On Fri, 18 Jul 2008, Hywel Richards wrote:
I've just set up a new mailserver using Centos5.2
(sendmail+clamav-milter+spamass-milter).
I'm using the spamass-milter package from rpmforge
(spamass-milter-0.3.1-1.el5.rf).
I notice that the default setup is to run it as root. I set up my
previous mailserver on Centos4, and I can't remember if I did
anything special, but on that machine it runs as user "sa-milt".
Is it safe/recommended to run spamass-milter as root? Does it in
fact shed the root privileges or something like that when it
actually does some processing anyway? Are there good reasons why I
should leave it run as root (besides it being the least effort
option)? I found a few discussions on this topic on the web but I
have ended up confused and would appreciate some advice.
The milter has to pass the "-c username" option to spamc. I'm not sure
if SpamAssassin would be able to read per-user configs unless the
milter user had permission to launch spamc in setuid mode.
Also, if you use the "-x" option to expand aliases, the milter has to
call "sendmail -bv" -- an operation the requires root or TrustedUser
privileges.
The ClamAV milter runs as user "clamav," but it doesn't have any
setuid code because there are no per-user settings.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
