Description of problem: The permissions on spamass-milter.sock forbid members of the sa-milt from connection to the milter. Version-Release number of selected component (if applicable): How reproducible: Always. Steps to Reproduce: 1. Install spamass-milter 2. systemctl start spamass-milter.service 3. Actual results: Write denied to members of sa-milt: [root@seawitch ~]# ls -al /run/spamass-milter total 0 drwx--x--x. 2 sa-milt sa-milt 60 Jun 24 23:50 . drwxr-xr-x. 63 root root 1540 Jun 25 08:42 .. srwxr-xr-x. 1 sa-milt sa-milt 0 Jun 24 23:50 spamass-milter.sock Expected results: Write allowed by members of sa-milt: [root@seawitch ~]# ls -al /run/spamass-milter total 0 drwx--x--x. 2 sa-milt sa-milt 60 Jun 24 23:50 . drwxr-xr-x. 63 root root 1540 Jun 25 08:42 .. srwxrwx---. 1 sa-milt sa-milt 0 Jun 24 23:50 spamass-milter.sock Additional info:
Version is spamass-milter-0.4.0-13.el9.
Workaround is to add the -g option to /etc/sysconfig/spamass-milter: EXTRA_FLAGS="-g sa-milt" Ideally this should be configured like this out the box.
Do you need this because you are using Postfix? If so, you can install spamass-milter-postfix, which changes the default behaviour of spamass-milter to be more Postfix-friendly, i.e. the Unix-domain socket used for MTA communication is changed to /var/run/spamass-milter/postfix/sock, and that socket is writable by the postfix group. This is described in the README.Postix file in the spamass-milter-postfix package, which is obiously not very discoverable - I should move it to the main spamass-milter package.