New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Permission denied when deliving mail while they are OK #1200
Comments
Try chmod 755 /var/mail |
I think I'm seeing a similar issue with OpenSMTPD 6.8.0p2 on Ubuntu 22.04.
Only after
I don't think a maildir folder should be left with 777 permissions as that would allow anybody to read/modify elements in it; unfortunately any more restrictive permissions set on the maildir (even 775) causes the delivery to fail. |
The mail.maildir (or any other mda) runs as the recipient user. This user
needs to be able to access the maildir directory.
In the case of @neva-blyad '/var/mail/' had no read and execute for the
user. So 'mail.maildir' as neva_blyad can not change the dir to '/var/mail/neva_blyad'.
In the case of @maffo999 the dir '/var/mail/user' belongs to 'root:mail'
and other have no write permission. Change the directory owner to 'user'
and it will work.
|
You are not right, /var/mail/ had 770 (drwxrwx---) permissions, it means the recepient could both read and write to the directory. (Note that neva_blyad is member of mail group.) |
The bug is still active |
[2024-02-10 17:07] neva-blyad ***@***.***>
> The mail.maildir (or any other mda) runs as the recipient user. This user needs to be able to access the maildir directory. In the case of @neva-blyad '/var/mail/' had no read and execute for the user. So 'mail.maildir' as neva_blyad can not change the dir to '/var/mail/neva_blyad'. In the case of @maffo999 the dir '/var/mail/user' belongs to 'root:mail' and other have no write permission. Change the directory owner to 'user' and it will work.
You are not right, /var/mail/ had 770 (drwxrwx---) permissions, it means the recepient could both read and write to the directory. (
Note that neva_blyad is member of mail group.)
Yes, but opensmtpd only sets the login gid (the one in passwd(5)). So
this setting only helps when your login gid in /etc/passwd is the gid
of the mail group.
When you don't want to change your login groupid you can use a userbase
or set the read and exec permissions for others.
Btw: adding all mail users to the mail group _and_ setting /var/mail
writeable to the mail group doesn't sound like a good idea.
|
Thank you. it is undocumented behavior though, that OpenSMTPD ignores second groups and use only primary user group. It is non-intuitive and non-typical for Unix daemon. P. S. I set sticky bit to /var/mail/ so it goes fine. |
How to reproduce bug.
Create /etc/smtpd.conf with the content below.
Restart OpenSMTPd:
$ rcctl restart smtpd
Then I send test mail to myself:
The error messages appear in /var/log/maillog:
My maildir delivery directory:
Pay attention that I have a write permission 700 to the my own maildir directory /var/mail/neva_blyad/, but server shows error anyway. (Also note that neva_blyad, de_sade are users of mail group, it is not necessary to know here.)
Now I change the permissions:
Restart the server, send mail again and everything has gone fine.
So there is bug. OpenSMTPd requires that all 777 permission flags set to the top-level maildir directory /var/mail, but in fact it has to write multiple files in /var/mail/$USER/ (700, owned by $USER) by $USER.
The text was updated successfully, but these errors were encountered: