spamd runs as mail and that's what the bayes_ files are owned as. A few days ago we started seeing an increase in spam and looking into the problem today, I found that the bayes_toks file (but not bayes_seen) was owned as root.
Anyone have any ideas what could cause this? We do run a script that runs as root that calls sa-learn occasionally. Could that interaction somehow cause the file ownership to be changed? If so, any recommendations for the proper locking between spamd and sa-learn? Thanks, Chris