There really is a lack of any documentation surrounding how to properly set up Spamassassin using unix sockets (unix:/run/spamassassin/spamd.sock) instead of the TCP service. There are precious few mentions here and there of some individual Ubuntu setups, and even fewer for Cent or Fedora, but nothing that I found that addresses the issue of the /run/spamassassin directory and it's ephemeral nature.
There is in fact no tmpfiles.d file/entry in the package, and to be honest, it never worked for me after I manually tried this method. I did however find a clue in a long unrelated thread that pointed to a few settings that are missing from the standard systemd service unit that solve this problem.
It feels like because the vast majority of people just run spamassassin on separate machines utilizing the TCP stack that there is no need to prepare it for a socket based install, leaving it to be done manually... with no documentation.
The following should be added to an override file at /etc/systemd/system/spamassassin.service.d/override.conf within the [Service] section.
- Adding the following lines will have the service create the runtime directory each time the service is started if it doesn't exist...
RuntimeDirectory=spamassassin
RuntimeDirectoryMode=0770
- These lines will allow the above to be run/created using the
root user, and then drop down to the spamd user and group to run the service. Without these, the above was failing with permission denied errors.
PermissionsStartOnly=True
User=spamd
Group=spamd
Hope this helps those out there struggling with using the socket setup, and not wanting to finally just give in and take the easy route.
