spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Kārlis Repsons <karlis.reps...@gmail.com>
Subject Re: Securing spamd
Date Fri, 08 Jul 2011 17:03:35 GMT
On Friday 08 July 2011 16:54:22 Benny Pedersen wrote:
> On Fri, 8 Jul 2011 16:41:36 +0000, Kārlis Repsons wrote:
> > All,
> > I'd like you to review approximately how I'm running spamd. My
> > concern
> > is security. You can see that the child processes are run by spamd
> > user,
> > but the main process is still run by root:
> > 
> > ps -C spamd -o user,cmd
> > USER     CMD
> > root     /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd
> > --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell
> > spamd    spamd child
> > spamd    spamd child
> > 
> > How secure is that (no I didn't make any crazed chroots or so) and
> > what
> > would you suggest to isolate spamd from possible outside intrusions?
> > Thanks...
> 
> 1: root is needed for any bind ports below 1024
> 
> 2: but the root user do no threads for spamd
> 
> same goes for eg apache, maybe i should stop it ? -)
Stop what?
I tried with --port=2580, but still one root process. But you meant it's not 
worth worrying about?

On Friday 08 July 2011 17:00:50 Andrzej Adam Filip wrote:
> Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ )
No, I don't!

Mime
View raw message