On Wed, Jun 11, 2025 at 04:16:38PM +0200, Vincent Lefevre wrote: > On 2025-06-11 10:06:03 -0400, Noah Meyerhans wrote: > > There's a difference between running spamassassin as root versus running > > spamd as root. Spamd runs as root so that it can setuid to the > > individual users receiving the incoming mail. This is necessary in > > order to support per-user configuration, bayes databases, etc. in > > ~/.spamassassin. > > It creates files in the root account, so this is clearly broken!
Are you doing mail delivery as root, or is this something that's happening before setuid() to some other account? If the latter, then yes, something is clearly broken. I see that you've raised the issue on a couple of different mailing lists. If spamd is creating files in (or otherwise touching) the user preferences directory before calling setuid() to process an inbound message, then this seems like a distinct bug that should be reported upstream. noah
