Haraka
Haraka copied to clipboard
haraka
Haraka creates directory `queue` with root privileges instead of correct dropped-down privilege
Describe the bug
Haraka creates directory queue with root privileges instead of correct dropped-down privilege.
11:15:21 root@aprilg Haraka ±|✔|→ ls -al
total 556
drwxrwxr-x 1 haraka haraka 808 Dec 7 11:15 .
drwx------ 1 haraka haraka 252 Dec 7 10:40 ..
drwxrwxr-x 1 haraka haraka 34 Dec 6 10:41 bin
-rw-rw-r-- 1 haraka haraka 71648 Dec 6 10:41 Changes.md
drwxrwxr-x 1 haraka haraka 714 Dec 7 11:11 config
-rw-rw-r-- 1 haraka haraka 68619 Dec 7 08:07 connection.js
drwxrwxr-x 1 haraka haraka 218 Dec 6 10:41 contrib
-rw-rw-r-- 1 haraka haraka 6149 Dec 6 10:41 CONTRIBUTORS.md
-rw-rw-r-- 1 haraka haraka 1790 Dec 6 10:41 Dockerfile
drwxrwxr-x 1 haraka haraka 346 Dec 6 10:41 docs
-rw-rw-r-- 1 haraka haraka 165 Dec 6 10:41 .editorconfig
-rw-rw-r-- 1 haraka haraka 2109 Dec 6 10:41 endpoint.js
-rw-rw-r-- 1 haraka haraka 678 Dec 6 10:41 eslint.config.mjs
drwxrwxr-x 1 haraka haraka 158 Dec 7 11:14 .git
drwxrwxr-x 1 haraka haraka 196 Dec 6 10:41 .github
-rw-rw-r-- 1 haraka haraka 382 Dec 6 10:41 .gitignore
-rw-rw-r-- 1 haraka haraka 85 Dec 6 10:41 .gitmodules
-rw-rw-r-- 1 haraka haraka 2094 Dec 6 10:41 haraka.js
-rwxrwxr-x 1 haraka haraka 48 Dec 6 10:41 haraka.sh
-rw-rw-r-- 1 haraka haraka 5381 Dec 6 10:41 host_pool.js
drwxrwxr-x 1 haraka haraka 32 Dec 6 10:41 http
-rw-rw-r-- 1 haraka haraka 55 Dec 6 10:41 .lgtm.yml
-rw-rw-r-- 1 haraka haraka 1078 Dec 6 10:41 LICENSE
-rw-rw-r-- 1 haraka haraka 1254 Dec 6 10:41 line_socket.js
-rw-rw-r-- 1 haraka haraka 9229 Dec 6 10:41 logger.js
drwxrwxr-x 1 haraka haraka 8438 Dec 7 09:04 node_modules
-rw-rw-r-- 1 haraka haraka 155 Dec 6 10:41 .npmignore
drwxrwxr-x 1 haraka haraka 204 Dec 6 10:41 outbound
-rw-rw-r-- 1 haraka haraka 3912 Dec 7 09:04 package.json
-rw-rw-r-- 1 haraka haraka 199694 Dec 7 09:04 package-lock.json
drwxrwxr-x 1 haraka haraka 502 Dec 7 08:10 plugins
-rw-rw-r-- 1 haraka haraka 19781 Dec 6 10:41 plugins.js
-rw-rw-r-- 1 haraka haraka 17950 Dec 6 10:41 Plugins.md
-rw-rw-r-- 1 haraka haraka 4660 Dec 6 10:41 README.md
drwxrwxr-x 1 haraka haraka 0 Dec 6 10:41 .release
-rwxrwxr-x 1 haraka haraka 173 Dec 7 11:03 restart.sh
-rw-rw-r-- 1 haraka haraka 3084 Dec 6 10:41 rfc1869.js
-rwxrwxr-x 1 haraka haraka 119 Dec 6 10:41 run_tests
-rw-rw-r-- 1 haraka haraka 19988 Dec 6 10:41 server.js
-rw-rw-r-- 1 haraka haraka 17540 Dec 6 10:41 smtp_client.js
drwxrwxr-x 1 haraka haraka 494 Dec 6 10:41 test
-rw-rw-r-- 1 haraka haraka 22032 Dec 6 10:41 tls_socket.js
-rw-rw-r-- 1 haraka haraka 1023 Dec 6 10:41 TODO
-rw-rw-r-- 1 haraka haraka 8683 Dec 6 10:41 transaction.js
11:15:22 root@aprilg Haraka ±|✔|→ cat restart.sh
#!/bin/bash
killall /opt/haraka/.nvm/versions/node/v24.11.1/bin/node
rm /var/log/haraka.log /var/run/haraka.pid
/opt/haraka/.nvm/versions/node/v24.11.1/bin/node haraka.js
11:15:27 root@aprilg Haraka ±|✔|→ ./restart.sh
/opt/haraka/.nvm/versions/node/v24.11.1/bin/node: no process found
