On Fri, 18 Jul 2008, Hywel Richards wrote:
I've just set up a new mailserver using Centos5.2 (sendmail+clamav-milter+spamass-milter).
I'm using the spamass-milter package from rpmforge (spamass-milter-0.3.1-1.el5.rf).
I notice that the default setup is to run it as root. I set up my previous mailserver on Centos4, and I can't remember if I did anything special, but on that machine it runs as user "sa-milt".
Is it safe/recommended to run spamass-milter as root? Does it in fact shed the root privileges or something like that when it actually does some processing anyway? Are there good reasons why I should leave it run as root (besides it being the least effort option)? I found a few discussions on this topic on the web but I have ended up confused and would appreciate some advice.
The milter has to pass the "-c username" option to spamc. I'm not sure if SpamAssassin would be able to read per-user configs unless the milter user had permission to launch spamc in setuid mode.
Also, if you use the "-x" option to expand aliases, the milter has to call "sendmail -bv" -- an operation the requires root or TrustedUser privileges.
The ClamAV milter runs as user "clamav," but it doesn't have any setuid code because there are no per-user settings.