FAQ
I know this comes up all the time, but having carefully reviewed the FAQ
and archives, I still haven't been able to solve my problem.



I'm working on migrating my mailman setup from an old SuSE server to a
new Debian (4.0) server. For the most part everything has gone
smoothly, but the existing lists have a couple of problems I can't find
the cause. I moved the lists, archive, and data directories from the
old server, and ran update, check_perms and check_db on all the lists.



If I run list_lists, mailman sees all the lists just fine, but when just
the web interface I don't see anything. I naturally assumed that had
somehow become private during the move, so I exported the configuration
of one of them, and saw "advertised = True" and while I know in python
it shouldn't matter, I went ahead and updated it to be "advertised = 1",
no difference. If I browse to the list's admin interface directly it
seems to work.



I'm also having trouble getting into the archives. The files are there,
and the sym-links are correct but the permissions seem to be wrong. I'm
assuming I'm having a problem similar to the advertising (that mm seems
to be over-tightening permissions somewhat), but I can't find the root
cause. Any suggestions on where to look?



Aaron

Search Discussions

  • Mark Sapiro at Apr 27, 2007 at 2:31 am
    ----- Original Message ---------------

    Subject: [Mailman-Users] Server migration problems
    From: "Aaron Crosman" <ACrosman at afsc.org>
    Date: Thu, 26 Apr 2007 14:22:19 -0400
    To: <mailman-users at python.org>
    I know this comes up all the time, but having carefully reviewed the FAQ
    and archives, I still haven't been able to solve my problem.



    I'm working on migrating my mailman setup from an old SuSE server to a
    new Debian (4.0) server. For the most part everything has gone
    smoothly, but the existing lists have a couple of problems I can't find
    the cause. I moved the lists, archive, and data directories from the
    old server, and ran update, check_perms and check_db on all the lists.



    If I run list_lists, mailman sees all the lists just fine, but when just
    the web interface I don't see anything. I naturally assumed that had
    somehow become private during the move, so I exported the configuration
    of one of them, and saw "advertised = True" and while I know in python
    it shouldn't matter, I went ahead and updated it to be "advertised = 1",
    no difference. If I browse to the list's admin interface directly it
    seems to work.

    This certainly seems like FAQ 4.62 to me
    <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.062.htp>.
    Have you run fix_url?

    I'm also having trouble getting into the archives. The files are there,
    and the sym-links are correct but the permissions seem to be wrong.

    And what are they? And what's in the web server's error log?

    I'm
    assuming I'm having a problem similar to the advertising (that mm seems
    to be over-tightening permissions somewhat), but I can't find the root
    cause. Any suggestions on where to look?

    Look at the permissions and whether the web server is allowed to follow
    symlinks, and if all that is OK, it might be a SeLinux or other kind
    of security polict issue.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Mark Sapiro at Apr 27, 2007 at 4:21 pm

    Aaron Crosman wrote:
    The archives problem persists. You gave me the right place to look here
    as well. The archives are all owned by list (group list), but the
    private archives have restricted access that blocks other users from
    getting in:
    ls of /var/lib/mailman/archives:
    drwxrws--- 200 list list 8.0K 2007-04-25 14:26 private
    drwxrwsr-x 2 list list 4.0K 2007-04-25 14:23 public

    I think this is OS dependent, but in most cases, permissions on
    archives/private need to be 'drwxrws--x'. It is the o+x that is
    critical for public archive access.

    archives/public/listname is a symlink to archives/private/listname, and
    archives/private/listname is world readable, but it still can't be
    accessed by others, at least in most *nix flavors, unless
    archives/private/ is world searchable.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Aaron Crosman at Apr 27, 2007 at 4:24 pm

    -----Original Message-----
    From: Mark Sapiro [mailto:msapiro at value.net]
    Sent: Thursday, April 26, 2007 10:31 PM
    To: Aaron Crosman; mailman-users at python.org
    Subject: Re: [Mailman-Users] Server migration problems



    ----- Original Message ---------------

    Subject: [Mailman-Users] Server migration problems
    From: "Aaron Crosman" <ACrosman at afsc.org>
    Date: Thu, 26 Apr 2007 14:22:19 -0400
    To: <mailman-users at python.org>
    I know this comes up all the time, but having carefully reviewed the FAQ
    and archives, I still haven't been able to solve my problem.



    I'm working on migrating my mailman setup from an old SuSE server to
    a
    new Debian (4.0) server. For the most part everything has gone
    smoothly, but the existing lists have a couple of problems I can't find
    the cause. I moved the lists, archive, and data directories from
    the
    old server, and ran update, check_perms and check_db on all the
    lists.


    If I run list_lists, mailman sees all the lists just fine, but when just
    the web interface I don't see anything. I naturally assumed that had
    somehow become private during the move, so I exported the
    configuration
    of one of them, and saw "advertised = True" and while I know in
    python
    it shouldn't matter, I went ahead and updated it to be "advertised = 1",
    no difference. If I browse to the list's admin interface directly it
    seems to work.

    This certainly seems like FAQ 4.62 to me
    <http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.062.htp>.
    Have you run fix_url?

    I'm also having trouble getting into the archives. The files are there,
    and the sym-links are correct but the permissions seem to be wrong.

    And what are they? And what's in the web server's error log?

    I'm
    assuming I'm having a problem similar to the advertising (that mm seems
    to be over-tightening permissions somewhat), but I can't find the
    root
    cause. Any suggestions on where to look?

    Look at the permissions and whether the web server is allowed to follow
    symlinks, and if all that is OK, it might be a SeLinux or other kind
    of security polict issue.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
    Thanks, you were right on about the domain problem. I looked right
    passed it, since the server will end up at the same domain, but
    currently I'm accessing by IP address (I hosts file update on my local
    machine solved that problem).

