> :0
> * ^Subject: user_prefs update
> * !^X-Loop: ${USER}@domain.com
> * !^FROM_DAEMON
> {
> :0bc:
> | mv -f $USERPREFS $USERPREFS.old && cat - > $USERPREFS
>
> :0fhW
> | formail -I "Subject: user_prefs retrieve"
> }
Just to point out the blatantly obvious to most, nobody should use
this system-wide without changing the lines to include some simple
rudimentary per-user password... unless you want one user to be
able to cause another user's mail to be junked (at best... if you're
not using spamd, then a custom rule can be defined in a user prefs
turning this into a potential remote access hole[1]).
David.
[1] Try this rule and observe:
full BLAH eval:File::Copy::copy("print","error")
describe BLAH blah
score BLAH -1
..it doesn't work, but it calls code in File::Copy before failing
(the problem is that this calls:
File::Copy::copy($self, (message ref), "print", "error")
so to actually prove this as a problem, you'd need a function where
that can be dangerous with the first two arguments as given)
a second evil thing that could be done is putting a database under
your control in the config file and watching what gets logged in it
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
