Package: opensmtpd Version: 6.6.1p1-1 Severity: important Dear Maintainer,
I was surprised that OpenSMTPD lost a cron mail that cron managed to submit while smtpd was not running (stopped temporarily for maintenance). I expected smtpd to send it later, when I start it, but the message just kept sitting in /var/spool/smtpd/offline. So, to reproduce: 1. Install OpenSMTPD. The issue is reproducible both in Debian Stable and Unstable and needs to be fixed in both. 2. It starts up and creates the hierarchy under /var/spool/smtpd. 3. Stop it, just to pretend that it was stopped and forgotten by accident. 4. Create a "mail.txt" file with mail headers, blank line, and body. 5. Send it: sendmail -f y...@yourmail.com -t < mail.txt 6. At this point, /usr/sbin/sendmail returns 75 and puts the message into /var/spool/smtpd/offline, as expected. 7. systemctl restart opensmtpd Expectation: smtpd should pick up the file from the offline queue. Actual result: # ls -l /var/spool/smtpd/offline -rw------- 1 root root 237 Nov 30 18:08 1575137330.XXXXMwS8bP The file just sits there, and smtpd ignores it. xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx This has been traced to the permission differences between OpenSMTPD expectations (based on how it is shipped on OpenBSD) and the reality on Debian systems. First of all, OpenSMTPD contains code that checks permissions on the files in the offline queue: https://github.com/OpenSMTPD/OpenSMTPD/blob/c139eb1610e931739d6cde4194c9560124b08165/smtpd/smtpd.c#L1604 The directory is owned by root:opensmtpdq, and the file by root:root. The mismatch can be attributed to two things: 1. Difference between the directory group semantics between BSD (where OpenSMTPD comes from) and Linux. On BSD, all directories behave like they do on Linux with the (Linux) setgid bit. # ls -ld /var/spool/smtpd/offline drwxrwx--- 2 root opensmtpq 6 Nov 30 21:40 /var/spool/smtpd/offline 2. Difference between the ownership of /usr/sbin/smtpctl: OpenBSD: it is setgid. # ls -l /usr/sbin/smtpctl -r-xr-sr-x 1 root _smtpq 217736 Oct 12 21:34 /usr/sbin/smtpctl Linux: it is just a regular binary. # ls -l /usr/sbin/smtpctl -rwxr-xr-x 1 root root 211896 Nov 19 17:06 /usr/sbin/smtpctl Therefore, it cannot create offline messages with the correct ownership. In fact, fixing (1) makes offline mail work for root. Fixing (2) alone makes it work for everyone. -- System Information: Debian Release: 10.2 APT prefers stable APT policy: (500, 'stable') Architecture: amd64 (x86_64) Kernel: Linux 5.3.12-arch1-1 (SMP w/8 CPU cores; PREEMPT) # LXC container Kernel taint flags: TAINT_OOT_MODULE, TAINT_UNSIGNED_MODULE # wireguard Locale: LANG=en_US.UTF-8, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8), LANGUAGE=en_US.UTF-8 (charmap=UTF-8) Shell: /bin/sh linked to /bin/dash Init: systemd (via /run/systemd/system) Versions of packages opensmtpd depends on: ii adduser 3.118 ii debconf [debconf-2.0] 1.5.71 ii ed 1.15-1 ii init-system-helpers 1.56+nmu1 ii libasr0 1.0.2-2 ii libc6 2.28-10 ii libdb5.3 5.3.28+dfsg1-0.5 ii libevent-2.1-7 2.1.11-stable-1 ii libpam0g 1.3.1-5 ii libssl1.1 1.1.1d-0+deb10u2 ii lsb-base 10.2019051400 ii zlib1g 1:1.2.11.dfsg-1 Versions of packages opensmtpd recommends: pn opensmtpd-extras <none> Versions of packages opensmtpd suggests: ii ca-certificates 20190110 -- Configuration Files: /etc/smtpd.conf changed [not included] -- debconf information excluded
