[Mailman-Users] mailman and group mismatch error

Mark Sapiro mark at msapiro.net
Sat Aug 1 22:05:25 CEST 2009 

Greg White wrote:
>
>> Mark wrote:
>>
>> The above looks good. what is the exact group mismatch error message
>> you get in the DSN and/or maillog when you mail to test at list.xyz.com?
>
>To send the test message I sshd into my box as user, su - to root, and did:
># /usr/lib/mailman/mail/mailman post test
>Group mismatch error. Mailman expected the mail wrapper script to be
>executed as one of the following groups:
>[mail, postfix, mailman, nobody, daemon],
>but the system's mail server executed the mail script as group: "root".
>Try tweaking the mail server to run the script as one of these groups:
>[mail, postfix, mailman, nobody, daemon],
>or re-run configure providing the command line option:
>'--with-mail-gid=root'.


As I said in an earlier post, this means nothing. It only says that
root can't run the wrapper, but says nothing about Postfix running the
wrapper.


>I then use mutt (still as root) to send an email and this is what I see in /var/log/maillog
>Aug  1 13:21:44 list postfix/postfix-script: starting the Postfix mail system
>Aug  1 13:21:44 list postfix/master[2494]: daemon started -- version 2.3.3, configuration /etc/postfix
>Aug  1 13:22:23 list Mailman mail-wrapper: Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "root". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=root'.


OK. This one is meaningful. It says Postfix is trying to run the
wrapper as root (or does it?), and that is a problem. See below for
more.


>Finally I exit root and go back to being a user and I do:
>/usr/lib/mailman/mail/mailman post test
>Group mismatch error. Mailman expected the mail wrapper script to be
>executed as one of the following groups:
>[mail, postfix, mailman, nobody, daemon],
>but the system's mail server executed the mail script as group: "user".
>Try tweaking the mail server to run the script as one of these groups:
>[mail, postfix, mailman, nobody, daemon],
>or re-run configure providing the command line option:
>'--with-mail-gid=user'.


Again, this one is not relevant. If you do

sudo -u mailman /usr/lib/mailman/mail/mailman post test

it should work. That is also what Postfix should be doing.

Earlier you said -

># ls -lhZ /etc/mailman/aliases*
>-rw-rw----  root    mailman user_u:object_r:mailman_data_t   /etc/mailman/aliases
>-rw-rw-r--  mailman mailman user_u:object_r:mailman_data_t   /etc/mailman/aliases.db


I.e. the aliases.db is owned by 'mailman'. Also, Postfix's 'man 8
local' says in part

DELIVERY RIGHTS
       Deliveries to external files and external commands are  made 
with  the
       rights  of the receiving user on whose behalf the delivery is
made.  In
       the absence of a user context,  the  local(8)  daemon  uses  the
 owner
       rights  of  the :include: file or alias database.  When those
files are
       owned by the superuser, delivery is made with the rights
specified with
       the default_privs configuration parameter.


This says that Postfix executes the wrapper as the user who owns the
alias database in which the pipe to the wrapper is found which is
mailman, not root.

Do you have Mailman aliases in /etc/aliases too? Even that shouldn't
cause this problem as (you said) /etc/aliases.db is owned by root and
that should cause Postfix to execute any pipes found there as the
default-privs user which is normally 'nobody'.

This appears to be a Postfix issue of some kind, or perhaps not.

How is mutt delivering mail? In your log excerpt I only see

>Aug  1 13:21:44 list postfix/postfix-script: starting the Postfix mail system
>Aug  1 13:21:44 list postfix/master[2494]: daemon started -- version 2.3.3, configuration /etc/postfix
>Aug  1 13:22:23 list Mailman mail-wrapper: Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "root". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=root'.

I see nothing preceding this that indicates Postfix received the mail
and tried to pipe it to the wrapper. I only see over two minutes later

>Aug  1 13:25:01 list postfix/pickup[2498]: C122C8604E0: uid=41 from=
>Aug  1 13:25:01 list postfix/cleanup[2767]: C122C8604E0: message-id=
>Aug  1 13:25:01 list postfix/qmgr[2499]: C122C8604E0: from=, size=625, nrcpt=1 (queue active)
>Aug  1 13:25:02 list postfix/local[2769]: C122C8604E0: to=, orig_to=, relay=local, delay=0.51, delays=0.25/0.05/0/0.21, dsn=2.0.0, status=sent >(delivered to command: /usr/lib/mailman/mail/mailman post mailman)
>Aug  1 13:25:02 list postfix/qmgr[2499]: C122C8604E0: removed

Which looks like a successful delivery to me. Is Mailman running? Is
this message in qfiles/in? What happened to it?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

More information about the Mailman-Users mailing list