> > I should probably add that I personally don't do per-user config because > of the enlarged attack surface it presents and small marginal value, but > that's guided by local details. I work with systems owned by others > where other choices were made for very sound reasons and they have not > had security problems with it, in many years of operations. What you > choose to do should be based on what YOU want. >
I have a setup where I globally mark spam and users have the option to 'unmark' messages from senders. So every user has a little db with white listed email addresses. This could be a nice step before going full per-user config.
