[Mailman-Users] Re: group mismatch

2022-05-17 Thread Jon Baron 
In view of Stephen Turnbull's comments, I changed my mind and will
respond to the list. I was the "original poster" (OP?) about the
strange "group mismatch" error in my log. It complained about the user
"baron" (my own account on the server) not matching the required list
of groups. Several people made suggestions about where "baron" was
coming from: usually saying that baron was an owner of one file or
another file that was trying to send something to mailman. None of
these suggestions was correct. The only "baron" that had anything to
do with the mailing was as a moderator/owner, and the other
moderator/owner was never mentioned in the error message. Thus, the
original problem is, and will remain, unsolved.

What I was trying to do was very specific to my setup. It was Fedora,
not Debian. And I was using the mailman RPM (2.1.34-3), without the
patches that have been recommended since then, since the layout is
very different from what you get if you install from source. And I did
not want to install from source while everything is running, and
working quite well. I don't have the time for that anyway, and
certainly not to switch to Mailman 3, which does not seem particularly
helpful for the sort of very mundane things we do. Thus, I am errant
and untypical, so my problem and any solution to it would probably be
of little use to others. I should not have posted. (What encouraged me
were other posts about group mismatch, going back several years, none
of which helped solve my problem.)

The problem was spam coming to jdm-society-owner. Some of this was NOT
the result of trying to submit to the list. Some people just had the
idea that this was a good place to send spam (along with other
addresses on the server like webmaster). It isn't that bad. I just
delete it.

But I'm trying another solution. It seems that -owner is used by
mailman only to send mail to the list owners, e.g., when someone
submits something to the list. So I replaced this line in /etc/aliases

jdm-society-owner: "|/usr/lib/mailman/mail/mailman owner jdm-society"   


with

jdm-society-owner: "|/usr/bin/procmail /etc/procmailrc"

(I might try the -m after procmail, but I do other addresses without
it, like "webmaster", and that works.)

Then in /etc/procmailrc, I say (and this is new):

:0
* To:.*jdm-society-ow...@sjdm.org
! [address of owner 1],[address of owner 2]

This came after a lot of spam filtering in /etc/procmailrc, not just
by spamassassin but also by various words that need not be spam to
anyone else but are perfect indicators for us, e.g., "purchase". I
check the spam file every day or two.

Note that, if anything arrives at -owner from a list post, it is
already submitted and waiting for approval in /var/lib/mailman/data

I don't know if this works yet. If it does, it should largely solve
the problem. We will still get some spam posts to the lists, but they
are a drop in the bucket of other stuff that we need to reject even
though it isn't spam.

If it doesn't work, I'll just go back to rejecting the spam by hand.

Jon
-- 
Jonathan Baron, Professor of Psychology, University of Pennsylvania
Home page: https://www.sas.upenn.edu/~baron
Founding Editor: Judgment and Decision Making (http://journal.sjdm.org)
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-17 Thread Stephen J. Turnbull 
Christian Buser via Mailman-Users writes:

 > You know that in a mailing list everyone should help if he can and
 > not only consume?

Technically correct, but please don't be so antagonistic.  

 > So then, please unsubscribe here.

What you do with your own filters is your business, but for the
mailing list this is outright wrong.

Mailing lists are easy to abuse, as we all know.  We put a lot of
effort into minimizing the damage and closing as many vulnerabilities
as we can, but the bad folks are out there developing new ones 9-5
every day, and some of them can't be closed without destroying
Mailman's main feature: the convenient discoverable interface for
managing list mail flows.  I hope that every Mailman 2 admin is
subscribing and continues to subscribe to this list, so that we can
help them serve the subscribers, and when necessary address
vulnerabilities and help them upgrade.

Steve

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-17 Thread Christian Buser via Mailman-Users 
Ah so…

You found another way to fix the main problem -  but you do not tell us? 

You know that in a mailing list everyone should help if he can and not only 
consume?

