[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[vps-mail] Allow User Rules in SA

Subject: [vps-mail] Allow User Rules in SA
From: "Jim Smith" <maillists@xxxxxxxxxxxxxxxx>
Date: Fri, 16 Dec 2005 10:51:30 -0500

I frequently tweak user_prefs files for clients based upon specific needs.
My client who is a mortgage broker wanted to lower the score for mortgage
related emails. My church group wants to increase scores for porn-related
stuff. I recently realized that all of those customized scores no longer
work after upgrading SA. It seems that the latest versions of SA don't
default to that feature, stating that it is a security breach. I can't
imagine using SA without being able to individualize it so I was surprised
to learn of this. Here's what their web site says:

=================
allow_user_rules { 0 | 1 } (default: 0)
    This setting allows users to create rules (and only rules) in their
user_prefs files for use with spamd. It defaults to off, because this could
be a severe security hole. It may be possible for users to gain root level
access if spamd is run as root. It is NOT a good idea, unless you have some
other way of ensuring that users' tests are safe. Don't use this unless you
are certain you know what you are doing. Furthermore, this option causes
spamassassin to recompile all the tests each time it processes a message for
a user with a rule in his/her user_prefs file, which could have a
significant effect on server load. It is not recommended.
=================

My question is whether there is a way to protect my server from users
"gaining root level access" by allowing this. The warning gives a glimmer of
hope when it says not to enable it "unless you have some other way of
ensuring that users' tests are safe". I'm not that skilled in security
issues and am wondering if others might have some suggestions for still
utilizing customized rules without creating a security hole.

Thanks,

Jim Smith

 --------------------------------------------------------
           Jim Smith, Blarneystone, LLC.
  Website Design, Hosting, Development & Enhancement
   E-MAIL:      jimsmith@xxxxxxxxxxxxxxxx
   WEBSITE:     http://www.blarneystone.com
 --------------------------------------------------------

======================================================================
This is <vps-mail@xxxxxxxxxxxx>       <http://www.perlcode.org/lists/>
Before posting a question, please search the archives (see above URL).

Follow-Ups:
- Re: [vps-mail] Allow User Rules in SA
  - From: Scott Wiersdorf

Prev by Date: RE: [vps-mail] iManager Line Breaks for SpamAssassin
Next by Date: Re: [vps-mail] Allow User Rules in SA
Previous by thread: RE: [vps-mail] iManager Line Breaks for SpamAssassin
Next by thread: Re: [vps-mail] Allow User Rules in SA
Index(es):
- Date
- Thread

Main Index | Thread Index