I'm using mailman as a list server with courier as my MTA. The mailman user is in /etc/passwd as belonging to primary group 'mailman'. Mailman does security based on group ID and must be compiled with --with-mail-gid set to the group of the mail user. This is set to 'courier' which works for most purposes, both posting and handling bounces from list posts.
The one exception to this is the monthly password reminder postings which go out with an address of "mailman-bounces+<VERP address>@bailey.fmp.com" as the envelope sender, and if they bounce they come back to this address. Courier delivers them to the mailman account where I have a .courier-default file to pass them to a python script for processing. Unlike list posts and list post bounces, however, the delivering process runs as user mailman, group mailman, and mailman rejects them because the group id of the delivering process doesn't agree with the value of "courier" compiled into the wrapper. I've tried changing the gid set in the MySQL database on which courier authenticates and determines delivery directories, but apparently the MDA runs as the group set in /etc/passwd rather than as the group spec'd in the authentication database (is this a bug?). If I change the gid for mailman in /etc/passwd to the gid for courier, then these messages are delivered properly, however the mailman INSTALL specifically says that the mailman user must have it's own group ID, and all the mailman files are owned by mailman:mailman. I don't know what else might break if I were to make this change permanent. Supposedly, one can configure mailman at build time to accept any one of a set of groups specified in the --with-mail-gid, but putting these in a quoted, space-spearted list as arguments to the configure script doesn't work, and reading the code, I don't see where such a multiple-name lookup is supported since the wrapper uses a single strcmp call for the comparison. Outside of changing the spec'd gid of the mailman user in /etc/passwd, is there any way to instruct courier to use an alternate gid when delivering mail to a specific account? I would think that the gid spec'd in the authentication database should do this, but apparently it doesn't, even though the proper delivery directory is pulled from this database. -- Lindsay Haisley | "Everything works | PGP public key FMP Computer Services | if you let it" | available at 512-259-1190 | (The Roadie) | <http://www.fmp.com/pubkeys> http://www.fmp.com | | ------------------------------------------------------- This SF.Net email sponsored by Black Hat Briefings & Training. Attend Black Hat Briefings & Training, Las Vegas July 24-29 - digital self defense, top technical experts, no vendor pitches, unmatched networking opportunities. Visit www.blackhat.com _______________________________________________ courier-users mailing list [EMAIL PROTECTED] Unsubscribe: https://lists.sourceforge.net/lists/listinfo/courier-users
