[Mailman-Users] 14 hours and still not there
Jon Carnes
jonc at nc.rr.com
Tue Mar 11 21:16:38 CET 2003
I included some notes at the end of this mail from a successful Mailman
install on an Ensim system that I did last year. This was using Mailman
2.0.13, but the principle is the same for version 2.1.x
On Tue, 2003-03-11 at 13:43, Paul H Byerly wrote:
> Jon Carnes wrote:
> >Looks like you are setting up Mailman in a chrooted environment.
>
> Correct. If I understand correctly, in chroot the server does not
> know anything above it exists? It thinks that tmblists.com is the root
> directory?
This is a little screwy, but basically correct. If you setup the chroot
properly, then the system sendmail will startup a chrooted sendmail for
all mail that is destined for the virtual domain. The wrapper and smrsh
crap all take place inside the chroot (using the chrooted Sendmail). So
you need to setup the chrooted smrsh and setup the mailman groups and
user in the local /etc of the chroot.
The main problem I had at the time was getting python to work inside the
Chroot. I had to install it from source inside the Chroot (the system
version was way behind).
>
> >This is not for the faint of heart.
>
> Tell me about it!
>
> >I've done a few of these and they take a lot of tweaks to setup properly.
>
> I've tweaked every way I can think of. I need to do some searching
> on changing the sendmail configuration I guess.
>
> >The only real advice I can give is to take it slowly and test each step.
> >If you understand what mailman is doing and how chrooted environments work
> >then you will persevere
>
> Unfortunately my understanding of both is limited. I'm willing to
> take the time to learn, but I don't even know where to start. Any hints
> where I can find the resources to learn what I need to know? I did a
> search on Google for ' "chrooted environment" +mailman ' and got a lot of
> hits - but they all have "mailman" in an included URL as it's part of a
> mailman list and nothing of help. I've been thru all the readmes in mailman.
>
> >Good Luck - Jon Carnes
>
> I'm going to need it! I have found plenty of people looking to get
> Mailman working under Ensim, but no one offering a how to. Ensim is
> becoming more and more used, and sooner or later someone is going to cover
> this. If I ever get it running I will do a how to.
I'll take you up on that! That's why I'm sharing my notes.
>
>
> One other question, on getting CGI to run. Apparently Ensim won't
> deal with cgi files that have permissions above 755. When I ran a
> re-configure after changing the CGI directories to 755, the checkperms saw
> this as an error and changed it. If I change the permissions after I'm up
> and running is this going to break anything in Mailman?
I don't think this is exactly true. Your chroot environment has a
limited amount of UserID's and GroupID's that are available to be used
inside (and really outside as well) the Chroot.
If I recall correctly, every UID and GID (that you use inside the
chroot) have to exist in both the system /etc and in your chrooted /etc
HtH - Jon Carnes
======
Here are some notes/comments from an Ensim install that I did last
year...
===
Well it truly was a b*tch, but I got it working using mostly your setup.
In the future (if you do this again), you should install Mailman from
source and directly into the chroot area and use a site specific
user/group like "mailman7" instead of just "mailman".
It doesn't really matter if no one else on the server wants to use
Mailman.
I leave it to you to get the http virtual host setup. That should be a
piece of cake. I've setup Mailman to respond to any name that gets you
to the proper ip address. Once you've got the virtual website setup
then you can use the web-admin tool to move the list over to using
"www.********.com" - but DONT do that until the virtual site is
working and it pulls up Mailman's admin site (or you will be hosed).
BTW: the current list is setup so that all email is moderated. You'll
have to go to the website and approve any messages before they will go
out.
Good Luck. I'm including my work notes below.
