http://bugzilla.spamassassin.org/show_bug.cgi?id=4546
------- Additional Comments From [EMAIL PROTECTED] 2005-08-19 14:09 ------- Client/server user authentication is difficult, or at least it will take a lot of thought and work to get right. Unless someone comes up with some standard way of doing it that can be just dropped in to our code, it isn't something to add for the 3.1 time frame. auth-ident is not meant to be a security measure except under specialised circumstances. We could think about whether adding the ability to use client side SSL certificates would make it possible to configure spamc/spamd with secure user authentication without much change to the code, but I think even that small change is too much for 3.1 and is not a sufficiently complete solution. On the other hand, as Duncan points out in the bug description, we have ended up with something that has a vulnerability in any configuration that allows untrusted people to have personal Bayes databases. I don't see why the problem is any different with SQL vs DBM, as in both anyone can call spamc -L with any -u argument that they want. If we only document this, we would have to say that spamd can be used with individual Bayes databases only in configurations in which identd authentication can be trusted, or in which something like a VPN or ssh tunnel is used along with accepting connections only from localhost. That seems to me to be too restrictive. I agree with Duncan that adding a spamd command line option that disables spamc -L, plus adding documentation, is a sufficient step to take that is simple enough to add in for the 3.1 ship. That would allow a sysadmin to run spamd on a server, maintain individual Bayes databases for users, not have to count on --auth-ident, and set up something ad hoc for users to train on errors such as special IMAP folders or special email address to forward mistakes to. We can then open an enhancement bugzilla ticket to consider how to get secure spamc/spamd user authentication for 3.2. ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee.
