Re: [Mailman-Users] Mailman list mail for server loops back to myself

Wed, 15 Jul 2015 16:49:55 -0700 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Dear Mr. Sapiro,

I will attempt to answer best I can inline.

On 07/11/2015 11:12 AM, Mark Sapiro wrote:
> On 7/10/15 9:12 AM, Robert Susmilch wrote:
>> 
>> I have updated the binary file locations of postmap and
>> postalias, however genalias does not create virtual-mailman.db,
>> though it does populate the virtual-mailman table. Postfix
>> complains it does not find the users until I manually run postmap
>> on that file to create the database.
> 
> 
> Because you apparently have at least partially followed 
> <http://wiki.list.org/x/10715238> which alters POSTFIX_MAP_CMD to
> point to a script which doesn't do postmap on virtual-mailman.
> 
> 
>> Additionally I cannot get the web admin pages to work, as I get a
>> 500 error. However I've read many comments that I need to disable
>> suexec and other options. I am running Wordpress as well as many
>> other odds and ends and would prefer to not screw those up. My
>> main concern is just to get the list working, webpage admin would
>> just be icing.
> 
> 
> What's in the web server (Apache) error log?

I absolutely hate ISPConfig... it fights me at every turn. I'm also an
apache newbie and that doesn't help. I'd be happy to run a small list
for maybe a dozen people, I can manually add them to not fight with
apache right now.

> 
> 
>> Here is the maillog for a "loop"
>> 
> ...
>> Jul 10 10:55:16 server1 postfix/submission/smtpd[4534]: connect
>> from unknown[96.2.151.202] Jul 10 10:55:16 server1
>> postfix/submission/smtpd[4534]: Anonymous TLS connection
>> established from unknown[96.2.151.202]: TLSv1.2 with cipher 
>> ECDHE-RSA-AES256-SHA (256/256 bits) Jul 10 10:55:16 server1
>> postfix/submission/smtpd[4534]: NOQUEUE: filter: RCPT from
>> unknown[96.2.151.202]: <rob...@rootunlimited.com>: Sender address
>> triggers FILTER amavis:[127.0.0.1]:10026; 
>> from=<rob...@rootunlimited.com> to=<te...@susmilch.com>
>> proto=ESMTP helo=<archer.susmilch.com> Jul 10 10:55:16 server1
>> postfix/submission/smtpd[4534]: CE95B10269ED: 
>> client=unknown[96.2.151.202], sasl_method=PLAIN, 
>> sasl_username=rob...@rootunlimited.com Jul 10 10:55:17 server1
>> postfix/cleanup[4553]: CE95B10269ED: 
>> message-id=<559feaef.8000...@rootunlimited.com> Jul 10 10:55:17
>> server1 postfix/qmgr[4279]: CE95B10269ED: 
>> from=<rob...@rootunlimited.com>, sizef7, nrcpt=1 (queue active)
> 
> Your message got submitted.
> 
> 
>> Jul 10 10:55:17 server1 postfix/smtpd[4557]: connect from 
>> unknown[127.0.0.1] Jul 10 10:55:17 server1 postfix/smtpd[4557]:
>> 246D610269EF: client=unknown[127.0.0.1] Jul 10 10:55:17 server1
>> postfix/cleanup[4553]: 246D610269EF: 
>> message-id=<559feaef.8000...@rootunlimited.com> Jul 10 10:55:17
>> server1 postfix/smtpd[4557]: disconnect from unknown[127.0.0.1]
> 
> And came back from amavis
> 
> 
>> Jul 10 10:55:17 server1 postfix/qmgr[4279]: 246D610269EF: 
>> from=<rob...@rootunlimited.com>, size90, nrcpt=1 (queue active) 
>> Jul 10 10:55:17 server1 amavis[23237]: (23237-16) Passed CLEAN 
>> {RelayedInternal}, ORIGINATING LOCAL [96.2.151.202]:46678 
>> [96.2.151.202] <rob...@rootunlimited.com> -> 
>> <te...@server1.susmilch.com>, Queue-ID: CE95B10269ED,
>> Message-ID: <559feaef.8000...@rootunlimited.com>, mail_id:
>> biCr3Qlg5n88, Hits: -, size: 667, queued_as: 246D610269EF,
>> dkim_new=mail:rootunlimited.com, 105 ms Jul 10 10:55:17 server1
>> postfix/smtp[4556]: CE95B10269ED: 
>> to=<te...@server1.susmilch.com>, orig_to=<te...@susmilch.com>, 
>> relay7.0.0.1[127.0.0.1]:10026, delay=0.43,
>> delays=0.31/0.01/0/0.11, dsn=2.0.0, status=sent (250 2.0.0 from
>> MTA(smtp:[127.0.0.1]:10025): 250 2.0.0 Ok: queued as
>> 246D610269EF) Jul 10 10:55:17 server1 postfix/qmgr[4279]:
>> CE95B10269ED: removed
> 
> Relayed to localhost, why?

