-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Hello,
I've been using spamassassin on my personal machine for a while now, and
am now trying to get it set up on a server with more than one user.
The way things are set up, postfix is running on the same machine that
we let users log in to.
By my reading of [1], there's basically no "secure" way to do this and
still let users customize their user_prefs files.
So, some questions:
* How bad is it, exactly, to run in one of the "insecure" modes? Is the
insecurity limited to one user being able to read another's spamassassin
prefs? Frankly, this doesn't seem like the end of the world to me -- am
I missing something?
* Is there some way which I'm missing to secure spamd, given that our
users can log in to the machine on which it is running? We don't have
a machine to spare.
Apologies if answers to these questions are already somewhere on the
net. I couldn't find anything very useful, so if it's out there, I'd
appreciate a pointer.
Many thanks for any help,
mike
[1] http://spamassassin.taint.org/full/2.6x/dist/spamd/README.spamd
- --
mike castleman, m@mlcastle.net, http://mlcastle.net/
$ make install not war
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAKg1brbXc6n5AevkRAtnFAJ9BZN1nsyqGmJco0gn7yvgvqqMmSgCdEP54
4f/xNiGANDRKfJZkr8oHyDk=
=Mgfa
-----END PGP SIGNATURE-----
Hash: SHA1
Hello,
I've been using spamassassin on my personal machine for a while now, and
am now trying to get it set up on a server with more than one user.
The way things are set up, postfix is running on the same machine that
we let users log in to.
By my reading of [1], there's basically no "secure" way to do this and
still let users customize their user_prefs files.
So, some questions:
* How bad is it, exactly, to run in one of the "insecure" modes? Is the
insecurity limited to one user being able to read another's spamassassin
prefs? Frankly, this doesn't seem like the end of the world to me -- am
I missing something?
* Is there some way which I'm missing to secure spamd, given that our
users can log in to the machine on which it is running? We don't have
a machine to spare.
Apologies if answers to these questions are already somewhere on the
net. I couldn't find anything very useful, so if it's out there, I'd
appreciate a pointer.
Many thanks for any help,
mike
[1] http://spamassassin.taint.org/full/2.6x/dist/spamd/README.spamd
- --
mike castleman, m@mlcastle.net, http://mlcastle.net/
$ make install not war
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (GNU/Linux)
iD8DBQFAKg1brbXc6n5AevkRAtnFAJ9BZN1nsyqGmJco0gn7yvgvqqMmSgCdEP54
4f/xNiGANDRKfJZkr8oHyDk=
=Mgfa
-----END PGP SIGNATURE-----