So then, please unsubscribe here.

Thank you
Christian 

-- 
Christian Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland)  
Hilfe fuer Strassenkinder in Ghana: https://www.chance-for-children.org







> Am 17.05.2022 um 11:02 schrieb Jon Baron :
> 
> I would like to thank everyone for all the ideas about my
> group-mismatch problem.
> 
> As it happens, nothing helped. Moreover, almost all of the
> speculations about what I was doing or not doing, using or not using,
> know or do not know, were incorrect.
> 
> I found another way to fix the main problem, which was, in any case,
> not all that serious.
> 
> I am not going to respond anymore to this thread.
> -- 
> Jonathan Baron, Professor of Psychology, University of Pennsylvania
> Home page: https://www.sas.upenn.edu/~baron
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
>https://mail.python.org/archives/list/mailman-users@python.org/

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-17 Thread Jon Baron 
I would like to thank everyone for all the ideas about my
group-mismatch problem.

As it happens, nothing helped. Moreover, almost all of the
speculations about what I was doing or not doing, using or not using,
know or do not know, were incorrect.

I found another way to fix the main problem, which was, in any case,
not all that serious.

I am not going to respond anymore to this thread.
-- 
Jonathan Baron, Professor of Psychology, University of Pennsylvania
Home page: https://www.sas.upenn.edu/~baron
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Mark Sapiro 

On 5/16/22 19:27, Carl Zwanzig wrote:

On 5/16/2022 4:31 PM, Mark Sapiro wrote:

That's a Debian 'feature'.


Which then makes me wonder if there are other Debian "features" getting 
in the way.



No. It's a simple group mismatch. The OP has to arrange for the process 
that pipes the mail to Mailman to run with an effective group of one of 
mail, postfix, mailman, nobody or daemon.


--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Stephen J. Turnbull 
Lucio Chiappetti writes:
 > On Sun, 15 May 2022, Jon Baron wrote:
 > 
 > > I am trying to use spamassassin by running everything through
 > > /etc/procmail,
 > 
 > Sorru, I do not understand what procmail and spamassassin, intended to 
 > process INCOMING mail, have to do with mailman which is SENDING OUT
 > mail.

I assumed the OP knows procmail fairly well, doesn't understand
milters (or whatever the equivalent is for $MTA), and is using a
pipeline like

sendmail | procmail | spamassassin && mailman

since the error message implied that mailman was started by procmail.
procmail may not be the tool of choice these days, but it should work.

Note that the error message mentions postfix several times; I'm not
sure that a sendmail cf is of much use to the OP.

Steve

--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Carl Zwanzig 

On 5/16/2022 4:31 PM, Mark Sapiro wrote:

That's a Debian 'feature'.


Which then makes me wonder if there are other Debian "features" getting in 
the way.


z!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Julian H. Stacey 
> Also: procmail is antique abandonware that no one should use in 2022, 
> but it can be very hard to replace.

I have a massive time investment in working procmail rules.
Use is not abandoned here. "If it aint broke dont fix it." ;-)

Cheers,
-- 
Julian Stacey  http://berklix.com/jhs/ http://stolenVotes.uk
Arm Ukraine, Zap killer Putin, grain & fuel loss hits poorest.
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread dmitri maziuk 

On 2022-05-16 3:31 PM, Bill Cole wrote:
...
SpamAssassin can be used as a milter during the SMTP transaction or as a 
filter in the delivery pipeline via a delivery agent like procmail. 
Using procmail is generally suboptimal, but it may be the only mechanism 
available for an end user to deploy SA for their own mail without root 
access.


You also get per-user thresholds and Bayes training etc.

Also: procmail is antique abandonware that no one should use in 2022, 
but it can be very hard to replace.


Courier maildrop works and has a somewhat saner syntax. However what 
does this have to do with mailman? -- IIRC I had to add an extra python 
file, edit something in another, and add a config setting, to have 
spamassassin work with MM2.


