Op 1/6/2018 om 7:42 PM schreef Florian Pritz:
I downgraded dovecot to 2.2.33.2 and pigeonhole 0.4.21 and can confirm the reported problem does not exist with "permission denied" and sendmail getting hung up/timing out. The issue is that sendmail/maildrop/postdrop uses setgid to change to
On 03.01.2018 18:14, Tony wrote: the maildrop group (
stat $(which postdrop)) and the NoNewPrivileges=true setting in the service file explicitly disables this (look in man systemd.exec). This settings appears to be new in 2.3[1].What is somewhat infuriating is that this behaviour change is not mentioned in the release notes/upgrade notes and the commit that introduces the change changes multiple things and it doesn't explain why things are changed. I'm happy to see service files that try to improve security in an upstream repository though.
Does pigeonhole have any options to configure how mail is send when using "redirect :copy" (possibly more commands, this is just what triggered it here)? If not, support for injecting mail back via smtp would be lovely. I'd like to reenable NoNewPrivileges at some point.
[1] https://github.com/dovecot/core/commit/563c1e3b45bbb69bc67b75ff7a899699bea18...
The submission_host setting should do what you need:
https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/15-lda...
Regards,
Stephan.