[GH-ISSUE #272] Possible rspamd permission issue in SELF-HOSTING.md #795

New issue

Closed

opened 2026-03-14 10:39:02 +03:00 by kerem · 3 comments

kerem commented 2026-03-14 10:39:02 +03:00

Owner

Copy link

Originally created by @makua104 on GitHub (Feb 24, 2022).
Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/272

I ran into an issue when moving from OpenDKIM and OpenDMARC to Rspamd. A few instructions in the SELF-HOSTING.md file seem to create files owned by root, such as

sudo cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf

and

echo "enabled = false;" | sudo tee -a /etc/rspamd/override.d/module_name.conf

This results in errors similar to

rspamd_config_read: failed to load config: ucl parser error: cannot open file /etc/rspamd/local.d/arc.conf: Permission denied

when rspamd.service is run as the _rspamd user, which I think is done by default. Rspamd fails to start and errors like connect to Milter service inet:localhost:11332: Connection refused appear in /var/log/mail.log when sending from a recipient address, which led to AnonAddy thinking they were spoofed.

Originally created by @makua104 on GitHub (Feb 24, 2022). Original GitHub issue: https://github.com/anonaddy/anonaddy/issues/272 I ran into an issue when moving from OpenDKIM and OpenDMARC to Rspamd. A few instructions in the `SELF-HOSTING.md` file seem to create files owned by root, such as ``` sudo cp /etc/rspamd/local.d/dkim_signing.conf /etc/rspamd/local.d/arc.conf ``` and ``` echo "enabled = false;" | sudo tee -a /etc/rspamd/override.d/module_name.conf ``` This results in errors similar to ``` rspamd_config_read: failed to load config: ucl parser error: cannot open file /etc/rspamd/local.d/arc.conf: Permission denied ``` when `rspamd.service` is run as the `_rspamd` user, which I think is done by default. Rspamd fails to start and errors like `connect to Milter service inet:localhost:11332: Connection refused` appear in `/var/log/mail.log` when sending from a recipient address, which led to AnonAddy thinking they were spoofed.

kerem closed this issue 2026-03-14 10:39:08 +03:00

kerem commented 2026-03-14 10:39:13 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 3, 2022):

All files in the /etc/rspamd directory are owned by root with group root. The Rspamd main process should start as root and then drops privileges. Have you checked for any solutions on the Rspamd repo?

<!-- gh-comment-id:1058251422 --> @willbrowningme commented on GitHub (Mar 3, 2022): All files in the `/etc/rspamd` directory are owned by `root` with group `root`. The Rspamd main process should start as root and then drops privileges. Have you checked for any solutions on the [Rspamd repo](https://github.com/rspamd/rspamd/issues?q=is%3Aissue+root+permission)?

kerem commented 2026-03-14 10:39:19 +03:00

Author

Owner

Copy link

@makua104 commented on GitHub (Mar 3, 2022):

I didn't see anything there other than a few older solved issues (1, 2) related to permission errors. It seems like they say the files should be owned by _rspamd:_rspamd, which is what I did to solve it. Is your rspamd.service also using User=_rspamd?

<!-- gh-comment-id:1058482212 --> @makua104 commented on GitHub (Mar 3, 2022): I didn't see anything there other than a few older solved issues ([1](https://github.com/rspamd/rspamd/issues/3131), [2](https://github.com/rspamd/rspamd/issues/1996)) related to permission errors. It seems like they say the files should be owned by `_rspamd:_rspamd`, which is what I did to solve it. Is your `rspamd.service` also using `User=_rspamd`?

kerem commented 2026-03-14 10:39:24 +03:00

Author

Owner

Copy link

@willbrowningme commented on GitHub (Mar 4, 2022):

Yes the rspamd.service is run by _rspamd. Following the exact instructions in the self-hosting instructions worked for me with no issues. Closing this issue, since it seems you've resolved it now.

<!-- gh-comment-id:1059080181 --> @willbrowningme commented on GitHub (Mar 4, 2022): Yes the rspamd.service is run by `_rspamd`. Following the exact instructions in the self-hosting instructions worked for me with no issues. Closing this issue, since it seems you've resolved it now.

kerem referenced this issue 2026-03-14 11:45:16 +03:00

[GH-ISSUE #795] Mass re-check domain feature #1109

Sign in to join this conversation.

No Branch/Tag specified

Branches Tags

master

v1.5.0

v1.4.1

v1.4.0

v1.3.8

v1.3.7

v1.3.6

v1.3.5

v1.3.4

v1.3.3

v1.3.2

v1.3.1

v1.3.0

v1.2.3

v1.2.2

v1.2.1

v1.2.0

v1.1.0

v1.0.9

v1.0.8

v1.0.7

v1.0.6

v1.0.5

v1.0.4

v1.0.3

v1.0.2

v1.0.1

v1.0.0

v0.14.1

v0.14.0

v0.13.13

v0.13.12

v0.13.11

v0.13.10

v0.13.9

v0.13.8

v0.13.7

v0.13.6

v0.13.5

v0.13.4

v0.13.3

v0.13.2

v0.13.1

v0.13.0

v0.12.3

v0.12.2

v0.12.1

v0.12.0

v0.11.2

v0.11.1

v0.11.0

v0.10.1

v0.10.0

v0.9.1

v0.9.0

v0.8.10

v0.8.9

v0.8.8

v0.8.7

v0.8.6

v0.8.5

v0.8.4

v0.8.3

v0.8.2

v0.8.1

v0.8.0

v0.7.5

v0.7.4

v0.7.3

v0.7.2

v0.7.1

v0.7.0

v0.6.2

v0.6.1

v0.6.0

v0.5.0

v0.4.0

v0.3.0

v0.2.13

v0.2.12

v0.2.11

v0.2.10

v0.2.9

v0.2.8

v0.2.7

v0.2.6

v0.2.5

v0.2.4

v0.2.3

v0.2.2

v0.2.1

v0.2.0

v0.1.6

v0.1.5

v0.1.4

v0.1.3

v0.1.2

v0.1.1

v0.1.0

Labels

Clear labels   

bug

  

pull-request

Mirrored from GitHub Pull Request

No labels

bug

pull-request

Milestone

Clear milestone

No items

No milestone

Projects

Clear projects

No items

No project

Assignees

Clear assignees

No assignees

1 participant

Notifications

Subscribe

Due date

The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference

starred/anonaddy#795

No description provided.