On Mon, 15 Jul 2013 14:41:08 -0500 (CDT)
David B Funk wrote:
> It uses the Apache model. There is a parent process that runs as root
> to manage the sockets which then forks off children as the "-u" user
> to actually process the messages. If you don't specify the "-u" user
> the children stay as root and it barks at you because it's a potential
> security risk.
The spamd man page says:
-u username, --username=username
Run as the named user. If this option is not set, the
default behaviour is to setuid() to the user running "spamc",
if "spamd" is running as root.
so presumably the children would need to start as root to setuid to the
unix user running spamc. The mail would then be scanned as an
unprivileged user whilst retaining access to the user's home
directory, so it shouldn't be a security problem.
OTOH when I just tried this in 3.3.2, spamd didn't to pick-up a test
rule I added to ~/.spamassassin/user_prefs (which worked with the
spamassassin script).
