We're doing google apps for education, and using split mail delivery. Google's mail servers regularly have false positives for spam, in which case internal users don't ever see the message, as it never gets forwarded out of gmail. If I turn it off, google forwards all spam to the UTM, and tags it with an x-gm-spam header, but Without being able to filter on this header, the UTM delivers it as "good" mail.
Since eDir SSO is so broken (eDir's fault) this is still on the top of my needs list. Any chance this will ever happen?
I'd like to add to this: Currently if a SSO method is selected, (I use eDir) and the user isn't found to be signed in, the backend eDir auth still functions but it prompts for user login via basic http auth. I'm not sure if AD SSO works the same, as I think the SSO operates differently. I would like to configure that to use the transparent portal auth, or even to fail, instead of defautling basic http.
In the 8.2 betas, there is a authentication client, in which you select transparent proxy, with agent authentication. If that fails (e.g. the client crashes on the pc, or it's a non-windows machine), then authentication fails with no chance to manually authenticate (even via basic http). I would like to see a configuration for a backup auth method in this case, so that if the first option fails (client in this case) we can still use a backend auth method to manually authenticate.
I'm not sure how this got categorized in Mail Security, but it should be in Web Security.