Mailman in a jail

Jim Ohlstein jim at ohlste.in
Thu Apr 21 16:00:41 UTC 2016 

Hello,

> On Apr 21, 2016, at 11:39 AM, Matthew Seaman <matthew at FreeBSD.org> wrote:
> 
>> On 04/21/16 16:21, Jim Ohlstein wrote:
>> I'm trying to get Mailman working in a 10.3 amd64 jail. Everything
>> works, except Mailman doesn't talk to Postfix. Incoming mail works and
>> posts to the list's archives but no outgoing email is sent. I asked in
>> the Mailman list and they seem to think it's related to running in a jail.
>> 
>> If anyone's gotten this running in a jail I'd appreciate some input. I'm
>> not married to Postfix - willing to use a different MTA.
> 
> Does mailman try and communicate with postfix over a network socket
> bound to the loopback address?

Not sure. I've never used it before but I've been tasked with converting a flat list of 5000+ email addresses into a mailing list. What I know is the connection fails and it's not even logged in /var/log/maillog. I've confirmed that Postfix can send from the command line (using the "mail" command) and receive, and it logs correctly. I assume the attempt isn't reaching Postfix or it'd be logged. 

> 
> That's a common gotcha in jails.  There isn't an accessible loopback
> address in a jail[*], but the kernel intercepts connection attempts and
> redirects things via the jail's primary address.  So an application that
> tries to bind to 127.0.0.1 ends up binding to 192.0.2.1 or whatever the
> jail address is.  Most of the time you'll get away with this.  However
> some more security aware applications (like postfix) realise something
> dodgy is going on and refuse to play.
> 
> The answer is basically to configure mailman to talk to postfix by the
> jail's IP explicitly.

Tried that. No joy. The setup is a bit more complex, however. It's a front end server which mainly serves as an SSL termination point, cache, and reverse proxy to multiple backend servers which are not web accessible. I'm using PF to forward SMTP connections directly to the jail IP which is on em0 on this particular backend server. I may bite the bullet and try it out outside a jail, but would rather not. 

> 
> [*] Unless you're using VIMAGE jails, but that's a topic for another day...
> 

Indeed. Not sure I'm willing to invest time getting that working at the compensation I'm getting which is exactly zero. It's for a non-profit at which I volunteer my time and know how. 

Thanks,

Jim

More information about the freebsd-ports mailing list