dinmir wrote: > Hi, I recently installed the DCC plugin for SA (default install on > CentOS 4.4). > > I opened the outgoing destination port 6277 UDP for uid 0 (root) and > uid 99 (nobody). I noticed this didn't work, so I opened port 6277 for > all users to get DCC working. > > I'd rather only give outgoing access to port 6277 to the uid's who > require it. How can I figure out which uid's spamd is running under > when connecting to DCC? > I assumed it was either root or nobody, but apparently this is not the > case (at least on my server), since the firewall kept blocking the DCC > requests, after I allowed root and nobody outgoing access to port 6277. > It depends on how you're calling spamc.. spamd will normally setuid itself to the userid that invokes spamc.
In theory, spamd should *never* be running as root by the time it tries to do DCC. It should setuid itself to nobody if spamc gets called as root. The only code that should ever be able to invoke dcc as root would be the "spamassassin" command-line script.
