Portable - offline not working (tried 6.0.2p1 and 6.0.3p1)

[edrozenberg]

I'm not able to make offline functionality work on Slackware Linux w/compiled 6.0.3p1, and have also tried Arch Linux w/ its packaged 6.0.2p1 setup. I also looked at how OpenSMTPD is setup on FreeBSD, with no further insights as to the problem. Online email sending via relay works perfect, on several different servers with different relay hosts. No problems with online at all.

Have been at this for about a week, on and off - any hints super welcome, please save me from Postfix :). Have already looked at the man pages, the handful of articles available online, and all of the relevant github and mailing list issues I could find. Nothing helped so far.

1. Cannot send offline mail as a regular, non-root user (for ex. using mutt):

cannot create temporary file /var/spool/smtpd/offline/1520046975.XXXX912iHt:
+Permission denied

2. Offline email sent as 'root' is present in /var/spool/smtpd/offline/, but when I run smtpd it is never picked up for sending, never attempted. It is as if opensmtpd doesn't see it at all:

debug: queue: done loading queue into scheduler
debug: smtpd: scanning offline queue...
debug: smtpd: offline scanning done

Details below, for the Slackware 6.0.3p1 setup.

# /etc/opensmtpd/smtpd.conf
listen on localhost
table aliases file:/etc/opensmtpd/aliases
table secrets file:/etc/opensmtpd/secrets
accept for local alias <aliases> deliver to mbox
accept from local for any relay                      \
  via  secure+auth://mylogin@myserver:587  \
  auth <secrets>

[/etc/opensmtpd]# ls -al
drwxr-xr-x   2 root root  4.0K Mar  2 16:50 .
drwxr-xr-x 105 root root   12K Mar  2 09:36 ..
-rw-r--r--   1 root root   532 Feb 24 15:47 aliases
-rw-r-----   1 root smtpd   45 Feb 24 15:32 secrets
-rw-r--r--   1 root root   707 Feb 24 15:36 smtpd.conf

[/usr/sbin]# ls -al smtp*
-r-xr-sr-x 1 root root 180K Feb 24 13:52 smtpctl
-rwxr-xr-x 1 root root 414K Feb 24 13:52 smtpd

/etc/passwd contains:

smtpd:x:270:270::/var/empty:/bin/false
smtpq:x:271:271::/var/empty:/bin/false

/etc/group contains:

smtpd:x:270:
smtpq:x:271:

spool directory exactly as created by smtpd command:

/var/spool/smtpd]# ls -al
drwx--x--x  8 root  root  4.0K Mar  2 19:29 .
drwxr-xr-x 14 root  root  4.0K Mar  2 19:29 ..
drwx------  2 smtpq root  4.0K Mar  2 19:29 corrupt
drwx------  2 smtpq root  4.0K Mar  2 19:29 incoming
drwxrwx---  2 root  smtpq 4.0K Mar  2 19:29 offline
drwx------  2 smtpq root  4.0K Mar  2 19:29 purge
drwx------  2 smtpq root  4.0K Mar  2 19:29 queue
drwx------  2 smtpq root  4.0K Mar  2 19:29 temporary

[edrozenberg]

In case it matters, I'm using libasr-20180224_860f733-x86_64

[edrozenberg]

For comparison I also tried on OpenBSD - offline works fine there.
It knows it is running on its "home" OS so works fine. :)

OpenBSD 6.2 info below, for comparison with Linux above.

mutt (error is not really a problem):

Error sending message, child exited 75 (Deferred.).

