On 2023-07-07 at 12:08:22 UTC-0400 (Fri, 7 Jul 2023 09:08:22 -0700
(PDT))
Richard Troy <rt...@sciencetools.com>
is rumored to have said:
Hi All,
I changed the subject line to hopefully get some insight from a wider
audience regarding this situation that Reindl uncovered:
It should be noted that Harald Reindl is not a subscriber to this list
and cannot be as a result of past behavior. Nothing can stop him from
reading public archives and replying directly to list members, but no
one else sees them.
SpamAssassin can operate in many different modes. How distribution
packagers chose the 'default' for their installations is beyond the
scope of the SA project per se, and the specific packagers should be
consulted if you need an explanation of their choices.
If you want spamd to be able to access the per-user preferences and
databases for AWL/TxRep and/or Bayes of real system users, spamd must
run as root OR you must devise another working configuration which
allows that to work. This can be avoided by using virtual users or
storing per-user configuration in a database rather than in files on
disk. You can also dispense entirely with spamd and have a milter like
MIMEDefang call the SA libraries directly, but you still need
*SOMETHING* running as root (or a semi-privileged user) if you want to
use per-user configuration living in a POSIX filesystem.
Arguing over which model is better is pointless, because they are chosen
based on local needs. Scolding people for their choice of the reasonable
options is just silly.
I should probably add that I personally don't do per-user config because
of the enlarged attack surface it presents and small marginal value, but
that's guided by local details. I work with systems owned by others
where other choices were made for very sound reasons and they have not
had security problems with it, in many years of operations. What you
choose to do should be based on what YOU want.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
