The problem is that a non-MTA is trying to write something to /var/mail, which is bad.
The OpenBSD developers can't account for every third party's wierd way of doing things; you did the right thing by mailing the developer, but if they can't help you maybe you should switch to a different pop3 server. You're not going to get any constructive answers here that will satisfy you. J Moore wrote: >On Sat, Nov 26, 2005 at 04:51:38PM -0700, the unit calling itself Theo de >Raadt wrote: > > > >>>This leads me to a two-part question: >>>1. Is there an advantage to assigning group ownership of /var/mail to >>>"wheel", or was this choice simply arbitrary? >>> >>>2. To get akpop3d running should I change group ownership of >>>/var/mail to "mail" (rather than giving akpop3d the '-g wheel' >>>option)? >>> >>> > > > >>Locking should (safely) be done by spawing a copy of mail.local >>for the duration of the operation. This is designed to be safe >>even when using NFS spools. >> >>NFS spools are the reason people kept running into trouble >>trying to design something safe. A few years ago we settled >>on this method which is safe. >> >>Lots of mailer programs want direct access to the spool, and will >>do it wrong. Proper locking in an NFS directory like that is hard. >>This makes it easier. >> >> > >Let me see if I've got this straight: > >sendmail uses mail.local to deliver mail to the user's mail spool, and >mail.local uses lock files of the form "username.lock" while it does its >thing with the spool file. > >However, akpop3d doesn't appear to use this form of the lockfile. If >that's the case I don't get the relevance of mail.local. > >I can appreciate that file locking in an NFS directory is hard to do; I >gather then that the answer to Q 1. is that the choice was not >arbitrary. > >If ownership of /var/mail by group "wheel" is not arbitrary, then it >would seem that the answer to Q 2. is to run akpop3d with the option >'-g wheel'. I would have thought that was not the "best" choice as it >entrusts akpop3d with the ability to write anywhere "wheel" is able to - >rather than just /var/mail. > >Analysis, comments? > >Thnx, >Jay [demime 1.01d removed an attachment of type application/x-pkcs7-signature which had a name of smime.p7s]
