MailScanner's SA wants it's Mommy...

Matt Kettler mkettler at EVI-INC.COM
Tue Apr 19 16:54:06 IST 2005 

    [ The following text is in the "ISO-8859-1" character set. ]
    [ Your display is set for the "US-ASCII" character set.  ]
    [ Some characters may be displayed incorrectly. ]

Martin Hepworth wrote:

> Dave
>
> in spam.assassin.prefs.conf make sure AWL is OFF, that should be enough
> to cancel anything. Also make sure that it's off in the user MailScanner
> runs as .spamassassin dir.
>
> use_auto_whitelist      0

I personally would not use spam.assasssin.prefs.conf for this. I would
use /etc/mail/spamassassin/local.cf.

Note: This is in direct contradiction of the recommendations by
MailScanner's stock spam.assassin.prefs.conf. However, let me explain my
rationale.

use_auto_whitelist is classified as an administrator setting by
spamassassin, along with several other settings.

No matter what your settings are, spamassassin is not supposed to honor
administrator settings in a user preferences file.

Since spam.assassin.prefs.conf is supposed to be user preference file,
any administrator settings do not belong here. If you look in
MailScanner's SA.pm it's being passed to userprefs_filename in the
Mail::SpamAssassin object. That's very much intended by the SpamAssassin
code to be an unprivileged file.

The way MailScanner invokes SA, it winds up honoring administrator
settings in this file, but IMO, that's a bug in SpamAssassin. These
options should not be working.

Technically speaking, bayes_path, bayes_file_mode, and many other
options that are in the standard distribution's spam.assassin.prefs.conf
should be refused here as well. They seem to work, but IMO it's
depending on a bug in SpamAssassin's security.

Files which are entered by untrusted users from the perspective of the
SpamAssassin code should not be able to set file paths, permissions,
executable paths, etc because they can be used to muck up the server.
bayes_file_mode could be used by an unprivileged user in a conventional
setup to lock everyone else but root out of a global bayes DB, for example.

------------------------ MailScanner list ------------------------
To unsubscribe, email jiscmail at jiscmail.ac.uk with the words:
'leave mailscanner' in the body of the email.
Before posting, read the Wiki (http://wiki.mailscanner.info/) and
the archives (http://www.jiscmail.ac.uk/lists/mailscanner.html).

Support MailScanner development - buy the book off the website!

More information about the MailScanner mailing list