Dima



--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Mark Sapiro 

On 5/16/22 16:18, Carl Zwanzig wrote:


One thing is odd about the message above, it says "one of the groups"
whereas some versions (eg 2.1.25) have "Mailman expected the %s wrapper 
to be executed as group" (singular). Could be that the OP's version is 
rather old.



That's a Debian 'feature'.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Carl Zwanzig 

Going back to the original email-

On 5/15/2022 4:35 PM, Jon Baron wrote:

"Group mismatch error. Mailman expected the mail wrapper script to be
executed as one of the following groups:
[mail, postfix, mailman, nobody, daemon],
but the system's mail server executed the mail script as group: "baron".
Try tweaking the mail server to run the script as one of these groups:
[mail, postfix, mailman, nobody, daemon],"


_Something_ (possibly procmail) was executing the mailman wrapper which 
produced the message above. When it was exec'd, for some reason the GID it 
was started under wasn't good.


One thing is odd about the message above, it says "one of the groups"
whereas some versions (eg 2.1.25) have "Mailman expected the %s wrapper to 
be executed as group" (singular). Could be that the OP's version is rather old.


Later,

z!



--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Bill Cole 
On 2022-05-16 at 12:32:54 UTC-0400 (Mon, 16 May 2022 18:32:54 +0200 
(CEST))

Lucio Chiappetti 
is rumored to have said:


On Sun, 15 May 2022, Jon Baron wrote:

I am trying to use spamassassin by running everything through

/etc/procmail,

Sorru, I do not understand what procmail and spamassassin, intended to 
process INCOMING mail, have to do with mailman which is SENDING OUT 
mail.


It is fairly common for SpamAssassin to be used on both incoming and 
outgoing mail, but obviously outgoing would need to use something other 
than procmail to call it.


I still have a few almost-dead mailman lists on my machine, and I do 
use procmail to filter my personal incoming mail. It is a long time we 
have abandoned (been forced to abandon) spamassassin, but that was 
running on the institute MX, not on my own machine.


As far as I remember (after a first trial) spamassassin was run as a 
milter in sendmail.cf (the sendmail doc had s[pecial instructions).


SpamAssassin can be used as a milter during the SMTP transaction or as a 
filter in the delivery pipeline via a delivery agent like procmail. 
Using procmail is generally suboptimal, but it may be the only mechanism 
available for an end user to deploy SA for their own mail without root 
access.


Also: procmail is antique abandonware that no one should use in 2022, 
but it can be very hard to replace.


--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Lucio Chiappetti 

On Sun, 15 May 2022, Jon Baron wrote:


I am trying to use spamassassin by running everything through
/etc/procmail,


Sorru, I do not understand what procmail and spamassassin, intended to 
process INCOMING mail, have to do with mailman which is SENDING OUT mail.


I still have a few almost-dead mailman lists on my machine, and I do use 
procmail to filter my personal incoming mail. It is a long time we have 
abandoned (been forced to abandon) spamassassin, but that was running on 
the institute MX, not on my own machine.


As far as I remember (after a first trial) spamassassin was run as a 
milter in sendmail.cf (the sendmail doc had s[pecial instructions).


Procmail instead is run (by me only on my own machine) via my own 
~/.procmailrc  (no need to pass through /etc/aliases or amy other system 
file). That occurs definining it as default deliveryi agent for the local 
mailer in sendmail.cf (see also sendmail doc).


My sendmail.cf has a section starting with

Mlocal,		P=/usr/bin/procmail, F=lsDFMAw5:/|@qSPfhn09, 
S=EnvFromL/HdrFromL, R=EnvToL/HdrToL,

A=procmail -a $h -d $u

The default aliases needed for the mailman lists are kept in a separate 
alias file, and sendmail.cf concatenates it with the system one


O AliasFile=/etc/aliases,/etc/mail/mailman.aliases

(do NOT use the sendmail.cf lines I quote as they are ... go through the 
proper sendmail configuration)


--
Lucio Chiappetti - INAF/IASF - via Corti 12 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html

"All that is google does not glitter
 Nor all who use alpine/procmail are lost"
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Carl Zwanzig 

On 5/16/2022 3:42 AM, Jon Baron wrote:

  procmail is not
"running". It is not listed in any version of "ps". It is evoked by
sendmail or by /etc/aliases.db. sendmail and aliases.db are both owned
by root and smmsp.


