spamassassin-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Andrzej Adam Filip <andrzej.fi...@gmail.com>
Subject Re: Securing spamd
Date Fri, 08 Jul 2011 18:11:54 GMT
Kārlis Repsons <karlis.repsons@gmail.com> wrote:
> On Friday 08 July 2011 16:54:22 Benny Pedersen wrote:
>> On Fri, 8 Jul 2011 16:41:36 +0000, Kārlis Repsons wrote:
>> > All,
>> > I'd like you to review approximately how I'm running spamd. My
>> > concern
>> > is security. You can see that the child processes are run by spamd
>> > user,
>> > but the main process is still run by root:
>> > 
>> > ps -C spamd -o user,cmd
>> > USER     CMD
>> > root     /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd
>> > --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell
>> > spamd    spamd child
>> > spamd    spamd child
>> > 
>> > How secure is that (no I didn't make any crazed chroots or so) and
>> > what
>> > would you suggest to isolate spamd from possible outside intrusions?
>> > Thanks...
>> 
>> 1: root is needed for any bind ports below 1024
>> 
>> 2: but the root user do no threads for spamd
>> 
>> same goes for eg apache, maybe i should stop it ? -)
> Stop what?
> I tried with --port=2580, but still one root process. But you meant it's not 
> worth worrying about?
>
> On Friday 08 July 2011 17:00:50 Andrzej Adam Filip wrote:
>> Do you need spamd changing OS user ids? (e.g. to access ~/.spamassassin/ )
> No, I don't!

As "the non root user" execute spamd with parameters reported by ps with
--port=2580 added.

If you want more detailed instructions then name your OS/Distribution.

I have used "personal spamd" for my not root OS account. The spamd had
been listening on unix socket, spamc had been executed with --config (file)
option.

I needed automatic classification spam/?/ham before fast automatic reporting on spamtrap server
:-)

-- 
[pl>en: Andrew] Andrzej Adam Filip : anfi@onet.eu
The less a statesman amounts to, the more he loves the flag.
  -- Kin Hubbard

Mime
View raw message