X-Git-Url: https://git.stderr.nl/gitweb?a=blobdiff_plain;f=etc%2Fdefault%2Fspamassassin;h=9c161389a38ac6ea18617e62c0359766b29f1be2;hb=79a30bec7e62a96d2828116a4fbd464e661e2454;hp=09fd09597f0031bec30c280f80af06080b87a267;hpb=20444802ae54c9c82fffc18d5f53f0bfb3824dfc;p=matthijs%2Fservers%2Fdrsnuggles.git

diff --git a/etc/default/spamassassin b/etc/default/spamassassin
index 09fd095..9c16138 100644
--- a/etc/default/spamassassin
+++ b/etc/default/spamassassin
@@ -5,7 +5,7 @@
 # There may be security risks.
 
 # Change to one to enable spamd
-ENABLED=0
+ENABLED=1
 
 # Options
 # See man spamd for possible options. The -d option is automatically added.
@@ -14,7 +14,14 @@ ENABLED=0
 # make sure --max-children is not set to anything higher than 5,
 # unless you know what you're doing.
 
-OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+# We run spamd as the user "spamd", which was created specifically for running
+# spamd, using:
+#   adduser --system --home /var/lib/spamd --disabled-login --disabled-password spamd
+# By default, spamd runs as root, dropping privileges to whatever username the
+# client claims to have, which is not-so-secure IMHO. There shouldn't be any
+# any clients other than exim that can access spamd, but since we don't store
+# any user preferences, let's just run as an unprivileged user.
+OPTIONS="--create-prefs --max-children 5 --username spamd"
 
 # Pid file
 # Where should spamd write its PID to file? If you use the -u or
@@ -28,4 +35,4 @@ PIDFILE="/var/run/spamd.pid"
 # Cronjob
 # Set to anything but 0 to enable the cron job to automatically update
 # spamassassin's rules on a nightly basis
-CRON=0
+CRON=1