FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora User

 
 
LinkBack Thread Tools
 
Old 02-02-2008, 03:16 PM
Ben Kamen
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Sendmail works.

Mailman works.

Mailman's wrapper under sendmail doesn't work.

What I get is:

----- The following addresses had permanent fatal errors -----
"|/usr/lib/mailman/mail/mailman post mailman"
(reason: 2)
(expanded from: <mailman@baron.benjammin.net>)

----- Transcript of session follows -----
Group mismatch error. Mailman expected the mail wrapper script to be
executed as one of the following groups:
[mail, postfix, mailman, nobody, daemon],
but the system's mail server executed the mail script as group: "mailnull".
Try tweaking the mail server to run the script as one of these groups:
[mail, postfix, mailman, nobody, daemon],
or re-run configure providing the command line option:
'--with-mail-gid=mailnull'.
554 5.3.0 unknown mailer error 2




Now, I would normally know how to fix the problem - but I thought to myself..

Do the developers know that out of the "yum" box - Sendmail and Mailman as
RPM'd don't work with each other or am I missing a README somewhere.

I'm more than happy to recompile both programs, but that's bypassing the point
of using RPM's in the first place. It would be nice to see the RPM work, not
have to go recompile anyway.

So, I'm sure this is a common question, but this is the first problem I've had
making sense of a Fedora distribution and the included docs in the mailman

docs directory don't talk about how the "run as GID" settings for mailman
were set on compile.

Little help? (and thanks!)

-Ben

--
Ben Kamen - O.D.T., S.P.
================================================== ====================
Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 07:10 PM
Todd Zullinger
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Ben Kamen wrote:
> Sendmail works.
>
> Mailman works.
>
> Mailman's wrapper under sendmail doesn't work.

Do you have SELinux in enforcing mode?

> What I get is:
>> ----- The following addresses had permanent fatal errors -----
>> "|/usr/lib/mailman/mail/mailman post mailman"
>> (reason: 2)
>> (expanded from: <mailman@baron.benjammin.net>)
>>
>> ----- Transcript of session follows -----
>> Group mismatch error. Mailman expected the mail wrapper script to be
>> executed as one of the following groups:
>> [mail, postfix, mailman, nobody, daemon],
>> but the system's mail server executed the mail script as group: "mailnull".
>> Try tweaking the mail server to run the script as one of these groups:
>> [mail, postfix, mailman, nobody, daemon],
>> or re-run configure providing the command line option:
>> '--with-mail-gid=mailnull'.
>> 554 5.3.0 unknown mailer error 2

Hmmm, on an F8 box with a fresh install of mailman and everything else
up to date (including the updates-testing repository), I don't see
this particular error. I do get a failed delivery with SELinux in
enforcing mode though. The bounce in my case is:

----- The following addresses had permanent fatal errors -----
"|/usr/lib/mailman/mail/mailman post test-list"
(reason: 1)
(expanded from: <test-list@localhost.localdomain>)

----- Transcript of session follows -----
post script, list not found: test-list
554 5.3.0 unknown mailer error 1

Setting SELinux to permissive lets the mail go through. So there
appear to be some policy tweaks needed.

> Now, I would normally know how to fix the problem - but I thought to
> myself..
>
> Do the developers know that out of the "yum" box - Sendmail and
> Mailman as RPM'd don't work with each other or am I missing a README
> somewhere.

It's likely that testing with SELinux in enforcing mode hasn't been
tested well. Since mailman can be used with a variety of MTA's and
involves a bit of work after installing the rpm to finish the setup, I
can undertstand this. I hadn't tested mailman with sendmail in many
years until today. I typically use Postfix since it integrates with
mailman much nicer IMO.

> I'm more than happy to recompile both programs, but that's bypassing
> the point of using RPM's in the first place. It would be nice to see
> the RPM work, not have to go recompile anyway.
>
> So, I'm sure this is a common question, but this is the first
> problem I've had making sense of a Fedora distribution and the
> included docs in the mailman docs directory don't talk about how the
> "run as GID" settings for mailman were set on compile.
>
> Little help? (and thanks!)

See if running "setenforce 0" as root changes the behavior. If it
does, then we should gather up the AVC messages from SELinux and
report them to bugzilla so Dan Walsh can push out a corrected SELinux
policy that allows mailman to operate with sendmail.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
People who make history know nothing about history. You can see that
in the sort of history they make.
-- G. K. Chesterton

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 08:25 PM
Ben Kamen
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Todd Zullinger wrote:



Do you have SELinux in enforcing mode?


