Updated Dovecot 2.3.0 now getting 2 strange log errors
Stephan Bosch
stephan at rename-it.nl
Sun Jan 7 10:08:11 EET 2018
Op 1/6/2018 om 7:42 PM schreef Florian Pritz:
> On 03.01.2018 18:14, Tony wrote:
>> I downgraded dovecot to 2.2.33.2 and pigeonhole 0.4.21 and can confirm
>> the reported problem does not exist with "permission denied" and
>> sendmail getting hung up/timing out.
> The issue is that sendmail/maildrop/postdrop uses setgid to change to
> the maildrop group (`stat $(which postdrop)`) and the
> NoNewPrivileges=true setting in the service file explicitly disables
> this (look in man systemd.exec). This settings appears to be new in 2.3[1].
>
> What is somewhat infuriating is that this behaviour change is not
> mentioned in the release notes/upgrade notes and the commit that
> introduces the change changes multiple things and it doesn't explain why
> things are changed. I'm happy to see service files that try to improve
> security in an upstream repository though.
>
> Does pigeonhole have any options to configure how mail is send when
> using "redirect :copy" (possibly more commands, this is just what
> triggered it here)? If not, support for injecting mail back via smtp
> would be lovely. I'd like to reenable NoNewPrivileges at some point.
>
> [1]
> https://github.com/dovecot/core/commit/563c1e3b45bbb69bc67b75ff7a899699bea18e88#diff-5bbec0a0006d92d441b5c8fa72690f
The submission_host setting should do what you need:
https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/15-lda.conf#L20
Regards,
Stephan.
More information about the dovecot
mailing list