bug#57283: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail

bug#57283: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail

[semente]

Hello,

After setup opensmtpd service in a Guix system I could use it to send local messages but the messages won't be delivered to user's default mailboxes due lack of write permissions for the /var/mail directory.

I could only fix this by changing /var/mail permissions to 777. I also tried changing its owner to the user that runs opensmtpd (smtpd user) but it worked only when I give write permissions to all.

Related error logs:

  Aug 18 14:48:32 localhost lockspool: /var/mail/semente.lock: Permission denied
  Aug 18 17:50:39 localhost smtpd[12620]: 55190016986121ba mda delivery evpid=f923e987d2d9e39b from=<semente@host> to=<semente@host> rcpt=<semente@host> user=semente delay=25m10s result=TempFail stat=Error (terminated; timeout)

Thanks,
semente

bug#57283: opensmtpd: permission issue while trying to deliver messages to mboxes in /var/mail

[Felix Lechner via Bug reports for GNU Guix]

Hi,

Based on friendly advice offered on IRC, I believe I more or
lessaddressed the setgid issue with the system declaration below.

The issue I still have is that the adjusted gids appear to be effective
only for users but not for the smtpd process itself. As a result, smtpd
could not deliver an offline message that was created by a setup
error. It resulted in this warning on startup:

# smtpd -d -f smtpd.conf
info: OpenSMTPD 6.8.0p2 starting
sendmail: this program must be setgid smtpq
warn: smtpd: couldn't enqueue offline message /var/spool/smtpd/offline/1663868496.XXXXt611BF; smtpctl exited abnormally

I tried that inside 'guix shell smtpd' and without. Then I deleted the
queued message and resent it.

Alas, the reporting party may find this solution insufficient, as
well. Perhaps the local mail delivery they hope to achieve is affected
like the local retrieval that remains broken for me. (I use a relay.)

Either way, I hope this message is somewhat helpful.

Kind regards
Felix Lechner

* * *

(use-modules
 (gnu packages mail)
 (gnu system setuid))

(operating-system

 ...

 (setuid-programs
  (append (list

           (setuid-program
            (program (file-append opensmtpd "/sbin/smtpctl"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/sendmail"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/send-mail"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/makemap"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/mailq"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq"))

           (setuid-program
            (program (file-append opensmtpd "/sbin/newaliases"))
            (setuid? #false)
            (setgid? #true)
            (group "smtpq")))

          %setuid-programs))

 (services
  (append (list

           ...

           (service opensmtpd-service-type
                    (opensmtpd-configuration
                     (config-file
                      (plain-file "opensmtpd-configuration"
                                    "
[YOUR SMTPD CONFIG TEXT GOES HERE]
"))))))))