It is "run" or "envoked" on-demand by sendmail to execute the line in the 
alias file; you'll only see it in ps when actually running.



the procmail man file states
-m
[...] If the rcfile is an absolute path starting with /etc/procmailrcs/ 
without backward references (i.e. the parent directory cannot be mentioned) 
procmail will, only if no security violations are found, take on the 
identity of the owner of the rcfile (or symbolic link). [...]


[that path may change in different versions of procmail]

That last sentence is important- check the ownership of /etc/procmailrc, I'm 
betting it's "baron"; that can happen easily when editing.


z!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-16 Thread Jon Baron 
Thanks to both. But I'm afraid that this advice does not help, and I
am giving up.

I suspect that what I am trying to do is impossible. And I also think
I was going about it wrong. I was trying to use /etc/aliases to get
the mail to go to procmail, with lines like this:

Method 1
jdm-society: "|/usr/bin/procmail -m /etc/procmailrc"

or

Method 2
jdm-society-owner: "|/usr/lib/mailman/mail/mailman owner jdm-society"

And then /etc/procmail had lines like this:

:0
* To:.*jdm-society-ow...@sjdm.org
| /etc/smrsh/mailman owner jdm-society

and /etc/smrsh has a soft links to /usr/bin/procmail and to
../../usr/lib/mailman/mail/mailm

(I don't know why the ../../ is there.)

Method 2 is what yielded the group mismatch.

Method 1 just said user not found.

I still have no idea where "baron" is coming from. I thought if I
could figure that out it would lead to a solution. procmail is not
"running". It is not listed in any version of "ps". It is evoked by
sendmail or by /etc/aliases.db. sendmail and aliases.db are both owned
by root and smmsp. I tried to change the owner of aliases.db to mail
rather than root, but it got changed back when I ran newaliases.

So I am giving up. We will just deal with the spam by hand. The list
is moderated, so none of it actually gets posted, and we discourage
some of it with a small captcha. (The really fancy ones are
impossible. I can't do them myself.)

I did read the link below, but I had not gotten up to trying to modify
the code. It seems to be written mainly for some other system than
what I have. (I'm using the last available Fedora RPM. I don't think
they are going to update Mailman 2, or fix the bug. I do not have time
to compile from source, since it is a major change - everything is in
a different place. And I won't change to Mailman 3 because, so far as
I can tell, we would not want any of its features and configuration
would also take a lot of time. I will leave all this to my
successor. Right now, everything works except the spam.)

https://wiki.list.org/DOC/4.23%20How%20do%20I%20use%20SpamAssassin%20with%20Mailman%3F

Thanks for trying.

Jon

On 05/16/22 00:45, Bruce  Johnson wrote:
> Are any of the processes being run by that user? like cron jobs?
> 
> Look throughthe mailman logs or other logs (it’s been a very long time; I 
> cannot remember if procmail and spamassasin have their own logs or they get 
> dumped into /var/log/messages (for RH-style systems; I forget what the 
> general syslog file is called in Debian style)


Answers: No. No. Nothing in the logs (several of them.)

