[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: spamass.sock unsafe 0.1.3
From: |
Chuck Yerkes |
Subject: |
Re: spamass.sock unsafe 0.1.3 |
Date: |
Wed, 30 Apr 2003 12:03:41 -0400 |
User-agent: |
Mutt/1.4i |
/var/run/ is owned and writable only by root.
This is good.
If you want a non-root user to run spamass (good idea),
then put the socket in a directory that that user can
write to. Preferably one that ONLY that user can write to
(nobody is a bad idea for a sure, 'spamassassin' is a fine idea).
You may have to twiddle the "dontblamesendmail" variable or
TrustedUsers in sendmail.
Ideally, the milter would open the devices it needs & the
master config file, become the RunAs user, perhaps chroot to
it's RunIn directory and open any local config files.
I run mine in a jail partition (most of it is mounted readonly).
Quoting Robert Wagner (address@hidden):
> I am working on Redhat 9. It seems to work when I run:
> /etc/rc.d/init.d/spamass-milter start
> manually as root. I have tried adding this command to rc.local, but it
> doesn't start + no messages in syslog. Other programs like snort start fine
> from rc.local. I even tried:
> su - root -c "/etc/rc.d/init.d/spamass-milter start"
> in rc.local, but that didn't work.
> Any ideas?
>
> I noticed that /var/lock/subsys is owned by root.root
> when trying to start with a non-privileged user I get:
> touch: creating `/var/lock/subsys/spamass-milter': Permission denied
>
> Does this file need to go here?
>
>
> After Reboot:
> Apr 30 08:28:43 myserver sendmail: WARNING: Xspamassassin: local socket name
> /var/run/spamass.sock missing
> Apr 30 08:28:43 myserver sendmail: WARNING: Xspamassassin: local socket name
> /var/run/spamass.sock missing
>
> Later
> Apr 30 08:53:21 myserver sendmail[2079]: h3UDN6DK002079: Milter
> (spamassassin): local socket name /var/run/spamass.sock unsafe
> Apr 30 08:53:21 myserver sendmail[2079]: h3UDN6DK002079: Milter
> (spamassassin): to error state
>
>
> When spamass-milter is started manually by root:
> Apr 30 08:09:23 myserver spamd[3218]: Still running as root: user not
> specified with -u, not found, or set to root. Fall back to nobody.
> Apr 30 08:09:23 myserver spamd[3218]: processing message (unknown) for
> root:99.
> Apr 30 08:09:23 myserver spamd[3218]: identified spam (8.0/5.0) for root:99
> in 1.0 seconds, 4277 bytes.
> Apr 30 08:09:23 myserver sendmail[3215]: h3UCd8vV003215: Milter add: header:
> X-Spam-Flag: YES
> Apr 30 08:09:23 myserver sendmail[3215]: h3UCd8vV003215: Milter add: header:
> X-Spam-Status: Yes, hits=8.0
> required=5.0\n\ttests=CLICK_BELOW,DATE_MISSING,EARN_MONEY,EXCUSE_15,GET_PAID
> ,\n\t HTML_30_40,HTML_LINK_CLICK_HERE,HTML_MESSAGE,HTML_WEB_BUGS,\n\t
> X_LOOP\n\tversion=2.53