Helo, First I want to present a little background story, before I ask the question :)
I have a web script on my server that sends mail to some recipient address external to my server. The mail is sent with the webserver user (www-data) as a sender. Recently that external recipient address happened to reject mail due to some misconfiguration, and my Postfix tried to send a DSN to www-data user on my server, which failed due to lack of permissions to create a Maildir subdirectory in /var/www (which is the home directory for www-data). I got the following in my mail log: Nov 20 16:31:07 rafa postfix/bounce[20789]: 4ABDC44D4C: sender non-delivery notification: 9DF0D446D0 Nov 20 16:31:07 rafa postfix/local[20792]: warning: maildir access problem for UID/GID=33/33: create maildir file /var/www/Maildir/tmp/1668958267.P20792.rafa: Permission denied Nov 20 16:31:07 rafa postfix/local[20792]: warning: perhaps you need to create the maildirs in advance Nov 20 16:31:07 rafa postfix/local[20792]: 9DF0D446D0: to=<www-d...@rafa.eu.org>, relay=local, delay=0.05, delays=0.01/0.01/0/0.03, dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file /var/www/Maildir/tmp/1668958267.P20792.rafa: Permission denied) Here is my first question: why Postfix tried to create Maildir in /var/www (actual home directory taken from /etc/passwd), if it has the following entries in main.cf: home_mailbox = Maildir/ mail_spool_directory = /home/ Shouldn't it try to create the Maildir in /home/www-data in that case? I supposed it would do so, and because such a directory doesn't exist, the attempt would obviously fail. If Postfix tries to create Maildirs in actual home directories specified in /etc/passwd, then there's another, more important question. In this case it was good that there were no permissions and the Maildir was not created. However, some system users do have write access to their home directory. For example, the "statd" user has write access to its home directory, which is is /var/lib/nfs, so if someone sends mail to "st...@example.com", unwanted files and directories may be created in /var/lib/nfs, which isn't necessarily something good :) This leads to the following question: Does local(8) implement any form of preventing mail delivery to system users (that is, users below certain UID threshold - for example 1000 in Debian - except root, which should be able to receive mail)? I see no mentions in documentation about such a thing. In config description, I can only find a parameter "virtual_minimum_uid", which is for virtual(8) delivery agent only, but there seems to be nothing similar for local(8). So, if one is using Maildirs (which is pretty common nowadays), there's a danger of messing up working directory of some system daemon just by sending mail to the user corresponding to that daemon. If I want to protect system users' directories from being messed up, is there any "smart" way to do it, besides creating explicit access restrictions for all those recipients, or aliasing those recipients to eg. /dev/null ? (which is not "smart", because if a new system user appears in your system - eg. due to installation of some package - you have to manually add another restriction or alias to Postfix) -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub."