Jon Carnes
=========================================================================
[jonc at Anncons jonc]$ ssh ***.***.***.109
Warning: Permanently added '***.***.***.109' (RSA) to the list of known
hosts.
jonc@***.***.***.109's password:
*********************************************************
Changes to system files may affect your warranty and
discharge Ensim from any further obligation to provide
customer with warranty services or support hereunder
*********************************************************
[jonc at panegyris jonc]$ ls
[jonc at panegyris jonc]$ cd /etc
[jonc at panegyris etc]$ grep mailman passwd
mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false
[jonc at panegyris etc]$ grep mailman group
mailman:x:41:
[jonc at panegyris etc]$ grep mailman aliases
# mailman aliases
mailman: postmaster
mailman-owner: mailman
neurons: "|/var/mailman/mail/wrapper post neurons"
neurons-admin: "|/var/mailman/mail/wrapper mailowner neurons"
neurons-request: "|/var/mailman/mail/wrapper mailcmd neurons"
[jonc at panegyris etc]$
====== sendmail.cf
# default UID (can be username or userid:groupid)
O DefaultUser=8:12
====== httpd.conf
# User/Group: The name (or #number) of the user/group to run httpd as.
# . On SCO (ODT 3) use "User nouser" and "Group nogroup".
# . On HPUX you may not be able to use shared memory as nobody, and the
# suggested workaround is to create a user www and use that user.
# NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET)
# when the value of (unsigned)Group is above 60000;
# don't use Group #-1 on these systems!
#
User apache
Group apache
...
ScriptAlias /cgi-bin/ /var/www/cgi-bin/
ScriptAlias /mailman/ /var/mailman/cgi-bin/
#
# /var/www/cgi-bin should be changed to whatever your ScriptAliased
# CGI directory exists, if you have that configured.
#
<Directory /var/www/cgi-bin>
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
<Directory /var/mailman/cgi-bin>
AllowOverride None
Options ExecCGI FollowSymLinks
Order allow,deny
Allow from all
</Directory>
======
[jonc at panegyris etc]$ grep apache passwd
apache:x:48:48:Apache:/var/www:/bin/false
[jonc at panegyris etc]$ grep apache group
apache:x:48:
======
Inspection of the mailman directory (/var/mailman) indicates that the
group rights are incorrect.
chgrp -R mailman /var/mailman/
======
Set Mailman Site password to "******"
~mailman/bin/mmsitepass
====== /var/log/maillog - After test message
Dec 11 09:46:32 panegyris sendmail[7163]: gBBHkVr07163:
from=<jonc at nc.rr.com>, size=631, class=0, nrcpts=1,
msgid=<1039624527.5369.7.camel at Anncons.nc.rr.com>, proto=ESMTP,
daemon=MTA, relay=moya.trilug.org [64.244.27.141]
Dec 11 09:46:32 panegyris virthostmail[7166]: Chrooting to
/home/virtual/site7/fst
Dec 11 09:46:32 panegyris sendmail[7168]: gBBHkW907168:
from=<jonc at nc.rr.com>, size=869, class=0, nrcpts=1,
msgid=<1039624527.5369.7.camel at Anncons.nc.rr.com>, proto=ESMTP,
relay=root at localhost
Dec 11 09:46:32 panegyris sendmail[7165]: gBBHkVr07163:
to=<neurons at neurosemantics.com>, delay=00:00:01, xdelay=00:00:00,
mailer=virthostmail, pri=30631, relay=neurosemantics.com, dsn=2.0.0,
stat=Sent (gBBHkW907168 Message accepted for delivery)
Dec 11 09:46:32 panegyris Mailman mail-wrapper: No such file or
directory
Dec 11 09:46:32 panegyris sendmail[7169]: gBBHkW907168:
to="|/var/mailman/mail/wrapper post neurons",
ctladdr=<neurons at neurosemantics.com> (516/0), delay=00:00:00,
xdelay=00:00:00, mailer=prog, pri=30080, dsn=5.3.0, stat=unknown mailer
error 4
Dec 11 09:46:32 panegyris sendmail[7169]: gBBHkW907168: gBBHkW907169:
DSN: unknown mailer error 4
Dec 11 09:46:53 panegyris sendmail[7169]: gBBHkW907169:
to=<jonc at nc.rr.com>, delay=00:00:21, xdelay=00:00:21, mailer=esmtp,
pri=30180, relay=ncmx01.mgw.rr.com. [24.93.67.251], dsn=2.0.0, stat=Sent
(gBBGZoOL026826 Message accepted for delivery)
======
created link to /var/mailman inside chrooted environment.