>
> 
> > On May 15, 2022, at 4:35 PM, Jon Baron  wrote:
> > 
> > I'm sure this is a very dumb question, because I have seen several
> > posts about it, all of which imply that there is some simple solution.
> > 
> > I am trying to use spamassassin by running everything through
> > /etc/procmail, and I get the following in /var/log/procmail:
> > 
> > "Group mismatch error. Mailman expected the mail wrapper script to be
> > executed as one of the following groups:
> > [mail, postfix, mailman, nobody, daemon],
> > but the system's mail server executed the mail script as group: "baron".
> > Try tweaking the mail server to run the script as one of these groups:
> > [mail, postfix, mailman, nobody, daemon],"
> > 
> > The dumb question is: "What is the 'mail server'?" I thought it was
> > sendmail, but I have no idea where "baron" comes from. baron is just a
> > user on the system. The various IDs for mailman are set to sjdm.org in
> > the configuration file. I installed it as "root" from a Fedora RPM,
> > and the name "baron" had no part of that. So far as I can tell,
> > NOTHING in this system is owned by "baron" except my own account
> > (which is, however, included in several groups).
> > 
> > Jon
> > -- 
> > Jonathan Baron, Professor of Psychology, University of Pennsylvania
> > Home page: https://www.sas.upenn.edu/~baron
> > --
-- 
Jonathan Baron, Professor of Psychology, University of Pennsylvania
Home page: https://www.sas.upenn.edu/~baron
Founding Editor: Judgment and Decision Making (http://journal.sjdm.org)
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: group mismatch

2022-05-15 Thread Mark Sapiro 

On 5/15/22 16:35, Jon Baron wrote:

I'm sure this is a very dumb question, because I have seen several
posts about it, all of which imply that there is some simple solution.

I am trying to use spamassassin by running everything through
/etc/procmail, and I get the following in /var/log/procmail:

"Group mismatch error. Mailman expected the mail wrapper script to be
executed as one of the following groups:
[mail, postfix, mailman, nobody, daemon],
but the system's mail server executed the mail script as group: "baron".
Try tweaking the mail server to run the script as one of these groups:
[mail, postfix, mailman, nobody, daemon],"

The dumb question is: "What is the 'mail server'?"


Probably procmail in this case.


I thought it was
sendmail, but I have no idea where "baron" comes from. baron is just a
user on the system. The various IDs for mailman are set to sjdm.org in
the configuration file. I installed it as "root" from a Fedora RPM,
and the name "baron" had no part of that. So far as I can tell,
NOTHING in this system is owned by "baron" except my own account
(which is, however, included in several groups).



And you are probably running the procmail process as yourself. You need 
to run it as one of the groups mail, postfix, mailman, nobody or daemon


--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Group Mismatch Error

2020-10-25 Thread Dennis Putnam 
On 10/25/2020 11:48 AM, Mark Sapiro wrote:
> On 10/25/20 7:37 AM, Dennis Putnam wrote:
>
>> This is still a bit confusing. I need to state that 'fetchmail' is
>> involved here. I don't know how it interfaces but I have the
>> 'postmaster' parameter in 'fetchmailrc' set to 'mailman'. This was not
>> an issue with the previous version of mailman so I did not change it.
>> That I had to use 'nobody' when installing the new version was different
>> than the old version. I really don't know what else that would effect.
>
> Whatever the cause, the /usr/lib/mailman/mail/mailman wrapper is being
> invoked by group mailman so you need to start over with `configure` and
> `make install` with the --with-mail-gid=mailman option to configure and
> not with --with-mail-gid=nobody.
>
>
>> Yes, I ran 'check_perms' and it set it back.
>
> Good. Leave it that way.
>
>
>
>> This is where I'm a bit confused. That aliases file is owned by
>> mailman:mailman.
> Actually, it's the aliases.db file that counts and only the owner,
> unless the invoking user:group comes from fetchmail.
>
>> I don't know what configure file you are talking about.
> I'm talking about the configure command you use to configure Mailman.
>
>
>> If you are referring to rebuilding mailman and the
>> 'configure' command, that was where this started. I don't know if you
>> recall the emails from back when I was installing 2.1.34. If I set that
>> to 'mailman' rather than 'nobody', mailman will not start.
>
> Are you referring to the thread at
> ?
> If so, I don't have time at the moment to look in detail, but the issue
> seemed to be permissions and only changing the --with-mail-gid option
> from mailman to nobody would not have affected this at all.
>
Hi Mark,

Yes that is what I was referring to. I have this sorted out now but I
don't understand it completely. There are actually 2 servers involved
here. The one you helped with originally  (and on which that article was
based) was RHEL 7 and that is where I used 'nobody' to get it working.
This one is CentOS 7 which I thought was the same but obviously it is
slightly different. So I did indeed change it to 'mailman' and now it
works. Thanks again.



