First, many thanks to Paul and Spiro for your help with this. Spiro Harvey, Knossos Networks Ltd wrote: >> Ideally I would like a link to a webpage entitled "How I learnt to >> stop worrying and run spamass-milter as root". > > We've got a few boxen running spamd as non-privileged user, but > spamassassin milter runs as root with no problems. > > On the flip-side to your query, I haven't found anything that states > spamass milter shouldn't be run as root. > I eventually did run into problems running spamass-milter as root in that spamd tried to run as "nobody" which has a homedir as "/", and of course could not find any configs and could not set lockfiles, etc. E.g. from my maillog: Jul 21 11:46:15 elbrus spamd[12517]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jul 21 11:46:15 elbrus spamd[12517]: spamd: processing message <alpine.LRH.1.10.0807211145440.21127> for root:99 Jul 21 11:46:16 elbrus spamd[12517]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.elbrus.12517 for /.spamassassin/auto-whitelist.lock: No such file or directory So I created a new sa-milt user (with a suitable home directory) and used that (fixed the spamass-milter init script to do "daemon --user"). Running the milter as "sa-milt" seems to cause spamd to run as "sa-milt". It meant a bit of hassle relocating the socket to a sa-milt owned directory, etc, but at least it does seem to work now. Perhaps it would be more appropriate for the spamass-milter package to come like this? >> Also, a related question: is it worth installing pyzor, or will >> spamassassin on its own be enough? I ask because pyzor doesn't seem >> to be in any of the main repositories. > > Don't know about Pyzor specifically, but we use Vipal's Razor with > success. Our situation is that we're an ISP, so we like the extra > checking to be as absolutely sure as possible that we're only > rejecting real spam. of course a few spams still trickle through but > we haven't had a single false positive. > And there are Dag el5 packages for razor too! However, still having some problems setting this up. If I run spamassassin on the command-line it seems to use it, but not from spamass-milter :-( Hywel.