I've just set up a new mailserver using Centos5.2 (sendmail+clamav-milter+spamass-milter).
I'm using the spamass-milter package from rpmforge (spamass-milter-0.3.1-1.el5.rf).
I notice that the default setup is to run it as root. I set up my previous mailserver on Centos4, and I can't remember if I did anything special, but on that machine it runs as user "sa-milt".
Is it safe/recommended to run spamass-milter as root? Does it in fact shed the root privileges or something like that when it actually does some processing anyway? Are there good reasons why I should leave it run as root (besides it being the least effort option)? I found a few discussions on this topic on the web but I have ended up confused and would appreciate some advice.
Ideally I would like a link to a webpage entitled "How I learnt to stop worrying and run spamass-milter as root".
Also, a related question: is it worth installing pyzor, or will spamassassin on its own be enough? I ask because pyzor doesn't seem to be in any of the main repositories.
Thanks in advance, Hywel.
On Fri, 18 Jul 2008, Hywel Richards wrote:
I've just set up a new mailserver using Centos5.2 (sendmail+clamav-milter+spamass-milter).
I'm using the spamass-milter package from rpmforge (spamass-milter-0.3.1-1.el5.rf).
I notice that the default setup is to run it as root. I set up my previous mailserver on Centos4, and I can't remember if I did anything special, but on that machine it runs as user "sa-milt".
Is it safe/recommended to run spamass-milter as root? Does it in fact shed the root privileges or something like that when it actually does some processing anyway? Are there good reasons why I should leave it run as root (besides it being the least effort option)? I found a few discussions on this topic on the web but I have ended up confused and would appreciate some advice.
The milter has to pass the "-c username" option to spamc. I'm not sure if SpamAssassin would be able to read per-user configs unless the milter user had permission to launch spamc in setuid mode.
Also, if you use the "-x" option to expand aliases, the milter has to call "sendmail -bv" -- an operation the requires root or TrustedUser privileges.
The ClamAV milter runs as user "clamav," but it doesn't have any setuid code because there are no per-user settings.
Ideally I would like a link to a webpage entitled "How I learnt to stop worrying and run spamass-milter as root".
We've got a few boxen running spamd as non-privileged user, but spamassassin milter runs as root with no problems.
On the flip-side to your query, I haven't found anything that states spamass milter shouldn't be run as root.
Also, a related question: is it worth installing pyzor, or will spamassassin on its own be enough? I ask because pyzor doesn't seem to be in any of the main repositories.
Don't know about Pyzor specifically, but we use Vipal's Razor with success. Our situation is that we're an ISP, so we like the extra checking to be as absolutely sure as possible that we're only rejecting real spam. of course a few spams still trickle through but we haven't had a single false positive.
First, many thanks to Paul and Spiro for your help with this.
Spiro Harvey, Knossos Networks Ltd wrote:
Ideally I would like a link to a webpage entitled "How I learnt to stop worrying and run spamass-milter as root".
We've got a few boxen running spamd as non-privileged user, but spamassassin milter runs as root with no problems.
On the flip-side to your query, I haven't found anything that states spamass milter shouldn't be run as root.
I eventually did run into problems running spamass-milter as root in that spamd tried to run as "nobody" which has a homedir as "/", and of course could not find any configs and could not set lockfiles, etc.
E.g. from my maillog: Jul 21 11:46:15 elbrus spamd[12517]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jul 21 11:46:15 elbrus spamd[12517]: spamd: processing message <alpine.LRH.1.10.0807211145440.21127> for root:99 Jul 21 11:46:16 elbrus spamd[12517]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.elbrus.12517 for /.spamassassin/auto-whitelist.lock: No such file or directory
So I created a new sa-milt user (with a suitable home directory) and used that (fixed the spamass-milter init script to do "daemon --user"). Running the milter as "sa-milt" seems to cause spamd to run as "sa-milt". It meant a bit of hassle relocating the socket to a sa-milt owned directory, etc, but at least it does seem to work now. Perhaps it would be more appropriate for the spamass-milter package to come like this?
Also, a related question: is it worth installing pyzor, or will spamassassin on its own be enough? I ask because pyzor doesn't seem to be in any of the main repositories.
Don't know about Pyzor specifically, but we use Vipal's Razor with success. Our situation is that we're an ISP, so we like the extra checking to be as absolutely sure as possible that we're only rejecting real spam. of course a few spams still trickle through but we haven't had a single false positive.
And there are Dag el5 packages for razor too!
However, still having some problems setting this up. If I run spamassassin on the command-line it seems to use it, but not from spamass-milter :-(
Hywel.
-
Hywel Richards -
Paul Heinlein -
Spiro Harvey, Knossos Networks Ltd