Guess this means that I have to run "spamassassin" instead of spamc,
don't I?
I do not understand the reason for spamc to exist then - but based upon
the conversation result, it seems like the way to go ... hope my host
can handle the load.
Am 10.09.2015 um 12:50 schrieb Marc Richter:
Hi @ all,
maybe I'm doing it wrong here - I do not insist on being unfailable.
But what's the correct way to do it then?
Best regards,
Marc
Am 10.09.2015 um 01:48 schrieb RW:
On Wed, 9 Sep 2015 14:48:14 -0700
jdow wrote:
On 2015-09-09 13:51, RW wrote:
On Wed, 9 Sep 2015 17:27:54 +0200
Marc Richter wrote:
Hi RW,
Do you mean that ww is a unix user? The normal way to do this is
to run spamd as root and run spamc as the unix user. Passing -u to
spamc is really intended for virtual users, I'm not sure whether
it works for unix users. Are you sure it worked before?
ww is a unix user, yes. And it worked before, yes.
Supporting that sounds like a really bad idea. It would mean that
any user could make a spamd child run as any unix user they choose -
possibly even root. It's an unnecessary risk of privilege
escalation.
It also gives users too much access to each other's databases. A
malicious user would be able to miss-train another user's Bayes or
manipulate reputations in TxRep or AWL. It would also be possible to
infer some of the contents of another users TxRep database from
suitable test emails.
Why don't you try to run spamc -u root as a common user and see what
happens then talk about the results if it is warranted?
Given that it doesn't appear to be currently working with non-root
accounts, what would that prove? And it's still wrong even if root is a
special case.
