On 2025-06-11 10:20:00 -0400, Noah Meyerhans wrote: > On Wed, Jun 11, 2025 at 04:16:38PM +0200, Vincent Lefevre wrote: > > On 2025-06-11 10:06:03 -0400, Noah Meyerhans wrote: > > > There's a difference between running spamassassin as root versus running > > > spamd as root. Spamd runs as root so that it can setuid to the > > > individual users receiving the incoming mail. This is necessary in > > > order to support per-user configuration, bayes databases, etc. in > > > ~/.spamassassin. > > > > It creates files in the root account, so this is clearly broken! > > Are you doing mail delivery as root, or is this something that's > happening before setuid() to some other account? If the latter, then > yes, something is clearly broken.
To my personal account, via procmail in my personal account: :0 fw: .spamassassin.lock | spamc -t 240 -s 3000000 > I see that you've raised the issue on a couple of different mailing > lists. This issue has been reported by several users upstream. This is not specific to me. Note that there are actually 2 issues I reported: 1. The fact that spamassassin still does Validity queries *by default*. 2. When spamassassin does a Validity query and this is blocked, it creates files in the root account. > If spamd is creating files in (or otherwise touching) the user > preferences directory before calling setuid() to process an inbound > message, then this seems like a distinct bug that should be reported > upstream. Some user has "spamd child" processes as spamd user. But in Debian, they are root. Perhaps this is the issue? However, I don't know the expected intent of these files. -- Vincent Lefèvre <vinc...@vinc17.net> - Web: <https://www.vinc17.net/> 100% accessible validated (X)HTML - Blog: <https://www.vinc17.net/blog/> Work: CR INRIA - computer arithmetic / Pascaline project (LIP, ENS-Lyon)
