FAQ
So right now I'm faced with the following error:

----- Transcript of session follows -----
/usr/bin/python: can't open file '/home/mailman/lists/scripts/post'
554 5.3.0 unknown mailer error 2

However, here's my problem: that file does exist, in that path, so
why would python complain that it can't open it?

--
H | I haven't lost my mind; it's backed up on tape somewhere.
+--------------------------------------------------------------------
Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
IT Director / SysAdmin / WebSmith . 800.441.3873 x130
Photo Craft Imaging . 3550 Arapahoe Ave. #6
http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

Search Discussions

  • Ashley M. Kirchner at Mar 24, 2005 at 2:50 am

    Ashley M. Kirchner wrote:
    So right now I'm faced with the following error:

    ----- Transcript of session follows -----
    /usr/bin/python: can't open file '/home/mailman/lists/scripts/post'
    554 5.3.0 unknown mailer error 2

    However, here's my problem: that file does exist, in that path, so
    why would python complain that it can't open it?
    I forgot to add: the permissions are correct, but for the mail-gid
    as well as cgi-gid. That I checked over and over, and they're correct.
    So what else could be causing the problem?

    --
    H | I haven't lost my mind; it's backed up on tape somewhere.
    +--------------------------------------------------------------------
    Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
    IT Director / SysAdmin / WebSmith . 800.441.3873 x130
    Photo Craft Imaging . 3550 Arapahoe Ave. #6
    http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
  • Mark Sapiro at Mar 24, 2005 at 4:54 am

    Ashley M. Kirchner wrote:
    Ashley M. Kirchner wrote:
    So right now I'm faced with the following error:

    ----- Transcript of session follows -----
    /usr/bin/python: can't open file '/home/mailman/lists/scripts/post'
    554 5.3.0 unknown mailer error 2

    However, here's my problem: that file does exist, in that path, so
    why would python complain that it can't open it?
    I forgot to add: the permissions are correct, but for the mail-gid
    as well as cgi-gid. That I checked over and over, and they're correct.
    So what else could be causing the problem?

    It's hard to know what the problem might be because you seem to be
    presenting a moving target and not telling us much about what you're
    doing. Your initial post was about suEXEC and removing the setgid bit
    from the various wrappers in the cgi-bin/ directory.

    Now this, which has to do with posting and is strange in a couple of
    respects. First of all, the scripts/post script is not normally found
    in the lists/ directory. Assuming that the installation directory
    (sometimes called $prefix) is /home/mailman/, the path to the post
    script would normally be /home/mailman/scripts/post. If this file is
    really /home/mailman/lists/scripts/post, it would indicate that
    configure was run with an unusual --prefix= option.

    Also, the python command to run the post script was invoked by the
    (maybe?) /home/mailman/mail/mailman wrapper which was in turn invoked
    by the incoming MTA. The wrapper should be setgid so it can set the
    executing group to 'mailman' (or whatever your mailman group is). This
    should not be affected by suEXEC one way or the other because the web
    server isn't involved.

    So, are you trying to remove setgid from everything and somehow give
    permissions to the mail-gid and the cgi-gid? I don't really know about
    running Mailman under suEXEC, but I would suggest that the only thing
    that would change from a standard install would be something like the
    following (assuming your mailman group is 'mailman'):

    -Files should be group writable and group 'mailman'
    -Only the wrappers in cgi-bin/ should be not setgid and this only
    because suEXEC requires it.
    -Web server executes cgi-bin/ wrappers as user/group 'mailman' via
    suEXEC (which I think would require configure be run
    --with-cgi-gid='mailman')

    Note that the above contradicts the following from the INSTALL document:

    - You want to be very sure that the user id under which your CGI
    scripts run is *not* in the `mailman' group you created above,
    otherwise private archives will be accessible to anyone.

    I think what this really means is it isn't possible to set Mailman up
    properly to run with suEXEC.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Ashley M. Kirchner at Mar 24, 2005 at 5:12 am

    Mark Sapiro wrote:
    It's hard to know what the problem might be because you seem to be
    presenting a moving target and not telling us much about what you're
    doing. Your initial post was about suEXEC and removing the setgid bit
    from the various wrappers in the cgi-bin/ directory.
    Yes it was, and after removing the set-gid bits from everything
    within the /cgi-bin/, I kept on trucking because it seemed to run just
    fine. I say "seemed" because I haven't done a whole lot of testing just
    yet. When I was ready to do that, I ran into the unknown mailer
    problem... Which by the way has now been solved as well. Keep reading
    please...
    First of all, the scripts/post script is not normally found
    in the lists/ directory.
    This is correct, however I run mailman across several domains, on
    the same server, and its built-in virtual domain capabilities simply
    don't allow me to do what I want to do (or what my clients want.) So, I
    install mailman under one user, but in separate folders (for separate
    domains) /lists/ being one of them (this by the way was brought up
    several times in the past.) So yes, your assumption is correct, I do
    configure mailman with --prefix=/home/mailman/<domain>/
    So, are you trying to remove setgid from everything and somehow give
    permissions to the mail-gid and the cgi-gid? I don't really know about
    running Mailman under suEXEC.....
    Neither do I, however with our recent web server upgrades and
    batting down the hatches, I'm forces to find a way to install Mailman
    under suexec. So this was my project of the day.
    I think what this really means is it isn't possible to set Mailman up
    properly to run with suEXEC.
    Maybe so, however I'm still testing it out. Yes, I have removed the
    set-gid bit from anything within the /cgi-bin/ folder since that's what
    suexec requires. As for the other error (unknown mailer error), python
    won't read/execute programs in a folder that's g-x which /home/mailman/
    was. Once that restriction was removed, it happily worked.

