mail/spamassassin config option AS_ROOT is confusing

Mike Brown mike at
Tue Dec 20 18:59:23 UTC 2016

The AS_ROOT option in the mail/spamassassin port is really confusing to me. 
Given that its description is "Run spamd as root (recommended)", what actually 
happens is somewhat bonkers:

The main spamd process always runs as root. If AS_ROOT is enabled, then the 
child processes who do all the work will not run as root, but rather as 
unprivileged user spamd. If AS_ROOT is disabled, then the children *will* run 
as root, but as needed they will setuid to the user calling spamc.
Which setting you want depends on where user prefs and Bayes data is stored. 
If it's in user-owned ~/.spamassassin directories, then you want AS_ROOT 
disabled or you'll get a plethora of error messages and lock file warnings 
relating to permissions, since user spamd can't write where it needs to.

It took me a while to figure this out on a fresh installation. I enabled the 
option, thinking "yes, of course I want it to run as root, so that it can 
write to the users' home directories"... then I was confused when it ended up 
not running as root but rather as user spamd, and the behavior I wanted was 
only possible if I configured the port to *not* run spamd as root.

I guess I am just griping, but I would like to think there is a better way to 
describe and name the configuration option. Maybe AS_SPAMD_USER with 
description "Run spamd as unprivileged user (recommended)"? Not sure this 
really would've helped me know which option to choose, but it would've spared
me from part of the wild goose chase I've been on all day.

Thanks for listening.

More information about the freebsd-ports mailing list