[exim] RE: Mailman stopped working -- why isn't exim executi…

Kezdőlap
Üzenet törlése
Válasz az üzenetre
Szerző: Daevid Vincent
Dátum:  
Címzett: exim-list
Tárgy: [exim] RE: Mailman stopped working -- why isn't exim executing as the right GID?
Can someone tell me what the permissions are supposed to be for all the
exim files (that matter, ie. suid, or what have you). I'm wondering if
exim got changed somehow (even though it wasn't re-installed, maybe a
perm changed).

> Sep 15 13:31:17 [Mailman mail-wrapper] Group mismatch error.
> Mailman expected the mail_wrapper script to be executed as
> group "mailman", but_the system's mail server executed the
> mail script as_group "mail". Try tweaking the mail server to
> run the_script as group "mailman", or re-run configure,
> _providing the command line option `--with-mail-gid=mail'._


As I've mentioned before, everything appears to be set up right. I've
re-installed mailman from scratch at least three times with different
settings and ideas, but they all resuult in that message above. All I
can think of is that exim is not working right anymore for some reason?

Would someone please help me with this? My lists have been down for 12
days now. :(


> -----Original Message-----
> From: Daevid Vincent
> Sent: Thursday, September 15, 2005 1:53 PM
> To: 'exim-list'
> Subject: Mailman stopped working
>
> Mailman and Exim were working fine on my Gentoo box. Then
> around Sept 7th, mailman stopped working. I checked and saw
> that there was a new emerge (however, it is the same exact
> version, so maybe it was part of a revdep-rebuild or something).
>
> [ebuild R ] mail-mta/exim-4.50-r1 +X -dnsdb -exiscan
> -exiscan-acl +ipv6
> -ldap -lmtp -mailwrapper -mbox +mysql -nis +pam +perl
> -postgres -sasl +ssl
> -syslog +tcpd 1,401 kB
> [ebuild R ] net-mail/mailman-2.1.5-r4 +apache2 5,611 kB
>
> Anyways, this is what I get in my mail logs:
>
> Sep 15 13:31:17 [Mailman mail-wrapper] Group mismatch error.
> Mailman expected the mail_wrapper script to be executed as
> group "mailman", but_the system's mail server executed the
> mail script as_group "mail". Try tweaking the mail server to
> run the_script as group "mailman", or re-run configure,
> _providing the command line option `--with-mail-gid=mail'._
>
> I've been posting to the mailman lists and the gentoo lists,
> and nobody seems to know what's wrong and everyone points
> fingers, so I'm now at my last resort thinking that maybe it
> is exim (which hasn't been updated for several months, so I
> don't know why it would be, but the error messages is suspicious)
>
> APACHEGID="81"
> MAILGID="280"
>
> src_compile() {
>         econf \
>                 --prefix=${INSTALLDIR} \
>                 --with-mail-gid=${MAILGID} \
>                 --with-cgi-gid=${APACHEGID} \
>         || die "configure failed"

>
>         make || die "make failed"
> }  

>
> # ll /etc/exim/exim.conf
> -rw-r--r-- 1 root root 29452 Apr 29 13:54 /etc/exim/exim.conf
>
> # User and group for Mailman, should match your --with-mail-gid
> # switch to Mailman's configure script.
> # Value is normally "mailman"
> MM_UID=mailman
> MM_GID=mailman
>
> So, these match what the comment says there, and what the
> .ebuild is doing.
>
> daevid portage-logs # /usr/local/mailman/bin/check_perms -f
> No problems found
>
> > > daevid ~ # which exim
> > > /usr/sbin/exim
> > >
> > > daevid ~ # ll /usr/sbin/exim
> > > -rws--x--x 1 root root 830012 Jul 7 00:57 /usr/sbin/exim
> >
> > I doubt it can just be mailman.
>
> Well, exim hasn't changed since that date above, and the config hasn't
> changed for even longer, so I believe it *is* mailman and not exim:
>
> # ll
> total 80
> drwxr-xr-x 2 root root 4096 Jun 26 12:45 .
> drwxr-xr-x 77 root root 4096 Sep 13 03:14 ..
> -rw-r--r-- 1 root root 775 Jul 7 00:57 auth_conf.sub
> -rw-r--r-- 1 root root 29452 Apr 29 13:54 exim.conf
> -rw-r--r-- 1 root root 25931 Jul 7 00:57 exim.conf.dist
> -rw-r--r-- 1 root root 8120 Jul 7 00:57 system_filter.exim
>
> > > > Has Exim lost its setuid bit (and/or its root ownership) in
> > > > the upgrade?
> > >
> > > Thanks for the suggestion John, but the perms look correct.
> > Also, other
> > > email works fine (incoming/outgoing). It's only mailman...
> > >
> > > daevid ~ # which exim
> > > /usr/sbin/exim
> > >
> > > daevid ~ # ll /usr/sbin/exim
> > > -rws--x--x 1 root root 830012 Jul 7 00:57 /usr/sbin/exim
> >
> > I doubt it can just be mailman. It's failing in the mail
> wrapper which
> > calls getgid() to get the group its being executed as.
> > Mailman is simply
> > reporting the facts, which is it is not being executed as
> the group it
> > was intended to be executed as. In your configuration it is
> > exim that is
> > executing mailman wrapper, thus it is exim that needs looking
> > at. Also,
> > please note the error concerns group id not the user id. The error
> > reported says exim executed the mail wrapper as the group
> > "mail" when it
> > expected it to be group "mailman". This means exim invoked
> the wrapper
> > in the "mail" group. Sorry, I'm not an exim user so I can't
> > tell you the
> > particulars of exim, but I suspect there is an option when
> > executing the
> > mailman wrapper to elect the group in addition to the user (its the
> > group thats important).
> >
> > Also, its not the setuid or setgid bit of exim that's
> relevant in this
> > case, that says when that exim executable is run, ignore who
> > is invoking
> > me and run as this user or group instead. Which for exim
> when invoking
> > mailman on your behalf is not relevant (and may not even be
> > desirable),
> > what is relevant is that when exim invokes the mailman
> > wrapper it calls
> > setgid("mailman") (I'm playing a little loose and fast
> here, but thats
> > the idea in a nutshell). This probably only happens via an exim
> > configuration parameter tied to mailman invocation.
>
> > The wrapper also complains that it is not being executed as group
> > 'mailman', but rather as group 'mail'. This is the confusing part
> > because it seems from the above that you are telling Exim to invoke
> > the wrapper as group 'mailman' yet the wrapper is telling you it is
> > being invoked as group 'mail'. I would look carefully at the Exim
> > configuration to be sure that
> >
> > MM_UID=mailman
> > MM_GID=mailman
> >
> > are in the right place and are not being overridden somewhere else.
>
> Below is portions of my /etc/exim/exim.conf. I deleted out
> any irrellevant
> parts, but I kept everything in the right order... I believe
> it's pretty
> much stock. (I don't know much about exim).
>
> ># cat /etc/exim/exim.conf
>
> ######################################################################
> #                  Runtime configuration file for Exim               #
> ######################################################################

