spamassassin (spamd) is running root account in default install. looks like big security hole to me? Reproducible: Always
So read the notes in /etc/conf.d/spamd and configure it to run as another user according to your needs? There's really no good default user for this, dunno what are you expecting here.
instead of running it root that can be really big security hole, ebuild should create user like spamd and run spamd as it.
Except that it won't work for tons of users... You need to configure stuff as fit for your particular configuration, MTA etc. etc. If you have no clue then chances are you shouldn't be running such daemons at all.
.. but at least isn't security hole by default. If someone need to run it as root, he can configure it by hand. other distributions run spamd as spamd by default.
Option that selects username in spamd conf.d file could be null by default, and init.d script refuse to start without user setting it. Some other daemons allready do this, IIRC.
I agree that some kind of solution for running spamd as some other account as root would be a must-have. A small configure-hell is better than long-running security-hell, right?
Here's a plan, go configure this as you want. Closing a dead bug.