[exim] Mailman stopped working

Startseite
Nachricht löschen
Nachricht beantworten
Autor: Daevid Vincent
Datum:  
To: exim-list
Betreff: [exim] Mailman stopped working
[I posted this earlier at 1:53pm, but I didn't see it come through the
list yet at 6:35pm]

Mailman and Exim were working fine on my Gentoo box. Then around Sept
7th, mailman stopped working. I checked and saw that there was a new
emerge (however, it is the same exact version, so maybe it was part of a
revdep-rebuild or something).

[ebuild R ] mail-mta/exim-4.50-r1 +X -dnsdb -exiscan -exiscan-acl
+ipv6
-ldap -lmtp -mailwrapper -mbox +mysql -nis +pam +perl -postgres -sasl
+ssl
-syslog +tcpd 1,401 kB
[ebuild R ] net-mail/mailman-2.1.5-r4 +apache2 5,611 kB

Anyways, this is what I get in my mail logs:

Sep 15 13:31:17 [Mailman mail-wrapper] Group mismatch error. Mailman
expected the mail_wrapper script to be executed as group "mailman",
but_the system's mail server executed the mail script as_group "mail".
Try tweaking the mail server to run the_script as group "mailman", or
re-run configure, _providing the command line option
`--with-mail-gid=mail'._

I've been posting to the mailman lists and the gentoo lists, and nobody
seems to know what's wrong and everyone points fingers, so I'm now at my
last resort thinking that maybe it is exim (which hasn't been updated
for several months, so I don't know why it would be, but the error
messages is suspicious)

APACHEGID="81"
MAILGID="280"

src_compile() {
        econf \
                --prefix=${INSTALLDIR} \
                --with-mail-gid=${MAILGID} \
                --with-cgi-gid=${APACHEGID} \
        || die "configure failed"


        make || die "make failed"
}  


# ll /etc/exim/exim.conf
-rw-r--r-- 1 root root 29452 Apr 29 13:54 /etc/exim/exim.conf

# User and group for Mailman, should match your --with-mail-gid
# switch to Mailman's configure script.
# Value is normally "mailman"
MM_UID=mailman
MM_GID=mailman

So, these match what the comment says there, and what the .ebuild is
doing.

daevid portage-logs # /usr/local/mailman/bin/check_perms -f
No problems found

> > daevid ~ # which exim
> > /usr/sbin/exim
> >
> > daevid ~ # ll /usr/sbin/exim
> > -rws--x--x 1 root root 830012 Jul 7 00:57 /usr/sbin/exim
>
> I doubt it can just be mailman.


Well, exim hasn't changed since that date above, and the config hasn't
changed for even longer, so I believe it *is* mailman and not exim:

# ll
total 80
drwxr-xr-x 2 root root 4096 Jun 26 12:45 .
drwxr-xr-x 77 root root 4096 Sep 13 03:14 ..
-rw-r--r-- 1 root root 775 Jul 7 00:57 auth_conf.sub
-rw-r--r-- 1 root root 29452 Apr 29 13:54 exim.conf
-rw-r--r-- 1 root root 25931 Jul 7 00:57 exim.conf.dist
-rw-r--r-- 1 root root 8120 Jul 7 00:57 system_filter.exim

> > > Has Exim lost its setuid bit (and/or its root ownership) in
> > > the upgrade?
> >
> > Thanks for the suggestion John, but the perms look correct.
> Also, other
> > email works fine (incoming/outgoing). It's only mailman...
> >
> > daevid ~ # which exim
> > /usr/sbin/exim
> >
> > daevid ~ # ll /usr/sbin/exim
> > -rws--x--x 1 root root 830012 Jul 7 00:57 /usr/sbin/exim
>
> I doubt it can just be mailman. It's failing in the mail wrapper which
> calls getgid() to get the group its being executed as.
> Mailman is simply
> reporting the facts, which is it is not being executed as the group it
> was intended to be executed as. In your configuration it is
> exim that is
> executing mailman wrapper, thus it is exim that needs looking
> at. Also,
> please note the error concerns group id not the user id. The error
> reported says exim executed the mail wrapper as the group
> "mail" when it
> expected it to be group "mailman". This means exim invoked the wrapper
> in the "mail" group. Sorry, I'm not an exim user so I can't
> tell you the
> particulars of exim, but I suspect there is an option when
> executing the
> mailman wrapper to elect the group in addition to the user (its the
> group thats important).
>
> Also, its not the setuid or setgid bit of exim that's relevant in this
> case, that says when that exim executable is run, ignore who
> is invoking
> me and run as this user or group instead. Which for exim when invoking
> mailman on your behalf is not relevant (and may not even be
> desirable),
> what is relevant is that when exim invokes the mailman
> wrapper it calls
> setgid("mailman") (I'm playing a little loose and fast here, but thats
> the idea in a nutshell). This probably only happens via an exim
> configuration parameter tied to mailman invocation.


