Postfix and the Mailman GID
There is one slightly tricky aspect to get Postfix and Mailman
working together correctly. Mailman expects to be invoked by a
process running with a particular group id (GID). The GID it
expects is specified at the time the Mailman package is built. If
you are building the package yourself, make sure that you first
create an account and a group called mailman
.
You should be able to use the normal administrative tools on your
system to create both the account and the group. When you are
finished, you should have an entry in
/etc/passwd
that resembles the following:
mailman:*:26413:60003:Mailman List Manager:/home/mailman:/bin/sh
And an entry in /etc/group
like the following:
mailman:*:60003:
Make sure that the account mailman
has the group
mailman
as its primary group. In the examples above
60003
specifies the mailman
group and the
mailman
account has that as its primary group.
When you run configure
for Mailman, be sure that
you include the option
--with-mail-gid=xxx
where ‘xxx’ is the actual GID for the
mailman
group that you created. According to the
examples above, you should execute configure
using
60003 for the GID option.
$ ./configure --with-mail-gid=60003
You may have additional options for configure
according to your environment. Be sure to read the Mailman
documentation for building the package. If you have already built
your Mailman package and you did not specify the group, build it
again. If you didn't build your Mailman package, see the sidebar in
this chapter.
WANTED gid 12 GOT gid 99?
If you didn't build the Mailman package yourself (and don't have the option of rebuilding it), there is no good way to find out which GID it is expecting other than looking at what is reported in an error message. If you have a mismatch between the group of the Postfix process and the group that Mailman expects, you will receive a bounce error message after you send an email message to a Mailman list. Mailman also logs the error, which will look something like the following:
Failure to exec script. WANTED gid 12 GOT gid 99 (Reconfigure to take 99?)
In order to get Postfix to deliver the message to Mailman using the
correct GID, you have to set the permissions correctly on the Mailman
alias file. When Postfix makes a normal local delivery, it assumes the
identity of the recipient of the message. In the case of an alias,
Postfix assume the identity of the owner of the alias file. (Unless the
owner is root
, in which case Postfix uses the identity
specified in its default_privs
parameter.) Make sure that
the alias file is owned by the mailman
user and that the
mailman
user has the mailman
GID as its
primary group. Postfix will then use the mailman
group
when it delivers a message to the Mailman system.
If you did not build your own Mailman package and therefore cannot
control the GID that it expects, you will have to accommodate Mailman
by getting Postfix to use the GID Mailman expects. Generate an error
message like the one above by first creating a list (see the steps in
this chapter) and then sending a message to it. You should receive a
bounce error email message (or you can check for the error in the
Mailman log). Note the GID Mailman reports that it wants
(WANTED gid 12
). Change the primary group
of the mailman
account to that group. Make sure
that the Mailman alias file is owned by the mailman
account.