WARNING: Not running installed Haraka - command line arguments ignored
loaded TLD files:
1=1443
2=7571
3=3661
loaded 9753 Public Suffixes
loglevel: DEBUG
log format: DEFAULT
[WARN] [-] [server] smtp.ini.nodes unset, using 1, see https://github.com/haraka/Haraka/wiki/Performance-Tuning
Starting up Haraka version 3.1.1
[DEBUG] [-] [plugins] Loading
[INFO] [-] [plugins] loading auth-imap
[DEBUG] [-] [plugins] no timeout in auth-imap.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin auth-imap timeout is: 30s
[DEBUG] [-] [plugins] no timeout in auth/auth_base.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin auth/auth_base timeout is: 30s
[DEBUG] [-] [plugins] registered hook capabilities to auth-imap.hook_capabilities priority 0
[DEBUG] [-] [plugins] registered hook unrecognized_command to auth-imap.hook_unrecognized_command priority 0
[INFO] [-] [plugins] loading dovecot
[DEBUG] [-] [plugins] no timeout in dovecot.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin dovecot timeout is: 30s
[DEBUG] [-] [plugins] registered hook rcpt to dovecot.check_rcpt_on_dovecot priority 0
[DEBUG] [-] [plugins] registered hook mail to dovecot.check_mail_on_dovecot priority 0
[INFO] [-] [plugins] loading mail_from.is_resolvable
[DEBUG] [-] [plugins] no timeout in mail_from.is_resolvable.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin mail_from.is_resolvable timeout is: 30s
[DEBUG] [-] [plugins] registered hook mail to mail_from.is_resolvable.hook_mail priority 0
[INFO] [-] [plugins] loading rcpt_to.in_host_list
[DEBUG] [-] [plugins] no timeout in rcpt_to.in_host_list.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin rcpt_to.in_host_list timeout is: 30s
[DEBUG] [-] [plugins] no timeout in rcpt_to.host_list_base.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin rcpt_to.host_list_base timeout is: 30s
[DEBUG] [-] [plugins] registered hook rcpt to rcpt_to.in_host_list.hook_rcpt priority 0
[DEBUG] [-] [plugins] registered hook mail to rcpt_to.in_host_list.hook_mail priority 0
[INFO] [-] [plugins] loading rspamd
[DEBUG] [-] [plugins] no timeout in rspamd.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin rspamd timeout is: 30s
[DEBUG] [-] [plugins] registered hook data_post to rspamd.hook_data_post priority 0
[INFO] [-] [plugins] loading queue/lmtp
[DEBUG] [-] [plugins] no timeout in queue/lmtp.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin queue/lmtp timeout is: 30s
[DEBUG] [-] [plugins] registered hook get_mx to queue/lmtp.hook_get_mx priority 0
[DEBUG] [-] [plugins] registered hook queue to queue/lmtp.hook_queue priority 0
[INFO] [-] [plugins] loading queue/smtp_forward
[DEBUG] [-] [plugins] no timeout in queue/smtp_forward.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin queue/smtp_forward timeout is: 30s
[DEBUG] [-] [plugins] registered hook queue to queue/smtp_forward.queue_forward priority 0
[DEBUG] [-] [plugins] registered hook queue_outbound to queue/smtp_forward.queue_forward priority 0
[DEBUG] [-] [plugins] registered hook get_mx to queue/smtp_forward.get_mx priority 0