    Now I need to continue testing, sending myself mail, subscribing,
    etc., etc. So far, it's working.

    --
    H | I haven't lost my mind; it's backed up on tape somewhere.
    +--------------------------------------------------------------------
    Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
    IT Director / SysAdmin / WebSmith . 800.441.3873 x130
    Photo Craft Imaging . 3550 Arapahoe Ave. #6
    http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
  • Mark Sapiro at Mar 24, 2005 at 5:35 am

    Ashley M. Kirchner wrote:
    Mark Sapiro wrote:
    I think what this really means is it isn't possible to set Mailman up
    properly to run with suEXEC.
    Maybe so, however I'm still testing it out. Yes, I have removed the
    set-gid bit from anything within the /cgi-bin/ folder since that's what
    suexec requires. As for the other error (unknown mailer error), python
    won't read/execute programs in a folder that's g-x which /home/mailman/
    was. Once that restriction was removed, it happily worked.

    Now I need to continue testing, sending myself mail, subscribing,
    etc., etc. So far, it's working.
    I'm not saying it won't work. I think it probably will. The one issue I
    think you may have is if you have private archives, they may turn out
    to be accessible to anyone because your web server now runs as group
    mailman which is documented as wrong for this reason.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Ashley M. Kirchner at Mar 24, 2005 at 6:24 am

    Mark Sapiro wrote:
    I'm not saying it won't work. I think it probably will. The one issue I
    think you may have is if you have private archives, they may turn out
    to be accessible to anyone because your web server now runs as group
    mailman which is documented as wrong for this reason.
    Hrm, yes, that would be a problem (I just tested it and it's indeed
    visible to everyone, despite the URL difference.) I'd hate to have to
    come up with a login procedure outside of mailman simply because it
    won't play well with suexec. Yes I realize it's mentioned very
    specifically that mailman needs for the exec not to be run as the
    mailman user, however that will go against suexec's security feature.
    So I guess my question now is, what can be done to make this work? Or
    maybe a better question would be, when will mailman reach a point where
    it will and can run within a suexec environment? I like my security and
    I like using mailman.

    --
    H | I haven't lost my mind; it's backed up on tape somewhere.
    +--------------------------------------------------------------------
    Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
    IT Director / SysAdmin / WebSmith . 800.441.3873 x130
    Photo Craft Imaging . 3550 Arapahoe Ave. #6
    http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.
  • Rabbie Zalaf at Mar 24, 2005 at 8:21 am
    Hi All,

    I send an email to mailman but nothing comes back out...

    All I see is this:

    Mar 24 19:09:28 mail sm-mta[29701]: j2O89MY5029700:
    to="|/usr/local/mailman/mail/mailman post jokes",
    ctladdr=(8/0), delay�:00:03, xdelay�:00:02,
    mailer=prog, priC924, dsn=2.0.0, stat=Sent

    And that's it.. I have put mailman in /etc/mail/smrsh and I have the jokes
    aliases in my aliases file...

    Any help would be appreciated.

    Thanks.

    Rabbie.
  • Ashley M. Kirchner at Mar 24, 2005 at 8:20 pm

    Ashley M. Kirchner wrote:

    Hrm, yes, that would be a problem (I just tested it and it's indeed
    visible to everyone, despite the URL difference.)
    Errr, I was wrong. It helps if I wasn't the one logged in, making
    administrative changes, and also checking on the archives at the same
    time. Once I used a different browser, it worked just fine (non-members
    and not-logged-in members can't get to the private archives.) So, that
    means that so far, mailman is working quite nicely within a suexec
    environment, with the set-gid bit removed from all the scripts that
    reside in /cgi-bin/. Disclaimer: I'm still not 100% sure whether
    removing the set-gid bits will have any adverse complications later.
    I'm still in the early stages of testing. So please don't quote me on
    it working fine under this environment.

    --
    W | I haven't lost my mind; it's backed up on tape somewhere.
    +--------------------------------------------------------------------
    Ashley M. Kirchner <mailto:ashley at pcraft.com> . 303.442.6410 x130
    IT Director / SysAdmin / Websmith . 800.441.3873 x130
    Photo Craft Laboratories, Inc. . 3550 Arapahoe Ave. #6
    http://www.pcraft.com ..... . . . Boulder, CO 80303, U.S.A.

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedMar 24, '05 at 2:42a
activeMar 24, '05 at 8:20p
posts8
users3
websitelist.org

People

Translate

site design / logo © 2022 Grokbase