I included some notes at the end of this mail from a successful Mailman install on an Ensim system that I did last year. This was using Mailman 2.0.13, but the principle is the same for version 2.1.x
On Tue, 2003-03-11 at 13:43, Paul H Byerly wrote: > Jon Carnes wrote: > >Looks like you are setting up Mailman in a chrooted environment. > > Correct. If I understand correctly, in chroot the server does not > know anything above it exists? It thinks that tmblists.com is the root > directory? This is a little screwy, but basically correct. If you setup the chroot properly, then the system sendmail will startup a chrooted sendmail for all mail that is destined for the virtual domain. The wrapper and smrsh crap all take place inside the chroot (using the chrooted Sendmail). So you need to setup the chrooted smrsh and setup the mailman groups and user in the local /etc of the chroot. The main problem I had at the time was getting python to work inside the Chroot. I had to install it from source inside the Chroot (the system version was way behind). > > >This is not for the faint of heart. > > Tell me about it! > > >I've done a few of these and they take a lot of tweaks to setup properly. > > I've tweaked every way I can think of. I need to do some searching > on changing the sendmail configuration I guess. > > >The only real advice I can give is to take it slowly and test each step. > >If you understand what mailman is doing and how chrooted environments work > >then you will persevere > > Unfortunately my understanding of both is limited. I'm willing to > take the time to learn, but I don't even know where to start. Any hints > where I can find the resources to learn what I need to know? I did a > search on Google for ' "chrooted environment" +mailman ' and got a lot of > hits - but they all have "mailman" in an included URL as it's part of a > mailman list and nothing of help. I've been thru all the readmes in mailman. > > >Good Luck - Jon Carnes > > I'm going to need it! I have found plenty of people looking to get > Mailman working under Ensim, but no one offering a how to. Ensim is > becoming more and more used, and sooner or later someone is going to cover > this. If I ever get it running I will do a how to. I'll take you up on that! That's why I'm sharing my notes. > > > One other question, on getting CGI to run. Apparently Ensim won't > deal with cgi files that have permissions above 755. When I ran a > re-configure after changing the CGI directories to 755, the checkperms saw > this as an error and changed it. If I change the permissions after I'm up > and running is this going to break anything in Mailman? I don't think this is exactly true. Your chroot environment has a limited amount of UserID's and GroupID's that are available to be used inside (and really outside as well) the Chroot. If I recall correctly, every UID and GID (that you use inside the chroot) have to exist in both the system /etc and in your chrooted /etc HtH - Jon Carnes ====== Here are some notes/comments from an Ensim install that I did last year... === Well it truly was a b*tch, but I got it working using mostly your setup. In the future (if you do this again), you should install Mailman from source and directly into the chroot area and use a site specific user/group like "mailman7" instead of just "mailman". It doesn't really matter if no one else on the server wants to use Mailman. I leave it to you to get the http virtual host setup. That should be a piece of cake. I've setup Mailman to respond to any name that gets you to the proper ip address. Once you've got the virtual website setup then you can use the web-admin tool to move the list over to using "www.