>googletranslate</title>
+ <para>
+ This module enables Kolab Groupware to translate the body of a message to another language, using the Google Translate API.
+ </para>
+
+ </formalpara>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-freebusy">
+ <title>freebusy</title>
+ <para>
+ The Free/Busy module can take iTip invitations, and RSVP automatically, based on a per-user policy.
+ </para>
+
+ </formalpara>
+ <para>
+ Additionally, this module allows for delegation, by copying in additional recipients of the iTip invitation.
+ </para>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-optout">
+ <title>optout</title>
+ <para>
+ Organizations that have external, 3rd party mass-mailing programs for commercial, promotional and/or marketing purposes, often allow consumers to 'opt-out' of such communications. This module allows Wallace to check a service that can consult these databases ("optout consult service", or OCS), apply business logic, and strip off the recipient email addresses that such OCS determines should not be receiving a copy of the original message.
+ </para>
+
+ </formalpara>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-resources">
+ <title>resources</title>
+ <para>
+ When attempting to make reservations for a resource, such as a conference room, this module performs scheduling conflict detection and can automatically take action.
+ </para>
+
+ </formalpara>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+ <listitem>
+ <formalpara id="form-Architecture_and_Design-Modules_for_Wallace-statistics">
+ <title>statistics</title>
+ <para>
+ For accounting purposes, this module can contain a variety of metadata about a message in a database.
+ </para>
+
+ </formalpara>
+ <note>
+ <para>
+ This module is not yet implemented.
+ </para>
+
+ </note>
+
+ </listitem>
+
+ </itemizedlist>
+
+ </para>
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-Configuring_the_Wallace_Content_Filter">
+ <title>Configuring the Wallace Content Filter</title>
+ <para>
+ para
+ </para>
+ <procedure id="proc-Architecture_and_Design-Configuring_the_Wallace_Content_Filter-Adding_Wallace_After_Amavisd">
+ <title>Adding Wallace After Amavisd</title>
+ <step>
+ <para>
+ para
+ </para>
+
+ </step>
+
+ </procedure>
+
+
+ </section>
+
+ <section id="sect-Architecture_and_Design-The_Wallace_Content_Filter-Security_Enhanced_Linux_Considerations">
+ <title>Security Enhanced Linux Considerations</title>
+ <para>
+ Relabel port 10026 (Wallace) and port 10027 (Postfix re-injection).
+ </para>
+
+ </section>
+
+
+ </section>
+
+
+</chapter>
+