    The archives problem persists. You gave me the right place to look here
    as well. The archives are all owned by list (group list), but the
    private archives have restricted access that blocks other users from
    getting in:
    ls of /var/lib/mailman/archives:
    drwxrws--- 200 list list 8.0K 2007-04-25 14:26 private
    drwxrwsr-x 2 list list 4.0K 2007-04-25 14:23 public

    A sample from the private directory is:
    drwxrwsr-x 4 list list 4.0K 2007-04-25 14:18 itd_test

    Apache's error log:
    [Fri Apr 27 11:42:14 2007] [error] [client 172.17.201.205] Symbolic link
    not allowed or link target not accessible:
    /var/lib/mailman/archives/public/itd_test, referer:
    http://server.org/mailman/listinfo/itd_test

    I can't browse the file system (in bash) to those directories. I did
    double check the links in public as root, and they do work just fine, so
    I'm at a permissions problem. What should the perms here be? Or am I
    missing something else?

    Aaron
  • Ivan Van Laningham at Apr 27, 2007 at 5:58 pm
    Hi All--
    On 4/27/07, Aaron Crosman wrote:

    Apache's error log:
    [Fri Apr 27 11:42:14 2007] [error] [client 172.17.201.205] Symbolic link
    not allowed or link target not accessible:
    /var/lib/mailman/archives/public/itd_test, referer:
    http://server.org/mailman/listinfo/itd_test

    I can't browse the file system (in bash) to those directories. I did
    double check the links in public as root, and they do work just fine, so
    I'm at a permissions problem. What should the perms here be? Or am I
    missing something else?
    Unless I'm missing something, this is an Apache configuration problem.
    It both has to know about the mailman directories and be allowed to
    follow symbolic links. Permissions have to be correct yes, but if
    Apache can't follow links then the permissions are moot. Include this
    directive in your httpd.conf file:

    Options FollowSymLinks

    You must provide it for any directory you need to put symlinks in. For example:

    Alias /icons/ "/usr/share/apache2/icons/"
    <Directory "/usr/share/apache2/icons">
    Options FollowSymLinks
    blah blah blah ...
    </Directory>

    Of course, the directories listed in httpd.conf are dependent on your
    *nix, as is the location (and name) of the httpd.conf file.

    Metta,
    Ivan
    --
    Ivan Van Laningham
    God N Locomotive Works
    http://www.pauahtun.org/
    http://www.python.org/workshops/1998-11/proceedings/papers/laningham/laningham.html
    Army Signal Corps: Cu Chi, Class of '70
    Author: Teach Yourself Python in 24 Hours
  • McNutt Jr, William R at May 1, 2007 at 2:54 pm
    I've started to get an error message back from the monthly reminders.
    The gateway is reporting that:

    "Your message could not be delivered to:

    dawn norris,University of Maine (The name was not found at the remote
    site. Check that the name has been entered correctly.)"

    Fair enough. It's not an e-mail address, there's no reason why the
    server SHOULD be able to deliver it. But I can't find the bad entry.
    Find_member for 'dawn,' 'dawn Norris,' and 'University of Maine' are all
    coming back with nothing found. How do I locate this incorrect entry?

    Bill
  • Mark Sapiro at May 2, 2007 at 1:45 am

    McNutt Jr, William R wrote:
    I've started to get an error message back from the monthly reminders.
    The gateway is reporting that:

    "Your message could not be delivered to:

    dawn norris,University of Maine (The name was not found at the remote
    site. Check that the name has been entered correctly.)"

    Fair enough. It's not an e-mail address, there's no reason why the
    server SHOULD be able to deliver it. But I can't find the bad entry.
    Find_member for 'dawn,' 'dawn Norris,' and 'University of Maine' are all
    coming back with nothing found. How do I locate this incorrect entry?

    Presumably the address on the list is OK, but a .forward or other
    aliasing mechanism downstream of Mailman is converting it.

    Also, it seems you are not getting the message body returned since it
    contains the address to which the reminder was sent.

    If you are getting Received: headers back, you might be able to narrow
    it down from the domain of the first server it is sent to.

    If you set

    VERP_PASSWORD_REMINDERS = Yes

    in mm_cfg.py, the reminders will be sent with envelope from
    mailman-bounces+user=example.net at example.com where user=example.net
    comes from the recipients user at example.net member address and
    example.com is your domain. The 'bounce' should come back to the
    envelope address and enable you to see the user's address.

    --
    Mark Sapiro <msapiro at value.net> The highway is for gamblers,
    San Francisco Bay Area, California better use your sense - B. Dylan
  • Brad Knowles at May 2, 2007 at 4:09 am

    On 5/1/07, McNutt Jr, William R wrote:

    Fair enough. It's not an e-mail address, there's no reason why the
    server SHOULD be able to deliver it. But I can't find the bad entry.
    Find_member for 'dawn,' 'dawn Norris,' and 'University of Maine' are all
    coming back with nothing found. How do I locate this incorrect entry?
    Good question. If find_member isn't finding it, that tells me that
    there's some other illegal characters in the address that aren't
    visible, or that maybe the address is something totally different
    inside your system and that the broken aliasing is happening
    somewhere else.

    Other than doing a "dumpdb" of all the lists and doing some visual
    searching, I'm not sure that I've got an easy answer for you.

    --
    Brad Knowles <brad at shub-internet.org>, Consultant & Author
    LinkedIn Profile: <http://tinyurl.com/y8kpxu>
    Slides from Invited Talks: <http://tinyurl.com/tj6q4>

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedApr 26, '07 at 6:22p
activeMay 2, '07 at 4:09a
posts8
users5
websitelist.org

People

Translate

site design / logo © 2021 Grokbase