Spamassassin as root and pyzor
First, many thanks to Paul and Spiro for your help with this.
Spiro Harvey, Knossos Networks Ltd wrote:
Ideally I would like a link to a webpage entitled "How I learnt to
stop worrying and run spamass-milter as root".
We've got a few boxen running spamd as non-privileged user, but
spamassassin milter runs as root with no problems.
On the flip-side to your query, I haven't found anything that states
spamass milter shouldn't be run as root.
I eventually did run into problems running spamass-milter as root in
that spamd tried to run as "nobody" which has a homedir as "/", and of
course could not find any configs and could not set lockfiles, etc.
E.g. from my maillog:
Jul 21 11:46:15 elbrus spamd: spamd: still running as root:
user not specified with -u, not found, or set to root, falling back to
Jul 21 11:46:15 elbrus spamd: spamd: processing message
<alpine.LRH.1.10.0807211145440.21127> for root:99
Jul 21 11:46:16 elbrus spamd: auto-whitelist: open of
auto-whitelist file failed: locker: safe_lock: cannot create tmp
lockfile /.spamassassin/auto-whitelist.lock.elbrus.12517 for
/.spamassassin/auto-whitelist.lock: No such file or directory
So I created a new sa-milt user (with a suitable home directory) and
used that (fixed the spamass-milter init script to do "daemon --user").
Running the milter as "sa-milt" seems to cause spamd to run as
"sa-milt". It meant a bit of hassle relocating the socket to a sa-milt
owned directory, etc, but at least it does seem to work now. Perhaps it
would be more appropriate for the spamass-milter package to come like this?
Also, a related question: is it worth installing pyzor, or will
spamassassin on its own be enough? I ask because pyzor doesn't seem
to be in any of the main repositories.
Don't know about Pyzor specifically, but we use Vipal's Razor with
success. Our situation is that we're an ISP, so we like the extra
checking to be as absolutely sure as possible that we're only
rejecting real spam. of course a few spams still trickle through but
we haven't had a single false positive.
And there are Dag el5 packages for razor too!
However, still having some problems setting this up.
If I run spamassassin on the command-line it seems to use it, but not
from spamass-milter :-(
CentOS mailing list