search

NixOS / nixpkgs

Nix Packages collection & NixOS
MIT License
17.37k stars 13.59k forks source link

mail (GNU Mailutils) can't send messages from systemd service via Postfix as local MTA #90248

Open caadar opened 4 years ago

caadar commented 4 years ago

Bug description In some cases, someone need to send mails from systemd services. The mail utility (from GNU Mailutils) may be used for such things. But it failes when local MTA is Postfix.

The service stuck with the following:

● test.service - test
     Loaded: loaded (/home/user1/.local/share/systemd/user/test.service; static; vendor preset: enabled)
     Active: activating (start) since Thu 2020-06-11 09:27:48 MSK; 11s ago
   Main PID: 15272 (bash)
     CGroup: /user.slice/user-1000.slice/user@1000.service/test.service
             ├─15272 /run/current-system/sw/bin/bash -c echo test | mail user1@localhost
             ├─15274 /run/current-system/sw/bin/mail user1@localhost
             ├─15276 sendmail -oi -f user1@localhost.localdomain -t
             └─15278 /nix/store/jjpmcv3dqjyszaqzqbjka3dyxd4hi7jc-postfix-3.4.10/bin/postdrop -r

Jun 11 09:27:48 localhost systemd[3048]: Starting test...
Jun 11 09:27:48 localhost postfix/postdrop[15278]: warning: mail_queue_enter: create file maildrop/356084.15278: Permission denied
Jun 11 09:27:58 localhost postfix/postdrop[15278]: warning: mail_queue_enter: create file maildrop/356197.15278: Permission denied

The main question here is why unwrapped postdrop started here, not expected /run/wrappers/bin/postdrop?

To Reproduce Steps to reproduce the behavior:

  1. Create test systemd service unit: 
    
[Unit]
Description=test

[Service] Type=oneshot Environment=PATH=/run/current-system/sw/bin/ ExecStart=/run/current-system/sw/bin/bash -c "echo test | mail user1@localhost"

2. `systemctl --user start test.service`
3. `systemctl --user status test.service`

**Expected behavior**

`ExecStart=/run/current-system/sw/bin/bash -c "echo test | mail user1@localhost"` send mail message on systemd service start.

**Additional context**

`echo test | mail user1@localhost` from command line works as expected.

Workarounds:

1. Use

ExecStart=/run/current-system/sw/bin/bash -c "echo test | /run/wrappers/bin/sendmail user1@localhost"


2. OpenSMTPd just works.

**Metadata**
`nix-shell -p nix-info --run "nix-info -m"` output:
stale[bot] commented 3 years ago

I marked this as stale due to inactivity. → More info

Stunkymonkey commented 1 year ago

Have you tried readWritePaths settings? I had the same problem. in my case it was: ReadWritePaths = ["/var/lib/postfix/queue/maildrop/"];

goebeler commented 8 months ago

I know this is old but I have just had the same Problem, google led me here and the solution was a little different, so I thought I'd share what helped in my case:

In my case, the service in question (borgmatic backup) had the following capability limitations set in its unit:

CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW

which, as far as I understand, did not allow the process to create files on disc at all. So if that's the case add the required capabilties or comment that line, which might have security implications.

mxjeff commented 4 months ago

[…] In my case, the service in question (borgmatic backup) had the following capability limitations set in its unit:

CapabilityBoundingSet=CAP_DAC_READ_SEARCH CAP_NET_RAW

which, as far as I understand, did not allow the process to create files on disc at all. So if that's the case add the required capabilties or comment that line, which might have security implications.

Thanks, adding CAP_DAC_OVERRIDE to an override conf fragment solve the issue for me with borgmatic :)