essandess

Q: Mailman on Mavericks

I'm trying to configure mailman on Mavericks Server and am running into a few conceptual and technical difficulties. Any help would be greatly appreciated.

 

First, the easy part: installation and web server.  I used Macports, 'sudo port install mailman', created a site password with 'sudo /opt/local/share/mailman/bin/mmsitepass', then I set up an apache mailman.conf file to create the virtual domain lists.mydomain.private pointed at the correct cgi-bin in the mailman distribution under /opt/local/var/mailman. That all works fine.

 

What doesn't work are my attempts at interfacing with Server postfix.

 

Mailman has several configuration options, and I'm trying to use the one that uses the file postfix-to-mailman.py to avoid messing with aliases in /etc/aliases.

 

When I add mailman aliases with pipe commands, I get the error

 

The mail system <mailman-owner@mydomain.com>: Command died with status 2:

   "/opt/local/libexec/mailman/mail/mailman owner mailman". Command output: Group mismatch error.  Mailman expected the mail wrapper script to be executed as group "_mailman", but the system's mail server executed the mail script as group "nobody".  Try tweaking the mail server to run the script as group "_mailman", or re-run configure, providing the command line option `--with-mail-gid=nobody'.

 

So I tried using postfix-to-mailman.py along with its configuration instructions, which involve configuring postfix to use mail sent to lists.mydomain.com as a transport.

 

But I can't get OS X Server Mail to accept mail sent to user@lists.mydomain.com. I did the obvious virtual domain configuration in Server.app, and set up DNS  so that lists.mydomain.com has an A record and an MX record, both pointing to the server.

 

So I'm stuck—what's a decent/working mailman configuration on OS X Server?

 

P.S. This link <https://discussions.apple.com/message/19109176#19109176> has expired.

OS X Mavericks (10.9), OS X Server, EyeTV HD, Turbo.264 HD

Posted on Dec 29, 2013 1:58 PM

Close

Q: Mailman on Mavericks

  • All replies
  • Helpful answers

Page 1 Next
  • by cjmandrake,

    cjmandrake cjmandrake Dec 29, 2013 9:28 PM in response to essandess
    Level 1 (40 points)
    Dec 29, 2013 9:28 PM in response to essandess

    I installed mailman from the source tree on mailman's website. I untarred it and followed the instructions in the readme. I got the same error that you got regarding it running with the wrong gid, so I re-ran the configure with --with-mail-gid=nobody, and it worked.

     

    I use macports for almost everything, but for some reason I just got the regular package and all worked pretty smoothly.

     

    You have to have xcode installed and the command line tools, as well.

     

    -Cameron

  • by essandess,

    essandess essandess Dec 30, 2013 7:01 AM in response to cjmandrake
    Level 1 (28 points)
    Applications
    Dec 30, 2013 7:01 AM in response to cjmandrake

    Thanks for your response. From the documentation and googling I see, it is unnecessary and undesirable to add mailman aliases to /etc/aliases, as mailman should generate these automatically in data/aliases (/opt/local/var/mailman/data/aliases for macports). And the mailmain executable has its sticky bit set so that it is run as the group _mailman:

     

    ls -l /opt/local/libexec/mailman/mail/mailman

    -rwxr-sr-x  1 root  _mailman  15492 Dec 20 12:30 /opt/local/libexec/mailman/mail/mailman


    I'd like to configure mailman to interact with postfix as designed, and avoid any possible secuity issues allowing code to be run as nobody. (For the same reasons, using postfix-to-mailman.py should be unnecessary and undesirable.)

     

    It appears that there should be a way to edit /etc/postfix/main.cf and set the alias_maps or virtual_alias_maps variables. But I don't see clear instructions how to accomplish this.

     

    • Should the virtual mail domain lists.mydomain.com be setup in postfix first so that mail to user@lists.mydomain.com is redirected to user@mail.mydomain.com. Or will this break the mailman setup, which will want to eat all mail sent to lists.mydomain.com?
    • How does one configure the mailman aliases. I don't have a mailman alias file /opt/local/var/mailman/data/aliases . Did I miss some configuration step? Googling around shows something about setting the variable MTA='Postfix' in mm_cfg.py (/opt/local/share/mailman/Mailman/mm_cfg.py).
    • Is it also necessary to use Server.app's virtual mail domains? Are local DNS MX entries necessary, or will postfix just handle everything submitted to smtp?

     


  • by cjmandrake,

    cjmandrake cjmandrake Dec 30, 2013 9:01 AM in response to essandess
    Level 1 (40 points)
    Dec 30, 2013 9:01 AM in response to essandess

    The main.cf that you are looking for is in /Library/Server/Mail/Config/postfix. The alias_maps are commented out as the default is /etc/aliases. You can add or edit one of the current lines to say...