I have it completely disabled since the installation. (and I doubled checked the
sysconfig/selinux file for this email. )




Hmmm, on an F8 box with a fresh install of mailman and everything else
up to date (including the updates-testing repository), I don't see
this particular error. I do get a failed delivery with SELinux in
enforcing mode though. The bounce in my case is:


I'm using FC-7 not 8... so I don't know what diff's might exist there... but..
moving along.



Setting SELinux to permissive lets the mail go through. So there
appear to be some policy tweaks needed.



Hmmm, and in my case where it's disabled?



It's likely that testing with SELinux in enforcing mode hasn't been
tested well. Since mailman can be used with a variety of MTA's and
involves a bit of work after installing the rpm to finish the setup, I
can undertstand this. I hadn't tested mailman with sendmail in many
years until today. I typically use Postfix since it integrates with
mailman much nicer IMO.


I would offer the argument that this is a matter of what user/group sendmail is
running as vs. what user/group mailman was built to run with.


As for Postfix, I'm a sendmail fan and use it with all the other goodies
one might use with sendmail to control spam (mimedefang, spamassassin) so
moving from sendmail won't happen in the near future just as I'm comfy with
it and have my plate filled with other things (that are part of my j-o-b).

Anyway...



See if running "setenforce 0" as root changes the behavior. If it
does, then we should gather up the AVC messages from SELinux and
report them to bugzilla so Dan Walsh can push out a corrected SELinux
policy that allows mailman to operate with sendmail.


again, my SElinux is disabled, so what might you recommend?

Thanks for the fast reply!


-Ben


--
Ben Kamen - O.D.T., S.P.
================================================== ====================
Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 08:31 PM
Ben Kamen
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Oh,

I'd also like to point out that mailman's Default.py points to sendmail
in /usr/lib/sendmail when sendmail is actually living in /usr/sbin/sendmail per
the yum installed package of sendmail 8.14.1 (oops?)


-Ben


--
Ben Kamen - O.D.T., S.P.
================================================== ====================
Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 08:43 PM
Alexander Dalloz
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Ben Kamen schrieb:
> Oh,
>
> I'd also like to point out that mailman's Default.py points to sendmail
> in /usr/lib/sendmail when sendmail is actually living in
> /usr/sbin/sendmail per the yum installed package of sendmail 8.14.1
> (oops?)
>
> -Ben
No problem, no fault, no oops.

This is intended as Fedora comes with the MTA switching mechanism
through alternatives. Just check out that /usr/lib/sendmail is a
symlink. And the "sendmail" binary could be postfix
(/usr/lib/sendmail.postfix instead of /usr/lib/sendmail.sendmail as the
true binary).

Alexander

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 09:15 PM
Todd Zullinger
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Ben Kamen wrote:
> Todd Zullinger wrote:
>
>>
>> Do you have SELinux in enforcing mode?
>
> I have it completely disabled since the installation. (and I doubled
> checked the sysconfig/selinux file for this email. )

Well, then there should be no SELinux issues. Forget I even mentioned
it.

> I'm using FC-7 not 8... so I don't know what diff's might exist
> there... but.. moving along.

It could be relevant, though I doubt there are significant
differences. You could poke the spec files and patches in Fedora's
CVS: http://cvs.fedoraproject.org/viewcvs/rpms/mailman/

> I would offer the argument that this is a matter of what user/group
> sendmail is running as vs. what user/group mailman was built to run
> with.

The Fedora mailman package is patched so that it can run as multiple
mail groups. The upstream mailman source makes you choose one group
at build time and would make it rough to have one mailman rpm that
worked with postfix, sendmail, or other MTA's.

> As for Postfix, I'm a sendmail fan and use it with all the other
> goodies one might use with sendmail to control spam (mimedefang,
> spamassassin) so moving from sendmail won't happen in the near
> future just as I'm comfy with it and have my plate filled with other
> things (that are part of my j-o-b).

No problem. I'm not here to try and persuade you to switch.

There are some tools to make adding the aliases when new lists are
created more automatic when using sendmail. I'm not sure what they
are or how well they integrate with the mailman rpms from Fedora. But
that's something to worry about after the basic functionality is
working, for sure.

I know with postfix, it's possible to get the gid errors if you add
the aliases directly to the main /etc/aliases file. This is because
postfix will run the commands in the aliases as the owner/group of the
alias file. So for mailman, you create an alias file just for the
mailman aliases, with group mailman.