I believe it is going for tagging as either internal or external which
then leads into the DKIM signatures. It's been a year or so since I
set it all up, and I should have kept better notes.

I have noticed that the submission email gets rewritten as
"te...@server1.susmilch.com" and that can't be good.

> 
>> Jul 10 10:55:17 server1 postfix/smtp[4558]: 246D610269EF: 
>> to=<te...@server1.susmilch.com>, relay=none, delay=0.03, 
>> delays=0.01/0.02/0/0, dsn=5.4.6, status=bounced (mail for 
>> server1.susmilch.com loops back to myself)
> 
> and bounces. It should have been delivered above instead of relayed
> to itself.
> 
> 
> ...
>> mm_cfg.py
>> 
>> MAILMAN_SITE_LIST = 'mailman' DEFAULT_URL_PATTERN =
>> 'http://%s/cgi-bin/mailman/' PRIVATE_ARCHIVE_URL =
>> '/cgi-bin/mailman/private' IMAGE_LOGOS         =
>> '/images/mailman/' DEFAULT_EMAIL_HOST =
>> 'server1.rootunlimited.com' DEFAULT_URL_HOST   =
>> 'server1.rootunlimited.com' add_virtualhost(DEFAULT_URL_HOST,
>> DEFAULT_EMAIL_HOST) DEFAULT_SERVER_LANGUAGE = 'en' 
>> DEFAULT_SEND_REMINDERS = 0 MTA='Postfix' 
>> POSTFIX_STYLE_VIRTUAL_DOMAINS = ['susmilch.com']
> 
> You probably want
> 
> add_virtualhost('???.susmilch.com', 'susmilch.com')
> 
> and likewise other virtual domains.

So that virtual domain should be already taken care of with
DEFAULT_EMAIL_HOST?

> 
> 
>> POSTFIX_MAP_CMD = '/etc/mailman/virtual_to_transport.sh'
> 
> Presumably you are doing this because Dovecot is the default LDA in
> your postfix. It should work if properly configured. It doesn't
> create virtual-mailman.db because it doesn't use it. it uses
> transport_maps to map list addresses to Postfix's local transport
> and that in turn uses aliases to deliver to Mailman.
> 

I was doing this because someone, somewhere, said to create this script.

> 
>> Output of postconf -d
> 
> 
> This says nothing about YOUR Postfix config. -d says output the 
> defaults. 'postconf -n' is what we want to see.
> 
Sorry I was tired and did the wrong command. D'oh.

