diff --git a/modules/misc/ids.nix b/modules/misc/ids.nix
index bd38b5f9a42e..ea28162686eb 100644
--- a/modules/misc/ids.nix
+++ b/modules/misc/ids.nix
@@ -73,6 +73,7 @@ in
     fprot = 52;
     bind = 53;
     wwwrun = 54;
+    spamd = 55;
 
     # When adding a uid, make sure it doesn't match an existing gid.
 
diff --git a/modules/services/mail/spamassassin.nix b/modules/services/mail/spamassassin.nix
index 69d3c390bc93..9b387eb940f7 100644
--- a/modules/services/mail/spamassassin.nix
+++ b/modules/services/mail/spamassassin.nix
@@ -33,11 +33,17 @@ in
     # Allow users to run 'spamc'.
     environment.systemPackages = [ pkgs.spamassassin ];
 
+    users.extraUsers = singleton
+      { name = "spamd";
+        description = "Spam Assassin Daemon";
+        uid = config.ids.uids.spamd;
+      };
+
     jobs.spamd = {
       description = "Spam Assassin Server";
       startOn = "started networking and filesystem";
       environment.TZ = config.time.timeZone;
-      exec = "${pkgs.spamassassin}/bin/spamd -C /etc/spamassassin/init.pre --siteconfigpath=/etc/spamassassin --debug --pidfile=/var/run/spamd.pid";
+      exec = "${pkgs.spamassassin}/bin/spamd -C /etc/spamassassin/init.pre --siteconfigpath=/etc/spamassassin --username=spamd --pidfile=/var/run/spamd.pid";
     };
 
   };