Op 1/6/2018 om 7:42 PM schreef Florian Pritz: > On 03.01.2018 18:14, Tony wrote: >> I downgraded dovecot to 2.2.33.2 and pigeonhole 0.4.21 and can confirm >> the reported problem does not exist with "permission denied" and >> sendmail getting hung up/timing out. > The issue is that sendmail/maildrop/postdrop uses setgid to change to > the maildrop group (`stat $(which postdrop)`) and the > NoNewPrivileges=true setting in the service file explicitly disables > this (look in man systemd.exec). This settings appears to be new in 2.3[1]. > > What is somewhat infuriating is that this behaviour change is not > mentioned in the release notes/upgrade notes and the commit that > introduces the change changes multiple things and it doesn't explain why > things are changed. I'm happy to see service files that try to improve > security in an upstream repository though. > > Does pigeonhole have any options to configure how mail is send when > using "redirect :copy" (possibly more commands, this is just what > triggered it here)? If not, support for injecting mail back via smtp > would be lovely. I'd like to reenable NoNewPrivileges at some point. > > [1] > https://github.com/dovecot/core/commit/563c1e3b45bbb69bc67b75ff7a899699bea18e88#diff-5bbec0a0006d92d441b5c8fa72690f
The submission_host setting should do what you need: https://github.com/dovecot/core/blob/master/doc/example-config/conf.d/15-lda.conf#L20 Regards, Stephan.
