[CentOS] Spamassassin as root and pyzor
Paul Heinlein
heinlein at madboa.com
Fri Jul 18 14:37:29 UTC 2008
On Fri, 18 Jul 2008, Hywel Richards wrote:
> I've just set up a new mailserver using Centos5.2
> (sendmail+clamav-milter+spamass-milter).
>
> I'm using the spamass-milter package from rpmforge
> (spamass-milter-0.3.1-1.el5.rf).
>
> I notice that the default setup is to run it as root. I set up my
> previous mailserver on Centos4, and I can't remember if I did
> anything special, but on that machine it runs as user "sa-milt".
>
> Is it safe/recommended to run spamass-milter as root? Does it in
> fact shed the root privileges or something like that when it
> actually does some processing anyway? Are there good reasons why I
> should leave it run as root (besides it being the least effort
> option)? I found a few discussions on this topic on the web but I
> have ended up confused and would appreciate some advice.
The milter has to pass the "-c username" option to spamc. I'm not sure
if SpamAssassin would be able to read per-user configs unless the
milter user had permission to launch spamc in setuid mode.
Also, if you use the "-x" option to expand aliases, the milter has to
call "sendmail -bv" -- an operation the requires root or TrustedUser
privileges.
The ClamAV milter runs as user "clamav," but it doesn't have any
setuid code because there are no per-user settings.
--
Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/
More information about the CentOS
mailing list