Package: spamassassin Version: 3.4.2-1~deb9u1 The debian-spamd user is created with a shell of /bin/sh, and doesn't appear to need a valid shell. Unless there is a very good reason, /bin/false or /usr/sbin/nologin should be used as the shell. This may not be a huge security hole, but is very poor practice.
-- (\___(\___(\______ --=> 8-) EHM <=-- ______/)___/)___/) \BS ( | ehem+sig...@m5p.com PGP 87145445 | ) / \_CS\ | _____ -O #include <stddisclaimer.h> O- _____ | / _/ 8A19\___\_|_/58D2 7E3D DDF4 7BA6 <-PGP-> 41D1 B375 37D0 8714\_|_/___/5445
