Date: Thu, 21 Apr 2016 14:18:38 -0400 From: Jim Ohlstein <jim@ohlste.in> To: David Wolfskill <david@catwhisker.org> Cc: FreeBSD Ports ML <freebsd-ports@freebsd.org> Subject: Re: Mailman in a jail Message-ID: <5719197E.1010602@ohlste.in> In-Reply-To: <20160421161802.GQ1090@albert.catwhisker.org> References: <5718F000.7010405@ohlste.in> <20160421161802.GQ1090@albert.catwhisker.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, On 4/21/16 12:18 PM, David Wolfskill wrote: > On Thu, Apr 21, 2016 at 11:21:36AM -0400, Jim Ohlstein wrote: >> Hello, >> >> I'm trying to get Mailman working in a 10.3 amd64 jail. Everything >> works, except Mailman doesn't talk to Postfix. Incoming mail works and >> posts to the list's archives but no outgoing email is sent. I asked in >> the Mailman list and they seem to think it's related to running in a jail. >> >> If anyone's gotten this running in a jail I'd appreciate some input. I'm >> not married to Postfix - willing to use a different MTA. >> .... > > FWIW, mailman.freebsd.org is implemented this way: it's a jail; both > "mailman" and "postfix" show processes running under the (respective) > IDs: I see pretty similar results: > > dhw@mailman.ysv:~ % ps lU mailman > UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND > 91 46905 1 0 20 0 105044 16632 wait IsJ - 0:00.04 /usr/local/bin > 91 46906 46905 0 20 0 147696 57836 select SJ - 19:55.33 /usr/local/bin > 91 46907 46905 0 20 0 143856 54844 select SJ - 20:39.62 /usr/local/bin > 91 46908 46905 0 20 0 146928 57828 select SJ - 20:11.64 /usr/local/bin > 91 46909 46905 0 20 0 144112 55084 select SJ - 20:05.08 /usr/local/bin > 91 46910 46905 0 20 0 165972 77940 select SJ - 8:59.94 /usr/local/bin > 91 46911 46905 0 20 0 167252 78760 select SJ - 9:00.74 /usr/local/bin > 91 46912 46905 0 20 0 160340 73732 select SJ - 9:01.35 /usr/local/bin > 91 46913 46905 0 20 0 165204 78460 select SJ - 9:01.00 /usr/local/bin > 91 46914 46905 0 20 0 142564 45556 select SJ - 1:13.76 /usr/local/bin > 91 46915 46905 0 20 0 138324 42776 select SJ - 1:13.19 /usr/local/bin > 91 46916 46905 0 20 0 141396 44808 select SJ - 1:13.59 /usr/local/bin > 91 46917 46905 0 20 0 140260 44956 select SJ - 1:13.38 /usr/local/bin > 91 46918 46905 0 20 0 202736 89700 select SJ - 6:49.71 /usr/local/bin > 91 46919 46905 0 20 0 174576 80544 select SJ - 6:46.04 /usr/local/bin > 91 46920 46905 0 20 0 188400 83560 select SJ - 6:46.32 /usr/local/bin > 91 46921 46905 0 20 0 185328 93104 select SJ - 6:49.27 /usr/local/bin > 91 46922 46905 0 20 0 172784 83460 select SJ - 34:33.65 /usr/local/bin > 91 46923 46905 0 20 0 168688 79560 - RJ - 34:26.42 /usr/local/bin > 91 46924 46905 0 20 0 168432 79400 select SJ - 34:13.51 /usr/local/bin > 91 46925 46905 0 20 0 167920 77424 select SJ - 34:37.86 /usr/local/bin > 91 46926 46905 0 20 0 175700 84972 select SJ - 17:22.13 /usr/local/bin > 91 46927 46905 0 20 0 153940 66180 select SJ - 17:20.90 /usr/local/bin > 91 46928 46905 0 20 0 171860 79896 select SJ - 17:21.52 /usr/local/bin > 91 46929 46905 0 20 0 174420 86528 select SJ - 17:24.39 /usr/local/bin > 91 46930 46905 0 20 0 104788 16256 select IJ - 0:00.61 /usr/local/bin > 91 346 345 0 52 0 19596 3040 ttyin I+J 6 0:00.30 -su (tcsh) > 91 339 338 0 24 0 19596 2900 pause IJ 7 0:10.41 -su (tcsh) > 91 55304 339 0 24 0 6228 1532 nanslp I+J 7 0:00.00 sleep 300 > 91 358 357 0 36 0 19596 3040 pause IJ 8 0:04.29 -su (tcsh) > 91 