Re: local(8) and blocking delivery to system users?

Sun, 20 Nov 2022 11:13:09 -0800 

Jaroslaw Rafa:
> Helo,
> 
> First I want to present a little background story, before I ask the question
> :)
> 
> I have a web script on my server that sends mail to some recipient address
> external to my server. The mail is sent with the webserver user (www-data)
> as a sender. Recently that external recipient address happened to reject
> mail due to some misconfiguration, and my Postfix tried to send a DSN to
> www-data user on my server, which failed due to lack of permissions to
> create a Maildir subdirectory in /var/www (which is the home directory for
> www-data). I got the following in my mail log:
> 
> Nov 20 16:31:07 rafa postfix/bounce[20789]: 4ABDC44D4C: sender non-delivery 
> notification: 9DF0D446D0
> Nov 20 16:31:07 rafa postfix/local[20792]: warning: maildir access problem 
> for UID/GID=33/33: create maildir file 
> /var/www/Maildir/tmp/1668958267.P20792.rafa: Permission denied
> Nov 20 16:31:07 rafa postfix/local[20792]: warning: perhaps you need to 
> create the maildirs in advance
> Nov 20 16:31:07 rafa postfix/local[20792]: 9DF0D446D0: 
> to=<www-d...@rafa.eu.org>, relay=local, delay=0.05, delays=0.01/0.01/0/0.03, 
> dsn=5.2.0, status=bounced (maildir delivery failed: create maildir file 
> /var/www/Maildir/tmp/1668958267.P20792.rafa: Permission denied)
> 
> Here is my first question: why Postfix tried to create Maildir in /var/www
> (actual home directory taken from /etc/passwd), if it has the following
> entries in main.cf:
> 
> home_mailbox = Maildir/

The home_mailbox is relative to the home direrctory (/var/www).

> Does local(8) implement any form of preventing mail delivery to system users
> (that is, users below certain UID threshold - for example 1000 in Debian -
> except root, which should be able to receive mail)? I see no mentions in
> documentation about such a thing. In config description, I can only find a
> parameter "virtual_minimum_uid", which is for virtual(8) delivery agent
> only, but there seems to be nothing similar for local(8).

Postfix does not know what range of UIDs is for real users. 
Not all the world is Linux.

If an address should not receive mail, set up a transport map that
resolves to "error: this user does not receive email".

        Wietse

Reply via email to