On Wed, Jun 18, 2008 at 11:57:03PM +0200, Jan Luehr wrote: > if not changed by hand, spamd will be running as root in default installation. > This can be changed by editing /etc/default/spamassassin by hand. > Change: > OPTIONS="--create-prefs --max-children 5 --helper-home-dir" > to: > OPTIONS="--create-prefs --max-children 5 --helper-home-dir -u Debian-exim -g > Debian-exim" > If using exim. > Imho this default is risky since spamd handels untrusted data and > MTA-User-privileges ought to be sufficient in many common cases ...
In order for user preferences and Bayesian scoring to work, spamd needs to be able to 'su' to the identity of the mail recipient. This is something most people expect to work by default, so spamd runs as root by defaulį¹«. A newer version of spamassassin (3.3.2-3, probably) will introduce a debian-spamd user, and it's safe to run spamd as that user if desired. noah
signature.asc
Description: Digital signature
