Mailman in a jail
Jim Ohlstein
jim at ohlste.in
Thu Apr 21 18:18:42 UTC 2016
Hello,
On 4/21/16 12:18 PM, David Wolfskill wrote:
> On Thu, Apr 21, 2016 at 11:21:36AM -0400, Jim Ohlstein wrote:
>> Hello,
>>
>> I'm trying to get Mailman working in a 10.3 amd64 jail. Everything
>> works, except Mailman doesn't talk to Postfix. Incoming mail works and
>> posts to the list's archives but no outgoing email is sent. I asked in
>> the Mailman list and they seem to think it's related to running in a jail.
>>
>> If anyone's gotten this running in a jail I'd appreciate some input. I'm
>> not married to Postfix - willing to use a different MTA.
>> ....
>
> FWIW, mailman.freebsd.org is implemented this way: it's a jail; both
> "mailman" and "postfix" show processes running under the (respective)
> IDs:
I see pretty similar results:
>
> dhw at mailman.ysv:~ % ps lU mailman
> UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND
> 91 46905 1 0 20 0 105044 16632 wait IsJ - 0:00.04 /usr/local/bin
> 91 46906 46905 0 20 0 147696 57836 select SJ - 19:55.33 /usr/local/bin
> 91 46907 46905 0 20 0 143856 54844 select SJ - 20:39.62 /usr/local/bin
> 91 46908 46905 0 20 0 146928 57828 select SJ - 20:11.64 /usr/local/bin
> 91 46909 46905 0 20 0 144112 55084 select SJ - 20:05.08 /usr/local/bin
> 91 46910 46905 0 20 0 165972 77940 select SJ - 8:59.94 /usr/local/bin
> 91 46911 46905 0 20 0 167252 78760 select SJ - 9:00.74 /usr/local/bin
> 91 46912 46905 0 20 0 160340 73732 select SJ - 9:01.35 /usr/local/bin
> 91 46913 46905 0 20 0 165204 78460 select SJ - 9:01.00 /usr/local/bin
> 91 46914 46905 0 20 0 142564 45556 select SJ - 1:13.76 /usr/local/bin
> 91 46915 46905 0 20 0 138324 42776 select SJ - 1:13.19 /usr/local/bin
> 91 46916 46905 0 20 0 141396 44808 select SJ - 1:13.59 /usr/local/bin
> 91 46917 46905 0 20 0 140260 44956 select SJ - 1:13.38 /usr/local/bin
> 91 46918 46905 0 20 0 202736 89700 select SJ - 6:49.71 /usr/local/bin
> 91 46919 46905 0 20 0 174576 80544 select SJ - 6:46.04 /usr/local/bin
> 91 46920 46905 0 20 0 188400 83560 select SJ - 6:46.32 /usr/local/bin
> 91 46921 46905 0 20 0 185328 93104 select SJ - 6:49.27 /usr/local/bin
> 91 46922 46905 0 20 0 172784 83460 select SJ - 34:33.65 /usr/local/bin
> 91 46923 46905 0 20 0 168688 79560 - RJ - 34:26.42 /usr/local/bin
> 91 46924 46905 0 20 0 168432 79400 select SJ - 34:13.51 /usr/local/bin
> 91 46925 46905 0 20 0 167920 77424 select SJ - 34:37.86 /usr/local/bin
> 91 46926 46905 0 20 0 175700 84972 select SJ - 17:22.13 /usr/local/bin
> 91 46927 46905 0 20 0 153940 66180 select SJ - 17:20.90 /usr/local/bin
> 91 46928 46905 0 20 0 171860 79896 select SJ - 17:21.52 /usr/local/bin
> 91 46929 46905 0 20 0 174420 86528 select SJ - 17:24.39 /usr/local/bin
> 91 46930 46905 0 20 0 104788 16256 select IJ - 0:00.61 /usr/local/bin
> 91 346 345 0 52 0 19596 3040 ttyin I+J 6 0:00.30 -su (tcsh)
> 91 339 338 0 24 0 19596 2900 pause IJ 7 0:10.41 -su (tcsh)
> 91 55304 339 0 24 0 6228 1532 nanslp I+J 7 0:00.00 sleep 300
> 91 358 357 0 36 0 19596 3040 pause IJ 8 0:04.29 -su (tcsh)
> 91 55516 358 0 36 0 6228 1532 nanslp I+J 8 0:00.00 sleep 300
# ps lU mailman
UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND
91 70066 1 0 52 0 108860 16712 wait IsJ - 0:00.01
/usr/local/bin/python2.7 /usr/local/mailman/bin/mailmanctl -s -q start
91 70067 70066 0 20 0 108872 16604 select SJ - 0:00.19
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=ArchRunner:0:1 -s
91 70068 70066 0 20 0 108860 16672 select SJ - 0:00.20
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=BounceRunner:0:1 -s
91 70069 70066 0 20 0 108860 16640 select SJ - 0:00.20