>
>
> #
> # copied from http://www.exim.org/howto/mailman21.html#exconf
> #
> # Home dir for your Mailman installation -- aka Mailman's prefix
> directory.
> # By default this is set to "/usr/local/mailman"
> # On a Red Hat/Fedora system using the RPM use "/var/mailman"
> # On Debian using the deb package use "/var/lib/mailman"
> # This is normally the same as ~mailman
> MM_HOME=/usr/local/mailman
> #
> # User and group for Mailman, should match your --with-mail-gid
> # switch to Mailman's configure script.
> # Value is normally "mailman"
> MM_UID=mailman
> MM_GID=mailman
> #
> # Domains that your lists are in - colon separated list
> # you may wish to add these into local_domains as well
> domainlist
> mm_domains=daevid.com:rollinballzcrew.com:me-racing.com:marq.org
> #
> # -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
> #
> # These values are derived from the ones above and should not need
> # editing unless you have munged your mailman installation
> #
> # The path of the Mailman mail wrapper script
> MM_WRAP=MM_HOME/mail/mailman
> #
> # The path of the list config file (used as a required file when
> # verifying list addresses)
> MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck
>
>
> ######################################################################
> #                    MAIN CONFIGURATION SETTINGS                     #
> ######################################################################

>
> exim_user = mail
>
> ######################################################################
> #                      ROUTERS CONFIGURATION                         #
> #               Specifies how addresses are handled                  #
> ######################################################################
> #     THE ORDER IN WHICH THE ROUTERS ARE DEFINED IS IMPORTANT!       #
> # An address is passed to each router in turn until it is accepted.  #
> ######################################################################

>
> mailman_router:
>     driver = accept
>     domains = +mm_domains
>     require_files = MM_LISTCHK
>     local_part_suffix_optional
>     local_part_suffix = -admin : \
>         -bounces   : -bounces+* : \
>         -confirm   : -confirm+* : \
>         -join      : -leave : \
>         -owner     : -request : \
>         -subscribe : -unsubscribe
>     transport = mailman_transport

>
> procmail:
> debug_print = "R: procmail for $local_part@$domain"
> driver = accept
> check_local_user
> transport = procmail_pipe
> require_files = ${local_part}:${home}/.procmailrc:+/usr/bin/procmail
> no_verify
> no_expn
>
> userforward:
> driver = redirect
> check_local_user
> # local_part_suffix = +* : -*
> # local_part_suffix_optional
> file = $home/.forward
> # allow_filter
> no_verify
> no_expn
> check_ancestor
> file_transport = address_file
> pipe_transport = address_pipe
> reply_transport = address_reply
>
> localuser:
> driver = accept
> check_local_user
> # local_part_suffix = +* : -*
> # local_part_suffix_optional
> transport = local_delivery
> cannot_route_message = Unknown user
>
>
> ######################################################################
> #                      TRANSPORTS CONFIGURATION                      #
> ######################################################################
> #                       ORDER DOES NOT MATTER                        #
> #     Only one appropriate transport is called for each delivery.    #
> ######################################################################

>
> mailman_transport:
>     driver = pipe
>     command = MM_WRAP \
>               '${if def:local_part_suffix \

>
> {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
>                     {post}}' \
>               $local_part
>     current_directory = MM_HOME
>     home_directory = MM_HOME
>     user = MM_UID
>     group = MM_GID

>
> # End of Exim configuration file
>