[root@server1 log]# postconf -n
postconf: warning: /etc/postfix/master.cf: undefined parameter:
mua_client_restrictions
postconf: warning: /etc/postfix/master.cf: undefined parameter:
mua_client_restrictions
alias_database = hash:/etc/aliases
alias_maps = hash:/etc/aliases
anvil_rate_time_unit = 60s
body_checks = regexp:/etc/postfix/body_checks
broken_sasl_auth_clients = yes
check_greylist = check_policy_service unix:postgrey/socket
command_directory = /usr/sbin
config_directory = /etc/postfix
content_filter = amavis:[127.0.0.1]:10024
daemon_directory = /usr/libexec/postfix
data_directory = /var/lib/postfix
debug_peer_level = 2
debugger_command = PATH=/bin:/usr/bin:/usr/local/bin:/usr/X11R6/bin
ddd $daemon_directory/$process_name $process_id & sleep 5
default_destination_concurrency_limit = 20
disable_vrfy_command = yes
dovecot_destination_recipient_limit = 1
header_checks = regexp:/etc/postfix/header_checks
html_directory = no
inet_interfaces = all
inet_protocols = ipv4
local_destination_concurrency_limit = 2
mail_owner = postfix
mailbox_size_limit = 8489271296
maildrop_destination_concurrency_limit = 1
maildrop_destination_recipient_limit = 1
mailq_path = /usr/bin/mailq.postfix
manpage_directory = /usr/share/man
message_size_limit = 209715200
mime_header_checks = regexp:/etc/postfix/mime_header_checks
mydestination = server1.rootunlimited.com, localhost,
localhost.localdomain
myhostname = server1.susmilch.com
mynetworks = 127.0.0.0/8 [::1]/128 188.166.17.164/32 192.249.60.160/32
107.191.103.120/32
nested_header_checks = regexp:/etc/postfix/nested_header_checks
newaliases_path = /usr/bin/newaliases.postfix
policy-spf_time_limit = 3600s
postscreen_access_list = permit_mynetworks,
cidr:/etc/postfix/postscreen_access.cidr
postscreen_bare_newline_action = enforce
postscreen_bare_newline_enable = yes
postscreen_bare_newline_ttl = 30d
postscreen_blacklist_action = drop
postscreen_dnsbl_action = enforce
postscreen_dnsbl_sites = zen.spamhaus.org*3 b.barracudacentral.org*2
bl.spameatingmonkey.net*2 dnsbl.ahbl.org*2 bl.spamcop.net
dnsbl.sorbs.net psbl.surriel.com bl.mailspike.net swl.spamhaus.org*-4
list.dnswl.org=127.[0..255].[0..255].0*-
2 list.dnswl.org=127.[0..255].[0..255].1*-3
list.dnswl.org=127.[0..255].[0..255].[2..255]*-4
postscreen_dnsbl_threshold = 3
postscreen_greet_action = enforce
postscreen_greet_wait = ${stress?5}${stress:15}s
postscreen_non_smtp_command_action = enforce
postscreen_non_smtp_command_enable = yes
postscreen_non_smtp_command_ttl = 30d
postscreen_pipelining_action = enforce
postscreen_pipelining_enable = yes
postscreen_pipelining_ttl = 30d
proxy_read_maps = $local_recipient_maps $mydestination
$virtual_alias_maps $virtual_alias_domains $virtual_mailbox_maps
$virtual_mailbox_domains $relay_recipient_maps $relay_domains
$canonical_maps $sender_canonical_maps $recipient_canon
ical_maps $relocated_maps $transport_maps $mynetworks
queue_directory = /var/spool/postfix
readme_directory = /usr/share/doc/postfix-2.10.1/README_FILES
recipient_delimiter = -
relay_domains = mysql:/etc/postfix/mysql-virtual_relaydomains.cf
relay_recipient_maps =
mysql:/etc/postfix/mysql-virtual_relayrecipientmaps.cf
relayhost =
sample_directory = /usr/share/doc/postfix-2.10.1/samples
sendmail_path = /usr/sbin/sendmail.postfix
setgid_group = postdrop
smtp_tls_loglevel = 1
smtp_tls_protocols = !SSLv2,!SSLv3
smtp_tls_security_level = may
smtpd_banner = $myhostname ESMTP $mail_name
smtpd_client_event_limit_exceptions = $mynetworks
smtpd_client_message_rate_limit = 100
smtpd_client_recipient_rate_limit = 15
smtpd_client_restrictions = check_client_access
mysql:/etc/postfix/mysql-virtual_client.cf, permit
smtpd_data_restrictions = reject_unauth_pipelining, permit
smtpd_delay_reject = yes
smtpd_error_sleep_time = 10s
smtpd_hard_error_limit = 20
smtpd_helo_required = yes
smtpd_recipient_restrictions = permit_mynetworks,
permit_sasl_authenticated, reject_unauth_destination,
reject_invalid_hostname, reject_unauth_pipelining,
reject_non_fqdn_sender, check_recipient_access
mysql:/etc/postfix/mysql-virtual_re
cipient.cf, check_sender_access hash:/etc/postfix/access_sender_hash,
check_client_access hash:/etc/postfix/white_list_hash,
reject_unknown_sender_domain, reject_non_fqdn_recipient,
reject_unknown_recipient_domain, check_helo_access hash
:/etc/postfix/helo_checks, check_policy_service
unix:private/policy-spf, permit
smtpd_restriction_classes = check_greylist
smtpd_sasl_auth_enable = yes
smtpd_sasl_authenticated_header = yes
smtpd_sasl_path = private/auth
smtpd_sasl_type = dovecot
smtpd_sender_restrictions = check_sender_access
regexp:/etc/postfix/tag_as_originating.re, permit_mynetworks,
permit_sasl_authenticated, permit_tls_clientcerts, check_sender_access
regexp:/etc/postfix/tag_as_foreign.re, check_sender_acce
ss mysql:/etc/postfix/mysql-virtual_sender.cf
smtpd_soft_error_limit = 1
smtpd_tls_cert_file = /etc/postfix/smtpd.cert
smtpd_tls_dh1024_param_file = /etc/postfix/dh_1024.pem
smtpd_tls_dh512_param_file = /etc/postfix/dh_512.pem
smtpd_tls_eecdh_grade = strong
smtpd_tls_key_file = /etc/postfix/smtpd.key
smtpd_tls_loglevel = 1
smtpd_tls_mandatory_protocols = !SSLv2,!SSLv3
smtpd_tls_protocols = !SSLv2,!SSLv3
smtpd_tls_security_level = may
smtpd_use_tls = yes
soft_bounce = no
tls_preempt_cipherlist = yes
transport_maps = hash:/var/lib/mailman/data/transport-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_transports.cf
unknown_local_recipient_reject_code = 550
virtual_alias_domains =
virtual_alias_maps = hash:/etc/mailman/virtual-mailman,
proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf,
proxy:mysql:/etc/postfix/mysql-virtual_email2email.cf,
hash:/etc/postfix/psy2200
virtual_gid_maps = static:5000
virtual_mailbox_base = /var/vmail
virtual_mailbox_domains =
proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
virtual_mailbox_limit = $message_size_limit
virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
virtual_transport = dovecot
virtual_uid_maps = static:5000


