On Fri, 11 Apr 2014, [email protected] wrote:
On 04/08, John Hardin wrote:
I think allow_user_rules needs to go into the system local.cf. If
the user can put it into their own private config file it offers no
security.
That makes some sense, but didn't help.
$ tail -n 1 /etc/spamassassin/local.cf
allow_user_rules 1
$ tail -n 1 spamassassin/user_prefs
rawbody FOUR_BLANK_LINES /\r?\n\r?\n\r?\n\r?\n/ms
$ grep -c FOUR_BLANK_LINES freqs
0
A piece of advice: put the rules into a sandbox .cf script instead.
You don't need to check it in, and compiling SA prior to the
masscheck will incorporate them into the rules.
I guess I should try that. Just create a new directory under
rulesrc/sandbox, and put a file containing the rule in it?
I think that's all. A quick scan of the code doesn't indicate it's looking
for only a specific list of user dirs under sandbox.
--
John Hardin KA7OHZ http://www.impsec.org/~jhardin/
[email protected] FALaholic #11174 pgpk -a [email protected]
key: 0xB8732E79 -- 2D8C 34F4 6411 F507 136C AF76 D822 E6E6 B873 2E79
-----------------------------------------------------------------------
USMC Rules of Gunfighting #20: The faster you finish the fight,
the less shot you will get.
-----------------------------------------------------------------------
2 days until Thomas Jefferson's 271st Birthday
