The following article is exerpted from Postfix: The Definitive Guide. This is a very short section, but it addresses an issue that regularly trips people up.

There is one slightly tricky aspect to get Postfix and Mailman working together correctly. Mailman expects to be invoked by a process running with a particular group id (GID). The GID it expects is specified at the time the Mailman package is built. If you are building the package yourself, make sure that you first create an account and a group called mailman. You should be able to use the normal administrative tools on your system to create both the account and the group. When you are finished, you should have an entry in /etc/passwd that resembles the following:

mailman:*:26413:60003:Mailman List Manager:/home/mailman:/bin/sh

And an entry in /etc/group like the following:

mailman:*:60003:

Make sure that the account mailman has the group mailman as its primary group. In the examples above 60003 specifies the mailman group and the mailman account has that as its primary group.

When you run configure for Mailman, be sure that you include the option --with-mail-gid=xxx where ‘xxx’ is the actual GID for the mailman group that you created. According to the examples above, you should execute configure using 60003 for the GID option.

$ ./configure --with-mail-gid=60003

You may have additional options for configure according to your environment. Be sure to read the Mailman documentation for building the package. If you have already built your Mailman package and you did not specify the group, build it again. If you didn't build your Mailman package, see the sidebar in this chapter.

WANTED gid 12 GOT gid 99?

If you didn't build the Mailman package yourself (and don't have the option of rebuilding it), there is no good way to find out which GID it is expecting other than looking at what is reported in an error message. If you have a mismatch between the group of the Postfix process and the group that Mailman expects, you will receive a bounce error message after you send an email message to a Mailman list. Mailman also logs the error, which will look something like the following:

Failure to exec script. WANTED gid 12 GOT gid 99 (Reconfigure to take 99?)

In order to get Postfix to deliver the message to Mailman using the correct GID, you have to set the permissions correctly on the Mailman alias file. When Postfix makes a normal local delivery, it assumes the identity of the recipient of the message. In the case of an alias, Postfix assume the identity of the owner of the alias file. (Unless the owner is root, in which case Postfix uses the identity specified in its default_privs parameter.) Make sure that the alias file is owned by the mailman user and that the mailman user has the mailman GID as its primary group. Postfix will then use the mailman group when it delivers a message to the Mailman system.

If you did not build your own Mailman package and therefore cannot control the GID that it expects, you will have to accommodate Mailman by getting Postfix to use the GID Mailman expects. Generate an error message like the one above by first creating a list (see the steps in this chapter) and then sending a message to it. You should receive a bounce error email message (or you can check for the error in the Mailman log). Note the GID Mailman reports that it wants (WANTED gid 12). Change the primary group of the mailman account to that group. Make sure that the Mailman alias file is owned by the mailman account.