     

    alias_maps = hash:/etc/aliases, hash:/opt/local/var/mailman/data/aliases

     

    Then restart postfix.

     

    You shouldn't have to add an MX record for lists.yourdmain.com as long as there is an MX record for yourdomain.com.

     

    Not sure why you don't have an aliases file for mailman. I used the fresh source from mailman's website, and my aliases are there. I didn't even realize it made this file, so I've been using /etc/aliases.

     

    You might do a 'sudo /usr/libexec/locate.updatedb' and wait for it to finish and then use...

     

    locate aliases.db

     

    To see if mailman is storing them elsewhere. Otherwise, you may just have to use the /etc/aliases file, or create your own for just mailman and add it to the alias_maps line in main.cf in the /Library/Server heirarchy.

     

    My mailman is running without doing editing of postfix configs except /etc/aliases. I didn't have to edit any virtual mail domains, since the aliases are pipes to the mailman program, the list email address is one of the options in the mailman administration interface for each list.

     

    As for your execution problem, have you tried "sudo /usr/share/mailman/bin/check_perms -f"?

     

    Hope this helps.

     

    -Cameron

  • by essandess,

    essandess essandess Dec 31, 2013 11:53 AM in response to cjmandrake
    Level 1 (28 points)
    Applications
    Dec 31, 2013 11:53 AM in response to cjmandrake

    Thanks. Getting closer -- mailman creates the ./data/aliases database, but OS X Server postfix isn't accepting mail sent to mailman, e.g. mailman-request@mydomain.com.

     

    I added these lines to mm_cfg.py (/opt/local/share/mailman/Mailman/mm_cfg.py)

     

    POSTFIX_STYLE_VIRTUAL_DOMAINS=['lists.mydomain.com']

    MTA='Postfix'

    add_virtualhost('lists.mydomain.com')

    MAILMAN_SITE_LIST='mailman'

     

    And this line to main.cf (both in /Library/Server/Mail/Config/postfix/main.cf and /etc/postfix/main.cf because I'm never sure which file OS X Server uses)

     

    alias_maps = hash:/etc/aliases, hash:/opt/local/var/mailman/data/aliases

     

    Both aliases files exist, and have the correct permissions and entries.

     

    I've also restarted mail, run newaliases, and checked permissions, as well as checking that postfix can read the aliases:

     

    sudo -u _mailman /opt/local/share/mailman/bin/check_perms -f

    sudo serveradmin stop mail && sudo serveradmin start mail

    sudo newaliases

    sudo postmap -q mailman-request hash:/opt/local/var/mailman/data/aliases


    All looks to be setup correctly, yet mail sent to mailman, e.g. mailman-request@mydomain.com bounces with a 550 smtp error "Recipient address rejected: User unknown in local recipient table (in reply to RCPT TO command)".


    My guess is that mailman is configured correctly, but OS X Server postfix isn't.


    Any suggestions for the cause of bounced email sent to mailman aliases?


     

     

     

     

     


  • by cjmandrake,

    cjmandrake cjmandrake Dec 31, 2013 12:10 PM in response to essandess
    Level 1 (40 points)
    Dec 31, 2013 12:10 PM in response to essandess

    Look in the directory with the mailman aliases file and make sure there is a corresponding aliases.db file. Newaliases and postmap might just be hashing the /etc/aliases file, so you might have to do it by hand.

     

    Also, what are the log entries when the mail bounces? They might reveal more clues.

     

    You can also check your Defaults.py for DEFAULT_EMAIL_HOST and DEFAULT_URL_HOST.

     

    As a test, copy one of the mailing list alias blocks to /etc/aliases and do a newaliases and see if the mailserver will accept from that list. If it does, then you know that postfix is ignoring the mailman aliases file.

  • by essandess,

    essandess essandess Dec 31, 2013 12:45 PM in response to cjmandrake
    Level 1 (28 points)
    Applications
    Dec 31, 2013 12:45 PM in response to cjmandrake

    Look in the directory with the mailman aliases file and make sure there is a corresponding aliases.db file. Newaliases and postmap might just be hashing the /etc/aliases file, so you might have to do it by hand.

     

    Thanks again and Happy New Year. Both aliases and aliases.db both exist.

     

    Also, what are the log entries when the mail bounces? They might reveal more clues.

     

    Thanks -- looking in /var/log/mail.log, I see "fatal: open database /opt/local/var/mailman/data/aliases.db: Permission denied" so I ran

     

    sudo chmod o+r /opt/local/var/mailman/data/aliases*

    sudo chown root /opt/local/var/mailman/data/aliases*

    sudo /opt/local/share/mailman/bin/check_perms -f


    I ended up with these permissions:


    ls -l /opt/local/var/mailman/data/aliases*

    -rw-rw-r--  1 root      _mailman   1238 Dec 31 12:16 /opt/local/var/mailman/data/aliases

    -rw-rw-r--  1 _mailman  _mailman  16384 Dec 31 12:16 /opt/local/var/mailman/data/aliases.db


    But mail keeps bouncing.

