Rev 70 | Details | Compare with Previous | Last modification | View Log | RSS feed
| Rev | Author | Line No. | Line |
|---|---|---|---|
| 70 | magnus | 1 | Description: Don't recommend that spamd runs as nobody |
| 2 | Author: Magnus Holmgren <holmgren@debian.org> |
||
| 3 | |||
| 4 | --- sa-exim-4.2.1.orig/README |
||
| 5 | +++ sa-exim-4.2.1/README |
||
| 6 | @@ -147,8 +147,11 @@ anything, you may not want to use SARewr |
||
| 7 | |||
| 8 | |||
| 9 | Important: |
||
| 10 | -You want to run spamd as such: |
||
| 11 | -/usr/sbin/spamd -d -u nobody -H /var/spool/spamassassin/ |
||
| 12 | + |
||
| 13 | +You want to run spamd as such (you have to create the spamd user |
||
| 14 | +yourself): |
||
| 15 | + |
||
| 16 | +/usr/sbin/spamd -d -u spamd -H /var/spool/spamassassin/ |
||
| 17 | |||
| 18 | It may not work if you run spamd with -c (debian default), |
||
| 19 | (you shouldn't run spamassassin as root for this purpose anyway (there |
||
| 20 | @@ -158,7 +161,7 @@ You can edit this in /etc/default/spamas |
||
| 21 | /etc/sysconfig/spamassassin (redhat) |
||
| 22 | |||
| 23 | With SA 3.x is better, the updated syntax would look like this: |
||
| 24 | -/usr/sbin/spamd --max-children 50 --daemonize --username=nobody --nouser-config --helper-home-dir=/var/spool/spamassassin/ |
||
| 25 | +/usr/sbin/spamd --max-children 50 --daemonize --username=spamd --nouser-config --helper-home-dir=/var/spool/spamassassin/ |
||
| 26 | |||
| 27 | |||
| 28 | |||
| 29 | --- sa-exim-4.2.1.orig/README.greylisting |
||
| 30 | +++ sa-exim-4.2.1/README.greylisting |
||
| 31 | @@ -139,8 +139,8 @@ let in" range. |
||
| 32 | |||
| 33 | FILE SETUP |
||
| 34 | ---------- |
||
| 35 | -Make very sure that uid nobody can traverse /var/spool/sa-exim and |
||
| 36 | -create tuplets writeable by nobody (or whoever you run SA as) |
||
| 37 | +Make very sure that the user that spamd runs as can traverse and write |
||
| 38 | +to /var/spool/sa-exim. |
||
| 39 | |||
| 40 | Then, setup a cron job to delete tuplets that are older than 14 days for |
||
| 41 | whitelisted entries, and 2 days for greylisted entries (or whatever |
||
| 42 | @@ -159,8 +159,8 @@ You should install greylistclean.cron in |
||
| 43 | call greylistclean and clean up greylisted entries and whitelisted entries |
||
| 44 | that haven't been used in a while. |
||
| 45 | You can optionally modify it to tweak the cleanup times. |
||
| 46 | -Note that you need to tweak greylistclean.cron to match the user spamd runs |
||
| 47 | -as if you aren't using the recommended --username=nobody |
||
| 48 | +Note that you may need to tweak greylistclean.cron to match the user |
||
| 49 | +spamd runs as. |
||
| 50 | |||
| 51 | |||
| 52 | SA PATCH (SA 2.x) |