dma -- sending mail from non-root to non-root

Bill Hacker wbh at
Fri May 23 12:21:39 PDT 2008

Michael Krauss (by way of Michael Krauss <hippodriver at>) wrote:
Hello DragonFly experts,

I am running into problems when sending mail from one unprivileged user
to another with the DragonFly Mail Agent. 

Actually I want to run dma on Arch Linux. Porting the program itself
was not a problem at all, it is running now, but suffering the same
mail folder access problems as on DragonFly BSD. On Arch Linux it is
getting even worse as no mail folder is automatically created for a
new user account. Here is a protocol from DragonFly 1.12.2:

Experience from a totally unrelated direction;

Though I don't actually use /var/mail for mailstore (separate RAID1 
array) 'system' thingies don't always know that, so...

- my /var/mail is owned by <mta_UID>:<mta_GID>

--- *all* of the critters that have need to use /var/mail/~ are made 
members of the same group as the MTA (usually 'mail').

That includes my MTA, IMAP, SpamAssassin, ClamAV, Webmail, etc ....

With 'appropriate' perms and umasks for owner, group, and world you 
should not need to grant root privs for /var/mail to create, deliver to, 
retrieve from or otherwise manipulate that area.

Two Caveats:

-- *other* subdirs of /var/ are another matter....

-- shell-account holders and system daemon-runners other-than root *may* 
need to also be members of the 'mail' group, IF they use on-box mail (as 
DMA does, by plan).

In our case we:

A) never have more than three shell accounts - the sysadmins.

B) never use shell accounts for mail, give them addresses, or send them 
mail. Even 'postmaster@~' is in the same DB as 'virtual' users and is 
relayed off-box ro whomever has the con.

OTOH - what we run primarily is mail servers, so we have a 'proper' MTA.

IOW - The short answer is that there is no special reason that /var/mail 
 needs to be owned by root:wheel

which should solve your problem...


Bill Hacker


More information about the Users mailing list