     

    You can also check your Defaults.py for DEFAULT_EMAIL_HOST and DEFAULT_URL_HOST.

     

    Changed those to match mm_cfg.py as well. Still bouncing mail.

     

    copy one of the mailing list alias blocks to /etc/aliases and do a newaliases and see if the mailserver will accept from that list. If it does, then you know that postfix is ignoring the mailman aliases file.


    I added to /etc/aliases the line and sent mail to mailman-request@mydomain.com:


    mailman-request:     "|/opt/local/libexec/mailman/mail/mailman request mailman"


    Rather than a 550 bounce, I get the "group mismatch error" failure: "<mailman-request@mydomain.com> Command died with status 2:

       "/opt/local/libexec/mailman/mail/mailman request mailman". Command output:

       Group mismatch error.  Mailman expected the mail wrapper script to be

       executed as group "_mailman", but the system's mail server executed the

       mail script as group "nobody".  Try tweaking the mail server to run the

       script as group "_mailman", or re-run configure,  providing the command

       line option `--with-mail-gid=nobody'."


    Now postfix knows about the alias, but is trying to run mailman as nobody rather than _mailman. Postfix obviously isn't getting the ./mailman/data/aliases file, which it needs to run with the correct permissions. There's probably some missing directive or variable in main.cf.

  • by cjmandrake,Helpful

    cjmandrake cjmandrake Dec 31, 2013 1:46 PM in response to essandess
    Level 1 (40 points)
    Dec 31, 2013 1:46 PM in response to essandess

    Okay, I found some clues...

     

    Mailman runs the pipe as the group of the owner of the aliases.db file. So, if it is not accessing its own aliases file, and it is getting the information from /etc/aliases, it sees the aliases file owned by root.wheel, which it will interpret to run as 'nobody'.

     

    So, the solution is to figure out why postfix is not seeing the mailman aliases file. Once you get it seeing that aliases file, you can make sure that the aliases.db file created by mailman is owned my mailman and the group set to mailman, as well.

     

    Did you restart postfix after changing the aliases line in the config?

  • by cjmandrake,Helpful

    cjmandrake cjmandrake Dec 31, 2013 2:33 PM in response to cjmandrake
    Level 1 (40 points)
    Dec 31, 2013 2:33 PM in response to cjmandrake

    Another thing to try is to use serveradmin to change the settings in the config. That way, you know it is putting the setting in the proper place.

     

    sudo serveradmin set mail:postfix:alias_maps="hash:/etc/aliases, hash:/opt/local/mailman/data/aliases"

     

    You'll need to restart the mail service after executing the command.

  • by essandess,

    essandess essandess Jan 1, 2014 6:14 AM in response to cjmandrake
    Level 1 (28 points)
    Applications
    Jan 1, 2014 6:14 AM in response to cjmandrake

    Thanks again. Getting very close, but still no cigar. Mail TO mailmail is delivered, but mail FROM mailman is rejected with the error "Relay access denied".

     

    I use my ISP's outgoing mailserver proxy, but I thought that OS X Server would handle this automatically. Must mailman also (somehow?) be configured to use the relay?

     

    Here are the logs for mail sent to mailman-request@mydomain.com:

     

    Jan  1 07:21:05 host.mydomain.com postfix/postscreen[76484]: CONNECT from [103.9.98.131]:47821 to [10.0.1.3]:25

    Jan  1 07:21:05 host.mydomain.com postfix/postscreen[76484]: PASS OLD [103.9.98.131]:47821

    Jan  1 07:21:06 host.mydomain.com postfix/smtpd[76486]: connect from h1.dnsmail.com[103.9.98.131]

    Jan  1 07:21:07 host.mydomain.com postfix/smtpd[76486]: DC5A1502368F: client=h1.dnsmail.com[103.9.98.131]

    Jan  1 07:21:07 host.mydomain.com postfix/cleanup[76496]: DC5A1502368F: message-id=<98B0F190-1668-4FFB-9836-B5B4676F8DA2@me.com>

    Jan  1 07:21:07 host.mydomain.com postfix/smtpd[76486]: disconnect from h1.dnsmail.com[103.9.98.131]

    Jan  1 07:21:07 host.mydomain.com postfix/qmgr[75596]: DC5A1502368F: from=<me@me.com>, size=1566, nrcpt=1 (queue active)

    Jan  1 07:21:11 host.mydomain.com postfix/smtpd[76510]: connect from localhost[127.0.0.1]

