[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [vps-mail] Allow User Rules in SA

Subject: RE: [vps-mail] Allow User Rules in SA
From: "Jim Smith" <maillists@xxxxxxxxxxxxxxxx>
Date: Fri, 16 Dec 2005 12:29:02 -0500

Scott,
> If you trust your users, I'd go ahead and
> enable it so they can do what they need to.

I don't think any user on my server is malicious or not to be trusted but
just last week I discovered a user who was still using "password" as their
password <yikes!>. So I'm less worried about my users being malicious as
them being overly trusting or naïve. Since I have many clients sharing a
server I wonder if there is a way to set this as a rule for some select
users and not others. If I can enable it for 3-4 users with specific needs,
that would reduce the exposure.

Regarding the Procmail rule that covers all of SA porn rules, that would be
a very extensive recipe and outside of my capabilities. When I get over a
dozen items in a Procmail recipe, my chances of messing up with my limited
knowledge of regex is exponential. If feasible, I'll take the easy way out
by rescoring spamassassin rules <grin>.

Thanks,

Jim Smith

> -----Original Message-----
> From: owner-vps-mail@xxxxxxxxxxxx 
> [mailto:owner-vps-mail@xxxxxxxxxxxx] On Behalf Of Scott Wiersdorf
> Sent: Friday, December 16, 2005 11:05 AM
> To: vps-mail@xxxxxxxxxxxx
> Subject: Re: [vps-mail] Allow User Rules in SA
> 
> On Fri, Dec 16, 2005 at 10:51:30AM -0500, Jim Smith wrote:
> > 
> > My question is whether there is a way to protect my server 
> from users
> > "gaining root level access" by allowing this. The warning 
> gives a glimmer of
> > hope when it says not to enable it "unless you have some 
> other way of
> > ensuring that users' tests are safe". I'm not that skilled 
> in security
> > issues and am wondering if others might have some 
> suggestions for still
> > utilizing customized rules without creating a security hole.
> 
> Getting root would have to be a deliberate attempt by a user. I.e., it
> won't happen by accident. If you trust your users, I'd go ahead and
> enable it so they can do what they need to.
> 
> A safer alternative would be to put the same specific patterns (e.g.,
> mortgage ok, porn not ok) that they'd put in the spamassassin rules
> and make a procmail rule out of it (this list can help with that). No
> security compromises that way, and it runs much faster and more
> efficiently than spamassassin (i.e., ham and spam will be identified
> earlier and less expensively).
> 
> Scott
> -- 
> Scott Wiersdorf
> scottw@xxxxxxxxxxxx
> ======================================================================
> This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
> Before posting a question, please search the archives (see above URL).
> 

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

References:
- Re: [vps-mail] Allow User Rules in SA
  - From: Scott Wiersdorf

Prev by Date: Re: [vps-mail] Allow User Rules in SA
Previous by thread: Re: [vps-mail] Allow User Rules in SA
Index(es):
- Date
- Thread

Main Index | Thread Index