[Mailman-Users] mailman+drupal+apache+modsuexec+sendmail

Mark Sapiro msapiro at value.net
Tue Apr 3 22:47:11 CEST 2007


Michael Grant wrote:
>
>I have mailman more or less working with apache and suexec, though I
>suspect I may have problems here.  Suexec does not like group write or
>setgid on the cgi files nor the cgi-bin dir, so I turned that off.  I
>can get to the admin and create pages.


As you're finding out, Mailman and SuExec don't work too well together.
There is a FAQ at
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq06.017.htp>
which you may have seen.


>On permissions, I'm running the mailman web page as user=mailman and
>group=mailman using this suexec line in the virtual host:
>    SuexecUserGroup mailman mailman
>which should do away with needing to setgid the cgi files.


That';s effectively what you need to do. You can use a different
user:group, but whatever user:group you use needs read/write access to
Mailman, so mailman:mailman is the easiest.


>Mailman itself (the qrunner) is running as userid=mailman and
>groupid=mailman as well.  The doc says that this is not good because
>it gives access to my private archives (if I ever have any private
>archives).  I'm not sure quite what to do about this.


I think you misunderstand. Normally, mailmanctl must run as the
user:group configured for Mailman or as root in which case, it will
switch to Mailman's user:group anyway. Thus you are doing what needs
to be done.

The problem with access to private archives comes about if the web
server runs as Mailman's user:group, which is what you have to do with
SuExec because you can't SETGID. This in turn means that the web
server has permission to access private archives without going through
the private CGI. Thus, if it is possible to target Mailman's
archives/private directory directly via some URL, it is not possible
to block access.


>On the sendmail side, I have smrsh configured and when I send mail to
>my test mailman list, I see in the maillog the message going to
>mailman and I get a message back from mailman telling me I can't post
>to my list because I'm not on it.  So it is at least getting into the
>mailman program.


That seems correct.


>I created my initial 'mailman' list using bin/newlist mailman without errors.
>However and here is where my problems seem to start, when I go to
>listinfo web page, I don't see any lists at all.  I don't see how to
>add myself to that list.


Two things control whether or not a list appears on the overview pages.
The list's own 'advertised' attribute, and if VIRTUAL_HOST_OVERVIEW is
Yes (the default), whether the host name in the list's hidden
web_page_url attribute matches the accessing host. See
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.017.htp>
and
<http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.062.htp>.


>When I try to create a list from the web interface and I get the
>following error:
>Error: You are not authorized to create new mailing lists
>
>I've tried both the site password and the list creator's password, same.


There have been other reports of this and I've never seen a good answer.

The "You are not authorized to create new mailing lists" error occurs
only if the provided "List creator's (authentication) password:"
doesn't match either the site password or the list creator password.
Other validation tests on the list name, the owner and the list
password if any are applied before this, so presumably the form data
are getting to the create CGI, but the only explanation I can come up
with is that either the passwords aren't what you think they are (try
resetting them with bin/mmsitepass), the password isn't being
correctly transmitted by the web browse/web server, or the web server
isn't accessing the same mailman installation as the command line
utilities are accessing.
 

>There is nothing in logs/error.
>
>The first step seems to be to be able to add myself to the 'mailman'
>list on my server.  By the way, is this list necessary?  If I have
>multiple vhosts, what is this list for?  I don't really want mailman
>messages coming from mailman at myserver, I want it coming from
>mailman at vhost, for each vhost.


This list is the source of monthly password reminders and certain
bounce notifications that could otherwise cause bounce loops if a list
owner's address bounces. It is required in Mailman 2.1.x, but it is
going away in Mailman 2.2. Note that the password reminders are sent
separately per vhost and do come from mailman at vhost, but since there
is only one name space for list names (also going away in 2.2), all
the mailman at vhost lists are really the same list.

-- 
Mark Sapiro <msapiro at value.net>       The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



More information about the Mailman-Users mailing list