In the libmilter documentation distributed with Sendmail (libmilter/html/smfi_setconn.html) there are the following notes:
If possible, filters should not run as root when communicating over unix/local domain sockets.
Unix/local sockets should have their permissions set to 0600 (read/write permission only for the socket's owner) or 0660 (read/write permission for the socket's owner and group) which is useful if the sendmail RunAsUser option is used. The permissions for a unix/local domain socket are determined as usual by umask, which should be set to 007 or 077. Note some operating systems (e.g, Solaris) don't use the permissions of the socket. On those systems, place the socket in a protected directory.
I think it would be useful to include these in the documentation for the equivalent pymilter documentation, in particular I just had to explain how setting umask affects Unix domain sockets to a user of dkimpy-milter and it would have been easier to point to the pymilter documentation if the information was there.
In the libmilter documentation distributed with Sendmail (libmilter/html/smfi_setconn.html) there are the following notes:
I think it would be useful to include these in the documentation for the equivalent pymilter documentation, in particular I just had to explain how setting umask affects Unix domain sockets to a user of dkimpy-milter and it would have been easier to point to the pymilter documentation if the information was there.