Re: Spamassassin as root and pyzor

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



First, many thanks to Paul and Spiro for your help with this.

Spiro Harvey, Knossos Networks Ltd wrote:
Ideally I would like a link to a webpage entitled "How I learnt to stop worrying and run spamass-milter as root".

We've got a few boxen running spamd as non-privileged user, but spamassassin milter runs as root with no problems.

On the flip-side to your query, I haven't found anything that states spamass milter shouldn't be run as root.

I eventually did run into problems running spamass-milter as root in that spamd tried to run as "nobody" which has a homedir as "/", and of course could not find any configs and could not set lockfiles, etc.

E.g. from my maillog:
Jul 21 11:46:15 elbrus spamd[12517]: spamd: still running as root: user not specified with -u, not found, or set to root, falling back to nobody Jul 21 11:46:15 elbrus spamd[12517]: spamd: processing message <alpine.LRH.1.10.0807211145440.21127> for root:99 Jul 21 11:46:16 elbrus spamd[12517]: auto-whitelist: open of auto-whitelist file failed: locker: safe_lock: cannot create tmp lockfile /.spamassassin/auto-whitelist.lock.elbrus.12517 for /.spamassassin/auto-whitelist.lock: No such file or directory

So I created a new sa-milt user (with a suitable home directory) and used that (fixed the spamass-milter init script to do "daemon --user"). Running the milter as "sa-milt" seems to cause spamd to run as "sa-milt". It meant a bit of hassle relocating the socket to a sa-milt owned directory, etc, but at least it does seem to work now. Perhaps it would be more appropriate for the spamass-milter package to come like this?
Also, a related question: is it worth installing pyzor, or will spamassassin on its own be enough? I ask because pyzor doesn't seem to be in any of the main repositories.

Don't know about Pyzor specifically, but we use Vipal's Razor with success. Our situation is that we're an ISP, so we like the extra checking to be as absolutely sure as possible that we're only rejecting real spam. of course a few spams still trickle through but we haven't had a single false positive.

And there are Dag el5 packages for razor too!

However, still having some problems setting this up.
If I run spamassassin on the command-line it seems to use it, but not from spamass-milter :-(

Hywel.

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux