[Pkg-mailman-hackers] Bug#896997: mailman3 - Incorrect permissions for postfix lookup table files on postfix restart

Thu Apr 26 19:50:38 BST 2018

Package: mailman3
Version: 3.1.1-9~bpo9+1
Severity: important

After installing and configuring mailman3-full, I was unable to create
mailing lists using the UI. The logs had the following content

```
Apr 26 17:54:46 2018 (9642) command failure: /usr/sbin/postmap
/var/lib/mailman3/data/postfix_lmtp, 1, Operation not permitted
Apr 26 17:54:47 2018 (9642) command failure: /usr/sbin/postmap
/var/lib/mailman3/data/postfix_domains, 1, Operation not permitted
```

Upon checking, I saw that the files
`/var/lib/mailman3/data/postfix_lmtp.db` and
`/var/lib/mailman3/data/postfix_domains.db` were owned by `root:root`
and others didn't have read/write permission on them. Doing a chmod o+rw
on those two files solved the issue.

---

The exact steps I followed are

0.  Get a droplet in DigitalOcean with Debian 9.4 image
1.  Enable backports repo and run apt-get update
2.  Set hostname
3.  apt-get install postfix (as smarthost)
4.  apt-get install nginx-full
5.  apt-get -t stretch-backports install mailman3-full (answered the
questions positively)
6.  dpkg-reconfigure mailman3-web - For creating database and admin user.
7.  edit /etc/nginx/sites-enabled/mailman3 and change server_name
8.  service nginx reload
9.  Updated /etc/postfix/main.cf as mentioned in
/usr/share/doc/mailman3/README.Debian
10. service postfix restart for it to take effect

After this, while trying to login, I got a 500 error page. Logs of
mailman3-web had the following

```
SMTPRecipientsRefused: {u'<my admin email id>': (451, '4.3.0 <my admin
email id>: Temporary lookup failure')}
```

So I ran the following to fix them.

11. newaliases
12. mailman aliases
13. service mailman3 restart
14. service postfix restart
15. service mailman3-web restart

After this, I was able to login.

16. Go to domain and login as admin. Verification mail will be sent - go
check that. (You may want to use the non-HTTPS version of confirmation
URL if you haven't set it)

Note: Without doing the following, I wasn't able to create mailing lists
16. chmod o+wr /var/lib/mailman3/data/postfix_domains.db
17. chmod o+wr /var/lib/mailman3/data/postfix_lmtp.db

All was well after this.

I doubt if restarts were actually necessary in step 14 and if a reload
would've been enough. On our discussion in IRC channel #debian-mailman,
Pierre-Elliott Bécue (peb) assumes this caused the permissions to be borked.

PS: Please rename the issue title as you see fit.

---

Regards
Balasankar "Balu" C

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20180427/bee7b0eb/attachment.sig>