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Group Mismatch Error

2020-10-25 Thread Mark Sapiro 
On 10/25/20 7:37 AM, Dennis Putnam wrote:

> This is still a bit confusing. I need to state that 'fetchmail' is
> involved here. I don't know how it interfaces but I have the
> 'postmaster' parameter in 'fetchmailrc' set to 'mailman'. This was not
> an issue with the previous version of mailman so I did not change it.
> That I had to use 'nobody' when installing the new version was different
> than the old version. I really don't know what else that would effect.


Whatever the cause, the /usr/lib/mailman/mail/mailman wrapper is being
invoked by group mailman so you need to start over with `configure` and
`make install` with the --with-mail-gid=mailman option to configure and
not with --with-mail-gid=nobody.


> Yes, I ran 'check_perms' and it set it back.


Good. Leave it that way.



> This is where I'm a bit confused. That aliases file is owned by
> mailman:mailman.

Actually, it's the aliases.db file that counts and only the owner,
unless the invoking user:group comes from fetchmail.

> I don't know what configure file you are talking about.

I'm talking about the configure command you use to configure Mailman.


> If you are referring to rebuilding mailman and the
> 'configure' command, that was where this started. I don't know if you
> recall the emails from back when I was installing 2.1.34. If I set that
> to 'mailman' rather than 'nobody', mailman will not start.


Are you referring to the thread at
?
If so, I don't have time at the moment to look in detail, but the issue
seemed to be permissions and only changing the --with-mail-gid option
from mailman to nobody would not have affected this at all.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Group Mismatch Error

2020-10-25 Thread Dennis Putnam 
On 10/24/2020 6:57 PM, Mark Sapiro wrote:
> On 10/24/20 3:10 PM, Dennis Putnam wrote:
>> I am getting this error:
>>
>>  (expanded from ):
>> Command died with status 2: "/usr/lib/mailman/mail/mailman post
>> cufsalumni". Command output: Group mismatch error.  Mailman expected the
>> mail wrapper script to be executed as group "nobody", but the system's 
>> mail
>> server executed the mail script as group "mailman".  Try tweaking the 
>> mail
>> server to run the script as group "nobody", or re-run configure,  
>> providing
>> the command line option `--with-mail-gid=mailman'.
>>
>> When I upgraded to this version of Mailman (2.1.34) I specified the 
>> configure options per the article (https://wiki.list.org/x/17892071) for 
>> RHEL. The group for '/usr/lib/mailman/mail/mailman' is indeed 'nobody'. What 
>> is this error trying to tell me. It is not clear what wrapper it is talking 
>> about since the group on the indicated script is correct.
Hi Mark,

Thanks for the reply. See embedded comments.

