[Mailman-Users] mailman and courier

Richard Barrett r.barrett at openinfo.co.uk
Fri Jul 2 01:01:50 CEST 2004

On 1 Jul 2004, at 22:08, fmouse-mailman at fmp.com wrote:

> I solved this by hacking src/common.c so as to only compare the procces
> group name with parentgroup if strcmp("mailman", mygroup->gr_name) 
> returns
> non-zero.  This solves the problem, but surely there must be a more 
> elegant
> solution.

I do not grok courier but why on earth is the delivery of a message to 
one list alias versus a message to another list alias done in some 
different way by the MTA such that the euid/egid under which Mailman's 
delivery script is executed is different? It seems to be this which is 
causing the problem rather than some deficiency in Mailman's security 
wrapper for its delivery script.

> Thus spake fmouse-mailman at fmp.com on Thu, Jul 01, 2004 at 03:17:23PM 
>> I'm using mailman as a list server with courier as my MTA.  The 
>> mailman user
>> is in /etc/passwd as belonging to primary group 'mailman'.  Mailman is
>> compiled with --with-mail-gid set to the group of the mail user.  
>> This is
>> set to 'courier' which works for most purposes, both posting and 
>> handling
>> bounces from list posts.
>> The one exception to this is the monthly password reminder postings 
>> which go
>> out with an address of "mailman-bounces+<VERP 
>> address>@bailey.fmp.com" as
>> the envelope sender, and if they bounce they come back to this 
>> address.
>> Courier delivers them to the mailman account where I have a 
>> .courier-default
>> file to pass them to a python script for processing.  Unlike list 
>> posts and
>> list post bounces, however, the delivering process runs as user 
>> mailman,
>> group mailman, and mailman rejects them because the group id of the
>> delivering process doesn't agree with the value of "courier" compiled 
>> into
>> the wrapper.
>> According to the mailman INSTALL document, one can configure mailman 
>> at
>> build time to accept any one

Yes one is selected at configuration time from the options your provide 
and then that one is baked into the security wrapper you have hacked. 
It is not a list of option for execution time of the wrapper.

>>  of a set of groups specified in the
>> --with-mail-gid, but putting these in a quoted, space-spearted list as
>> arguments to the configure script doesn't work, and reading the code, 
>> I
>> don't see where such a multiple-name lookup is supported since the 
>> wrapper
>> uses a single strcmp call for the comparison.  Does this feature 
>> work?  If
>> so, what's the exact syntax for the target for --with-mail-gid 
>> required to
>> make this happen?
> -- 
> Lindsay Haisley       | "Everything works    |     PGP public key
> FMP Computer Services |       if you let it" |      available at
> 512-259-1190          |    (The Roadie)      | 
> <http://www.fmp.com/pubkeys>
> http://www.fmp.com    |                      |

More information about the Mailman-Users mailing list