[Pkg-mailman-hackers] Bug#921445: mailman3 assumes Postfix is not chrooted

Johannes Schauer josch at debian.org
Tue Feb 11 22:03:36 GMT 2020 

Hi,

On Tue, 05 Feb 2019 11:04:15 -0500 Antoine Beaupre <anarcat at debian.org> wrote:
> Package: mailman3
> Version: 3.2.0-4~bpo9+1
> Severity: important
> 
> During the jessie to stretch upgrade of my mail server:
> 
>     -postfix 2.11.3-1+deb8u2 amd64
>     +postfix 3.1.4-7 amd64
> 
> The following happened to my `master.cf` file:
> 
>     -pickup    fifo  n       -       -       60      1       pickup
>     -cleanup   unix  n       -       -       -       0       cleanup
>     +pickup     fifo  n       -       y       60      1       pickup
>     +cleanup    unix  n       -       y       -       0       cleanup
> 
> ie. most Postfix processes now run in a chroot. This includes the
> endpoints Mailman talks with. This makes the location of the LMTP and
> transport files created by mailman 3 unreadable by postfix, even
> though the README.Debian suggests the following configuration:
> 
>     transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
>     local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
>     relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
> 
> That configuration doesn't work, as Postfix can't read those
> directories.

I can confirm this observation.

> I used this configuration instead:
> 
>     transport_maps = hash:/etc/postfix/transport
>                      hash:mailman3/postfix_lmtp
>     local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
>     relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains

The file /etc/postfix/transport does not exist by default, so it should not be
included in a future README.Debian.

> And then created the directories in the new location:
> 
>     touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
>     chown list:list /var/spool/postfix/mailman3/postfix_*
>     postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
>     ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/

Are you sure those were the steps you followed?

With how you are doing it, /var/spool/postfix/mailman3 will not be owned by
list:list and thus mailman3 cannot create additional files in it.

Also, instead of creating a symbolic link to the individual files, maybe
instead do:

    $ ln -s /var/spool/postfix/mailman3 /var/lib/mailman3/data/

And in the beginning an mkdir command is missing.

> Finally, the `data_dir` location needs to be changed in the
> `mailman.cfg` as well:
> 
>     data_dir: /var/spool/postfix/mailman3/
> 
> I'm surprised the suggested configuration works for people - I suspect
> it might only work on older machines that upgraded Postfix from
> stretch without accepting the upstream changes.

It certainly didn't work for me.

Please fix README.Debian.

Thanks!

cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20200211/6c1371e5/attachment.sig>

More information about the Pkg-mailman-hackers mailing list