On Wed, Oct 28, 2020 at 09:01:38AM -0700, PGNet Dev wrote:
> Oct 28 15:02:40 svr019 postfix/postdrop[64624]: warning:
> mail_queue_enter: create file maildrop/553726.64624: Permission denied
> Oct 28 15:02:45 svr019 postfix/postdrop[32688]: warning:
> mail_queue_enter: create file maildrop/766615.32688: Permission denied
Barring interference from SELinux or AppArmour, ... this should not
happen unless file permissions change. Correct file permissions are set
via "postfix set-permissions" (at package install time) and should not
change thereafter.
For reference, on my system:
$ postconf setgid_group
setgid_group = maildrop
$ ls -ld /var/spool/postfix/maildrop
drwx-wx--- 2 postfix maildrop 2 Oct 28 12:52 /var/spool/postfix/maildrop
$ ls -l /usr/local/sbin/postdrop
-rwxr-sr-x 1 root maildrop 41656 Oct 25 03:44 /usr/local/sbin/postdrop
Provided that setgid bit and group of the postdrop executable
allows it to write to /var/spool/postfix/maildrop, and all
parent directories have "x" for all users, all should work.
If /, /var, /var/spool, /var/spool/postfix are not world-accessible
(x bit for "other"), or if /var/spool/maildrop is not group-wx, or
postdrop is not setgid, or has the wrong group, then things don't
work.
Of course if SELinux et. al, decide to intervene, then you have to
fix the relevant settings.
--
Viktor.
