On Sun, Nov 27, 2005 at 12:39:50AM -0500, the unit calling itself Pierre Lamy wrote: > The problem is that a non-MTA is trying to write something to /var/mail, > which is bad. > > The OpenBSD developers can't account for every third party's wierd way > of doing things; you did the right thing by mailing the developer, but > if they can't help you maybe you should switch to a different pop3 > server. You're not going to get any constructive answers here that will > satisfy you.
You may be correct about constructive answers. Wrt the choice of a POP3 server, the package list (http://www.openbsd.org/3.8_packages/i386.html) says: 'akpop3d-0.7.7.tgz small and secure POP3 daemon' I don't know - maybe I'm asking the wrong questions? Jay > > J Moore wrote: > > >On Sat, Nov 26, 2005 at 04:51:38PM -0700, the unit calling itself Theo de > >Raadt wrote: > > > > > > > >>>This leads me to a two-part question: > >>>1. Is there an advantage to assigning group ownership of /var/mail to > >>>"wheel", or was this choice simply arbitrary? > >>> > >>>2. To get akpop3d running should I change group ownership of > >>>/var/mail to "mail" (rather than giving akpop3d the '-g wheel' > >>>option)? > >>> > >>> > > > > > > > >>Locking should (safely) be done by spawing a copy of mail.local > >>for the duration of the operation. This is designed to be safe > >>even when using NFS spools. > >> > >>NFS spools are the reason people kept running into trouble > >>trying to design something safe. A few years ago we settled > >>on this method which is safe. > >> > >>Lots of mailer programs want direct access to the spool, and will > >>do it wrong. Proper locking in an NFS directory like that is hard. > >>This makes it easier. > >> > >> > > > >Let me see if I've got this straight: > > > >sendmail uses mail.local to deliver mail to the user's mail spool, and > >mail.local uses lock files of the form "username.lock" while it does its > >thing with the spool file. > > > >However, akpop3d doesn't appear to use this form of the lockfile. If > >that's the case I don't get the relevance of mail.local. > > > >I can appreciate that file locking in an NFS directory is hard to do; I > >gather then that the answer to Q 1. is that the choice was not > >arbitrary. > > > >If ownership of /var/mail by group "wheel" is not arbitrary, then it > >would seem that the answer to Q 2. is to run akpop3d with the option > >'-g wheel'. I would have thought that was not the "best" choice as it > >entrusts akpop3d with the ability to write anywhere "wheel" is able to - > >rather than just /var/mail. > > > >Analysis, comments? > > > >Thnx, > >Jay > > [demime 1.01d removed an attachment of type application/x-pkcs7-signature > which had a name of smime.p7s]
