Greg White wrote:
Mark wrote:
The above looks good. what is the exact group mismatch error message you get in the DSN and/or maillog when you mail to test@list.xyz.com?
To send the test message I sshd into my box as user, su - to root, and did: # /usr/lib/mailman/mail/mailman post test Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "root". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=root'.
As I said in an earlier post, this means nothing. It only says that root can't run the wrapper, but says nothing about Postfix running the wrapper.
I then use mutt (still as root) to send an email and this is what I see in /var/log/maillog Aug 1 13:21:44 list postfix/postfix-script: starting the Postfix mail system Aug 1 13:21:44 list postfix/master[2494]: daemon started -- version 2.3.3, configuration /etc/postfix Aug 1 13:22:23 list Mailman mail-wrapper: Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "root". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=root'.
OK. This one is meaningful. It says Postfix is trying to run the wrapper as root (or does it?), and that is a problem. See below for more.
Finally I exit root and go back to being a user and I do: /usr/lib/mailman/mail/mailman post test Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "user". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=user'.
Again, this one is not relevant. If you do
sudo -u mailman /usr/lib/mailman/mail/mailman post test
it should work. That is also what Postfix should be doing.
Earlier you said -
# ls -lhZ /etc/mailman/aliases* -rw-rw---- root mailman user_u:object_r:mailman_data_t /etc/mailman/aliases -rw-rw-r-- mailman mailman user_u:object_r:mailman_data_t /etc/mailman/aliases.db
I.e. the aliases.db is owned by 'mailman'. Also, Postfix's 'man 8 local' says in part
DELIVERY RIGHTS Deliveries to external files and external commands are made with the rights of the receiving user on whose behalf the delivery is made. In the absence of a user context, the local(8) daemon uses the owner rights of the :include: file or alias database. When those files are owned by the superuser, delivery is made with the rights specified with the default_privs configuration parameter.
This says that Postfix executes the wrapper as the user who owns the alias database in which the pipe to the wrapper is found which is mailman, not root.
Do you have Mailman aliases in /etc/aliases too? Even that shouldn't cause this problem as (you said) /etc/aliases.db is owned by root and that should cause Postfix to execute any pipes found there as the default-privs user which is normally 'nobody'.
This appears to be a Postfix issue of some kind, or perhaps not.
How is mutt delivering mail? In your log excerpt I only see
Aug 1 13:21:44 list postfix/postfix-script: starting the Postfix mail system Aug 1 13:21:44 list postfix/master[2494]: daemon started -- version 2.3.3, configuration /etc/postfix Aug 1 13:22:23 list Mailman mail-wrapper: Group mismatch error. Mailman expected the mail wrapper script to be executed as one of the following groups: [mail, postfix, mailman, nobody, daemon], but the system's mail server executed the mail script as group: "root". Try tweaking the mail server to run the script as one of these groups: [mail, postfix, mailman, nobody, daemon], or re-run configure providing the command line option: '--with-mail-gid=root'.
I see nothing preceding this that indicates Postfix received the mail and tried to pipe it to the wrapper. I only see over two minutes later
Aug 1 13:25:01 list postfix/pickup[2498]: C122C8604E0: uid=41 from= Aug 1 13:25:01 list postfix/cleanup[2767]: C122C8604E0: message-id= Aug 1 13:25:01 list postfix/qmgr[2499]: C122C8604E0: from=, size=625, nrcpt=1 (queue active) Aug 1 13:25:02 list postfix/local[2769]: C122C8604E0: to=, orig_to=, relay=local, delay=0.51, delays=0.25/0.05/0/0.21, dsn=2.0.0, status=sent >(delivered to command: /usr/lib/mailman/mail/mailman post mailman) Aug 1 13:25:02 list postfix/qmgr[2499]: C122C8604E0: removed
Which looks like a successful delivery to me. Is Mailman running? Is this message in qfiles/in? What happened to it?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan