On Wed, Aug 25, 2021 at 04:14:51PM +0200, Philipp Ewald wrote: > i have upgrade my Debian 10 to 11 and notice that courier-authdeamon got > problem with new permissions in /var/run/courier
This appears to be intentional and security-related. See <http://bugs.debian.org/984810> and <https://security-tracker.debian.org/tracker/CVE-2021-28374>. > Debian 11: > #Type Path Mode UID GID Age Argument > d /run/courier 0775 root courier - - > d /run/courier/authdaemon 0750 courier courier - - > > But with this configuration authdaemon not working: > > ERR: authdaemon: s_connect() failed: Permission denied > /usr/bin/maildrop: Temporary authentication failure. > status: deferred Perhaps this should be considered a bug in maildrop, rather than in courier-authdaemon. I'm not familiar with maildrop or what privileges it requires. The package description says it runs setgid "mail", whereas this authdaemon directory is only accessible to group "courier". But I don't know how to fix it without breaking other things.
