Description of problem: I was surprised (on Debian) that OpenSMTPD lost a cron mail that cron managed to submit while smtpd was not running (stopped temporarily for maintenance). I expected smtpd to send it later, when I start it, but the message just kept sitting in /var/spool/smtpd/offline. Then I retested this on Fedora 31, and found that it is also affected. Version-Release number of selected component (if applicable): opensmtpd-6.0.3p1-8 # ls -l /etc/alternatives/mta lrwxrwxrwx 1 root root 28 Nov 29 13:59 /etc/alternatives/mta -> /usr/sbin/sendmail.opensmtpd How reproducible: always Steps to Reproduce: 1. dnf install opensmtpd 2. systemctl start opensmtpd # so that it creates the hierarchy under /var/spool/smtpd 3. systemctl stop opensmtpd # let's pretend it was stopped and forgotten by accident 4. Use a text editor co create a "mail.txt" file, containing some valid mail headers, a blank line, and a body, suitable for submission to sendmail 5. sendmail -f you -t < mail.txt 6. As a user, it says "cannot create temporary file /var/spool/smtpd/offline/1575154903.XXXXMn5Om8: Permission denied". As root, it returns error code 75 and puts the email into /var/spool/smtpd/offline, as expected 7. systemctl start opensmtpd Actual results: the offline message sits in /var/spool/smtpd/offline forever. Expected results: smtpd should pick up the offline message and send it out. Additional info: This has been traced to the fact that the package installs /usr/sbin/smtpctl (pointed to by /usr/sbin/sendmail.opensmtpd) with the wrong permissions. Upstream expects /usr/sbin/smtpctl to be setgid to the same group that owns /var/spool/smtpd/offline, while Fedora's package installs it setgid root. See: # ls -ld /var/spool/smtpd/offline/ drwxrwx--- 2 root smtpq 6 Nov 29 14:04 /var/spool/smtpd/offline/ Upstream code that checks permissions on offline queue files: https://github.com/OpenSMTPD/OpenSMTPD/blob/c139eb1610e931739d6cde4194c9560124b08165/smtpd/smtpd.c#L1604 Upstream fix: https://github.com/OpenSMTPD/OpenSMTPD/commit/e02d05d2ec470899363de4be658aca26de5a2466
FEDORA-EPEL-2020-5f15009f1d has been submitted as an update to Fedora EPEL 8. https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f15009f1d
FEDORA-2020-a861033a4d has been submitted as an update to Fedora 31. https://bodhi.fedoraproject.org/updates/FEDORA-2020-a861033a4d
FEDORA-2020-270ef80e9e has been submitted as an update to Fedora 30. https://bodhi.fedoraproject.org/updates/FEDORA-2020-270ef80e9e
libasr-1.0.4-1.fc30, opensmtpd-6.6.2p1-1.fc30 has been pushed to the Fedora 30 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-270ef80e9e
libasr-1.0.4-1.el8, opensmtpd-6.6.2p1-1.el8 has been pushed to the Fedora EPEL 8 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-EPEL-2020-5f15009f1d
libasr-1.0.4-1.fc31, opensmtpd-6.6.2p1-1.fc31 has been pushed to the Fedora 31 testing repository. If problems still persist, please make note of it in this bug report. See https://fedoraproject.org/wiki/QA:Updates_Testing for instructions on how to install test updates. You can provide feedback for this update here: https://bodhi.fedoraproject.org/updates/FEDORA-2020-a861033a4d
libasr-1.0.4-1.fc30, opensmtpd-6.6.2p1-1.fc30 has been pushed to the Fedora 30 stable repository. If problems still persist, please make note of it in this bug report.
libasr-1.0.4-1.fc31, opensmtpd-6.6.2p1-1.fc31 has been pushed to the Fedora 31 stable repository. If problems still persist, please make note of it in this bug report.
libasr-1.0.4-1.el8, opensmtpd-6.6.2p1-1.el8 has been pushed to the Fedora EPEL 8 stable repository. If problems still persist, please make note of it in this bug report.