#867121 courier-mta: Removal of courier-maildrop breaks "maildropfilter" functionality

Package:
courier-mta
Source:
courier
Description:
Courier mail server - ESMTP daemon
Submitter:
Dave Platt
Date:
2025-04-16 20:21:03 UTC
Severity:
important
#867121#5
Date:
2017-07-03 23:11:30 UTC
From:
To:
Dear Maintainer,

*** Reporter, please consider answering these questions, where appropriate ***

   * What led up to the situation?
   * What exactly did you do (or not do) that was effective (or
     ineffective)?
   * What was the outcome of this action?
   * What outcome did you expect instead?

*** End of the template - remove these template lines ***

The removal of the courier-specific "courier-maildrop"
program, and the decision to switch courier-mta to use the
standard version of "maildrop", has broken the "maildropfilter"
feature which is used to provide spam filtering during SMTP.

The version of maildrop included with (and previously built
and packaged with) courier-mta, includes some special functionality
required to operate in "embedded" mode.  In particular, courier
passes the destination user's UID and GID to maildrop via the
special option "-D uidvalue/gidvalue", and this is used to
provide proper access restrictions when maildrop is reading
the filter files during the SMTP session.

The standard version of maildrop does not recognize or support
this option.  This causes SMTP sessions to fail, if maildrop-
based filtering is specified in the courier configuration:  it
results in a "511" error with a complaint from maildrop.  The
mail bounces.

There is no way to override the inclusion of the "-D uid/gid"
option when the maildrop filter is invoked - it's hardcoded into
that section of courier-mta.

From looking briefly at the maildrop code included with courier-mta
I can see that there's a fair amount of code there which is needed
for embedded-mode operation and which is probably "compiled out" of
the standard version of maildrop.

So, Debian Stretch users of courier-mta have an unfortunate
choice to make - either give up SMTP-time spam filtering
(which is _really_ important these days), hand-build a new
courier-specific version of maildrop from the Debian sources,
or revert back to an older courier-mta package.

I can understand why you'd want to simplify the courier-mta
package by not building its custom version of maildrop, but
I'm afraid that by doing so you've broken a significant aspect
of Courier's functionality.

#867121#10
Date:
2020-11-16 06:36:36 UTC
From:
To:
I have xpecting issues with the courier due this bug of maildrop.. cos we
cannot follow courier upstream recommendations..
I ask about that upstream..

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

#867121#15
Date:
2020-11-16 08:02:11 UTC
From:
To:
The maildrop package in debian is severely out of sync and outdated:

First of all stop of "Upstream is not willing to add another feature",
seems people dont understan maildrop are made for courier, and if need
can proposed a fork for that!

Second: **several problems where aborted upstream**, the most
important ones are:
* libs/maildrop/deliver.C (delivery): Always return 75 upon
delivery failure, for the standalone maildrop build. related to #481223
* libs/maildir/maildirmake.c (main): maildirmake's -q option
will create the maildir if it does not exist. related to #501557
* libs/rfc2045/reformime.c (main2): Fix crash when the -s option is
not valid. related to #71625
* rfc2045/reformime.c (main2): fix crash if -x or -X is specified
without the corresponding -s option. related to #71625

A new maildrop pack is required and this must either come from the
same courier sources (#867121) or update the one... this last seems
quite stupid as courier is the official sources of maildrop and
although it is offered separately by the author upstream, unifying it
will improve maintenance from a team, and as you guys notice lack of
interest/avaliable time in the courier suite (reading the last
changelog, seems changes are more to complain with debian package
policy that is innecesary respect real issues)

... and as far as I can see you are looking for the sources in sf
instead of the right place which is the courier oficial download page,
additional while the courier-mta sources are up to date in
salsa-debian, the maildrop one in salsa-debian are too old respect the
mta suite!

while I made my own package on OBS vegnuli home for Devuan and Debian,
is you guys need help i'm a often user of the complete suite and not
just parts or toys of, maildrop can be build with two ways:
 * set GID mail without restricted caller (maildrop)
 * set UID root with restricted caller for courier-mta
   (maildrop-courier) -- missing and the way i set in my package cos
is the need by the original suite the courier-mta


NOTE: Courier maildrop in debian present a very not proper behaviour..
original sources are from courier and any other implementation are
non-related and users can fork the software, cases like #375589 are
not valid cos seems maildrop (as author make it for courier filtering)
is a courier implementation if applies! so any external specific usage
are purely optional

This are related to #910380 (separate makemime from sources) #204187,
#596057 & #375589#26 (bad usage  cos is not made for), #481223
(changed behaviour cos is not made for, what?), #592585 (dovecot
specific crap) and go and go.. seems people thinks that maildrop are
made for others rather than the courier suite... funny please close
all of those package cos seems many of them are not supported by
upstream and community must make a fork in those several cases!

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

#867121#20
Date:
2020-11-17 21:33:07 UTC
From:
To:
for those interesting (cos seems mantainers dont care of courier
packages) https://build.opensuse.org/package/show/home:vegnuli:deploy-vnx1/maildrop
buils and dsc source files for all debians .. including 10 and
testing, and stop to said "that is for olders" dont be stupid

  * New upstream release: Closes #974898
    + Closes: #204187, #596057, #375589, #481223, #592585
    + Closes: #501557, #481223, #716252
    + Updated config file Closes: #861906
  * debian/control:
    + new dependency libidn-dev | libidn11-dev
  * debian/patches:
    - remove 0003-permanent-err.patch merged upstream. Closes: #265399
    + Explicit pass CAT=/bin/cat to configure to make build reproducible
      between merged-usr and non-merged-usr systems. Closes: #915180
    + refresh the Re-added the fix for #82986 Filter directory and files
      being accessible to groups and just check for world-writability.
    + refresh 0004-deliver-extra-newlines.patch, just comment!

#867121#25
Date:
2025-04-16 20:18:10 UTC
From:
To:
I have just taken over maintenance of courier.  I am planning on
looking at the feasibility of restoring the courier-maildrop package,
but probably not until after I have cleaned up most of the other
problems with the packages that we are currently shipping.

#867121#28
Date:
2025-04-16 20:18:10 UTC
From:
To:
I have just taken over maintenance of courier.  I am planning on
looking at the feasibility of restoring the courier-maildrop package,
but probably not until after I have cleaned up most of the other
problems with the packages that we are currently shipping.