55516 358 0 36 0 6228 1532 nanslp I+J 8 0:00.00 sleep 300 # ps lU mailman UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND 91 70066 1 0 52 0 108860 16712 wait IsJ - 0:00.01 /usr/local/bin/python2.7 /usr/local/mailman/bin/mailmanctl -s -q start 91 70067 70066 0 20 0 108872 16604 select SJ - 0:00.19 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=ArchRunner:0:1 -s 91 70068 70066 0 20 0 108860 16672 select SJ - 0:00.20 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=BounceRunner:0:1 -s 91 70069 70066 0 20 0 108860 16640 select SJ - 0:00.20 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=CommandRunner:0:1 -s 91 70070 70066 0 20 0 108872 16616 select SJ - 0:00.20 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s 91 70071 70066 0 20 0 108872 16728 select SJ - 0:00.21 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=NewsRunner:0:1 -s 91 70072 70066 0 20 0 109384 17272 select SJ - 0:00.32 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s 91 70073 70066 0 20 0 108860 16728 select SJ - 0:00.21 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=VirginRunner:0:1 -s 91 70074 70066 0 52 0 109116 17036 select IJ - 0:00.21 /usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner --runner=RetryRunner:0:1 -s > dhw@mailman.ysv:~ % sysctl security.jail.jailed > security.jail.jailed: 1 # sysctl security.jail.jailed security.jail.jailed: 1 > dhw@mailman.ysv:~ % id postfix > uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail) # id postfix uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail) > dhw@mailman.ysv:~ % ps lU !$ > ps lU postfix > UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND > 125 47013 47011 0 20 0 67728 6976 kqread IJ - 1:20.34 qmgr -l -t unix - > 125 50452 47011 0 20 0 67676 6768 kqread IJ - 0:00.09 proxymap -t unix > 125 50455 47011 0 21 0 67720 7080 lockf IJ - 0:00.10 local -t unix > 125 50537 47011 0 21 0 67720 7096 lockf IJ - 0:00.11 local -t unix > 125 50542 47011 0 21 0 67720 7096 lockf IJ - 0:00.11 local -t unix > 125 50553 47011 0 20 0 67676 6788 kqread IJ - 0:00.02 pickup -l -t unix > 125 55057 47011 0 20 0 72108 7412 lockf IJ - 0:00.18 smtpd -n smtp -t > 125 55068 47011 0 20 0 72108 7420 kqread IJ - 0:00.18 smtpd -n smtp -t > 125 55072 47011 0 21 0 67720 7072 lockf IJ - 0:00.06 local -t unix > 125 55074 47011 0 20 0 67720 7092 kqread IJ - 0:00.05 local -t unix > 125 55076 47011 0 21 0 67720 7076 lockf IJ - 0:00.06 local -t unix > 125 55093 47011 0 20 0 67688 6800 kqread SJ - 0:00.03 trivial-rewrite - > 125 55414 47011 0 20 0 67780 6872 lockf IJ - 0:00.08 cleanup -z -t uni > 125 55571 47011 0 20 0 67780 6864 kqread IJ - 0:00.02 cleanup -z -t uni > 125 95045 47011 0 20 0 67676 6784 kqread IJ - 0:00.16 anvil -l -t unix > dhw@mailman.ysv:~ % # ps lU !$ ps lU postfix UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND 125 70052 70051 0 20 0 73928 7980 kqread IJ - 0:00.01 pickup -l -t unix -u 125 70053 70051 0 20 0 73980 8040 kqread IJ - 0:00.01 qmgr -l -t unix -u > > And here's what the listened-to IPv4 sockets look like: > > dhw@mailman.ysv:~ % sockstat -4l > USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS > postfix smtpd 55068 6 tcp4 127.0.1.3:25 *:* > postfix smtpd 55057 6 tcp4 127.0.1.3:25 *:* > root perl 24123 6 tcp4 127.0.1.3:783 *:* > root perl 24074 6 tcp4 127.0.1.3:783 *:* > root perl 22814 6 tcp4 127.0.1.3:783 *:* > root perl 19688 6 tcp4 127.0.1.3:783 *:* > root perl 20388 6 tcp4 127.0.1.3:783 *:* > root perl 20381 6 tcp4 127.0.1.3:783 *:* > root perl 22873 6 tcp4 127.0.1.3:783 *:* > root perl 25305 6 tcp4 127.0.1.3:783 *:* > root perl 20133 6 tcp4 127.0.1.3:783 *:* > root perl 18540 6 tcp4 127.0.1.3:783 *:* > root perl 23018 6 tcp4 127.0.1.3:783 *:* > root master 47011 13 tcp4 127.0.1.3:25 *:* > root perl 46884 6 tcp4 127.0.1.3:783 *:* > root sshd 65742 4 tcp4 127.0.1.3:22 *:* > root rsync 26396 5 tcp4 127.0.1.3:873 *:* > root syslogd 26331 7 udp4 127.0.1.3:514 *:* > unbound unbound 26319 5 udp4 127.0.1.3:53 *:* > unbound unbound 26319 6 tcp4 127.0.1.3:53 *:* > dhw@mailman.ysv:~ % > > (I think the "perl" processes are spamcop.) # sockstat -4l USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS www nginx 70063 6 tcp4 10.0.250.37:80 *:* www nginx 70063 7 tcp4 10.0.250.37:8000 *:* www nginx 70062 6 tcp4 10.0.250.37:80 *:* www nginx 70062 7 tcp4 10.0.250.37:8000 *:* www nginx 70061 6 tcp4 10.0.250.37:80 *:* www nginx 70061 7 tcp4 10.0.250.37:8000 *:* www nginx 70059 6 tcp4 10.0.250.37:80 *:* www nginx 70059 7 tcp4 10.0.250.37:8000 *:* root nginx 70058 6 tcp4 10.0.250.37:80 *:* root nginx 70058 7 tcp4 10.0.250.37:8000 *:* root master 70051 13 tcp4 10.0.250.37:25 *:* > > As far as that 127.0.1.3 is concerned, I suspect some form of moderately > dusky (if not "dark") magic is involved, but: > > dhw@mailman.ysv:~ % ifconfig > igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO> > ether d8:d3:85:5c:66:62 > inet6 2001:1900:2254:206a::50:5 prefixlen 128 > nd6 options=8021<PERFORMNUD,AUTO_LINKLOCAL,DEFAULTIF> > media: Ethernet autoselect (1000baseT <full-duplex>) > status: active > igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500 > options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO> > ether d8:d3:85:5c:66:63 > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > media: Ethernet autoselect > status: no carrier > pflog0: flags=0<> metric 0 mtu 33160 > groups: pflog > pfsync0: flags=0<> metric 0 mtu 1500 > groups: pfsync > syncpeer: 0.0.0.0 maxupd: 128 defer: off > lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL> > groups: lo > lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 > options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > inet 127.0.1.3 netmask 0xffffffff > nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL> > groups: lo > dhw@mailman.ysv:~ % Here I am not using a separate loopback: # ifconfig em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:25:90:64:9c:ae media: Ethernet autoselect (1000baseT <full-duplex>) status: active em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500 options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO> ether 00:25:90:64:9c:af inet 10.0.250.37 netmask 0xffffffff broadcast 10.0.250.37 media: Ethernet autoselect (1000baseT <full-duplex>) status: active pflog0: flags=0<> metric 0 mtu 33160 lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384 options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6> > > Sorry; I wasn't involved in actually implementing it, but I can > poke around. Peter (wemm) is the one who I believe did the > implementation, but his time tends to be a scarce resource. > Thanks for your help. -- Jim Ohlstein "Never argue with a fool, onlookers may not be able to tell the difference." - Mark Twain
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?5719197E.1010602>