/var/spool/mail permissions: opensmtpd will not deliver

dimich · 2026-04-17 14:48:14

I noticed that local Unix mail stopped being delivered. 'mail' (s-nail) command succeeds but opensmtpd-7.8.0p rejects to lock /var/mail directory (which is symlink to /var/spool/mail):

Apr 17 17:34:35 dimich lockspool[3595]: /var/mail: will not deliver to world-writable spool
Apr 17 17:34:35 dimich mail.local[3594]: lockspool: unable to get lock

Found this discussion upstream: https://github.com/OpenSMTPD/OpenSMTPD/issues/1296

"chmod o-w /var/mail" fixes the issue, but obviously, until next filesystem package update.

Is this filesystem package issue or opensmtpd requirement for non-world-writability is incorrect?

seth · 2026-04-17 15:21:53

"sketchy"?

What about ACLs?
What if smtpd doesn't run as root?
Why not test the ownership of the relevant files in /var/spool/mail ?

but obviously, until next filesystem package update.

https://wiki.archlinux.org/title/System … rary_files

https://gitlab.archlinux.org/archlinux/ … work_items - but if there's conflicting demands this might be better handled w/ a tmpfile snippet in the opensmtp package.

dimich · 2026-04-17 16:55:11

seth wrote:

"sketchy"?

Sorry, didn't get what does it mean in this context.

seth wrote:

What about ACLs?
What if smtpd doesn't run as root?
Why not test the ownership of the relevant files in /var/spool/mail ?

These questions are more to authors of opensmtpd. However, there is the package in official repository which requires manual workaround to work properly.

seth wrote:

but if there's conflicting demands this might be better handled w/ a tmpfile snippet in the opensmtp package.

Shouldn't filesystem package drop /var/mail in this case? Because with tmpfile snippet pacman is not happy:

warning: directory permissions differ on /var/spool/mail/
filesystem: 1775  package: 1777

There are multiple ways to workaround this issue permanently, but I think it's better is to fix the root cause rather than implement workaround. So trying to figure out which package submit the issue to. Or submit to both and let them figure it out themselves?

seth · 2026-04-17 19:58:27

Sorry, didn't get what does it mean in this context.

or opensmtpd requirement for non-world-writability is incorrect?

I don't think there's a "correct" answer but don't quite follow their reasoning (hence the questions put up)

Because with tmpfile snippet pacman is not happy:

You're creating a conflicting situation, as long as all you get out of that is a warning/reminder, that's probably even desirable.

Or submit to both and let them figure it out themselves?

Submit to opensmtp (the immediate offender) and have them decide whether they want to punt to the filesystem package and then watch them fight to the death!!!
This might trigger upstream to review their position - another solution would be for opensmtp to create and use 755 /var/spool/mail/opensmtp

dimich · 2026-04-18 06:31:20

Thanks, seth.
https://gitlab.archlinux.org/archlinux/ … rk_items/7

Arch Linux

#1 2026-04-17 14:48:14

/var/spool/mail permissions: opensmtpd will not deliver

#2 2026-04-17 15:21:53

Re: /var/spool/mail permissions: opensmtpd will not deliver

#3 2026-04-17 16:55:11

Re: /var/spool/mail permissions: opensmtpd will not deliver

#4 2026-04-17 19:58:27

Re: /var/spool/mail permissions: opensmtpd will not deliver

#5 2026-04-18 06:31:20

Re: /var/spool/mail permissions: opensmtpd will not deliver

Board footer