postfix/postdrop warning: mail_queue_enter: create file maildrop: Permission denied

[binarydad]

Describe the bug

I noticed these logs are happening non-stop when I view syslog or journalctl -u mastodon-sidekiq. After a while, I stop getting updates in my mastodon timeline. I would restart the mastodon-sidekiq service but the errors keep coming back. I feel this happened recently. Server reboots do not help.

Context

I am using Mastodon 3.4.6 installed via Yunohost 4.3.6.2 on Debian 10.

[binarydad]

I tried this, and while it seems to have fix/stopped the "permission denied" errors, I'll wait to see if I'm still getting new posts showing on my feed.

http://linuxhostingsupport.net/blog/postdrop-mail_queue_enter-create-file-maildrop-permission-denied

EDIT: never mind, they came back

[binarydad]

Still having issues a flood of these logs. Seems something changed with service permissions in 3.4.4 for the sidekiq service?

[binarydad]

I see some search results relating to the changing of NoNewPrivileges setting of "yes" and the issue I'm seeing. This cooresponds to a change that was made probably around the time I started noticing the issue.

https://github.com/YunoHost-Apps/mastodon_ynh/commit/a40b4e0e0b05ff40ab10f749435e880322ea9ba6#diff-5bfcde32f711f5d80d27c97fbd04a0457ae6ef48081cee9507b155f6311209ec

[binarydad]

Alright, since my last post I've tried removing the newly-added change linked above and the errors no longer happen. If they somehow still come back after posting this, I'll follow up, but usually it would have come back by now. I guess the changes in that commit enforce security policies that don't go well with postfix, as I've already confirmed the folders have the proper permissions.

FYI, I found info about this here: https://linux.m2osw.com/snapwebsites-postfixpostdrop18189-warning-mailqueueenter-create-file-maildrop25937318189-permission

I edited the service file for sidekiq: sudo systemctl edit --full mastodon-sidekiq.service and commented out the lines:

[binarydad]

Just to note, I have not vetted all of these settings to know what, if any, to keep. All I know is a change was made to include these and, as a whole, caused the issue. If there are settings that need to be kept, but still alleviate the issue, please comment.