[INFO] [-] [plugins] loading redis
[DEBUG] [-] [plugins] no timeout in redis.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin redis timeout is: 30s
[DEBUG] [-] [plugins] registered hook init_master to redis.init_redis_shared priority 0
[DEBUG] [-] [plugins] registered hook init_child to redis.init_redis_shared priority 0
[INFO] [-] [plugins] loading save-sent
[DEBUG] [-] [plugins] no timeout in save-sent.timeout
[DEBUG] [-] [plugins] no timeout in plugin_timeout
[DEBUG] [-] [plugins] plugin save-sent timeout is: 30s
[DEBUG] [-] [save-sent] === Plugin registration starting ===
[DEBUG] [-] [save-sent] Loading save_sent.hjson configuration
[INFO] [-] [save-sent] Loaded config
[DEBUG] [-] [save-sent] Config details: {
"duplicate_to_sender_flag_name": "X-Save_to_mailbox",
"duplicate_to_sender_flag_value": "ServerSent",
"security_token_name": "X-Save_to_mailbox_token",
"redis_hash_name": "haraka-save-sent"
}
[DEBUG] [-] [save-sent] Outbound module loaded
[DEBUG] [-] [plugins] registered hook data_post to save-sent.security_inspection priority 0
[DEBUG] [-] [save-sent] Registered hook: data_post -> security_inspection
[DEBUG] [-] [plugins] registered hook queue_ok to save-sent.duplicate_to_sender priority 0
[DEBUG] [-] [save-sent] Registered hook: queue_ok -> duplicate_to_sender
[DEBUG] [-] [save-sent] === Plugin registration complete ===
[DEBUG] [-] [server] running init_master hooks
[DEBUG] [-] [server] running init_master hook in redis plugin
[INFO] [-] [redis] connected to redis://localhost:6380
[DEBUG] [-] [server] hook=init_master plugin=redis function=init_redis_shared params="" retval=CONT msg=""
[DEBUG] [-] [outbound/queue] Creating queue directory /opt/haraka/Haraka/queue
[NOTICE] [-] [server] Daemonizing...
11:15:30 root@aprilg Haraka ±|✔|→ ls -al
total 556
drwxrwxr-x 1 haraka haraka 818 Dec 7 11:15 .
drwx------ 1 haraka haraka 252 Dec 7 10:40 ..
drwxrwxr-x 1 haraka haraka 34 Dec 6 10:41 bin
-rw-rw-r-- 1 haraka haraka 71648 Dec 6 10:41 Changes.md
drwxrwxr-x 1 haraka haraka 714 Dec 7 11:11 config
-rw-rw-r-- 1 haraka haraka 68619 Dec 7 08:07 connection.js
drwxrwxr-x 1 haraka haraka 218 Dec 6 10:41 contrib
-rw-rw-r-- 1 haraka haraka 6149 Dec 6 10:41 CONTRIBUTORS.md
-rw-rw-r-- 1 haraka haraka 1790 Dec 6 10:41 Dockerfile
drwxrwxr-x 1 haraka haraka 346 Dec 6 10:41 docs
-rw-rw-r-- 1 haraka haraka 165 Dec 6 10:41 .editorconfig
-rw-rw-r-- 1 haraka haraka 2109 Dec 6 10:41 endpoint.js
-rw-rw-r-- 1 haraka haraka 678 Dec 6 10:41 eslint.config.mjs
drwxrwxr-x 1 haraka haraka 158 Dec 7 11:14 .git
drwxrwxr-x 1 haraka haraka 196 Dec 6 10:41 .github
-rw-rw-r-- 1 haraka haraka 382 Dec 6 10:41 .gitignore
-rw-rw-r-- 1 haraka haraka 85 Dec 6 10:41 .gitmodules
-rw-rw-r-- 1 haraka haraka 2094 Dec 6 10:41 haraka.js
-rwxrwxr-x 1 haraka haraka 48 Dec 6 10:41 haraka.sh
-rw-rw-r-- 1 haraka haraka 5381 Dec 6 10:41 host_pool.js
drwxrwxr-x 1 haraka haraka 32 Dec 6 10:41 http
-rw-rw-r-- 1 haraka haraka 55 Dec 6 10:41 .lgtm.yml
-rw-rw-r-- 1 haraka haraka 1078 Dec 6 10:41 LICENSE
