Report forwarded
to debian-bugs-dist@lists.debian.org, Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>: Bug#921445; Package mailman3.
(Tue, 05 Feb 2019 16:06:04 GMT) (full text, mbox, link).
Acknowledgement sent
to Antoine Beaupre <anarcat@debian.org>:
New Bug report received and forwarded. Copy sent to Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>.
(Tue, 05 Feb 2019 16:06:04 GMT) (full text, mbox, link).
To: Debian Bug Tracking System <submit@bugs.debian.org>
Subject: mailman3 assumes Postfix is not chrooted
Date: Tue, 05 Feb 2019 11:04:15 -0500
Package: mailman3
Version: 3.2.0-4~bpo9+1
Severity: important
During the jessie to stretch upgrade of my mail server:
-postfix 2.11.3-1+deb8u2 amd64
+postfix 3.1.4-7 amd64
The following happened to my `master.cf` file:
-pickup fifo n - - 60 1 pickup
-cleanup unix n - - - 0 cleanup
+pickup fifo n - y 60 1 pickup
+cleanup unix n - y - 0 cleanup
ie. most Postfix processes now run in a chroot. This includes the
endpoints Mailman talks with. This makes the location of the LMTP and
transport files created by mailman 3 unreadable by postfix, even
though the README.Debian suggests the following configuration:
transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
That configuration doesn't work, as Postfix can't read those
directories. I used this configuration instead:
transport_maps = hash:/etc/postfix/transport
hash:mailman3/postfix_lmtp
local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
And then created the directories in the new location:
touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
chown list:list /var/spool/postfix/mailman3/postfix_*
postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/
Finally, the `data_dir` location needs to be changed in the
`mailman.cfg` as well:
data_dir: /var/spool/postfix/mailman3/
I'm surprised the suggested configuration works for people - I suspect
it might only work on older machines that upgraded Postfix from
stretch without accepting the upstream changes.
That or I'm some paranoid freak that over-chrooted stuff I shouldn't
have, which is also entirely possible.
Either case, some improvements to the README.Debian seem in order.
-- System Information:
Debian Release: buster/sid
APT prefers testing
APT policy: (500, 'testing'), (1, 'experimental'), (1, 'unstable')
Architecture: amd64 (x86_64)
Kernel: Linux 4.19.0-1-amd64 (SMP w/4 CPU cores)
Locale: LANG=fr_CA.UTF-8, LC_CTYPE=fr_CA.UTF-8 (charmap=UTF-8), LANGUAGE=fr_CA.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /usr/bin/dash
Init: systemd (via /run/systemd/system)
LSM: AppArmor: enabled
Versions of packages mailman3 depends on:
ii dbconfig-sqlite3 2.0.11
ii debconf [debconf-2.0] 1.5.70
ii logrotate 3.14.0-4
ii lsb-base 10.2018112800
ii python3 3.7.2-1
ii python3-aiosmtpd 1.2-3
ii python3-alembic 1.0.0-3
ii python3-click 7.0-1
ii python3-dnspython 1.16.0-1
ii python3-falcon 1.0.0-2+b3
ii python3-flufl.bounce 3.0-1
ii python3-flufl.i18n 2.0.1-1
ii python3-flufl.lock 3.2-1
ii python3-lazr.config 2.2-1
ii python3-passlib 1.7.1-1
ii python3-psycopg2 2.7.7-1
ii python3-public 0.5-1
ii python3-pymysql 0.9.3-1
ii python3-requests 2.20.0-2
ii python3-sqlalchemy 1.2.15+ds1-1
ii python3-zope.component 4.3.0-1
ii python3-zope.configuration 4.0.3-3
ii python3-zope.event 4.2.0-1
ii python3-zope.interface 4.3.2-1+b2
ii ucf 3.0038+nmu1
Versions of packages mailman3 recommends:
ii postfix [mail-transport-agent] 3.3.2-1+b1
Versions of packages mailman3 suggests:
ii chromium [www-browser] 72.0.3626.53-1
ii firefox-esr [www-browser] 60.4.0esr-1
ii mailman3-doc 3.2.0-4
ii mariadb-server-10.3 [virtual-mysql-server] 1:10.3.12-2
ii w3m [www-browser] 0.5.3-37
-- debconf-show failed
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>: Bug#921445; Package mailman3.
