Date: Thu, 21 Apr 2016 12:00:37 -0400 From: Jim Ohlstein <jim@ohlste.in> To: Matthew Seaman <matthew@FreeBSD.org> Cc: freebsd-ports@freebsd.org Subject: Re: Mailman in a jail Message-ID: <722212E0-6915-47DE-B1F4-3A08CA111970@ohlste.in> In-Reply-To: <2b0e0db1-baf4-b455-249b-382f3d205a75@freebsd.org> References: <5718F000.7010405@ohlste.in> <2b0e0db1-baf4-b455-249b-382f3d205a75@freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Hello, > On Apr 21, 2016, at 11:39 AM, Matthew Seaman <matthew@FreeBSD.org> wrote: >=20 >> On 04/21/16 16:21, Jim Ohlstein wrote: >> I'm trying to get Mailman working in a 10.3 amd64 jail. Everything >> works, except Mailman doesn't talk to Postfix. Incoming mail works and >> posts to the list's archives but no outgoing email is sent. I asked in >> the Mailman list and they seem to think it's related to running in a jail= . >>=20 >> If anyone's gotten this running in a jail I'd appreciate some input. I'm >> not married to Postfix - willing to use a different MTA. >=20 > Does mailman try and communicate with postfix over a network socket > bound to the loopback address? Not sure. I've never used it before but I've been tasked with converting a f= lat list of 5000+ email addresses into a mailing list. What I know is the co= nnection fails and it's not even logged in /var/log/maillog. I've confirmed t= hat Postfix can send from the command line (using the "mail" command) and re= ceive, and it logs correctly. I assume the attempt isn't reaching Postfix or= it'd be logged.=20 >=20 > That's a common gotcha in jails. There isn't an accessible loopback > address in a jail[*], but the kernel intercepts connection attempts and > redirects things via the jail's primary address. So an application that > tries to bind to 127.0.0.1 ends up binding to 192.0.2.1 or whatever the > jail address is. Most of the time you'll get away with this. However > some more security aware applications (like postfix) realise something > dodgy is going on and refuse to play. >=20 > The answer is basically to configure mailman to talk to postfix by the > jail's IP explicitly. Tried that. No joy. The setup is a bit more complex, however. It's a front e= nd server which mainly serves as an SSL termination point, cache, and revers= e proxy to multiple backend servers which are not web accessible. I'm using P= F to forward SMTP connections directly to the jail IP which is on em0 on thi= s particular backend server. I may bite the bullet and try it out outside a j= ail, but would rather not.=20 >=20 > [*] Unless you're using VIMAGE jails, but that's a topic for another day..= . >=20 Indeed. Not sure I'm willing to invest time getting that working at the comp= ensation I'm getting which is exactly zero. It's for a non-profit at which I= volunteer my time and know how.=20 Thanks, Jim=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?722212E0-6915-47DE-B1F4-3A08CA111970>