[Mailman-Users] "create a new list" web interface

Mark Sapiro mark at msapiro.net
Sat Nov 15 00:03:51 CET 2008


jewel.brueggeman-makda at washburn.edu wrote:

>My maillog shows:
>
>Nov 14 16:43:27 lists postfix/smtp[18085]: 60CE58C0013:
>to=<jewel.brueggeman-makda at washburn.edu>,
>relay=relay.washburnlaw.edu[198.252.9.211]:25, delay=0.18,
>delays=0.1/0.02/0.05/0.02, dsn=2.0.0, status=sent (250 Message accepted
>for delivery)
>Nov 14 16:43:27 lists postfix/qmgr[1858]: 60CE58C0013: removed


That is some message to you. What does the log show for a message to a
list?

>When I run genaliases I recieve the following error:
>
>postalias: fatal: open /usr/local/mailman/data/aliases.db: Permission denied
>Traceback (most recent call last):
>  File "./genaliases", line 116, in ?
>    main()
>  File "./genaliases", line 106, in main
>    MTA.create(mlist, nolock=True, quiet=quiet)
>  File "/usr/local/mailman/Mailman/MTA/Postfix.py", line 232, in create
>    _update_maps()
>  File "/usr/local/mailman/Mailman/MTA/Postfix.py", line 53, in _update_maps
>    raise RuntimeError, msg % (acmd, status, errstr)
>RuntimeError: command failed: /usr/sbin/postalias
>/usr/local/mailman/data/aliases (status: 1, Operation not permitted)
>
>When I disable my SELinux security I am able to run the genaliases
>command successfully but only as root. I only create a few lists a year
>so getting this feature is not a high priority but would be nice.  I
>also must admit I don't know what you mean by "Postfix virtual domain"


Then you probably don't need to worry about "Postfix virtual domain".

The permissions on Mailman's aliases should look like

-rw-rw---- 1 mark    mailman  7193 Sep  7 07:54 aliases
-rw-rw---- 1 mailman mailman 12288 Sep  7 07:54 aliases.db

The owner of 'aliases' (mark in this case, maybe root in yours) doesn't
matter, but both files need to be group mailman and aliases.db needs
to be owned by whatever user has a primary group equal to what the
mail wrapper expects.

I don't know SELinux so I can't help with how you might augment the
security policy to allow this to work.

(since I already wrote the above, here it is)

Jewel wrote:

>Ok, I stand corrected.  Mail is working fine!  
>
>My problem is issuing the genaliases command.  If it only works for root
>when SELinux is off it should work for the user mailman.  I have also
>added  the hash:/usr/local/mailman/data/aliases to my alias_maps in
>/etc/postfix/main.cf

If you want web create to work, the apache user running with effective
GID of Mailman's group has to be able to write these files.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan



More information about the Mailman-Users mailing list