When running as root, spamd will run as whatever user the client claims
to be, to read preferences. Since this is not-so-secure, we'll just run
as an unprivileged user to begin with (since we don't do per-user
privileges anyway).
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
# make sure --max-children is not set to anything higher than 5,
# unless you know what you're doing.
-OPTIONS="--create-prefs --max-children 5 --helper-home-dir"
+# We run spamd as the user "spamd", which was created specifically for running
+# spamd, using:
+# adduser --system --home /var/lib/spamd --disabled-login --disabled-password spamd
+# By default, spamd runs as root, dropping privileges to whatever username the
+# client claims to have, which is not-so-secure IMHO. There shouldn't be any
+# any clients other than exim that can access spamd, but since we don't store
+# any user preferences, let's just run as an unprivileged user.
+OPTIONS="--create-prefs --max-children 5 --username spamd"
# Pid file
# Where should spamd write its PID to file? If you use the -u or
# Pid file
# Where should spamd write its PID to file? If you use the -u or