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=CommandRunner:0:1 -s
91 70070 70066 0 20 0 108872 16616 select SJ - 0:00.20
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=IncomingRunner:0:1 -s
91 70071 70066 0 20 0 108872 16728 select SJ - 0:00.21
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=NewsRunner:0:1 -s
91 70072 70066 0 20 0 109384 17272 select SJ - 0:00.32
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=OutgoingRunner:0:1 -s
91 70073 70066 0 20 0 108860 16728 select SJ - 0:00.21
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=VirginRunner:0:1 -s
91 70074 70066 0 52 0 109116 17036 select IJ - 0:00.21
/usr/local/bin/python2.7 /usr/local/mailman/bin/qrunner
--runner=RetryRunner:0:1 -s
> dhw at mailman.ysv:~ % sysctl security.jail.jailed
> security.jail.jailed: 1
# sysctl security.jail.jailed
security.jail.jailed: 1
> dhw at mailman.ysv:~ % id postfix
> uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
# id postfix
uid=125(postfix) gid=125(postfix) groups=125(postfix),6(mail)
> dhw at mailman.ysv:~ % ps lU !$
> ps lU postfix
> UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND
> 125 47013 47011 0 20 0 67728 6976 kqread IJ - 1:20.34 qmgr -l -t unix -
> 125 50452 47011 0 20 0 67676 6768 kqread IJ - 0:00.09 proxymap -t unix
> 125 50455 47011 0 21 0 67720 7080 lockf IJ - 0:00.10 local -t unix
> 125 50537 47011 0 21 0 67720 7096 lockf IJ - 0:00.11 local -t unix
> 125 50542 47011 0 21 0 67720 7096 lockf IJ - 0:00.11 local -t unix
> 125 50553 47011 0 20 0 67676 6788 kqread IJ - 0:00.02 pickup -l -t unix
> 125 55057 47011 0 20 0 72108 7412 lockf IJ - 0:00.18 smtpd -n smtp -t
> 125 55068 47011 0 20 0 72108 7420 kqread IJ - 0:00.18 smtpd -n smtp -t
> 125 55072 47011 0 21 0 67720 7072 lockf IJ - 0:00.06 local -t unix
> 125 55074 47011 0 20 0 67720 7092 kqread IJ - 0:00.05 local -t unix
> 125 55076 47011 0 21 0 67720 7076 lockf IJ - 0:00.06 local -t unix
> 125 55093 47011 0 20 0 67688 6800 kqread SJ - 0:00.03 trivial-rewrite -
> 125 55414 47011 0 20 0 67780 6872 lockf IJ - 0:00.08 cleanup -z -t uni
> 125 55571 47011 0 20 0 67780 6864 kqread IJ - 0:00.02 cleanup -z -t uni
> 125 95045 47011 0 20 0 67676 6784 kqread IJ - 0:00.16 anvil -l -t unix
> dhw at mailman.ysv:~ %
# ps lU !$
ps lU postfix
UID PID PPID CPU PRI NI VSZ RSS MWCHAN STAT TT TIME COMMAND
125 70052 70051 0 20 0 73928 7980 kqread IJ - 0:00.01 pickup -l
-t unix -u
125 70053 70051 0 20 0 73980 8040 kqread IJ - 0:00.01 qmgr -l -t
unix -u
>
> And here's what the listened-to IPv4 sockets look like:
>
> dhw at mailman.ysv:~ % sockstat -4l
> USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN ADDRESS
> postfix smtpd 55068 6 tcp4 127.0.1.3:25 *:*
> postfix smtpd 55057 6 tcp4 127.0.1.3:25 *:*
> root perl 24123 6 tcp4 127.0.1.3:783 *:*
> root perl 24074 6 tcp4 127.0.1.3:783 *:*
> root perl 22814 6 tcp4 127.0.1.3:783 *:*
> root perl 19688 6 tcp4 127.0.1.3:783 *:*
> root perl 20388 6 tcp4 127.0.1.3:783 *:*
> root perl 20381 6 tcp4 127.0.1.3:783 *:*
> root perl 22873 6 tcp4 127.0.1.3:783 *:*
> root perl 25305 6 tcp4 127.0.1.3:783 *:*
> root perl 20133 6 tcp4 127.0.1.3:783 *:*
> root perl 18540 6 tcp4 127.0.1.3:783 *:*
> root perl 23018 6 tcp4 127.0.1.3:783 *:*
> root master 47011 13 tcp4 127.0.1.3:25 *:*
> root perl 46884 6 tcp4 127.0.1.3:783 *:*
> root sshd 65742 4 tcp4 127.0.1.3:22 *:*
> root rsync 26396 5 tcp4 127.0.1.3:873 *:*
> root syslogd 26331 7 udp4 127.0.1.3:514 *:*
> unbound unbound 26319 5 udp4 127.0.1.3:53 *:*
> unbound unbound 26319 6 tcp4 127.0.1.3:53 *:*
> dhw at mailman.ysv:~ %
>
> (I think the "perl" processes are spamcop.)
