On Fri, 11 Nov 2011 at 02:36, David B Funk wrote:
> How are you telling spamc who the user is? For per-user specific
> rules spamc has to know who the user is to go get their rules.
> This is accomplished by one of two methods, either use the '-u username'
Hah! Perfect, thank you! I've added "-u ${user}" to Postfix' master.cf
file and it seems to work so far:
---------
spamassassin unix - n n - - pipe
user=mail argv=/usr/bin/spamc -u ${user} -e /usr/sbin/sendmail -oi \
-f ${sender} ${recipient}
---------
> optional argument or have the process invoking spamc run as the
> desired user. Usually that is done at delivery time (such as in a
> procmail recipe).
Yeah, I think I had this before: I was calling spamc from maildrop (via
~/.mailfilter) but I suspected it to be a performance killer and wanted
Postfix to do this for me. Not sure if that makes sense at all.
What puzzles me now, is how "spamc" is now able to run as a different
user. "spamd" is running as root, with two child process as "mail":
root 29159 1 0 23:07 ? 00:00:01 /usr/sbin/spamd
mail 29160 29159 0 23:07 ? 00:00:03 spamd child
mail 29161 29159 0 23:07 ? 00:00:02 spamd child
Neither "spamd" nor "spamc" has the sgid/suid bit set and when mail
arrives, "spamc" is indeed spawned as user "mail":
---------------
mail 31727 0.0 0.1 15216 1384 ? Ss 23:19 0:00
/usr/bin/spamc -u christian -e /usr/sbin/sendmail -oi -f t...@example.com
christian@localhost
---------------
Of course, user "mail" is allowed to peek into ~/.spamassassin/ - does
that mean that spamc is not really switching its effective user id?
Thanks again!
Christian.
--
BOFH excuse #10:
hardware stress fractures