====== Test message bounce:
----- The following addresses had permanent fatal errors -----
"|/var/mailman/mail/wrapper post neurons"
(reason: 2)
(expanded from: <neurons at neurosemantics.com>)
----- Transcript of session follows -----
Failure to exec script. WANTED gid 12, GOT gid 516. (Reconfigure to
take 516?)
554 5.3.0 unknown mailer error 2
======
[root at panegyris smrsh]# grep 516 /etc/group
admin7:x:516:
The chrooted MTA must run as "admin7"
To test, I changed admin7's primary group to 12 (in /etc/passwd) and
added "admin7" to the admin7 group (in /etc/group)
We may only need to do this in the chrooted environment (if so then this
will fail).
====== /var/log/maillog
Dec 11 11:19:12 panegyris sendmail[7611]: gBBJJBr07609:
to=<neurons at neurosemantics.com>, delay=00:00:00, xdelay=00:00:00,
mailer=virthostmail, pri=31603, relay=neurosemantics.com, dsn=2.0.0,
stat=Sent (gBBJJCs07614 Message accepted for delivery)
Dec 11 11:19:12 panegyris Mailman mail-wrapper: No such file or
directory
Dec 11 11:19:12 panegyris sendmail[7615]: gBBJJCs07614:
to="|/var/mailman/mail/wrapper post neurons",
ctladdr=<neurons at neurosemantics.com> (516/0), delay=00:00:00,
xdelay=00:00:00, mailer=prog, pri=30796, dsn=5.3.0, stat=unknown mailer
error 4
Dec 11 11:19:12 panegyris sendmail[7615]: gBBJJCs07614: gBBJJCs07615:
DSN: unknown mailer error 4
Dec 11 11:19:17 panegyris sendmail[7615]: gBBJJCs07615:
to=<jonc at nc.rr.com>, delay=00:00:05, xdelay=00:00:05, mailer=esmtp,
pri=30896, relay=ncmx01.mgw.rr.com. [24.93.67.251], dsn=2.0.0, stat=Sent
(gBBI89OL006271 Message accepted for delivery)
======
[root at panegyris bin]# ./check_perms
directory must be at least 02775: /var/mailman
directory permissions must be at least 02775: /var/mailman/cron
directory permissions must be at least 02775: /var/mailman/spam
directory permissions must be at least 02775: /var/mailman/logs
Problems found: 4
Re-run as mailman (or root) with -f flag to fix
[root at panegyris bin]# ./check_perms -f
directory must be at least 02775: /var/mailman (fixing)
directory permissions must be at least 02775: /var/mailman/cron (fixing)
directory permissions must be at least 02775: /var/mailman/spam (fixing)
directory permissions must be at least 02775: /var/mailman/logs (fixing)
Problems found: 4
======
Python was not in the chrooted environment. I copied the version used
and its modules into the chroot.
File "/var/mailman/Mailman/Utils.py", line 601, in open_ex
fd = os.open(filename, flags, perms)
IOError: [Errno 2] No such file or directory:
'/var/spool/mailman/qfiles/a8953d5dbd3e1fbc5b2bdee0999d821bf9c2de18.db'
Alright this points the way to other problems. Mainly that the
chrooted install of Mailman is incomplete.
The only way to make this work right is to replace the main mailman
files with links to the Mailman files for Site7.
This assumes that only Site7 is using Mailman.
The work-around to this is to install mailman on the other sites
separately with different users (ie mailman1, mailman2, etc)
Then setup the crons for those separately, and include the alias
files for the various sites in the main aliases or
setup some virtusertab work-arounds.
/var/spool/mailman -> /home/virtual/site7/fst/var/spool/mailman
/var/mailman -> /home/virtual/site7/fst/var/mailman
Note: this means modifying the httpd.conf file for the mailman entry.
=========================================================================
On Tue, 2002-12-10 at 20:32, CS wrote:
> Thanks man - I'm in overload with all our <work> - started to
> go cross-eyed in front of the terminal ... sigh.
>
>
> It's a rented server running Ensim on RH 7.2 from www.servepath.com
and sits
> in San Francisco
>
More information about the Mailman-Users
mailing list