Ben Kamen wrote:
> Sendmail works.
>
> Mailman works.
>
> Mailman's wrapper under sendmail doesn't work.
Do you have SELinux in enforcing mode?
> What I get is:
>> ----- The following addresses had permanent fatal errors -----
>> "|/usr/lib/mailman/mail/mailman post mailman"
>> (reason: 2)
>> (expanded from: <mailman@xxxxxxxxxxxxxxxxxxx>)
>>
>> ----- Transcript of session follows -----
>> Group mismatch error. Mailman expected the mail wrapper script to be
>> executed as one of the following groups:
>> [mail, postfix, mailman, nobody, daemon],
>> but the system's mail server executed the mail script as group: "mailnull".
>> Try tweaking the mail server to run the script as one of these groups:
>> [mail, postfix, mailman, nobody, daemon],
>> or re-run configure providing the command line option:
>> '--with-mail-gid=mailnull'.
>> 554 5.3.0 unknown mailer error 2
Hmmm, on an F8 box with a fresh install of mailman and everything else
up to date (including the updates-testing repository), I don't see
this particular error. I do get a failed delivery with SELinux in
enforcing mode though. The bounce in my case is:
----- The following addresses had permanent fatal errors -----
"|/usr/lib/mailman/mail/mailman post test-list"
(reason: 1)
(expanded from: <test-list@xxxxxxxxxxxxxxxxxxxxx>)
----- Transcript of session follows -----
post script, list not found: test-list
554 5.3.0 unknown mailer error 1
Setting SELinux to permissive lets the mail go through. So there
appear to be some policy tweaks needed.
> Now, I would normally know how to fix the problem - but I thought to
> myself..
>
> Do the developers know that out of the "yum" box - Sendmail and
> Mailman as RPM'd don't work with each other or am I missing a README
> somewhere.
It's likely that testing with SELinux in enforcing mode hasn't been
tested well. Since mailman can be used with a variety of MTA's and
involves a bit of work after installing the rpm to finish the setup, I
can undertstand this. I hadn't tested mailman with sendmail in many
years until today. I typically use Postfix since it integrates with
mailman much nicer IMO.
> I'm more than happy to recompile both programs, but that's bypassing
> the point of using RPM's in the first place. It would be nice to see
> the RPM work, not have to go recompile anyway.
>
> So, I'm sure this is a common question, but this is the first
> problem I've had making sense of a Fedora distribution and the
> included docs in the mailman docs directory don't talk about how the
> "run as GID" settings for mailman were set on compile.
>
> Little help? (and thanks!)
See if running "setenforce 0" as root changes the behavior. If it
does, then we should gather up the AVC messages from SELinux and
report them to bugzilla so Dan Walsh can push out a corrected SELinux
policy that allows mailman to operate with sendmail.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
People who make history know nothing about history. You can see that
in the sort of history they make.
-- G. K. Chesterton
Attachment:
pgpJmCfvUvAZm.pgp
Description: PGP signature