# sockstat -4l
USER COMMAND PID FD PROTO LOCAL ADDRESS FOREIGN
ADDRESS
www nginx 70063 6 tcp4 10.0.250.37:80 *:*
www nginx 70063 7 tcp4 10.0.250.37:8000 *:*
www nginx 70062 6 tcp4 10.0.250.37:80 *:*
www nginx 70062 7 tcp4 10.0.250.37:8000 *:*
www nginx 70061 6 tcp4 10.0.250.37:80 *:*
www nginx 70061 7 tcp4 10.0.250.37:8000 *:*
www nginx 70059 6 tcp4 10.0.250.37:80 *:*
www nginx 70059 7 tcp4 10.0.250.37:8000 *:*
root nginx 70058 6 tcp4 10.0.250.37:80 *:*
root nginx 70058 7 tcp4 10.0.250.37:8000 *:*
root master 70051 13 tcp4 10.0.250.37:25 *:*
>
> As far as that 127.0.1.3 is concerned, I suspect some form of moderately
> dusky (if not "dark") magic is involved, but:
>
> dhw at mailman.ysv:~ % ifconfig
> igb0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
> ether d8:d3:85:5c:66:62
> inet6 2001:1900:2254:206a::50:5 prefixlen 128
> nd6 options=8021<PERFORMNUD,AUTO_LINKLOCAL,DEFAULTIF>
> media: Ethernet autoselect (1000baseT <full-duplex>)
> status: active
> igb1: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
> options=403bb<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,JUMBO_MTU,VLAN_HWCSUM,TSO4,TSO6,VLAN_HWTSO>
> ether d8:d3:85:5c:66:63
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> media: Ethernet autoselect
> status: no carrier
> pflog0: flags=0<> metric 0 mtu 33160
> groups: pflog
> pfsync0: flags=0<> metric 0 mtu 1500
> groups: pfsync
> syncpeer: 0.0.0.0 maxupd: 128 defer: off
> lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> nd6 options=21<PERFORMNUD,AUTO_LINKLOCAL>
> groups: lo
> lo1: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
> options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
> inet 127.0.1.3 netmask 0xffffffff
> nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
> groups: lo
> dhw at mailman.ysv:~ %
Here I am not using a separate loopback:
# ifconfig
em0: flags=8c02<BROADCAST,OACTIVE,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:25:90:64:9c:ae
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
em1: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
options=4219b<RXCSUM,TXCSUM,VLAN_MTU,VLAN_HWTAGGING,VLAN_HWCSUM,TSO4,WOL_MAGIC,VLAN_HWTSO>
ether 00:25:90:64:9c:af
inet 10.0.250.37 netmask 0xffffffff broadcast 10.0.250.37
media: Ethernet autoselect (1000baseT <full-duplex>)
status: active
pflog0: flags=0<> metric 0 mtu 33160
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
options=600003<RXCSUM,TXCSUM,RXCSUM_IPV6,TXCSUM_IPV6>
>
> Sorry; I wasn't involved in actually implementing it, but I can
> poke around. Peter (wemm) is the one who I believe did the
> implementation, but his time tends to be a scarce resource.
>
Thanks for your help.
--
Jim Ohlstein
"Never argue with a fool, onlookers may not be able to tell the
difference." - Mark Twain
More information about the freebsd-ports
mailing list