I've started writing a PHP alternative to the existing dspamCC web interface. My primary objectives are to fix some things that annoy me personally about the existing one (the very slow loading/processing of large quarantine boxes, and the inability to sort/filter on history page, being the main ones). I know PHP far better than Perl otherwise I'd just modify the existing one, but having looked at the Perl code I think I'm better starting from scratch.
What I wanted advice on is some strategy decisions I'm taking early on. Firstly: From a security point of view I'm writing a helper PHP script (not located under document root) which manipulates files as the dspam user. I'm using sudo and the sudoers file to control access to it. What's the general consensus on that method? I prefer it as it means all of the scripts processed through Apache still have no direct access to any of dspam's files, but I'm not a security expert. Secondly: I've written code to index the quarantine box, generating a user.mbox.index file in the dspam data directory alongside the user.mbox file. This (after the initial index build) does seem to speed the loading of the quarantine page significantly. Maybe I'm the only one who has users only check their quarantine when it reached 20k messages though. Anyway, can anyone see problems with this approach? Thirdly: When it comes to removing messages from the quarantine, do I have to take into account anything other than my own code? I assume dspam itself only ever appends mails to the quarantine mailbox, so beyond that what I do with it is up to me? Eg: I could mark messages for deletion in the index (rather than remove them from the .mbox file) and process them later, but would that cause problems for anything else? Finally: Are there any general thoughts on this project? Any demand from other users, willing helpers/testers, etc? At this point I can't make any promises as to how much time I'm going to be able to put in to it, so I don't want to get false hopes up, but I'm still interested to gauge interest. -- Mark Rogers // More Solutions Ltd (Peterborough Office) // 0845 45 89 555 Registered in England (0456 0902) at 13 Clarke Rd, Milton Keynes, MK1 1LG
