On Wed, Jun 18, 2003 at 06:47:31AM -0700, Robert Menschel wrote: > I'm limited to ~/.spamassassin/user_prefs, and by design in the current > versions I can change rule scores, but I can't add even the simplest of > rules.
Please RTFM:
allow_user_rules { 0 | 1 } (default: 0)
This setting allows users to create rules (and only
rules) in their "user_prefs" files for use with
"spamd". It defaults to off, because this could be a
severe security hole. It may be possible for users to
gain root level access if "spamd" is run as root. It
is NOT a good idea, unless you have some other way of
ensuring that users' tests are safe. Don't use this
unless you are certain you know what you are doing.
Furthermore, this option causes spamassassin to recom-
pile all the tests each time it processes a message
for a user with a rule in his/her "user_prefs" file,
which could have a significant effect on server load.
It is not recommended.
If the people who control your SA install don't want people adding their
own rules, there's nothing we can do about it.
Rules in your user_prefs file works if you're running "spamassassin", fyi.
> There should be a class of rules which are safe enough for people like me
> to add through user_prefs, perhaps those that limit their scope to
> regular expression patterns where wild-card areas (areas where any
> character(s) match) are limited to 5 or fewer characters?
The main issue actually is REs that execute external programs in addition
to the DoS style REs. Finding the DoS REs is outside the scope of SA.
(if you're thinking "just look for .* and .+ ...", remember TMTOWTDI...)
--
Randomly Generated Tagline:
"I'd rather see my sister in a whorehouse than my brother using windows."
- Sam Creasey
pgp00000.pgp
Description: PGP signature
