[Pkg-mailman-hackers] Bug#921445: mailman3 assumes Postfix is not chrooted
Antoine Beaupre
anarcat at debian.org
Tue Feb 5 16:04:15 GMT 2019
Package: mailman3
Version: 3.2.0-4~bpo9+1
Severity: important
During the jessie to stretch upgrade of my mail server:
-postfix 2.11.3-1+deb8u2 amd64
+postfix 3.1.4-7 amd64
The following happened to my `master.cf` file:
-pickup fifo n - - 60 1 pickup
-cleanup unix n - - - 0 cleanup
+pickup fifo n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
ie. most Postfix processes now run in a chroot. This includes the
endpoints Mailman talks with. This makes the location of the LMTP and
transport files created by mailman 3 unreadable by postfix, even
though the README.Debian suggests the following configuration:
transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
That configuration doesn't work, as Postfix can't read those
directories. I used this configuration instead:
transport_maps = hash:/etc/postfix/transport
hash:mailman3/postfix_lmtp
local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
And then created the directories in the new location:
touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
chown list:list /var/spool/postfix/mailman3/postfix_*
postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/
Finally, the `data_dir` location needs to be changed in the
`mailman.cfg` as well:
data_dir: /var/spool/postfix/mailman3/
I'm surprised the suggested configuration works for people - I suspect
it might only work on older machines that upgraded Postfix from
stretch without accepting the upstream changes.
That or I'm some paranoid freak that over-chrooted stuff I shouldn't
have, which is also entirely possible.
Either case, some improvements to the README.Debian seem in order.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mailman3 depends on:
ii dbconfig-sqlite3 2.0.11
ii debconf [debconf-2.0] 1.5.70
ii logrotate 3.14.0-4
ii lsb-base 10.2018112800
ii python3 3.7.2-1
ii python3-aiosmtpd 1.2-3
ii python3-alembic 1.0.0-3
ii python3-click 7.0-1
ii python3-dnspython 1.16.0-1
ii python3-falcon 1.0.0-2+b3
ii python3-flufl.bounce 3.0-1
ii python3-flufl.i18n 2.0.1-1
ii python3-flufl.lock 3.2-1
ii python3-lazr.config 2.2-1
ii python3-passlib 1.7.1-1
ii python3-psycopg2 2.7.7-1
ii python3-public 0.5-1
ii python3-pymysql 0.9.3-1
ii python3-requests 2.20.0-2
ii python3-sqlalchemy 1.2.15+ds1-1
ii python3-zope.component 4.3.0-1
ii python3-zope.configuration 4.0.3-3
ii python3-zope.event 4.2.0-1
ii python3-zope.interface 4.3.2-1+b2
ii ucf 3.0038+nmu1
Versions of packages mailman3 recommends:
ii postfix [mail-transport-agent] 3.3.2-1+b1
Versions of packages mailman3 suggests:
ii chromium [www-browser] 72.0.3626.53-1
ii firefox-esr [www-browser] 60.4.0esr-1
ii mailman3-doc 3.2.0-4
ii mariadb-server-10.3 [virtual-mysql-server] 1:10.3.12-2
ii w3m [www-browser] 0.5.3-37
-- debconf-show failed
More information about the Pkg-mailman-hackers
mailing list