Re: .forward MDA fails, "mail.local: may only be run by the superuser"

2020-02-01 Thread Andreas Kusalananda Kähäri
On Sat, Feb 01, 2020 at 09:29:16AM +, gil...@poolp.org wrote:
> February 1, 2020 9:11 AM, "Andreas Kusalananda Kähäri" 
>  wrote:
> 
> > Hi,
> > 
> > With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line
> > in one's ~/.forward makes delivery of mail fail with
> > 
> > Feb 1 08:53:53 pooh smtpd[72575]: d9abac6b3d904e13 smtp connected 
> > address=local
> > host=pooh.prefix.duckdns.org
> > Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp message 
> > msgid=8698cb82 size=1824 nrcpt=1
> > proto=ESMTP
> > Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp envelope 
> > evpid=8698cb8264606654 from=<>
> > to=
> > Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp disconnected 
> > reason=quit
> > Feb 1 08:53:54 pooh mail.local: may only be run by the superuser
> > Feb 1 08:53:54 pooh smtpd[72575]: d9abac6d77a45212 mda delivery 
> > evpid=8698cb8264606654 from=<>
> > to= rcpt= 
> > user=kk delay=0s result=PermFail
> > stat=Error ("mail.local: may only be run by the superuser")
> > Feb 1 08:53:54 pooh smtpd[19621]: warn: queue: no return path!
> > 
> > The mail is then lost.
> > 
> 
> It is rejected at session time because there's no other way to handle
> this case:
> 
> your user "kk" tries to execute "mail.local" from ~/.forward file but
> mail.local requires privileges and smtpd doesn't allow running things
> with privileges from ~/.forward.
> 
> it can't be handled as a temporary failure either.
> 
> 
> > I have
> > 
> > pooh % cat .forward
> > |/usr/local/bin/fdm -a stdin fetch
> > 
> > where "stdin" is a simple mail "account" in fdm(1) that takes messages
> > from standard input, filters it, and sorts it into the correct Maildir
> > inbox. For me, this only affects messages originating from the local
> > system (e.g. crontab output etc., but also messages for root as my root
> > user is aliased to my ordinary user through /etc/mail/aliases).
> > 
> 
> I'm not sure that's what's happening, maildir can't possibly use mail.local,
> and the error message is explicit, mail.local is being executed somehow.
> 
> 
> > I understand that this may well be by design rather than a bug. How
> > may one use a personal MDA from ~/.forward nowadays, or is that option
> > completely unsupported from now on?
> > 
> 
> That shouldn't be the case as I  use ~/.forward with fdm in it

Are you using the latest snapshot?  This started happening after
updating today, between the snapshots that advertise MP kernel build
number #626 and #627 on amd64.

> 
> It would help if you shared your config

The _only_ thing related to the "stdin" account in my ~/.fdm.conf is a
single line saying

account "stdin" disabled stdin

Mail is otherwise filtered and sorted _exactly_ like the messages that I
fetch from remote IMAPS accounts in the same configuration.

The smtpd configuration for local-to-local delivery looks like

action "local" mbox alias 
match from local for local action "local"

I did not send this to the bugs list because I wasn't sure it was a base
system bug, a bug in fdm, or the intended behaviour after the various
recent updates to smtpd, or just something that I'm doing wrong.  If it
is indeed a bug, then I'll write a proper report to the bugs list.

Regards,

-- 
Andreas (Kusalananda) Kähäri
SciLifeLab, NBIS, ICM
Uppsala University, Sweden

.



Re: .forward MDA fails, "mail.local: may only be run by the superuser"

2020-02-01 Thread Stuart Henderson
misc@ is really not the right place for bug reports. Use bugs@, or opensmtpd
has its own lists: https://opensmtpd.org/list.html

On 2020-02-01, Andreas Kusalananda Kähäri  wrote:
> Hi,
>
> With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line
> in one's ~/.forward makes delivery of mail fail with
>
> Feb  1 08:53:53 pooh smtpd[72575]: d9abac6b3d904e13 smtp connected 
> address=local host=pooh.prefix.duckdns.org
> Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp message 
> msgid=8698cb82 size=1824 nrcpt=1 proto=ESMTP
> Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp envelope 
> evpid=8698cb8264606654 from=<> to=
> Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp disconnected 
> reason=quit
> Feb  1 08:53:54 pooh mail.local: may only be run by the superuser
> Feb  1 08:53:54 pooh smtpd[72575]: d9abac6d77a45212 mda delivery 
> evpid=8698cb8264606654 from=<> to= 
> rcpt= user=kk delay=0s result=PermFail 
> stat=Error ("mail.local: may only be run by the superuser")
> Feb  1 08:53:54 pooh smtpd[19621]: warn: queue: no return path!
>
> The mail is then lost.
>
> I have
>
> pooh % cat .forward
>|/usr/local/bin/fdm -a stdin fetch
>
> where "stdin" is a simple mail "account" in fdm(1) that takes messages
> from standard input, filters it, and sorts it into the correct Maildir
> inbox.  For me, this only affects messages originating from the local
> system (e.g. crontab output etc., but also messages for root as my root
> user is aliased to my ordinary user through /etc/mail/aliases).
>
> I understand that this may well be by design rather than a bug.  How
> may one use a personal MDA from ~/.forward nowadays, or is that option
> completely unsupported from now on?
>
> Regards,
>



