Existing tests are failing:

not ok 30 [Getmail] debug-getmail works as expected in 565ms
# (from function `assert_line' in file test/test_helper/bats-assert/src/assert_line.bash, line 219,
#  in test file test/tests/parallel/set1/getmail.bats, line 58)
#   `assert_line --regexp 'retriever:.*SimpleIMAPSSLRetriever\(ca_certs="None", certfile="None", getmaildir="\/tmp\/docker-mailserver\/getmail", imap_on_delete="None", imap_search="None", keyfile="None", mailboxes="\(.*INBOX.*\)", move_on_delete="None", ***, password_command="\(\)", port="993", record_mailbox="True", server="imap.remote-service.test", ssl_cert_hostname="None", ssl_ciphers="None", ssl_fingerprints="\(\)", ssl_version="None", timeout="180", use_cram_md5="False", use_kerberos="False", use_peek="True", use_xoauth2="False", username="user3"\)'' failed
#
# -- no output line matches regular expression --
# regexp : retriever:.*SimpleIMAPSSLRetriever\(ca_certs="None", certfile="None", getmaildir="\/tmp\/docker-mailserver\/getmail", imap_on_delete="None", imap_search="None", keyfile="None", mailboxes="\(.*INBOX.*\)", move_on_delete="None", ***, password_command="\(\)", port="993", record_mailbox="True", server="imap.remote-service.test", ssl_cert_hostname="None", ssl_ciphers="None", ssl_fingerprints="\(\)", ssl_version="None", timeout="180", use_cram_md5="False", use_kerberos="False", use_peek="True", use_xoauth2="False", username="user3"\)
# output (22 lines):
#     retriever:  SimpleIMAPSSLRetriever(ca_certs="None", certfile="None", getmaildir="/var/lib/getmail", imap_on_delete="None", imap_search="None", keyfile="None", mailboxes="('INBOX',)", move_on_delete="None", ***, password_command="()", port="993", record_mailbox="True", server="imap.remote-service.test", ssl_cert_hostname="None", ssl_ciphers="None", ssl_fingerprints="()", ssl_version="None", timeout="180", use_cram_md5="False", use_kerberos="False", use_peek="True", use_xoauth2="False", username="user3")
#     destination:  MDA_external(allow_root_commands="True", arguments="('-d', 'user3@example.test')", command="deliver", group="None", ignore_stderr="False", path="/usr/lib/dovecot/deliver", pipe_stdout="True", unixfrom="False", user="None")
#     options:
#       delete : False
#       delete_after : 0
#       delete_bigger_than : 0
#       delivered_to : False
#       fingerprint : False
#       logfile : logfile(filename="/var/log/mail/getmail-user3.log")
#       max_bytes_per_session : 0
#       max_message_size : 0
#       max_messages_per_session : 500
#       message_log : /var/log/mail/getmail-user3.log
#       message_log_syslog : False
#       message_log_verbose : False
#       netrc_file : None
#       read_all : False
#       received : False
#       skip_imap_fetch_size : False
#       to_oldmail_on_each_mail : False
#       use_netrc : False
#       verbose : 0
# --
#

I have no idea why the EC lint is failing, though..

TL;DR: Seems that getmail should not be configured for /var/mail-state and this got missed during review as it was likened to fetchmail which is setup differently as a service (although it may technically not need a state dir either for all I know 🤷‍♂️ )

Existing tests are failing

This is due to the logic here:

Previously since the internal directory never existed in the first place (except I guess as a symlink to nothing) it would fallback to the config volume and configure for that instead...

I guess we missed that during review 🤷‍♂️ It shouldn't store data at locations for different concerns? (runtime state that's usually discardable vs config volume that is generally used to persist anything else)

The cronjob (for runtime usage) has the /var/lib/getmail location hard coded (whereas the debug setup command above offers the alternative /tmp/docker-mailserver path):

More context

https://getmail6.org/configuration.html#running-commandline-options

To use getmail, simply run the script getmail, which is typically installed in /usr/local/bin/ by default.
getmail will read the default getmail rc file (getmailrc) from the default configuration/data directory (~/.getmail/) and begin operating.

--getmaildir=DIR or -gDIR — use DIR for configuration and data files

--rcfile=FILE or -rFILE — read getmail rc file FILE instead of the default.

• The file path is assumed to be relative to the getmaildir directory unless this value starts with a slash (/).
• This option can be given multiple times to have getmail retrieve mail from multiple accounts.

Unlike fetchmail, there is no daemon service or polling, thus the cronjob:

• https://getmail6.org/faq.html#faq-how-daemon
• https://wiki.archlinux.org/title/Getmail#Fetching_mail_automatically_with_systemd

RC files are provided via the config volume and copied over to internal location in /etc:

These all have a base config (which our docs advise mounting directly over instead of supporting via the config volume) but to be practical with DMS needs to configure to deliver over to Dovecot:

I'm not sure why this even needs to be in DMS beyond convenience, there isn't anything specific about it to integrate from the looks of it. Although that's probably the same case with fetchmail. Although there's this interesting FAQ entry from the original getmail author criticizing fetchmail.

getmaildir in this case is a location to dump the retrieved remote mail if you haven't configured it to deliver to Dovecot (opt-in). We don't have anything that seems to suggest using /tmp/docker-mailserver/getmail other than in the debug script itself (and test case matching the debug output).

So any existing users of the feature either have had mail delivered to Dovecot as per guidance in the docs, or it's been stored in /var/mail-state/lib-getmail (but we don't document this expectation, and the associated volume isn't really intended for it as it's not runtime state related). The getmail command is run as root UID/GID AFAIK? There's really no value for it being handled in /var/mail-state then.