Re: [SAtalk] spamd authenticating spamc's uid

Thu, 14 Nov 2002 10:48:34 -0800 

On Thu, Nov 14, 2002 at 12:04:00PM -0600, Michael Weber wrote:
> Um...  Am I missing something here?
> 
> I have spamc and spamd running on the same box.  Spamd only listens to
> 127.0.0.1.
> 
> Why do we need to authenticate the user of spamc at all?

You may not need to.  Many people do not.  If you don't, then you have
no use for this.

> Are we worried about a remote user running spamc on their box and
> forging mail through ours?

That is one concern, although we (like you) only accept connections
from localhost.

> A local user forging something through our box?

That is the case for us.  In our setup, procmail runs as each user on
the mail server.  We allow anyone to run whatever they want out of
procmail (but physically beat them if they run something really
heavy).  Someone could run spamc with the -u option from their
.procmailrc, or they could compile their own modified spamc and run it
from their home directory (via procmail).

> If we use localhost, packet sniffing is impossible, right?

If someone's sniffing your localhost traffic, it's too late :)

> I'm sorry if I'm being stupid, but the light bulb hasn't turned on for
> me yet.

I hope this helps.  I want to reiterate: Most people probably aren't
interested in this ability.  In our case, we want user configs, user
AWL, and to allow users to invoke spamc directly.  That means that
without some sort of authentication, they can do bad things to each
other.  Not REALLY bad things, but clear violations that can get
annoying.  A few lines of code (maybe 30) allows me to prevent it.
The load increase is acceptable.  Easy call.

                                        -Michael
-- 
  Michael Stenner                       Office Phone: 919-660-2513
  Duke University, Dept. of Physics       [EMAIL PROTECTED]
  Box 90305, Durham N.C. 27708-0305


-------------------------------------------------------
This sf.net email is sponsored by: To learn the basics of securing 
your web site with SSL, click here to get a FREE TRIAL of a Thawte 
Server Certificate: http://www.gothawte.com/rd524.html
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to