Exim4 and Spamassassin - which user to run as?

Some of the more or less officially recommended documents describing how to set up SMTP time spam scanning suggests calling (?) Spamassasin from Exim as user “nobody”.

However under Debian the User nobody intentionally has no home directory and thus, depending on how you’ve set up Exim4 and Spamassassin, Spamassassin will try to save its settings in its $HOME, resulting in the following error (visible in /var/log/mail.log):

Mar 2 09:55:59 mail spamd[4896]: config: cannot write to /nonexistent/.spamassassin/user_prefs: No such file or directory

A posting in a often referred to thread has a few suggestions for setup. The problem there however is that they are mutually exclusive in that you get either scanning at SMTP time or scanning for each user individually.

I do want individual users to be able fine tune Spamassassin for their needs but I also want the main bulk of spam rejected at the SMTP connection.

Thus, as suggested in the posting above I did create a special spamd user:

adduser --disabled-password spamd

which is not used for running spamd. but only used by Exim4’s exiscan patch to check for spam. Therefore I replaced all the following lines from the howto:

spam = nobody:true

by

spam = spamd:true

Seems to work.

Siderant:

The reason I dropped sendmail 15 years ago was that the configuration was way more complex than learning a new computer language. Exim4 has got to the exact same point by now: Debian’s variant of Exim4 has dozens of interdependent config files, partially created from templates and being rebuild by generators with half-standardized variables etc. It’s a pain. Maybe I should have upgraded to postfix from exim3 instead.

Evidently the Mail community needs a variation of Greenspun’s Tenth Rule Of Programming:

“Any sufficiently advanced MTA program contains an ad-hoc, informally-specified reimplementation of sendmail’s configuration system”