[CentOS] Spamassassin as root and pyzor

Paul Heinlein heinlein at madboa.com
Fri Jul 18 14:37:29 UTC 2008

On Fri, 18 Jul 2008, Hywel Richards wrote:

> I've just set up a new mailserver using Centos5.2 
> (sendmail+clamav-milter+spamass-milter).
> I'm using the spamass-milter package from rpmforge 
> (spamass-milter-0.3.1-1.el5.rf).
> I notice that the default setup is to run it as root. I set up my 
> previous mailserver on Centos4, and I can't remember if I did 
> anything special, but on that machine it runs as user "sa-milt".
> Is it safe/recommended to run spamass-milter as root? Does it in 
> fact shed the root privileges or something like that when it 
> actually does some processing anyway? Are there good reasons why I 
> should leave it run as root (besides it being the least effort 
> option)? I found a few discussions on this topic on the web but I 
> have ended up confused and would appreciate some advice.

The milter has to pass the "-c username" option to spamc. I'm not sure 
if SpamAssassin would be able to read per-user configs unless the 
milter user had permission to launch spamc in setuid mode.

Also, if you use the "-x" option to expand aliases, the milter has to 
call "sendmail -bv" -- an operation the requires root or TrustedUser 

The ClamAV milter runs as user "clamav," but it doesn't have any 
setuid code because there are no per-user settings.

Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/

More information about the CentOS mailing list