From owner-freebsd-ports@freebsd.org Thu Apr 21 16:00:41 2016 Return-Path: Delivered-To: freebsd-ports@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id A6C6BB14BE0 for ; Thu, 21 Apr 2016 16:00:41 +0000 (UTC) (envelope-from jim@ohlste.in) Received: from mail-qk0-x232.google.com (mail-qk0-x232.google.com [IPv6:2607:f8b0:400d:c09::232]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (Client CN "smtp.gmail.com", Issuer "Google Internet Authority G2" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 61DE011C1 for ; Thu, 21 Apr 2016 16:00:41 +0000 (UTC) (envelope-from jim@ohlste.in) Received: by mail-qk0-x232.google.com with SMTP id r184so27647064qkc.1 for ; Thu, 21 Apr 2016 09:00:41 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ohlste-in.20150623.gappssmtp.com; s=20150623; h=mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YhBl+jQNqm32T5qoeDmuGMHyOfMUGf2eAARBEGQC1yw=; b=niwfwTp6vdMWO3KPkkUyGXJMlbm/FHINAIhVOC3+BwArYlE+Jfw5B8aiMQ2njSRoTP Gmx3nmAirK07wS5b7lmqZ8GiMk46q2+hBHeflr4trKJKi5MK0Nh/tBQll8i+9fmv7K/R RXnDGvlR2nyLc9SJLfN3N2556+QJzLz34Nyg6PKATn9w0wCdTXT9ohY3DgRmkY/Eai+Y zkC/usVMNsbVWNDghyPOAvcgfI1NDZgeBTCW4axRJ3SEiXJwzxmCg11DWkBlLbpNi6dA 28l9x3OdxWn0DndSU2b790K9C25h6185edUKrsSQf190tJKy87+t9x2kfiCNbTzy/njG gXpA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=YhBl+jQNqm32T5qoeDmuGMHyOfMUGf2eAARBEGQC1yw=; b=jJGNu8gL7UxmPyG5KDoIfVTI75Z4+y2dHVBB/LL4KcqE/Zv/fmlAk/CmMUyOTF4+yN K1d+I7djDfM3i3OVvkNvCFsnCM16B0ym4jANI4Lk7oVuDWGfknovXmw6AVjh2G/X0HMw 5U62VMZdiO9R2C2ttfngrRELbyDTPwR4LvRfc+q3YT+rBd9ImcNM+YUC2+MnYRTERJaw FIFLUuxLPFCxW9bsX6S3rJG12VZcXBHVktFSPuviA/a+o46PGfLMvM9KOl8sgdTp0h4z HD4f9CLVH/X/QSAbMZdtMbd1Eh7PTZTN8ihzotl40s4MlAEUjA6bkWNdCiJxa0Crzv9T 7GeQ== X-Gm-Message-State: AOPr4FUqhPtqkM0WfiHTvg8QH23pBWcWpjlrBFSDLowuGQ8exRpw+XRV0le/ahXLriQhDg== X-Received: by 10.55.116.69 with SMTP id p66mr638898qkc.129.1461254440447; Thu, 21 Apr 2016 09:00:40 -0700 (PDT) Received: from [192.168.1.13] (pool-96-249-243-37.nrflva.fios.verizon.net. [96.249.243.37]) by smtp.gmail.com with ESMTPSA id t81sm687770qhc.11.2016.04.21.09.00.38 (version=TLSv1/SSLv3 cipher=OTHER); Thu, 21 Apr 2016 09:00:39 -0700 (PDT) Content-Type: text/plain; charset=us-ascii Mime-Version: 1.0 (1.0) Subject: Re: Mailman in a jail From: Jim Ohlstein X-Mailer: iPhone Mail (13E238) In-Reply-To: <2b0e0db1-baf4-b455-249b-382f3d205a75@freebsd.org> Date: Thu, 21 Apr 2016 12:00:37 -0400 Cc: freebsd-ports@freebsd.org Content-Transfer-Encoding: quoted-printable Message-Id: <722212E0-6915-47DE-B1F4-3A08CA111970@ohlste.in> References: <5718F000.7010405@ohlste.in> <2b0e0db1-baf4-b455-249b-382f3d205a75@freebsd.org> To: Matthew Seaman X-BeenThere: freebsd-ports@freebsd.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: Porting software to FreeBSD List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 21 Apr 2016 16:00:41 -0000 Hello, > On Apr 21, 2016, at 11:39 AM, Matthew Seaman wrote: >=20 >> On 04/21/16 16:21, Jim Ohlstein wrote: >> I'm trying to get Mailman working in a 10.3 amd64 jail. Everything >> works, except Mailman doesn't talk to Postfix. Incoming mail works and >> posts to the list's archives but no outgoing email is sent. I asked in >> the Mailman list and they seem to think it's related to running in a jail= . >>=20 >> If anyone's gotten this running in a jail I'd appreciate some input. I'm >> not married to Postfix - willing to use a different MTA. >=20 > Does mailman try and communicate with postfix over a network socket > bound to the loopback address? Not sure. I've never used it before but I've been tasked with converting a f= lat list of 5000+ email addresses into a mailing list. What I know is the co= nnection fails and it's not even logged in /var/log/maillog. I've confirmed t= hat Postfix can send from the command line (using the "mail" command) and re= ceive, and it logs correctly. I assume the attempt isn't reaching Postfix or= it'd be logged.=20 >=20 > That's a common gotcha in jails. There isn't an accessible loopback > address in a jail[*], but the kernel intercepts connection attempts and > redirects things via the jail's primary address. So an application that > tries to bind to 127.0.0.1 ends up binding to 192.0.2.1 or whatever the > jail address is. Most of the time you'll get away with this. However > some more security aware applications (like postfix) realise something > dodgy is going on and refuse to play. >=20 > The answer is basically to configure mailman to talk to postfix by the > jail's IP explicitly. Tried that. No joy. The setup is a bit more complex, however. It's a front e= nd server which mainly serves as an SSL termination point, cache, and revers= e proxy to multiple backend servers which are not web accessible. I'm using P= F to forward SMTP connections directly to the jail IP which is on em0 on thi= s particular backend server. I may bite the bullet and try it out outside a j= ail, but would rather not.=20 >=20 > [*] Unless you're using VIMAGE jails, but that's a topic for another day..= . >=20 Indeed. Not sure I'm willing to invest time getting that working at the comp= ensation I'm getting which is exactly zero. It's for a non-profit at which I= volunteer my time and know how.=20 Thanks, Jim=