Bug#408406: glibc malloc checker can abort deliver resulting in bounced mail
severity 408406 important
Sorry, I don't see any reason that this bug should be considered 'grave'.
You've indicated in bug #408450 that the malloc crash is ultimately caused
by libnss-ldap, not by deliver itself. The behavior of the malloc checker
here is reasonable, the behavior of deliver is (while somewhat pathological
in its use of getpwnam) is reasonable, and the behavior of postfix under the
circumstances is reasonable. If you want postfix to defer mail in case of a
deliver failure instead of bouncing it, this is a configuration option
that's available to you, by putting a shell wrapper around deliver to change
the return code if nothing else.
Anyway, I think the real bug is here:
* If a local sender is not a mailer, and if the original and
* local senders differ, record the attempt at forgery.
&& ((sender_ct = name_context(orig_sender)) == NULL
|| sender_ct->ct_uid != real_uid))
(void) fputs("X-Delivered: at request of ", dfp[T_HDR]);
(void) fputs(local_sender, dfp[T_HDR]);
(void) fputs(" on ", dfp[T_HDR]);
(void) fputs(hostname, dfp[T_HDR]);
(void) fputc('\n', dfp[T_HDR]);
This code really shouldn't be hit at all; and it's probably being hit
because 'postfix' isn't recognized as a mailer user. So this problem seems
fixable by adding this user to the list of known "mailer" users.
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.