Return-Path: X-Original-To: apmail-spamassassin-users-archive@www.apache.org Delivered-To: apmail-spamassassin-users-archive@www.apache.org Received: from mail.apache.org (hermes.apache.org [140.211.11.3]) by minotaur.apache.org (Postfix) with SMTP id 8A55B61FA for ; Fri, 8 Jul 2011 16:42:14 +0000 (UTC) Received: (qmail 45940 invoked by uid 500); 8 Jul 2011 16:42:11 -0000 Delivered-To: apmail-spamassassin-users-archive@spamassassin.apache.org Received: (qmail 45925 invoked by uid 500); 8 Jul 2011 16:42:11 -0000 Mailing-List: contact users-help@spamassassin.apache.org; run by ezmlm Precedence: bulk list-help: list-unsubscribe: List-Post: List-Id: Delivered-To: mailing list users@spamassassin.apache.org Received: (qmail 45913 invoked by uid 99); 8 Jul 2011 16:42:11 -0000 Received: from nike.apache.org (HELO nike.apache.org) (192.87.106.230) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2011 16:42:11 +0000 X-ASF-Spam-Status: No, hits=0.7 required=10.0 tests=FREEMAIL_FROM,SPF_NEUTRAL,T_TO_NO_BRKTS_FREEMAIL X-Spam-Check-By: apache.org Received-SPF: neutral (nike.apache.org: 85.15.210.5 is neither permitted nor denied by domain of karlis.repsons@gmail.com) Received: from [85.15.210.5] (HELO pasts.trikata.com) (85.15.210.5) by apache.org (qpsmtpd/0.29) with ESMTP; Fri, 08 Jul 2011 16:42:02 +0000 Received: from keeper.loca (m83-178-173-47.cust.tele2.lv [83.178.173.47]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by pasts.trikata.com (Postfix) with ESMTPSA id A41456E6BE for ; Fri, 8 Jul 2011 19:41:42 +0300 (EEST) Received: from station.localnet (station [192.168.7.94]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by keeper.loca (Postfix) with ESMTPSA id 50953A94A for ; Fri, 8 Jul 2011 16:41:39 +0000 (GMT) From: =?utf-8?q?K=C4=81rlis_Repsons?= To: users@spamassassin.apache.org Subject: Securing spamd Date: Fri, 8 Jul 2011 16:41:36 +0000 User-Agent: KMail/1.13.6 (Linux/2.6.35.11-d6c90f5b-2011-03-05; KDE/4.6.0; x86_64; ; ) MIME-Version: 1.0 Content-Type: text/plain; charset="utf-8" Content-Transfer-Encoding: 7bit Message-Id: <201107081641.38624.karlis.repsons@gmail.com> X-Virus-Checked: Checked by ClamAV on apache.org All, I'd like you to review approximately how I'm running spamd. My concern is security. You can see that the child processes are run by spamd user, but the main process is still run by root: ps -C spamd -o user,cmd USER CMD root /usr/sbin/spamd -d -r /var/run/spamd.pid -m 2 -u spamd --nouser-config --helper-home-dir=/sysram/spamassassin --allow-tell spamd spamd child spamd spamd child How secure is that (no I didn't make any crazed chroots or so) and what would you suggest to isolate spamd from possible outside intrusions? Thanks...