spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Benny Pedersen ...@junc.org>
Subject Re: Securing spamd
Date Fri, 08 Jul 2011 16:54:22 GMT
On Fri, 8 Jul 2011 16:41:36 +0000, Kārlis Repsons wrote:
> All,
> I'd like you to review approximately how I'm running spamd. My 
> concern
> is security. You can see that the child processes are run by spamd 
> user,
> but the main process is still run by root:
>
> ps -C spamd -o user,cmd
> USER     CMD
> root     /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd
> --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell
> spamd    spamd child
> spamd    spamd child
>
> How secure is that (no I didn't make any crazed chroots or so) and 
> what
> would you suggest to isolate spamd from possible outside intrusions?
> Thanks...

1: root is needed for any bind ports below 1024

2: but the root user do no threads for spamd

same goes for eg apache, maybe i should stop it ? -)



Mime
View raw message