[Pkg-mailman-hackers] Bug#896997: Bug#896997: mailman3 - Incorrect permissions for postfix lookup table files on postfix restart
Pierre-Elliott Bécue
becue at crans.org
Thu Apr 26 20:32:05 BST 2018
Le vendredi 27 avril 2018 à 00:20:38+0530, Balasankar C a écrit :
> Package: mailman3
> Version: 3.1.1-9~bpo9+1
> Severity: important
>
> After installing and configuring mailman3-full, I was unable to create
> mailing lists using the UI. The logs had the following content
>
> ```
> Apr 26 17:54:46 2018 (9642) command failure: /usr/sbin/postmap
> /var/lib/mailman3/data/postfix_lmtp, 1, Operation not permitted
> Apr 26 17:54:47 2018 (9642) command failure: /usr/sbin/postmap
> /var/lib/mailman3/data/postfix_domains, 1, Operation not permitted
> ```
>
> Upon checking, I saw that the files
> `/var/lib/mailman3/data/postfix_lmtp.db` and
> `/var/lib/mailman3/data/postfix_domains.db` were owned by `root:root`
> and others didn't have read/write permission on them. Doing a chmod o+rw
> on those two files solved the issue.
>
> ---
>
> The exact steps I followed are
>
> 0. Get a droplet in DigitalOcean with Debian 9.4 image
> 1. Enable backports repo and run apt-get update
> 2. Set hostname
> 3. apt-get install postfix (as smarthost)
> 4. apt-get install nginx-full
> 5. apt-get -t stretch-backports install mailman3-full (answered the
> questions positively)
> 6. dpkg-reconfigure mailman3-web - For creating database and admin user.
> 7. edit /etc/nginx/sites-enabled/mailman3 and change server_name
> 8. service nginx reload
> 9. Updated /etc/postfix/main.cf as mentioned in
> /usr/share/doc/mailman3/README.Debian
> 10. service postfix restart for it to take effect
>
> After this, while trying to login, I got a 500 error page. Logs of
> mailman3-web had the following
>
> ```
> SMTPRecipientsRefused: {u'<my admin email id>': (451, '4.3.0 <my admin
> email id>: Temporary lookup failure')}
> ```
>
> So I ran the following to fix them.
>
> 11. newaliases
> 12. mailman aliases
I guess you were running this command as root, hence the db files owned by
root, hence the need to chmod o+rw.
mailman aliases should be run as "list".
Anyway, we have to avoid the first issue to come so that no one follows the
second path.
I'll design a fix.
> 13. service mailman3 restart
> 14. service postfix restart
> 15. service mailman3-web restart
>
> After this, I was able to login.
>
> 16. Go to domain and login as admin. Verification mail will be sent - go
> check that. (You may want to use the non-HTTPS version of confirmation
> URL if you haven't set it)
>
> Note: Without doing the following, I wasn't able to create mailing lists
> 16. chmod o+wr /var/lib/mailman3/data/postfix_domains.db
> 17. chmod o+wr /var/lib/mailman3/data/postfix_lmtp.db
>
> All was well after this.
>
> I doubt if restarts were actually necessary in step 14 and if a reload
> would've been enough. On our discussion in IRC channel #debian-mailman,
> Pierre-Elliott Bécue (peb) assumes this caused the permissions to be borked.
>
> PS: Please rename the issue title as you see fit.
No need.
--
Pierre-Elliott Bécue
GPG: 9AE0 4D98 6400 E3B6 7528 F493 0D44 2664 1949 74E2
It's far easier to fight for one's principles than to live up to them.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20180426/40ca2305/attachment.sig>
More information about the Pkg-mailman-hackers
mailing list