Control: severity -1 serious
Control: tags -1 security

On 2012-06-10 10:16:12 -0700, Noah Meyerhans wrote:
> In order for user preferences and Bayesian scoring to work, spamd needs
> to be able to 'su' to the identity of the mail recipient. This is
> something most people expect to work by default, so spamd runs as root
> by defaulṫ.
> 
> A newer version of spamassassin (3.3.2-3, probably) will introduce a
> debian-spamd user, and it's safe to run spamd as that user if desired.

In the upstream mailing-list, it is said that running spamassassin
as root is bad for the security. The issue is that several users (including me) 
have
complained that spamassassin touches the root account.

A recall (a part of) the issue:

Jun 11 11:48:58 joooj spamd[197569]: check: dns_block_rule 
RCVD_IN_VALIDITY_CERTIFIED_BLOCKED hit, creating 
/root/.spamassassin/dnsblock_sa-trusted.bondedsender.org (This means DNSBL 
blocked you due to too many queries. Set all affected rules score to 0, or use 
"dns_query_restriction deny sa-trusted.bondedsender.org" to disable queries)
Jun 11 11:48:58 joooj spamd[197569]: check: dns_block_rule 
RCVD_IN_VALIDITY_RPBL_BLOCKED hit, creating 
/root/.spamassassin/dnsblock_bl.score.senderscore.com (This means DNSBL blocked 
you due to too many queries. Set all affected rules score to 0, or use 
"dns_query_restriction deny bl.score.senderscore.com" to disable queries)
Jun 11 11:48:58 joooj spamd[197569]: check: dns_block_rule 
RCVD_IN_VALIDITY_SAFE_BLOCKED hit, creating 
/root/.spamassassin/dnsblock_sa-accredit.habeas.com (This means DNSBL blocked 
you due to too many queries. Set all affected rules score to 0, or use 
"dns_query_restriction deny sa-accredit.habeas.com" to disable queries)

-- 
Vincent Lefèvre <[email protected]> - Web: <https://www.vinc17.net/>
100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/>
Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)

Reply via email to