From: Robert Subject: security(8): Enhance check_mailboxes to skip directories and quota files To: tech@openbsd.org Date: Fri, 3 Jan 2025 15:21:21 +0100 Hi, I propose a simple patch to `/usr/libexec/security` to enhance the check_mailboxes function by adding the ability to skip directories and specific quota files (quota.user and quota.group). This change improves the robustness of the function when handling various mail storage configurations. Motivation 1. Directories in `/var/mail`: - It's not uncommon to encounter directories in `/var/mail`. These could be: - System-generated directories like `lost+found`. - Chroot directories, e.g., `/var`, containing isolated environments. - Virtual mailbox structures, such as `Maildir`, also supported by OpenSMTPD for delivering mail. These directories should be ignored, as they do not represent individual mailboxes and should not interfere with the script's checks. 2. Quota files: - Files such as `quota.user` and `quota.group` may be found in the same directory and are not directly related to user mailboxes. Including them in the checks could lead to unnecessary warnings or errors. Proposed patch attached. Regards, Robert --- /usr/libexec/security.orig Wed Mar 20 22:16:22 2024 +++ /usr/libexec/security Fri Jan 3 13:37:54 2025 @@ -455,6 +455,9 @@ sub check_mailboxes { foreach my $name (readdir $dh) { next if $name =~ /^\.\.?$/; next if $name =~ /.\.lock$/; + next if $name eq 'quota.user'; + next if $name eq 'quota.group'; + next if -d "$dir/$name"; my ($mode, $fuid, $fgid) = (stat "$dir/$name")[2,4,5]; unless (defined $mode) { nag !$!{ENOENT}, "stat: $dir/$name: $!";