[Pkg-mailman-hackers] Bug#921445: mailman3 assumes Postfix is not chrooted
Johannes Schauer
josch at debian.org
Tue Feb 11 22:03:36 GMT 2020
Hi,
On Tue, 05 Feb 2019 11:04:15 -0500 Antoine Beaupre <anarcat at debian.org> wrote:
> Package: mailman3
> Version: 3.2.0-4~bpo9+1
> Severity: important
>
> During the jessie to stretch upgrade of my mail server:
>
> -postfix 2.11.3-1+deb8u2 amd64
> +postfix 3.1.4-7 amd64
>
> The following happened to my `master.cf` file:
>
> -pickup fifo n - - 60 1 pickup
> -cleanup unix n - - - 0 cleanup
> +pickup fifo n - y 60 1 pickup
> +cleanup unix n - y - 0 cleanup
>
> ie. most Postfix processes now run in a chroot. This includes the
> endpoints Mailman talks with. This makes the location of the LMTP and
> transport files created by mailman 3 unreadable by postfix, even
> though the README.Debian suggests the following configuration:
>
> transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
> relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
>
> That configuration doesn't work, as Postfix can't read those
> directories.
I can confirm this observation.
> I used this configuration instead:
>
> transport_maps = hash:/etc/postfix/transport
> hash:mailman3/postfix_lmtp
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
> relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
The file /etc/postfix/transport does not exist by default, so it should not be
included in a future README.Debian.
> And then created the directories in the new location:
>
> touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
> chown list:list /var/spool/postfix/mailman3/postfix_*
> postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
> ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/
Are you sure those were the steps you followed?
With how you are doing it, /var/spool/postfix/mailman3 will not be owned by
list:list and thus mailman3 cannot create additional files in it.
Also, instead of creating a symbolic link to the individual files, maybe
instead do:
$ ln -s /var/spool/postfix/mailman3 /var/lib/mailman3/data/
And in the beginning an mkdir command is missing.
> Finally, the `data_dir` location needs to be changed in the
> `mailman.cfg` as well:
>
> data_dir: /var/spool/postfix/mailman3/
>
> I'm surprised the suggested configuration works for people - I suspect
> it might only work on older machines that upgraded Postfix from
> stretch without accepting the upstream changes.
It certainly didn't work for me.
Please fix README.Debian.
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-mailman-hackers/attachments/20200211/6c1371e5/attachment.sig>
More information about the Pkg-mailman-hackers
mailing list