Exim does not actually run spamc, it connects directly to spamd.
spamd does run as root. Exim can connect as nobody depending on your
configuration. Generally though, you want to have a writable home
directory so it is easiest to create a user for this purpose that Exim
can connect as.
Bill Moseley wrote:
I'm not clear if I need to run spamd as a specific user or run as root
and use spamd -H <dir>.
This is a single mail server running Debian Stable with the packages
listed below. SA configuration is system-wide, that is, there's no
user-specific configurations to worry about.
ii exim4-daemon-h 4.50-8sarge2 exim MTA (v4) daemon with extended features,
ii pyzor 0.4.0+cvs20030 spam-catcher using a collaborative filtering
ii razor 2.670-1sarge2 spam-catcher using a collaborative filtering
ii spamassassin 3.1.3-0bpo1 Perl-based spam filter using text analysis
ii spamc 3.0.3-2sarge1 Client for SpamAssassin spam filtering daemo
ii dcc-client 1.2.74-2 Distributed Checksum Clearinghouse - client
ii dcc-common 1.2.74-2 Distributed Checksum Clearinghouse - common
If I (should I?) run spamd as, say, user "spamd" do I have to also
setup exim to run spamc as that user? It will it not matter what user
is running spamc since spamd can't setuid if not running as root
Also, does the user "spamd" need a home directory, or can I use -H (or
--helper-home-dir) to specify the directory and that will work for any
feature that needs to read/write to the disk?
Currently, I have spamd running as root with the following options:
OPTIONS="--max-children 5 --max-conn-per-child=20"
In exim4.conf I have:
deny message = This message scored $spam_score spam points.
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
Now, correct me if I'm wrong. Exim is running spamc as user "nobody".
spamd is running as root -- so when Exim passes a message to spamc,
spamd will setuid to nobody.
The home directory for nobody is /nonexistent:
$ fgrep nobody /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
which causes all sorts of complaints in syslog since /nonexistent is,
well, nonexistent.
I guess why I'm confused is that the Debian install runs spamd as
root, and has the exim config running spamc as nobody with a
non-existent home -- which means spamd can't read/write as needed.
I did see that adding dcc created a "dcc" user in /etc/passwd.
