Bug 244271

Summary: mail/opensmtpd: 6.6.3p offline functionality is broken because of incorrect permissions
Product: Ports & Packages Reporter: Kamigishi Rei <spambox>
Component: Individual Port(s)Assignee: Dima Panov <fluffy>
Status: Closed FIXED    
Severity: Affects Many People Keywords: needs-patch, needs-qa, regression
Priority: --- Flags: bugzilla: maintainer-feedback? (fluffy)
koobs: merge-quarterly?
Version: Latest   
Hardware: Any   
OS: Any   

Description Kamigishi Rei 2020-02-21 09:49:49 UTC 
6.6.3 seems to have changed the way offline directory is handled. smtpctl has incorrect permissions (with possible security implications):

# ls -l /usr/local/sbin/smtpctl
-r-xr-sr-x  1 root  wheel  222832 Feb 15 08:23 /usr/local/sbin/smtpctl

It has setgid wheel when according to https://github.com/OpenSMTPD/OpenSMTPD/issues/839#issuecomment-371159242 it should be setgid _smtpq.

This results in an error when, for example, PHP mail() is used:

sendmail: cannot create temporary file /var/spool/smtpd/offline/whatever.whatever: Permission denied
Comment 1 Dima Panov freebsd_committer freebsd_triage 2020-04-05 22:22:54 UTC 
(In reply to Kamigishi Rei from comment #0)
Did this issue was gone with 6.6.4 pkg release?
Comment 2 Kamigishi Rei 2020-04-07 10:18:51 UTC 
(In reply to Dima Panov from comment #1)
I think so; the smtpctl binary seems to have correct permissions now.