    Jan  1 07:21:12 host.mydomain.com postfix/smtpd[76510]: AE7FE5F842AC: client=localhost[127.0.0.1]

    Jan  1 07:21:12 host.mydomain.com postfix/cleanup[76496]: AE7FE5F842AC: message-id=<98B0F190-1668-4FFB-9836-B5B4676F8DA2@me.com>

    Jan  1 07:21:12 host.mydomain.com postfix/qmgr[75596]: AE7FE5F842AC: from=<me@me.com>, size=2054, nrcpt=1 (queue active)

    Jan  1 07:21:12 host.mydomain.com postfix/smtp[76497]: DC5A1502368F: to=<mailman-request@mydomain.com>, relay=127.0.0.1[127.0.0.1]:10024, delay=5.5, delays=1.3/0.11/0.01/4.1, dsn=2.0.0, status=sent (250 2.0.0 from MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as AE7FE5F842AC)

    Jan  1 07:21:12 host.mydomain.com postfix/qmgr[75596]: DC5A1502368F: removed

    Jan  1 07:21:12 host.mydomain.com postfix/local[76513]: AE7FE5F842AC: to=<mailman-request@mydomain.com>, relay=local, delay=1.1, delays=0.38/0.19/0/0.51, dsn=2.0.0, status=sent (delivered to command: /opt/local/libexec/mailman/mail/mailman request mailman)

    Jan  1 07:21:12 host.mydomain.com postfix/qmgr[75596]: AE7FE5F842AC: removed

    Jan  1 07:21:14 host.mydomain.com postfix/postscreen[76484]: CONNECT from [::1]:54514 to [::1]:25

    Jan  1 07:21:14 host.mydomain.com postfix/postscreen[76484]: PASS OLD [::1]:54514

    Jan  1 07:21:14 host.mydomain.com postfix/smtpd[76486]: connect from localhost[::1]

    Jan  1 07:21:16 host.mydomain.com postfix/smtpd[76486]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <me@me.com>: Relay access denied; from=<mailman-bounces@mydomain.com> to=<me@me.com> proto=ESMTP helo=<host.mydomain.com>

  • by essandess,

    essandess essandess Jan 1, 2014 6:39 AM in response to essandess
    Level 1 (28 points)
    Applications
    Jan 1, 2014 6:39 AM in response to essandess

    Or possibly I must configure mailman to authenticate into my own smtp server?

  • by essandess,

    essandess essandess Jan 1, 2014 7:29 AM in response to essandess
    Level 1 (28 points)
    Applications
    Jan 1, 2014 7:29 AM in response to essandess

    I tried adding these variables to mm_cfg.py for BOTH my own SMTP server and external relay, but I'm still getting the same "Relay access denied error".

     

    I'm stuck at this step.

     

    SMTPHOST = 'smtp.comcast.net'

    SMTPPORT = 587

    SMTP_AUTH = Yes

    SMTP_USERNAME = 'username'

    SMTP_PASSWORD = 'password'

    DELIVERY_MODULE = 'ASMTPDirect'


    Error log:


    postfix/smtpd[9887]: NOQUEUE: reject: RCPT from localhost[::1]: 554 5.7.1 <me@me.com>: Relay access denied; from=<mailman-bounces@mydomain.com> to=<me@me.com> proto=ESMTP helo=<host.mydomain.com>

  • by essandess,

    essandess essandess Jan 1, 2014 7:50 AM in response to essandess
    Level 1 (28 points)
    Applications
    Jan 1, 2014 7:50 AM in response to essandess

    More diagnostic test, following this thread. I tried adding my server's LAN IP to postfix's $mynetworks variable, to no avail (followed by 'sudo postfix reload', of course). I'm still getting the "Relay access denied" error.

     

    mynetworks = 127.0.0.0/8, 10.0.1.3

    smtpd_client_restrictions = permit_mynetworks permit_sasl_authenticated reject_rbl_client zen.spamhaus.org permit

  • by cjmandrake,Solvedanswer

    cjmandrake cjmandrake Jan 1, 2014 8:34 AM in response to essandess
    Level 1 (40 points)
    Jan 1, 2014 8:34 AM in response to essandess

    Your mailman is trying to connect via ipv6 and not ipv4, so you need to add your ipv6 localhost to mynetworks. Your ipv6 localhost is ::1.

  • by essandess,

    essandess essandess Jan 1, 2014 8:45 AM in response to cjmandrake
    Level 1 (28 points)
    Applications
    Jan 1, 2014 8:45 AM in response to cjmandrake

    Woohoo! That's it! I added the following line to main.cf and have everything working end-to-end now. I'll hammer on this a little and post summary configuration notes after I think it's solid.

     

    mynetworks = 127.0.0.0/8, [::1]

Page 1 Next