Re: .forward MDA fails, "mail.local: may only be run by the superuser"

2020-02-01 Thread gilles
February 1, 2020 9:11 AM, "Andreas Kusalananda Kähäri"  
wrote:

> Hi,
> 
> With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line
> in one's ~/.forward makes delivery of mail fail with
> 
> Feb 1 08:53:53 pooh smtpd[72575]: d9abac6b3d904e13 smtp connected 
> address=local
> host=pooh.prefix.duckdns.org
> Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp message 
> msgid=8698cb82 size=1824 nrcpt=1
> proto=ESMTP
> Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp envelope 
> evpid=8698cb8264606654 from=<>
> to=
> Feb 1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp disconnected 
> reason=quit
> Feb 1 08:53:54 pooh mail.local: may only be run by the superuser
> Feb 1 08:53:54 pooh smtpd[72575]: d9abac6d77a45212 mda delivery 
> evpid=8698cb8264606654 from=<>
> to= rcpt= user=kk 
> delay=0s result=PermFail
> stat=Error ("mail.local: may only be run by the superuser")
> Feb 1 08:53:54 pooh smtpd[19621]: warn: queue: no return path!
> 
> The mail is then lost.
> 

It is rejected at session time because there's no other way to handle
this case:

your user "kk" tries to execute "mail.local" from ~/.forward file but
mail.local requires privileges and smtpd doesn't allow running things
with privileges from ~/.forward.

it can't be handled as a temporary failure either.


> I have
> 
> pooh % cat .forward
> |/usr/local/bin/fdm -a stdin fetch
> 
> where "stdin" is a simple mail "account" in fdm(1) that takes messages
> from standard input, filters it, and sorts it into the correct Maildir
> inbox. For me, this only affects messages originating from the local
> system (e.g. crontab output etc., but also messages for root as my root
> user is aliased to my ordinary user through /etc/mail/aliases).
> 

I'm not sure that's what's happening, maildir can't possibly use mail.local,
and the error message is explicit, mail.local is being executed somehow.


> I understand that this may well be by design rather than a bug. How
> may one use a personal MDA from ~/.forward nowadays, or is that option
> completely unsupported from now on?
> 

That shouldn't be the case as I  use ~/.forward with fdm in it

It would help if you shared your config



.forward MDA fails, "mail.local: may only be run by the superuser"

2020-02-01 Thread Andreas Kusalananda Kähäri
Hi,

With the latest snapshot on amd64 (6.6 GENERIC.MP#627), using a "|"-line
in one's ~/.forward makes delivery of mail fail with

Feb  1 08:53:53 pooh smtpd[72575]: d9abac6b3d904e13 smtp connected 
address=local host=pooh.prefix.duckdns.org
Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp message msgid=8698cb82 
size=1824 nrcpt=1 proto=ESMTP
Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp envelope 
evpid=8698cb8264606654 from=<> to=
Feb  1 08:53:54 pooh smtpd[72575]: d9abac6b3d904e13 smtp disconnected 
reason=quit
Feb  1 08:53:54 pooh mail.local: may only be run by the superuser
Feb  1 08:53:54 pooh smtpd[72575]: d9abac6d77a45212 mda delivery 
evpid=8698cb8264606654 from=<> to= 
rcpt= user=kk delay=0s result=PermFail stat=Error 
("mail.local: may only be run by the superuser")
Feb  1 08:53:54 pooh smtpd[19621]: warn: queue: no return path!

The mail is then lost.

I have

pooh % cat .forward
|/usr/local/bin/fdm -a stdin fetch

where "stdin" is a simple mail "account" in fdm(1) that takes messages
from standard input, filters it, and sorts it into the correct Maildir
inbox.  For me, this only affects messages originating from the local
system (e.g. crontab output etc., but also messages for root as my root
user is aliased to my ordinary user through /etc/mail/aliases).

I understand that this may well be by design rather than a bug.  How
may one use a personal MDA from ~/.forward nowadays, or is that option
completely unsupported from now on?

Regards,

-- 
Andreas (Kusalananda) Kähäri
SciLifeLab, NBIS, ICM
Uppsala University, Sweden

.