Updating mailman on Centos 5 due to DMARC
Recently, some major service providers (notably Yahoo, Comcast and AOL) decided to bounce email that did not conform to the DMARC standard. As a side effect, this broke many long-standing configurations for mailing lists. Full details on this can be read elsewhere:
- http://www.spamresource.com/2014/04/up-in-arms-about-yahoos-dmarc-policy.html
- http://wiki.list.org/display/DEV/DMARC
If you’re like me, you have a CentOS 5 machine running mailman. Newer versions of mailman do have patches for this issue, but they seem to be unported to the CentOS 5 line. Version 2.1.9 of mailman is what is available in yum. I do not have the luxury to completely upgrade this box at this time.
So the solution seems to be upgrading mailman by hand. As there don’t seem to be any FAQs on this out there, here is how I did it:
Step 1 – Backup Mailman Content
Stop email and backup your mailman content. Thankfully mailman saves all the “important” stuff is saved in a directory structure that is portable and easily backed up:
service postfix stop service mailman stop cd /var/lib/mailman/ tar cvf ~/mailman-archive.tar lists archives data tar cvf ~/mailman-config.tar /etc/mailman /etc/aliases
If you have made a custom apache configuration for your mailman by editing the mailman.conf dropped into apache’s cond.d directory, you will want to back that up too.
Step 2 – Remove existing mailman
Here’s where I say “have a backup” and you nod your head without listening. Yum will remove the outdated version of mailman and its configs. But it will leave all the list data in place.
yum remove mailman
In my case, nothing depended on mailman. So it only removed mailman.
If this is not true for you and it want’s to removed other things, I would use rpm with “–nodeps” as the removal command.
Be very careful with nodeps. It is an antipattern. Make sure you know what you are doing.
Step 3 – Download and install mailman
Newer versions of mailman have a dependency on dnspython, and that is not available as a yum package. So you will need to download and compile it:
yum install unzip wget wget --no-check-certificate https://pypi.python.org/packages/source/d/dnspython/dnspython-1.11.1.zip unzip dnspython-1.11.1.zip cd dnspython-1.11.1 python setup.py install
Download mailman; compile and install it with CentOs-like settings:
wget http://ftp.gnu.org/gnu/mailman/mailman-2.1.18.tgz tar xzf mailman-2.1.18.tgz cd mailman-2.1.18 ./configure --prefix=/var/lib/mailman/ --with-cgi-gid=apache --with-mail-gid=nobody make make install
This installs ALL of mailman into /var/lib/mailman.
Previously, CentOs put the binaries in /usr/lib and a few other places and /var/lib/mailman was only the content of the lists. I am putting it everything in /var/lib/mailman so it will be easier to remove if they ever upgrade the yum version of mailman and I want to use that.
So, symlink the old path so everything still works out fine:
cd /usr/lib ln -s /var/lib/mailman
Step 4 – Permissions, Init.d, and Cron
Check file permissions using mailman’s provided utility:
/usr/lib/mailman/bin/check_perms
If there are file errors, you can use the same util to fix them:
/usr/lib/mailman/bin/check_perms -f
Install and configure the init.d script:
cp -v /var/lib/mailman/scripts/mailman /etc/init.d/ chkconfig mailman on
Install and configure the cron jobs:
cp -v /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman
Step 5 – Configure Apache
Edit /etc/httpd/conf.d/mailman.conf to look something like this:
ScriptAlias /mailman/ /var/lib/mailman/cgi-bin/ <Directory /var/lib/mailman/cgi-bin/> AllowOverride None Options ExecCGI Order allow,deny Allow from all </Directory> Alias /pipermail/ /var/lib/mailman/archives/public/ <Directory /var/lib/mailman/archives/public> Options Indexes MultiViews FollowSymLinks AllowOverride None Order allow,deny Allow from all </Directory> # Uncomment the following line, replacing www.example.com with your server's # name, to redirect queries to /mailman to the listinfo page (recommended). # RedirectMatch ^/mailman[/]*$ http://www.example.com/mailman/listinfo
Step 7 – Log in and configure your lists for DMARC
Restart apache to pick up the new config:
service apache restart
At this point you should be able to access your lists, see archives, etc from the web interface.
As with some mailman upgrades, your admin password may have been reset. You can set it by using the command line:
/var/lib/mailman/bin/mmsitepass NEWPASSWORD
You will need to log into each list’s admin page, and for the option of “from_is_list” select “Munge From.” This will change how the mailing list handles the “From” of each email. Rather than making it appear like the person sent the email as the list, it will say something like “Person Name as List Name” or such. Which is accepted as legal as it does not mangle the DMARC checksum.
Step 6 – Restart mail
Restart mailman and your MTA:
service mailman start service postfix start
At this point, your mailing list should be functional. Send a test message and watch maillog to see if it is delivered to any Yahoo receipients.
I hope this helps.
thanks for going through the steps on this. one issue i’ve found is that the crontab has to be changed to include the mailman username, like:
0 8 * * * mailman /usr/bin/python -S /usr/local/mailman/cron/checkdbs
and if you’re running sendmail, the –with-mail-gid should be mail, not nobody.
Thanks for the heads-up!
I’ve got a fairly complex virtualized mail setup, so in some cases I am not running on the default users anymore. Great info.
Thank you very much, everything works like a charm.
Hi, Phil:
Thanks for your informative post. I’m just curious if you first upgraded Python before upgrading Mailman. My server is running Python 2.4.3, which is within the 2.4 minimum supported for Mailman 2.1.18, but Python 2.7 is recommended at http://wiki.list.org/DOC/Installation%20requirements.
Thanks! This is precisely what I needed, and it worked pretty well for me. I just want to mention three additional issues that came up for me.
First, I needed to
yum install python-devel.i386
I suppose that more savvy python people will have already installed this.
Second, I had to recreate another alias:
# pwd
/etc/smrsh
# ln -s /usr/lib/mailman/mail/mailman mailman
I think this is a sendmail thing.
Third, for me some stuff got put under /usr/lib/mailman, so I had to clean it up:
# pwd
/usr/lib
# ls -ld mailman
drwxrwsr-x 4 root mailman 4096 Mar 7 10:46 mailman
# ln -s /var/lib/mailman
ln: creating symbolic link `./mailman’ to `/var/lib/mailman’: File exists
# ls mailman
Mailman mailman-2.1.19 mailman-2.1.19.tgz
# mv mailman mailman-deleteme
# ln -s /var/lib/mailman
# ls -ld mailman
lrwxrwxrwx 1 root root 16 Mar 7 10:53 mailman -> /var/lib/mailman
I have a couple of issues – first, all my lists were in /usr/lib/mailman – when I got to the line
cd /usr/lib
ln -s /var/lib/mailman
an error that mailman already existed occurred.
I also used 2.1.19 instead of the older 2.1.18
I also use sendmail, so….
./configure –prefix=/usr/lib/mailman/ –with-cgi-gid=apache –with-mail-gid=mail
# cd /var/lib
# ln -s /usr/lib/mailman .
I also edited all the cron lines becore copying the cron to include mailman prior to cp -v /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman
With my ln and the other changes above, Mailman is working perfectly. Thanks for a great writeup!
I also needed to add the following command on my Centos 6 server:
cd /etc/smrsh
ln -s /usr/lib/mailman/mail/mailman .
THEN restart sendmail service
service sendmail restart