********.com" - but DONT do that until the virtual site is working and it pulls up Mailman's admin site (or you will be hosed). BTW: the current list is setup so that all email is moderated. You'll have to go to the website and approve any messages before they will go out. Good Luck. I'm including my work notes below. Jon Carnes ========================================================================= [EMAIL PROTECTED] jonc]$ ssh ***.***.***.109 Warning: Permanently added '***.***.***.109' (RSA) to the list of known hosts. [EMAIL PROTECTED]'s password: ********************************************************* Changes to system files may affect your warranty and discharge Ensim from any further obligation to provide customer with warranty services or support hereunder ********************************************************* [EMAIL PROTECTED] jonc]$ ls [EMAIL PROTECTED] jonc]$ cd /etc [EMAIL PROTECTED] etc]$ grep mailman passwd mailman:x:41:41:GNU Mailing List Manager:/var/mailman:/bin/false [EMAIL PROTECTED] etc]$ grep mailman group mailman:x:41: [EMAIL PROTECTED] etc]$ grep mailman aliases # mailman aliases mailman: postmaster mailman-owner: mailman neurons: "|/var/mailman/mail/wrapper post neurons" neurons-admin: "|/var/mailman/mail/wrapper mailowner neurons" neurons-request: "|/var/mailman/mail/wrapper mailcmd neurons" [EMAIL PROTECTED] etc]$ ====== sendmail.cf # default UID (can be username or userid:groupid) O DefaultUser=8:12 ====== httpd.conf # User/Group: The name (or #number) of the user/group to run httpd as. # . On SCO (ODT 3) use "User nouser" and "Group nogroup". # . On HPUX you may not be able to use shared memory as nobody, and the # suggested workaround is to create a user www and use that user. # NOTE that some kernels refuse to setgid(Group) or semctl(IPC_SET) # when the value of (unsigned)Group is above 60000; # don't use Group #-1 on these systems! # User apache Group apache ... ScriptAlias /cgi-bin/ /var/www/cgi-bin/ ScriptAlias /mailman/ /var/mailman/cgi-bin/ # # /var/www/cgi-bin should be changed to whatever your ScriptAliased # CGI directory exists, if you have that configured. # <Directory /var/www/cgi-bin> AllowOverride None Options ExecCGI FollowSymLinks Order allow,deny Allow from all </Directory> <Directory /var/mailman/cgi-bin> AllowOverride None Options ExecCGI FollowSymLinks Order allow,deny Allow from all </Directory> ====== [EMAIL PROTECTED] etc]$ grep apache passwd apache:x:48:48:Apache:/var/www:/bin/false [EMAIL PROTECTED] etc]$ grep apache group apache:x:48: ====== Inspection of the mailman directory (/var/mailman) indicates that the group rights are incorrect. chgrp -R mailman /var/mailman/ ====== Set Mailman Site password to "******" ~mailman/bin/mmsitepass ====== /var/log/maillog - After test message Dec 11 09:46:32 panegyris sendmail[7163]: gBBHkVr07163: from=<[EMAIL PROTECTED]>, size=631, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, daemon=MTA, relay=moya.trilug.org [64.244.27.141] Dec 11 09:46:32 panegyris virthostmail[7166]: Chrooting to /home/virtual/site7/fst Dec 11 09:46:32 panegyris sendmail[7168]: gBBHkW907168: from=<[EMAIL PROTECTED]>, size=869, class=0, nrcpts=1, msgid=<[EMAIL PROTECTED]>, proto=ESMTP, [EMAIL PROTECTED] Dec 11 09:46:32 panegyris sendmail[7165]: gBBHkVr07163: to=<[EMAIL PROTECTED]>, delay=00:00:01, xdelay=00:00:00, mailer=virthostmail, pri=30631, relay=neurosemantics.com, dsn=2.0.0, stat=Sent (gBBHkW907168 Message accepted for delivery) Dec 11 09:46:32 panegyris Mailman mail-wrapper: No such file or directory Dec 11 09:46:32 panegyris sendmail[7169]: gBBHkW907168: to="|/var/mailman/mail/wrapper post neurons", ctladdr=<[EMAIL PROTECTED]> (516/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30080, dsn=5.3.0, stat=unknown mailer error 4 Dec 11 09:46:32 panegyris sendmail[7169]: gBBHkW907168: gBBHkW907169: DSN: unknown mailer error 4 Dec 11 09:46:53 panegyris sendmail[7169]: gBBHkW907169: to=<[EMAIL PROTECTED]>, delay=00:00:21, xdelay=00:00:21, mailer=esmtp, pri=30180, relay=ncmx01.mgw.rr.com. [24.93.67.251], dsn=2.0.0, stat=Sent (gBBGZoOL026826 Message accepted for delivery) ====== created link to /var/mailman inside chrooted environment. ====== Test message bounce: ----- The following addresses had permanent fatal errors ----- "|/var/mailman/mail/wrapper post neurons" (reason: 2) (expanded from: <[EMAIL PROTECTED]>) ----- Transcript of session follows ----- Failure to exec script. WANTED gid 12, GOT gid 516. (Reconfigure to take 516?) 