-rw-rw-r-- 1 haraka haraka 1254 Dec 6 10:41 line_socket.js
-rw-rw-r-- 1 haraka haraka 9229 Dec 6 10:41 logger.js
drwxrwxr-x 1 haraka haraka 8438 Dec 7 09:04 node_modules
-rw-rw-r-- 1 haraka haraka 155 Dec 6 10:41 .npmignore
drwxrwxr-x 1 haraka haraka 204 Dec 6 10:41 outbound
-rw-rw-r-- 1 haraka haraka 3912 Dec 7 09:04 package.json
-rw-rw-r-- 1 haraka haraka 199694 Dec 7 09:04 package-lock.json
drwxrwxr-x 1 haraka haraka 502 Dec 7 08:10 plugins
-rw-rw-r-- 1 haraka haraka 19781 Dec 6 10:41 plugins.js
-rw-rw-r-- 1 haraka haraka 17950 Dec 6 10:41 Plugins.md
drwxr-xr-x 1 root root 0 Dec 7 11:15 queue
-rw-rw-r-- 1 haraka haraka 4660 Dec 6 10:41 README.md
drwxrwxr-x 1 haraka haraka 0 Dec 6 10:41 .release
-rwxrwxr-x 1 haraka haraka 173 Dec 7 11:03 restart.sh
-rw-rw-r-- 1 haraka haraka 3084 Dec 6 10:41 rfc1869.js
-rwxrwxr-x 1 haraka haraka 119 Dec 6 10:41 run_tests
-rw-rw-r-- 1 haraka haraka 19988 Dec 6 10:41 server.js
-rw-rw-r-- 1 haraka haraka 17540 Dec 6 10:41 smtp_client.js
drwxrwxr-x 1 haraka haraka 494 Dec 6 10:41 test
-rw-rw-r-- 1 haraka haraka 22032 Dec 6 10:41 tls_socket.js
-rw-rw-r-- 1 haraka haraka 1023 Dec 6 10:41 TODO
-rw-rw-r-- 1 haraka haraka 8683 Dec 6 10:41 transaction.js
Expected behavior
queue should be created in user haraka as specified in config/smtp.ini:
11:14:52 haraka@aprilg Haraka ±|local ✗|→ cat config/smtp.ini | grep haraka
user=haraka
group=haraka
; Ref: https://github.com/haraka/Haraka/wiki/Performance-Tuning
daemon_log_file=/var/log/haraka.log
daemon_pid_file=/var/run/haraka.pid
;spool_dir=/var/spool/haraka
Observed behavior
queue is owned by root
Steps To Reproduce
Haven't tried
System Info
Please report your OS, Node version, and Haraka version by running this shell script on your Haraka server and replacing this section with the output.
11:18:23 haraka@aprilg Haraka ±|local ✗|→ echo "Haraka | $(haraka -v)"; echo " --- | :--- "; echo "Node | $(node -v)"; echo "OS | $(uname -a)"; echo "openssl | $(openssl version)"
bash: haraka: command not found
Haraka |
--- | :---
Node | v24.11.1
OS | Linux aprilg 6.12.57+deb13-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.57-1 (2025-11-05) x86_64 GNU/Linux
openssl | OpenSSL 3.5.4 30 Sep 2025 (Library: OpenSSL 3.5.4 30 Sep 2025)
11:19:19 haraka@aprilg Haraka ±|local ✗|→ git log | head -n 20
commit 0b9db548980d48dcfba8a41004f1ab238769b156
Author: Girish Ramakrishnan <[email protected]>
Date: Sat Nov 22 16:24:31 2025 +0100
configurable outbound IPv4/IPv6 preference using `inet_prefer` (#3502)
commit 574a8e1e96d26730baa0ee9dcf61c0c7bfeda357
Author: Matt Simerson <[email protected]>
Date: Fri Nov 21 17:02:04 2025 -0800
[Snyk] Upgrade redis from 5.8.3 to 5.9.0 (#3492)
commit ab5164d5c533141f28607016d9d98a7848e6b758
Author: Girish Ramakrishnan <[email protected]>
Date: Thu Nov 20 18:46:24 2025 +0100
### Additional context
Add any other context about the problem here.
outbound: pass the failed addresses and mx information to deferred hook (#3505)
commit 8b56c761aabd201a4cdfb1a54e06755ddea4acc4
Author: lmacayo <[email protected]>