Now, for sendmail I don't think this same thing applies. In the test
I did I added the aliases to /etc/aliases and things worked (once
SELinux was set to permissive). I only mention this in case there's
something different about how you setup the aliases that may jump out
at you as a potential cause for sendmail running the mailman wrapper
script with group mailnull.

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
life, n.: A whim of several billion cells to be you for a while.

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 09:20 PM
Todd Zullinger
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Ben Kamen wrote:
> I'd also like to point out that mailman's Default.py points to
> sendmail in /usr/lib/sendmail when sendmail is actually living in
> /usr/sbin/sendmail per the yum installed package of sendmail 8.14.1
> (oops?)

There is a sendmail link in /usr/lib/sendmail though, so it would be
fine if that's the path that mailman used.

But it's irrelevant anyway, since that setting only applies if you set
the DELIVERY_MODULE to Sendmail. And if you check the comments in
Defaults.py about that, you'll see that you are warned against this:

# WARNING: Sendmail has security holes and should be avoided. In
# fact, you must read the Mailman/Handlers/Sendmail.py file before it
# will work for you.
#
#DELIVERY_MODULE = 'Sendmail'
DELIVERY_MODULE = 'SMTPDirect'

--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ ~~~~~~~~~~~~~~~~~~~~
What is a weed? A plant whose virtues have not been discovered.
-- Ralph Waldo Emerson, Fortune of the Republic

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 09:39 PM
Les Mikesell
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Todd Zullinger wrote:



Now, for sendmail I don't think this same thing applies. In the test
I did I added the aliases to /etc/aliases and things worked (once
SELinux was set to permissive). I only mention this in case there's
something different about how you setup the aliases that may jump out
at you as a potential cause for sendmail running the mailman wrapper
script with group mailnull.


I'm way out of date on how this works, but the last time I looked, the
mailman wrapper was setgid mailman which should work regardless of what
starts it.


--
Les Mikesell
lesmikesell@gmail.com

--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 10:28 PM
Ben Kamen
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Les Mikesell wrote:

Todd Zullinger wrote:



Now, for sendmail I don't think this same thing applies. In the test
I did I added the aliases to /etc/aliases and things worked (once
SELinux was set to permissive). I only mention this in case there's
something different about how you setup the aliases that may jump out
at you as a potential cause for sendmail running the mailman wrapper
script with group mailnull.


I'm way out of date on how this works, but the last time I looked, the
mailman wrapper was setgid mailman which should work regardless of what
starts it.




Yeeaa... one would think. But it doesn't.

Again, I'm using the supplied RPM's and it's currently broken.

I could always recompile to my own needs... but that breaks the point of
using the RPM's and that's what I wanted to really mention more than anything.

Check it out, you'll be surprised (or shocked)

-Ben

--
Ben Kamen - O.D.T., S.P.
================================================== ====================
Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 
Old 02-02-2008, 10:28 PM
Ben Kamen
 
Default Question on Fedora's RPM of Mailmail and Sendmail

Todd Zullinger wrote:


There is a sendmail link in /usr/lib/sendmail though, so it would be
fine if that's the path that mailman used.


I did a locate, but now I just did a specific ls -l.. wow - talk about softlink
hell. What has FC come to? (sigh)



But it's irrelevant anyway, since that setting only applies if you set
the DELIVERY_MODULE to Sendmail. And if you check the comments in
Defaults.py about that, you'll see that you are warned against this:


Which I don't.


# WARNING: Sendmail has security holes and should be avoided. In
# fact, you must read the Mailman/Handlers/Sendmail.py file before it
# will work for you.
#
#DELIVERY_MODULE = 'Sendmail'
DELIVERY_MODULE = 'SMTPDirect'


Yea, I saw that...

and to the notes earlier about sendmail integration, there's an .MC file to
handle list@mailman.your.domain which reroutes all those though the mailer in
sendmail rather than through aliases... I'm not needing the former, so I'm using
the latter. I run like < 10 lists, so aliases are fine with me.


-Ben


--
Ben Kamen - O.D.T., S.P.
================================================== ====================
Email: bkamen AT benjammin DOT net Web: http://www.benjammin.net
--
fedora-list mailing list
fedora-list@redhat.com
To unsubscribe: https://www.redhat.com/mailman/listinfo/fedora-list
 

Thread Tools




All times are GMT. The time now is 02:38 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org