OK, is there a tutorial so the ISP can enable user_rules without opening the
security hole mentioned in the below?

Greetings,  I'm sorry, but upon further review of this we cannot turn on
user_prefs.  From
http://www.cts.wustl.edu/cts/help/Mail_SpamAssassin_Conf.html
allow_user_rules { 0 | 1 } (default: 0)  This setting allows users to create
rules (and only rules) in their user_prefs files for use with spamd. It
defaults to off, because this could be a severe security hole. It may be
possible for users to gain root level access if spamd is run as root. It is
NOT a good idea, unless you have some other way of ensuring that users'
tests are safe. Don't use this unless you are certain you know what you are
doing.   As you can see, its a security hole.

-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]
Sent: Tuesday, December 10, 2002 3:25 AM
To: Victor O'Rear
Cc: [EMAIL PROTECTED]
Subject: Re: [SAtalk] Restoring user_prefs functionality to spamd


Victor O'Rear said:
> Spamd, by default, ignores user/.spamassassin/user_prefs, for "security"
and
> performance reasons.
>
> How can I restore user_prefs functionality? (Besides not using spamd?)

allow_user_rules 1

--j.






-------------------------------------------------------
This sf.net email is sponsored by:
With Great Power, Comes Great Responsibility 
Learn to use your power at OSDN's High Performance Computing Channel
http://hpc.devchannel.org/
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk

Reply via email to