I'm unsure what more configuration you require. Amavisd.conf?
- -- 
Respectfully,

Robert Susmilch
===============
The "gobbledygook" in this email is due to this email having been
"signed" with PGP (or the free GPG). If both parties (sender and
receiver) had PGP key's the entire email could be encrypted (rendered
secure and unreadable except by the key holders) for confidentiality
and security.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2

iQIcBAEBCAAGBQJVpvFKAAoJEJvhIiLnDQ8qczoP/3U7XD0K3l0xkMwAGwF7KMOo
C+GRZ4DXymUFxxRvTMa/4aVBEpn1X7UjfMeWS3IpS6V/nbtNjBmpTVEsvytqfpYz
TG6aHq2oj9rZXHHBAAo8xby9NJGLT5G9mpq6YjBCPi9IQqGqvmAWNT6lPedrD3tW
VbIOOQlkuC5ZSAXkcZMgRA6l+PFZ03iQwouvHNfMPqSSL8OFyYIj69PizGshvfVf
yfA8NarlEv0FMZrf9lfXZ3xh1Tyfh1NFa6YByEYKmuxizSIlWh9kMYxliyy8cxL4
9EjoCgj+Q8G8icwU0//513el2N6ZJWt+8r0nh1TJICG8K+/w/srHAQKkGnW+yaSC
oP0kukTmBcfQOmYYidq+KulGRGqov9QaoWoBH1wLH2xJPAh80lrSRC6yTRFIEBXo
xxmol945IwfLhF7g/uXGV+I/cfZYFrdNU7gIxz2eFhiPmxwrZhQHmOVF7rf9TZgi
1bpHqfG2SBivixo8ePfyNhkkfLkNquCpPCULjNB89zrzC7MTzdJP9HUp1kduLnOr
2no8WCVou43UYVeUArooMljcCCDB8g333Cpd3ZrYwxxH9sbJNG0mM/lNBuDseDgT
tmxsSQ6+pZCYKSGnW9Skap6DlqPcCmyHroXRqRjAs/xgWIAN/g8spmnGgXQ/u1XP
Z9yz5bKx7UAE7O1xpbZo
=qZxx
-----END PGP SIGNATURE-----
------------------------------------------------------
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Reply via email to