# cd /usr/sbin
# ls -al smtp*                                                                 
-r-xr-sr-x  1 root  _smtpq  190720 Oct  3 20:13 smtpctl
-r-xr-xr-x  1 root  bin     461576 Oct  3 20:13 smtpd

/var/spool/smtpd:

# ls -al
total 32
drwx--x--x  8 root    wheel   512 Mar  2 20:38 .
drwxr-xr-x  6 root    wheel   512 Mar  2 20:39 ..
drwx------  2 _smtpq  wheel   512 Mar  2 20:38 corrupt
drwx------  2 _smtpq  wheel   512 Mar  2 20:38 incoming
drwxrwx---  2 root    _smtpq  512 Mar  2 20:38 offline
drwx------  2 _smtpq  wheel   512 Mar  2 20:38 purge
drwx------  2 _smtpq  wheel   512 Mar  2 20:38 queue
drwx------  2 _smtpq  wheel   512 Mar  2 20:38 temporary

/var/spool/smtpd/offline:

# ls -al
total 12
drwxrwx---  2 root     _smtpq  512 Mar  2 20:38 .
drwx--x--x  8 root     wheel   512 Mar  2 20:38 ..
-rw-------  1 eduardr  _smtpq  350 Mar  2 20:38 1520051936.vV3aD7uZYR

After running smtpd -dv, message is queued as expected, and removed from offline.

# cd queue/                                                                    
# ls -al
total 12
drwx------  3 _smtpq  wheel  512 Mar  2 20:43 .
drwx--x--x  8 root    wheel  512 Mar  2 20:43 ..
drwx------  3 _smtpq  wheel  512 Mar  2 20:43 57
# find .
.
./57
./57/57570082
./57/57570082/575700829ee10cd7
./57/57570082/message

[edrozenberg]

Think I found the problem, and offline appears fixed on Linux now, with these changes below. I had to do a chmod to add back the set gid flag, after changing the group from root to smtpq on the smtpctl binary:

# chgrp smtpq smtpctl
# chmod g+s smtpctl

[edrozenberg]

If permissions on smtpctl are indeed the issue, I'm not sure if this is something the OpenSMTPD (portable) Makefile should fix, but currently I'll be fixing these permissions in my Linux package build script so from my side I'm ok.

[poolpOrg]

I don't know how you ended up with smtpctl not being setgid but this is clearly a user error as the smtpctl install Makefile explicitely sets it:

https://github.com/OpenSMTPD/OpenSMTPD/blob/portable/mk/smtpctl/Makefile.am#L79

closing

[edrozenberg]

@ poolpOrg I failed to explain the issue properly. The issue is wrong group on smtpctl.

After configure, make, make install:

$ ls -al smtpctl 
-r-xr-sr-x 1 root root 622K Mar  7 06:33 smtpctl

Needs to be fixed to be:

-r-xr-sr-x 1 root smtpq 180K Mar  5 13:39 smtpctl

(the reason I had to set gid again is that after I myself fix group with chgrp, the set gid flag gets lost and I had to add it back. The Makefile problem is group not being set properly)

Also see this problem in other distro(s) like Arch Linux where smtpctl group is also root. Probably they don't test offline and have no idea it's an issue.

[edrozenberg]

Now I realize make install would not know what group gid to use for the chgrp on smtpctl, because the gid for group smtpq depends on each distribution. Arch group smtpq gid = 92, Slackware Slackbuilds.org smtpq gid = 271, and other distros are probably all over the map.

The problem is a Linux distro/packager problem - they don't know that they need to set smtpctl group to smtpq.

May I suggest a big NOTICE printed at the end of the make or make install to inform them? :) They're obviously not aware of this issue, and I'm not sure how they can be made aware (other than me sending feedback to a couple of the distros as I plan to do).

[poolpOrg]

ok indeed, the initial description made it seem like a local issue with the mode, not the ownership.

I don't think this should be solved at the distro level, this is a Makefile bug on our side, I'll re-open the ticket until I have a fix ready.

[edrozenberg]

@poolpOrg thanks! I'm guessing you plan for Makefile to chgrp smtpq smtpctl; chmod g+s smtpctl

This assumes the packager already has an smtpq group present - I think this is a good assumption. If they don't have this group yet, they'll get an error and they'll know they need to create this group.

[poolpOrg]

there's a configure option to specify a different group, but eitherway we have documented that two users are required and we have a default _smtpq user defined so it will fail to install if packager didn't setup environment correctly.

[edrozenberg]

Totally makes sense thanks!

[poolpOrg]

issue fixed and merged in portable branch