One possibility is to use SqWebMail (Courier's WebMail). But it'd be a
pain to offer user's two webmail systems and then have to explain the
difference between the two. We use Squirrelmail also. The server side
filter plugin like you said can only use ftp or directly modify the
mailfilter file itself (which is a problem when it runs as the Apache user
but .mailfilter needs to be owned by the user with 0600 permissions). I
got around this by having the server side filter edit a mailfilter stored
in a seperate directory (like /var/maildir/filters/user.filter) then call
a sudo script that copies the new filter into the user's home directory
and set's the proper user permissions on the filter file. To do this I
modified serversidefilter/backend.php and after:
$newfile = "$path/$FILTERFILE";
copy($file, $newfile);
added:
exec('sudo /sbin/mfilter-install ' . strtoupper($username));
/sbin/mfilter-install looks like:
#!/bin/bash
rm -rf /var/maildir/$1/.mailfilter
cp /var/maildir/filters/$1.filter /var/maildir/$1/.mailfilter
chmod 600 /var/maildir/$1/.mailfilter
chown -R vmail.vmail /var/maildir/$1/.mailfilter
This effectively copies the file to the user's homedirectory and set's the
correct permissions. I believe this to be fairly secure since sudo is
only calling a script that moves a single file, but I'm far from a
security expert. You'd need to modify how this works if you're using
local user's (we're using LDAP) but the theory should work. The other
possiblity would be getting your hands on the 1.4 beta of serversidefilter
plugin. I believe it was posted to the squirrelmail-devel list a few
weeks back. The 1.4 version will include a secure SUID binary that will
perform the filter installation with the proper rights.
Jay
~~~~~~~~~~~~~~~~~~~~~~~~~
Jay Lee
Network / Systems Administrator
Information Technology Dept.
Philadelphia Biblical University
Langhorne, PA
~~~~~~~~~~~~~~~~~~~~~~~~~~
Shaun T. Erickson said:
> How do you folks allow virtual users to update their .mailfilter files?
> I run Squirrelmail, which has a plugin available to do it, but it
> requires ftp. I only allow secure connections to my server (sftp and
> scp), by shell account users.
>
> Suggestions? How do you do it?
>
> -ste
>
>
> -------------------------------------------------------
> This SF.Net email is sponsored by: IBM Linux Tutorials
> Free Linux tutorial presented by Daniel Robbins, President and CEO of
> GenToo technologies. Learn everything from fundamentals to system
> administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
> _______________________________________________
> courier-users mailing list
> [EMAIL PROTECTED]
> Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
>
-------------------------------------------------------
This SF.Net email is sponsored by: IBM Linux Tutorials
Free Linux tutorial presented by Daniel Robbins, President and CEO of
GenToo technologies. Learn everything from fundamentals to system
administration.http://ads.osdn.com/?ad_id=1470&alloc_id=3638&op=click
_______________________________________________
courier-users mailing list
[EMAIL PROTECTED]
Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
