[Mailman-Users] unknown mailer problems

Mark Sapiro msapiro at value.net
Thu Mar 24 05:54:30 CET 2005 

Ashley M. Kirchner wrote:

>Ashley M. Kirchner wrote:
>
>>
>>    So right now I'm faced with the following error:
>>
>> ----- Transcript of session follows -----
>> /usr/bin/python: can't open file '/home/mailman/lists/scripts/post'
>> 554 5.3.0 unknown mailer error 2
>>
>>    However, here's my problem: that file does exist, in that path, so 
>> why would python complain that it can't open it?
>>
>    I forgot to add: the permissions are correct, but for the mail-gid 
>as well as cgi-gid.  That I checked over and over, and they're correct.  
>So what else could be causing the problem?


It's hard to know what the problem might be because you seem to be
presenting a moving target and not telling us much about what you're
doing. Your initial post was about suEXEC and removing the setgid bit
from the various wrappers in the cgi-bin/ directory.

Now this, which has to do with posting and is strange in a couple of
respects. First of all, the scripts/post script is not normally found
in the lists/ directory. Assuming that the installation directory
(sometimes called $prefix) is /home/mailman/, the path to the post
script would normally be /home/mailman/scripts/post. If this file is
really /home/mailman/lists/scripts/post, it would indicate that
configure was run with an unusual --prefix= option.

Also, the python command to run the post script was invoked by the
(maybe?) /home/mailman/mail/mailman wrapper which was in turn invoked
by the incoming MTA. The wrapper should be setgid so it can set the
executing group to 'mailman' (or whatever your mailman group is). This
should not be affected by suEXEC one way or the other because the web
server isn't involved.

So, are you trying to remove setgid from everything and somehow give
permissions to the mail-gid and the cgi-gid? I don't really know about
running Mailman under suEXEC, but I would suggest that the only thing
that would change from a standard install would be something like the
following (assuming your mailman group is 'mailman'):

-Files should be group writable and group 'mailman'
-Only the wrappers in cgi-bin/ should be not setgid and this only
because suEXEC requires it.
-Web server executes cgi-bin/ wrappers as user/group 'mailman' via
suEXEC (which I think would require configure be run
--with-cgi-gid='mailman')

Note that the above contradicts the following from the INSTALL document:

    - You want to be very sure that the user id under which your CGI
      scripts run is *not* in the `mailman' group you created above,
      otherwise private archives will be accessible to anyone.

I think what this really means is it isn't possible to set Mailman up
properly to run with suEXEC.

--
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list