Hello, On 2024/08/22 15:03:48 +0200, Illya Meyer <illya.me...@wiesan.de> wrote: > Hi there, > > affects: Manual page "forward" in OpenBSD 7.5. > affects also: Error message from sendmail. > > Please correct the EXAMPLES section in "man 5 forward": > > ---- Schnipp 8< ---- > EXAMPLES > The following file forwards mail to "u...@example.com", and pipes the > same mail to "examplemda". > > # empty lines are ignored > > u...@example.com # anything after # is ignored > "|/path/to/examplemda" > ---- Schnapp 8< ---- > > because piping is no longer allowed (at least, I think so :-)) > > from Changelog 7.4 -> 7.5: https://www.openbsd.org/plus75.html: > > ---- Schnipp 8< ---- > Disallowed custom commands and file reading in a .forward file, allowing > only forwarding addresses and users, so that smtpd(8) can't execute > custom commands set by root in a .forward. ^^^^^^^
pipes to mda are only disabled for the root user, not for other users. I see however how the text phrased like that could be ambiguous. The fact that root is treated apart from the other users is something that we actually don't document, but forward(5) is the wrong place since it's about the file format and we're talking about a smtpd quirk. > ---- Schnapp 8< ---- > > It would be very nice to have a better error message in sendmail. > > "sendmail: command failed: 451 Temporary failure" > > is of cource correct, but not very clear, if a pipe is in a .forward-file. mmhhh, i see your point. we're actually logging the error, but it's hidden behind TRACE_EXPAND, so not immediately visible. I'm wondering if, only for this case, we should raise the logging to a warning and/or return a permfail instead. My suggestion, however, is to alias the root user to another user, as per the installer default (if you add one that is), and then handle the mail as you prefer *as that regular unprivileged user*. Thanks, Omar Polo