(Tue, 11 Feb 2020 22:15:03 GMT) (full text, mbox, link).
Hi,
On Tue, 05 Feb 2019 11:04:15 -0500 Antoine Beaupre <anarcat@debian.org> wrote:
> Package: mailman3
> Version: 3.2.0-4~bpo9+1
> Severity: important
>
> During the jessie to stretch upgrade of my mail server:
>
> -postfix 2.11.3-1+deb8u2 amd64
> +postfix 3.1.4-7 amd64
>
> The following happened to my `master.cf` file:
>
> -pickup fifo n - - 60 1 pickup
> -cleanup unix n - - - 0 cleanup
> +pickup fifo n - y 60 1 pickup
> +cleanup unix n - y - 0 cleanup
>
> ie. most Postfix processes now run in a chroot. This includes the
> endpoints Mailman talks with. This makes the location of the LMTP and
> transport files created by mailman 3 unreadable by postfix, even
> though the README.Debian suggests the following configuration:
>
> transport_maps = hash:/var/lib/mailman3/data/postfix_lmtp
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:/var/lib/mailman3/data/postfix_lmtp
> relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:/var/lib/mailman3/data/postfix_domains
>
> That configuration doesn't work, as Postfix can't read those
> directories.
I can confirm this observation.
> I used this configuration instead:
>
> transport_maps = hash:/etc/postfix/transport
> hash:mailman3/postfix_lmtp
> local_recipient_maps = proxy:unix:passwd.byname $alias_maps hash:mailman3/postfix_lmtp
> relay_domains = ${{$compatibility_level} < {2} ? {$mydestination} : {}} hash:mailman3/postfix_domains
The file /etc/postfix/transport does not exist by default, so it should not be
included in a future README.Debian.
> And then created the directories in the new location:
>
> touch /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
> chown list:list /var/spool/postfix/mailman3/postfix_*
> postmap /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp
> ln -s /var/spool/postfix/mailman3/postfix_domains /var/spool/postfix/mailman3/postfix_lmtp /var/lib/mailman3/data/
Are you sure those were the steps you followed?
With how you are doing it, /var/spool/postfix/mailman3 will not be owned by
list:list and thus mailman3 cannot create additional files in it.
Also, instead of creating a symbolic link to the individual files, maybe
instead do:
$ ln -s /var/spool/postfix/mailman3 /var/lib/mailman3/data/
And in the beginning an mkdir command is missing.
> Finally, the `data_dir` location needs to be changed in the
> `mailman.cfg` as well:
>
> data_dir: /var/spool/postfix/mailman3/
>
> I'm surprised the suggested configuration works for people - I suspect
> it might only work on older machines that upgraded Postfix from
> stretch without accepting the upstream changes.
It certainly didn't work for me.
Please fix README.Debian.
Thanks!
cheers, josch
Information forwarded
to debian-bugs-dist@lists.debian.org, Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>: Bug#921445; Package mailman3.
(Thu, 17 Mar 2022 11:57:05 GMT) (full text, mbox, link).
Acknowledgement sent
to Jan Korbel <debian@teptin.net>:
Extra info received and forwarded to list. Copy sent to Debian Mailman Team <pkg-mailman-hackers@lists.alioth.debian.org>.
(Thu, 17 Mar 2022 11:57:05 GMT) (full text, mbox, link).
Debbugs is free software and licensed under the terms of the GNU
Public License version 2. The current version can be obtained
from https://bugs.debian.org/debbugs-source/.