-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello Theo,
Wednesday, June 18, 2003, 7:03:30 AM, you wrote:
RM>> I'm limited to ~/.spamassassin/user_prefs, and by design in the
RM>> current versions I can change rule scores, but I can't add even the
RM>> simplest of rules.
TVD> Please RTFM:
TVD> allow_user_rules { 0 | 1 } (default: 0)
I have. Several times. Which is why I confirm above that this is by
design.
TVD> If the people who control your SA install don't want people adding
TVD> their own rules, there's nothing we can do about it.
And as I said, with the current design in place, even *I* don't want the
joker in the next domain over adding their own rules. I have no problem
with my host's policy here.
TVD> Rules in your user_prefs file works if you're running
TVD> "spamassassin", fyi.
This is not a practical solution on the server at this time.
RM>> There should be a class of rules which are safe enough for people
RM>> like me to add through user_prefs, perhaps those that limit their
RM>> scope to regular expression patterns where wild-card areas (areas
RM>> where any character(s) match) are limited to 5 or fewer characters?
TVD> The main issue actually is REs that execute external programs in
TVD> addition to the DoS style REs. Finding the DoS REs is outside the
TVD> scope of SA. (if you're thinking "just look for .* and .+ ...",
TVD> remember TMTOWTDI...)
OK, if the problem is with DoS style REs, and/or other REs that execute
external programs, perhaps SA can specify a limited subset of RE syntax
which is valid within user_prefs for people in my situation?
The goal would be to create a functionality which a) avoids the dangers
of REs that you mention, b) avoids the performance dangers of runaway
scans, and c) provides some rules capability to those who can manage only
their own user_prefs file.
If you know the types of things which could invoke the dangers of (a) or
(b) above, it shouldn't be too difficult to test each rule with regular
expressions that remove dangerous rules or that only allow safe rules. If
you can provide that limitation, then we can provide the functionality to
people like me.
This is obviously not an easy item -- I wouldn't expect to see it in 2.61
for instance. But would very much like to see the ability to allow
end-users to specify safe rules in user_prefs in a 3.0 or 3.5 if it's in
any way, shape, or form possible (and it doesn't need to be through
regular expressions -- I'd settle for a fixed expression matching
capability like in fgrep right now).
Bob Menschel
-----BEGIN PGP SIGNATURE-----
Version: PGP 8.0
iQA/AwUBPvEWepebK8E4qh1HEQLG8gCfc9eop34Vd/+ZjEoZoj0xdCAMqpUAnAzu
wkZn86tN33asGJ0pThrhCTB0
=8YB+
-----END PGP SIGNATURE-----
-------------------------------------------------------
This SF.Net email is sponsored by: INetU
Attention Web Developers & Consultants: Become An INetU Hosting Partner.
Refer Dedicated Servers. We Manage Them. You Get 10% Monthly Commission!
INetU Dedicated Managed Hosting http://www.inetu.net/partner/index.php
_______________________________________________
Spamassassin-talk mailing list
[EMAIL PROTECTED]
https://lists.sourceforge.net/lists/listinfo/spamassassin-talk