> The wrapper also complains that it is not being executed as group
> 'mailman', but rather as group 'mail'. This is the confusing part
> because it seems from the above that you are telling Exim to invoke
> the wrapper as group 'mailman' yet the wrapper is telling you it is
> being invoked as group 'mail'. I would look carefully at the Exim
> configuration to be sure that
>
> MM_UID=mailman
> MM_GID=mailman
>
> are in the right place and are not being overridden somewhere else.


Below is portions of my /etc/exim/exim.conf. I deleted out any
irrellevant
parts, but I kept everything in the right order... I believe it's pretty
much stock. (I don't know much about exim).

># cat /etc/exim/exim.conf


######################################################################
#                  Runtime configuration file for Exim               #
######################################################################



#
# copied from http://www.exim.org/howto/mailman21.html#exconf
#
# Home dir for your Mailman installation -- aka Mailman's prefix
directory.
# By default this is set to "/usr/local/mailman"
# On a Red Hat/Fedora system using the RPM use "/var/mailman"
# On Debian using the deb package use "/var/lib/mailman"
# This is normally the same as ~mailman
MM_HOME=/usr/local/mailman
#
# User and group for Mailman, should match your --with-mail-gid
# switch to Mailman's configure script.
# Value is normally "mailman"
MM_UID=mailman
MM_GID=mailman
#
# Domains that your lists are in - colon separated list
# you may wish to add these into local_domains as well
domainlist
mm_domains=daevid.com:rollinballzcrew.com:me-racing.com:marq.org
#
# -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#
# These values are derived from the ones above and should not need
# editing unless you have munged your mailman installation
#
# The path of the Mailman mail wrapper script
MM_WRAP=MM_HOME/mail/mailman
#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck


######################################################################
#                    MAIN CONFIGURATION SETTINGS                     #
######################################################################


exim_user = mail

######################################################################
#                      ROUTERS CONFIGURATION                         #
#               Specifies how addresses are handled                  #
######################################################################
#     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
# An address is passed to each router in turn until it is accepted.  #
######################################################################


mailman_router:
    driver = accept
    domains = +mm_domains
    require_files = MM_LISTCHK
    local_part_suffix_optional
    local_part_suffix = -admin : \
        -bounces   : -bounces+* : \
        -confirm   : -confirm+* : \
        -join      : -leave : \
        -owner     : -request : \
        -subscribe : -unsubscribe
    transport = mailman_transport


procmail:
debug_print = "R: procmail for $local_part@$domain"
driver = accept
check_local_user
transport = procmail_pipe
require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
no_verify
no_expn

userforward:
driver = redirect
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
file = $home/.forward
# allow_filter
no_verify
no_expn
check_ancestor
file_transport = address_file
pipe_transport = address_pipe
reply_transport = address_reply

localuser:
driver = accept
check_local_user
# local_part_suffix = +* : -*
# local_part_suffix_optional
transport = local_delivery
cannot_route_message = Unknown user


######################################################################
#                      TRANSPORTS CONFIGURATION                      #
######################################################################
#                       ORDER DOES NOT MATTER                        #
#     Only one appropriate transport is called for each delivery.    #
######################################################################


mailman_transport:
    driver = pipe
    command = MM_WRAP \
              '${if def:local_part_suffix \
                    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                    {post}}' \
              $local_part
    current_directory = MM_HOME
    home_directory = MM_HOME
    user = MM_UID
    group = MM_GID


# End of Exim configuration file