I've noticed recently some behavoiur which in my opinion is insecure in multiclient configuration. It is connected with email configuration and spamfiltering. There is a limit in spamfilter policy creation only to admin users , so every spamfilter policy is accessible serverwide. Main problem is that when we create policy for specific client which fits his needs, this policy can be used by other client or mailuser without any knowledge about configuration. For example we have client which use policy to forward spam mails to specific spam mail account so there is a risk that somebody use this policy to send his spam there or some important mails by mistake. During investigation I found some workaround to limit access to spamfilter policies for other clients by removing read permissions from that policy and changing group permission to groupid of required client. However it's not working with mailuser panel where logged on user can set any existed spamfilter policy. Is there a chance to make it possible to manage spamfilters more secure ? It will be great to find some additional options for setting owner of spamfilter. Thank you,
That's right, all spam filter policies are intended to be accessible server wide. ISPConfig does not support client specific policies. If you like to get client specific plólicys as new feature in a future version, then please make a feature request in the bug tracker.
Thanks , I will make a request. I was surprised that user right check for spamfilters is not connected with client/domain right check. Meanwhile I changed "if statement" in function OnAfterUpdate to limit user settings to predefined policies only.
