Hi,

I propose a simple patch to `/usr/libexec/security` to enhance the 
check_mailboxes function by adding the ability to skip directories and 
specific quota files (quota.user and quota.group). This change improves 
the robustness of the function when handling various mail storage 
configurations.

Motivation

1. Directories in `/var/mail`:
       - It's not uncommon to encounter directories in `/var/mail`. 
These could be:
         - System-generated directories like `lost+found`.
         - Chroot directories, e.g., `/var`, containing isolated 
environments.
         - Virtual mailbox structures, such as `Maildir`, also supported 
by OpenSMTPD for delivering mail.

       These directories should be ignored, as they do not represent 
individual mailboxes and should not interfere with the script's checks.

2. Quota files:
       - Files such as `quota.user` and `quota.group` may be found in 
the same directory and are not directly related to user mailboxes. 
Including them in the checks could lead to unnecessary warnings or errors.

Proposed patch attached.

Regards,
Robert
--- /usr/libexec/security.orig	Wed Mar 20 22:16:22 2024
+++ /usr/libexec/security	Fri Jan  3 13:37:54 2025
@@ -455,6 +455,9 @@ sub check_mailboxes {
    foreach my $name (readdir $dh) {
	next if $name =~ /^\.\.?$/;
	next if $name =~ /.\.lock$/;
+		next if $name eq 'quota.user';
+		next if $name eq 'quota.group';
+		next if -d "$dir/$name";
	my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5];
	unless (defined $mode) {
	    nag !$!{ENOENT}, "stat: $dir/$name: $!";

• security-check_mailboxes-enhancements.diff (470B)