>
> That's not what the error is saying. See the FAQ at
>  for the detail.
>
> `Mailman expected the mail wrapper script to be executed as group
> "nobody"` is because you configured --with-mail-gid=nobody and that says
> you expect your MTA to invoke the /usr/lib/mailman/mail/mailman wrapper
> as group `nobody`, but in fact it invoked it as group mailman.
This is still a bit confusing. I need to state that 'fetchmail' is
involved here. I don't know how it interfaces but I have the
'postmaster' parameter in 'fetchmailrc' set to 'mailman'. This was not
an issue with the previous version of mailman so I did not change it.
That I had to use 'nobody' when installing the new version was different
than the old version. I really don't know what else that would effect.
>
> There are two things going on here. The actual group of the
> /usr/lib/mailman/mail/mailman wrapper should not be `nobody`. it should
> be SETGID and group `mailman`. check_perms should tell you that. All the
> wrappers /usr/lib/mailman/mail/mailman and /usr/lib/mailman/cgi-bin/*
> shoulkd be SETGID and group `mailman` so they actually execute as
> effective group `mailman`.
Yes, I ran 'check_perms' and it set it back.
>
> The second thing is I'm guessing your MTA is Postfix and you have
> Mailman/Postfix integration so your Mailman aliases are in
> /var/lib/mailman/data/aliases. If this is the case, Postfix executes the
> pipe for the alias with the user/group set to the user and primary group
> of the owner of the .db file in which it found the alias. See the
> `DELIVERY RIGHTS` section at . This
> means if /var/lib/mailman/data/aliases.db is owned by `mailman`, Postfix
> will invoke the wrapper as group `mailman` and you should configure
> --with-mail-gid=mailman
This is where I'm a bit confused. That aliases file is owned by
mailman:mailman. I don't know what configure file you are talking about.
That is not a postfix parameter as far as I know in either main.cf or
master.cf. If you are referring to rebuilding mailman and the
'configure' command, that was where this started. I don't know if you
recall the emails from back when I was installing 2.1.34. If I set that
to 'mailman' rather than 'nobody', mailman will not start.
>
>
> --
> Mailman-Users mailing list -- mailman-users@python.org
> To unsubscribe send an email to mailman-users-le...@python.org
> https://mail.python.org/mailman3/lists/mailman-users.python.org/
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
> https://mail.python.org/archives/list/mailman-users@python.org/



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Group Mismatch Error

2020-10-24 Thread Mark Sapiro 
On 10/24/20 3:10 PM, Dennis Putnam wrote:
> I am getting this error:
> 
>  (expanded from ):
> Command died with status 2: "/usr/lib/mailman/mail/mailman post
> cufsalumni". Command output: Group mismatch error.  Mailman expected the
> mail wrapper script to be executed as group "nobody", but the system's 
> mail
> server executed the mail script as group "mailman".  Try tweaking the mail
> server to run the script as group "nobody", or re-run configure,  
> providing
> the command line option `--with-mail-gid=mailman'.
> 
> When I upgraded to this version of Mailman (2.1.34) I specified the configure 
> options per the article (https://wiki.list.org/x/17892071) for RHEL. The 
> group for '/usr/lib/mailman/mail/mailman' is indeed 'nobody'. What is this 
> error trying to tell me. It is not clear what wrapper it is talking about 
> since the group on the indicated script is correct.


That's not what the error is saying. See the FAQ at
 for the detail.

`Mailman expected the mail wrapper script to be executed as group
"nobody"` is because you configured --with-mail-gid=nobody and that says
you expect your MTA to invoke the /usr/lib/mailman/mail/mailman wrapper
as group `nobody`, but in fact it invoked it as group mailman.

There are two things going on here. The actual group of the
/usr/lib/mailman/mail/mailman wrapper should not be `nobody`. it should
be SETGID and group `mailman`. check_perms should tell you that. All the
wrappers /usr/lib/mailman/mail/mailman and /usr/lib/mailman/cgi-bin/*
shoulkd be SETGID and group `mailman` so they actually execute as
effective group `mailman`.

The second thing is I'm guessing your MTA is Postfix and you have
Mailman/Postfix integration so your Mailman aliases are in
/var/lib/mailman/data/aliases. If this is the case, Postfix executes the
pipe for the alias with the user/group set to the user and primary group
of the owner of the .db file in which it found the alias. See the
`DELIVERY RIGHTS` section at . This
means if /var/lib/mailman/data/aliases.db is owned by `mailman`, Postfix
will invoke the wrapper as group `mailman` and you should configure
--with-mail-gid=mailman

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan



signature.asc
Description: OpenPGP digital signature
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/