You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@spamassassin.apache.org by Bill Moseley <mo...@hank.org> on 2006/11/12 17:11:05 UTC
Exim4 / spamd --username question
I'm not clear if I need to run spamd as a specific user or run as root
and use spamd -H <dir>.
This is a single mail server running Debian Stable with the packages
listed below. SA configuration is system-wide, that is, there's no
user-specific configurations to worry about.
ii exim4-daemon-h 4.50-8sarge2 exim MTA (v4) daemon with extended features,
ii pyzor 0.4.0+cvs20030 spam-catcher using a collaborative filtering
ii razor 2.670-1sarge2 spam-catcher using a collaborative filtering
ii spamassassin 3.1.3-0bpo1 Perl-based spam filter using text analysis
ii spamc 3.0.3-2sarge1 Client for SpamAssassin spam filtering daemo
ii dcc-client 1.2.74-2 Distributed Checksum Clearinghouse - client
ii dcc-common 1.2.74-2 Distributed Checksum Clearinghouse - common
If I (should I?) run spamd as, say, user "spamd" do I have to also
setup exim to run spamc as that user? It will it not matter what user
is running spamc since spamd can't setuid if not running as root
Also, does the user "spamd" need a home directory, or can I use -H (or
--helper-home-dir) to specify the directory and that will work for any
feature that needs to read/write to the disk?
Currently, I have spamd running as root with the following options:
OPTIONS="--max-children 5 --max-conn-per-child=20"
In exim4.conf I have:
deny message = This message scored $spam_score spam points.
spam = nobody:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
Now, correct me if I'm wrong. Exim is running spamc as user "nobody".
spamd is running as root -- so when Exim passes a message to spamc,
spamd will setuid to nobody.
The home directory for nobody is /nonexistent:
$ fgrep nobody /etc/passwd
nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
which causes all sorts of complaints in syslog since /nonexistent is,
well, nonexistent.
I guess why I'm confused is that the Debian install runs spamd as
root, and has the exim config running spamc as nobody with a
non-existent home -- which means spamd can't read/write as needed.
I did see that adding dcc created a "dcc" user in /etc/passwd.
--
Bill Moseley
moseley@hank.org
Re: Exim4 / spamd --username question
Posted by Bill Moseley <mo...@hank.org>.
On Sun, Nov 12, 2006 at 11:41:34AM -0600, Stuart Johnston wrote:
> Exim does not actually run spamc, it connects directly to spamd.
>
> spamd does run as root. Exim can connect as nobody depending on your
> configuration. Generally though, you want to have a writable home
> directory so it is easiest to create a user for this purpose that Exim
> can connect as.
I wondered if Exim didn't connect directly to spamd.
You say spamd does run as root, but I was asking about it not running as root.
So, I created a user spamd:
# adduser --disabled-login spamd
And added the --username=spamd to spamd startup:
# ps aux | grep spamd
root 21086 36.8 21.7 115400 111960 ? Ss 10:53 0:05 /usr/sbin/spamd --max-children 5 --max-conn-per-child=20 --username=spamd -d --pidfile=/home/spamd/spamd.pid
spamd 21092 0.0 21.7 115400 111968 ? S 10:54 0:00 spamd child
spamd 21093 0.5 21.7 115400 111968 ? S 10:54 0:00 spamd child
I updated my Exim config to use "spamd" as the user:
deny message = This message scored $spam_score spam points.
spam = spamd:true
condition = ${if >{$spam_score_int}{100}{1}{0}}
Now all is happy, it seems.
Well, except dccproc complains about "Address family not supported".
cdcc 'IPv6 off'
seems to have fixed that for now. Just not sure how to make it permanent.
--
Bill Moseley
moseley@hank.org
RE: Exim4 / spamd --username question
Posted by Mark <ad...@asarian-host.net>.
> -----Original Message-----
> From: Stuart Johnston [mailto:stuart@ebby.com]
> Sent: zondag 12 november 2006 18:35
> To: users@spamassassin.apache.org
> Subject: Re: Exim4 / spamd --username question
>
>
>
> Exim does not actually run spamc, it connects directly to
> spamd.
Slightly OT, I guess; but is there actually a documented way of
calling the appropriate Perl module, without using spamc?
Thanks,
- Mark
Re: Exim4 / spamd --username question
Posted by Stuart Johnston <st...@ebby.com>.
Exim does not actually run spamc, it connects directly to spamd.
spamd does run as root. Exim can connect as nobody depending on your
configuration. Generally though, you want to have a writable home
directory so it is easiest to create a user for this purpose that Exim
can connect as.
Bill Moseley wrote:
> I'm not clear if I need to run spamd as a specific user or run as root
> and use spamd -H <dir>.
>
> This is a single mail server running Debian Stable with the packages
> listed below. SA configuration is system-wide, that is, there's no
> user-specific configurations to worry about.
>
> ii exim4-daemon-h 4.50-8sarge2 exim MTA (v4) daemon with extended features,
> ii pyzor 0.4.0+cvs20030 spam-catcher using a collaborative filtering
> ii razor 2.670-1sarge2 spam-catcher using a collaborative filtering
> ii spamassassin 3.1.3-0bpo1 Perl-based spam filter using text analysis
> ii spamc 3.0.3-2sarge1 Client for SpamAssassin spam filtering daemo
> ii dcc-client 1.2.74-2 Distributed Checksum Clearinghouse - client
> ii dcc-common 1.2.74-2 Distributed Checksum Clearinghouse - common
>
> If I (should I?) run spamd as, say, user "spamd" do I have to also
> setup exim to run spamc as that user? It will it not matter what user
> is running spamc since spamd can't setuid if not running as root
>
> Also, does the user "spamd" need a home directory, or can I use -H (or
> --helper-home-dir) to specify the directory and that will work for any
> feature that needs to read/write to the disk?
>
>
> Currently, I have spamd running as root with the following options:
>
> OPTIONS="--max-children 5 --max-conn-per-child=20"
>
> In exim4.conf I have:
>
> deny message = This message scored $spam_score spam points.
> spam = nobody:true
> condition = ${if >{$spam_score_int}{100}{1}{0}}
>
> Now, correct me if I'm wrong. Exim is running spamc as user "nobody".
> spamd is running as root -- so when Exim passes a message to spamc,
> spamd will setuid to nobody.
>
> The home directory for nobody is /nonexistent:
>
> $ fgrep nobody /etc/passwd
> nobody:x:65534:65534:nobody:/nonexistent:/bin/sh
>
> which causes all sorts of complaints in syslog since /nonexistent is,
> well, nonexistent.
>
> I guess why I'm confused is that the Debian install runs spamd as
> root, and has the exim config running spamc as nobody with a
> non-existent home -- which means spamd can't read/write as needed.
>
> I did see that adding dcc created a "dcc" user in /etc/passwd.
>
>