554 5.3.0 unknown mailer error 2 ====== [EMAIL PROTECTED] smrsh]# grep 516 /etc/group admin7:x:516: The chrooted MTA must run as "admin7" To test, I changed admin7's primary group to 12 (in /etc/passwd) and added "admin7" to the admin7 group (in /etc/group) We may only need to do this in the chrooted environment (if so then this will fail). ====== /var/log/maillog Dec 11 11:19:12 panegyris sendmail[7611]: gBBJJBr07609: to=<[EMAIL PROTECTED]>, delay=00:00:00, xdelay=00:00:00, mailer=virthostmail, pri=31603, relay=neurosemantics.com, dsn=2.0.0, stat=Sent (gBBJJCs07614 Message accepted for delivery) Dec 11 11:19:12 panegyris Mailman mail-wrapper: No such file or directory Dec 11 11:19:12 panegyris sendmail[7615]: gBBJJCs07614: to="|/var/mailman/mail/wrapper post neurons", ctladdr=<[EMAIL PROTECTED]> (516/0), delay=00:00:00, xdelay=00:00:00, mailer=prog, pri=30796, dsn=5.3.0, stat=unknown mailer error 4 Dec 11 11:19:12 panegyris sendmail[7615]: gBBJJCs07614: gBBJJCs07615: DSN: unknown mailer error 4 Dec 11 11:19:17 panegyris sendmail[7615]: gBBJJCs07615: to=<[EMAIL PROTECTED]>, delay=00:00:05, xdelay=00:00:05, mailer=esmtp, pri=30896, relay=ncmx01.mgw.rr.com. [24.93.67.251], dsn=2.0.0, stat=Sent (gBBI89OL006271 Message accepted for delivery) ====== [EMAIL PROTECTED] bin]# ./check_perms directory must be at least 02775: /var/mailman directory permissions must be at least 02775: /var/mailman/cron directory permissions must be at least 02775: /var/mailman/spam directory permissions must be at least 02775: /var/mailman/logs Problems found: 4 Re-run as mailman (or root) with -f flag to fix [EMAIL PROTECTED] bin]# ./check_perms -f directory must be at least 02775: /var/mailman (fixing) directory permissions must be at least 02775: /var/mailman/cron (fixing) directory permissions must be at least 02775: /var/mailman/spam (fixing) directory permissions must be at least 02775: /var/mailman/logs (fixing) Problems found: 4 ====== Python was not in the chrooted environment. I copied the version used and its modules into the chroot. File "/var/mailman/Mailman/Utils.py", line 601, in open_ex fd = os.open(filename, flags, perms) IOError: [Errno 2] No such file or directory: '/var/spool/mailman/qfiles/a8953d5dbd3e1fbc5b2bdee0999d821bf9c2de18.db' Alright this points the way to other problems. Mainly that the chrooted install of Mailman is incomplete. The only way to make this work right is to replace the main mailman files with links to the Mailman files for Site7. This assumes that only Site7 is using Mailman. The work-around to this is to install mailman on the other sites separately with different users (ie mailman1, mailman2, etc) Then setup the crons for those separately, and include the alias files for the various sites in the main aliases or setup some virtusertab work-arounds. /var/spool/mailman -> /home/virtual/site7/fst/var/spool/mailman /var/mailman -> /home/virtual/site7/fst/var/mailman Note: this means modifying the httpd.conf file for the mailman entry. ========================================================================= On Tue, 2002-12-10 at 20:32, CS wrote: > Thanks man - I'm in overload with all our <work> - started to > go cross-eyed in front of the terminal ... sigh. > > > It's a rented server running Ensim on RH 7.2 from www.servepath.com and sits > in San Francisco > ------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org