Gentle friends,

I installed Mailman 2.0.6 on my FreeBSD 4.4-RELEASE server, which runs sendmail 8.11.6. I configured in accordance with the INSTALL instructions. I used the Apache group nobody (GID 65534) for the CGI wrapper. Initially, it seemed logical to use GID 6 for the mail wrapper, according to /etc/group:

mail:*:6:

Here are the results of the first configure:

/usr/local/src/mailman-2.0.6# ./configure --prefix=/usr/local/mailman \

--with-mail-gid=6
--with-cgi-gid=65534

loading cache ./config.cache checking for --with-python... no checking for python... (cached) /usr/local/bin/python checking Python interpreter... /usr/local/bin/python checking Python version... 1.5.2 checking for a BSD compatible install... (cached) /usr/bin/install -c checking whether make sets ${MAKE}... (cached) yes checking for true... (cached) /usr/bin/true checking for --without-gcc... no checking for gcc... (cached) gcc checking whether the C compiler (gcc ) works... yes checking whether the C compiler (gcc ) is a cross-compiler... no checking whether we are using GNU C... (cached) yes checking whether gcc accepts -g... (cached) yes checking whether #! works in shell scripts... (cached) yes checking for --with-var-prefix... no checking for --with-username... mailman checking for mailman UID... 1003 checking for --with-groupname... mailman checking for mailman GID... 1003 checking permissions on /usr/local/mailman... okay checking for mail wrapper GID... 6 checking for CGI wrapper GID... 65534 checking for CGI extensions... no checking for default fully qualified host name... straylight.primelogic.com checking for default URL host component... straylight.primelogic.com checking for strerror... (cached) yes checking for setregid... (cached) yes checking for syslog... (cached) yes checking how to run the C preprocessor... (cached) gcc -E checking for ANSI C header files... (cached) yes checking for syslog.h... (cached) yes checking for uid_t in sys/types.h... (cached) yes checking type of array argument to getgroups... (cached) gid_t checking for vsnprintf... (cached) yes updating cache ./config.cache creating ./config.status creating misc/paths.py creating Mailman/Defaults.py creating Mailman/mm_cfg.py.dist creating src/Makefile creating misc/Makefile creating bin/Makefile creating Mailman/Makefile creating Mailman/Cgi/Makefile creating Mailman/Logging/Makefile creating Mailman/Archiver/Makefile creating Mailman/pythonlib/Makefile creating Mailman/Handlers/Makefile creating Mailman/Bouncers/Makefile creating templates/Makefile creating cron/Makefile creating filters/Makefile creating scripts/Makefile creating cron/crontab.in creating Makefile You have new mail in /var/mail/michelle

So far, so good. Then I compiled:

make DIRSETGID=: install

Because, according to README.BSD:

BSD ISSUES

1. Vivek Khera writes that BSD does nightly security scans for setuid file changes. Setgid directories also come up on the scan when they change. He says that setgid bit is not necessary on BSD systems because group ownership is automatically inherited on files created in directories. On other Un*xes, this only happens when the directory has the setgid bit turned on.

   To install without turning on the setgid bit on directories, simply pass in the DIRSETGID variable to make, like so:

   % make DIRSETGID=: install

   This turns off the chmod g+s on each directory as they are installed.

Next, I checked directory permissions, and they were copacetic:

/usr/local/mailman# bin/check_perms No problems found

Then I set up a list, using bin/newlist.

The Web pages for the list worked fine, no problems. Next, I tried to send a message to Mailman, which quickly went down in flames. Turned out my assumption of mail (GID 6) for the mail wrapper was unwarranted:

Oct 31 22:46:38 straylight sendmail[63442]: fA16kcf63442: from=<michelle@eugene.net>, size=332, class=0, nrcpts=1, msgid=<a05001917b8069f6b5432@[192.168.1.1]>, proto=ESMTP, daemon=MTA, relay=c886028-a.eugene1.or.home.com [24.14.231.140] Oct 31 22:46:39 straylight Mailman mail-wrapper: Failure to exec script. WANTED gid 6, GOT gid 1. (Reconfigure to take 1?) Oct 31 22:46:39 straylight sendmail[63443]: fA16kcf63442: to="|/usr/local/mailman/mail/wrapper post songscape", ctladdr=<songscape@straylight.primelogic.com> (1/0), delay=00:00:01, xdelay=00:00:00, mailer=prog, pri=30032, dsn=5.3.0, stat=unknown mailer error 2 Oct 31 22:46:39 straylight sendmail[63443]: fA16kcf63442: fA16kdf63443: DSN: unknown mailer error 2 Oct 31 22:46:44 straylight sendmail[63443]: fA16kdf63443: to=<michelle@eugene.net>, delay=00:00:05, xdelay=00:00:05, mailer=esmtp, pri=30132, relay=mail.eugene.net. [207.189.137.3], dsn=2.0.0, stat=Sent (fA16pCf10466 Message accepted for delivery)

DOH! Okay, sez I. Undaunted, I reconfigured using "--with-mail-gid=1," which /etc/group shows as:

daemon:*:1:daemon

A second test message was sent. Reconfiguring with daemon (GID 1) took care of the error message, but now Mailman won't respond to e-mail. A message sent to the list (or to [list-request] seems to be handed off to mail/wrapper correctly:

Oct 31 22:24:17 straylight sendmail[60410]: fA16OFf60410: from=<michelle@eugene.net>, size=332, class=0, nrcpts=1, msgid=<a05001916b80699e20711@[192.168.1.1]>, proto=ESMTP, daemon=MTA, relay=c886028-a.eugene1.or.home.com [24.14.231.140] Oct 31 22:24:18 straylight sendmail[60411]: fA16OFf60410: to="|/usr/local/mailman/mail/wrapper post songscape", ctladdr=<songscape@straylight.primelogic.com> (1/0), delay=00:00:02, xdelay=00:00:01, mailer=prog, pri=30032, dsn=2.0.0, stat=Sent

It's acting as if /usr/local/mailman/mail/wrapper isn't executing, because no mail is sent out after this point.

/usr/local/mailman# ls -al mail total 20 drwxrwsr-x 2 mailman mailman 512 Oct 31 23:02 . drwxrwsr-x 18 mailman mailman 512 Oct 31 14:55 .. -rwxr-sr-x 1 root mailman 17969 Oct 31 23:02 wrapper

I'm coming up empty, here. If you have any ideas as to what the problem could be, please cc me as I am not a mailman-users subscriber. I hope someone can point me in the right direction, because at this point I'm muttering to myself. That's a bad sign.

.\\ichelle

Michelle Brownsworth System Administrator PrimeLogic Corporation http://www.primelogic.com