January 26, 2024 10:22 PM, gil...@poolp.org wrote: > January 25, 2024 9:23 PM, "Chris Brannon" <ch...@the-brannons.com> wrote: > >> Well, maybe the thing I thought would be very stupid isn't so stupid >> after all. In doas.conf: >> >> permit nopass smtpd as mlmmj cmd /usr/bin/mlmmj-receive >> permit nopass smtpd as inboxen cmd /usr/bin/public-inbox-mda >> >> And then in the ~/.forward file for those two users, >> "| /usr/bin/doas -u USERNAME COMMAND" > > I haven't followed the discussion that led to this change upstream, > but I think the change that happened in OpenBSD which leads to this > situation is not correct :-/
Sorry, I should elaborate. Upon delivery, a process is forked and drops its privileges to that of the end-user, allowing both forward file parsing and delivery to happen without smtpd permissions. The only exception is mbox, which requires forcing delivery user to root, and it is handled as a special case. In all other cases, either you deliver as the end-user, or if you want a specific user you have to force it with the "user" keyword, as is done for virtual users setups: # delivers misc@opensmtpd.org as user _mlmmj # action "vusers" deliver to maildir user _mlmmj In this case, it is assumed that there's no local user "misc" backing m...@opensmtd.org so we tell smtpd to use _mlmmj to represent it, kind of as a system account aliasing, and so the forward file that's used is that of _mlmmj. Now my understanding is that LMTP deliveries need to be done as the _smtpd user for some reason... but not because the end-user doesn't exist, so the .forward parsing should be done as the user and the delivery as _smtpd, otherwise the .forward parsing happens with the wrong user, as is the case here :-/