We are seeing messages get dropped after passing through moderation on every one of our mailing lists.
== Moderation fails when performed on a *separate* webserver ==
Our Mailman environment is split across two servers, front-end and back-end. The back-end server handles Postfix and the Mailman qrunners, while the front-end server hosts Apache and the Mailman CGI scripts for moderating lists. The two servers share an NFS mount between them that includes all the shared Mailman data. All normal mail flow is working correctly, but when a list moderator logs into the web frontend and approves a message, it disappears without a trace.
1. Postfix smtpd receives the incoming message over SMTP, then
2. Postfix smtpd delivers the message to /usr/lib/mailman/mail/mailman.
3. Mailman marks writes to vette logfile (backend server) that message is held for approval.
4. List moderator uses CGI web interface to mark the message as approved.
5. Mailman writes an entry to vette logfile (on frontend server) saying held message approved.
6. At this point, the .pck file related to the held message disappears, but nothing is delivered, and no further log entries are created.
== Moderation succeeds with web interface on the main Mailman server ==
Although we don't normally run the Mailman web interface on the back-end server (to reduce attack surface), I got it running for testing purposes. When we use the Mailman web interface on the backend server, the message gets delivered normally and we see these log entries as expected.
1. smtp logfile updated with number of recipients and time for completion
2. post logfile updated with list name, message ID, and "success".
== Background ==
The problem started after migrating the Mailman environment to new servers. It didn't crop up on it's own, it's most likely a result of some configuration error that we haven't caught yet. We're using:
- Scientific Linux 6.3 on both servers
- Python 2.6.6 on both servers
- Mailman 2.1.12 installed from OS packages on both servers
- selinux in Permissive mode on backend server
- selinux in Enforcing mode on frontend (web) server, but no log entries with type=AVC are being recorded. Furthermore, using setenforce 0 doesn't fix the problem.
I'm not sure where to look next. Is it supported to run the Mailman frontend on a different server? What are the common points of failure when running a Mailman setup this way?
Office ADM 3-2078B
Information Technology Services
University of Northern British Columbia