mail/spamassassin config option AS_ROOT is confusing

Mike Brown mike at
Thu Dec 22 15:02:41 UTC 2016

On Tue, Dec 20, 2016 at 05:16:32PM -0700, Adam Weinberger wrote:
> > On 20 Dec, 2016, at 16:51, RW <rwmaillists at> wrote:
> > 
> > On Tue, 20 Dec 2016 11:53:43 -0700
> > Mike Brown wrote:
> > 
> >> The AS_ROOT option in the mail/spamassassin port is really confusing
> >> to me. Given that its description is "Run spamd as root
> >> (recommended)", what actually happens is somewhat bonkers:
> >> 
> >> The main spamd process always runs as root. If AS_ROOT is enabled,
> >> then the child processes who do all the work will not run as root,
> >> but rather as unprivileged user spamd. If AS_ROOT is disabled, then
> >> the children *will* run as root, but as needed they will setuid to
> >> the user calling spamc. 
> >> Which setting you want depends on where user prefs and Bayes data is
> >> stored. If it's in user-owned ~/.spamassassin directories, then you
> >> want AS_ROOT disabled or you'll get a plethora of error messages and
> >> lock file warnings relating to permissions, since user spamd can't
> >> write where it needs to.
> > 
> > That shouldn't happen as the default (without virtual users) is to
> > use /var/spool/spamd, the spamd user's home directory.

I think we need to get to the bottom of this before I propose an extended help 
message for the FreeBSD port's config options. I don't want to misrepresent 
the expected behavior of using -u.

The only thing I see in my SA config which could be causing the non-default 
behavior is in I have "allow_user_rules 1". Is that incompatible with 

More information about the freebsd-ports mailing list