Getting mailman working with easy spam fighter

twv

Verified User
Joined
Oct 31, 2003
Messages
217
I recently turned on easy spam fighter and now mailman isn't working (authentication required errors).

Example error:
Code:
2016-07-28 09:52:30 1bSlji-0001hW-4C <= [email protected] H=mailserver.example.com [xx.xx.xx.xx] P=esmtps X=TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256 CV=no S=1432 [email protected] T="Test" from <[email protected]> for [email protected]
2016-07-28 09:52:30 1bSlji-0001hW-4C => listname <[email protected]> F=<[email protected]> R=mailman_router T=mailman_transport S=1485
2016-07-28 09:52:30 1bSlji-0001hW-4C Completed
2016-07-28 09:52:32 H=(mailserver.server.com) [127.0.0.1] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
2016-07-28 09:52:32 H=(mailserver.server.com) [127.0.0.1] F=<[email protected]> rejected RCPT <[email protected]>: authentication required
...
(etc. for all non-local recipients)

Relevant custombuild options
Code:
/usr/local/directadmin/custombuild/build options
...
Exim: 4.87
exim.conf update: yes, release 4.4
BlockCracking: no
Easy Spam Fighter: yes
....

(I'm sure there's a better way [sustainable] to edit exim.conf now that custombuild is managing it, but for now I'm editing /etc/exim.conf directly and restarting exim. What is the better way, BTW?)

Changes I've made to /etc/exim.conf:

After line 153 (BLACKLIST_USERNAMES = /etc/virtual/blacklist_usernames)
Code:
  # Home dir for your Mailman installation -- aka Mailman's prefix directory.                                                       
  MAILMAN_HOME=/usr/local/mailman                                                                                                   
  MAILMAN_WRAP=MAILMAN_HOME/mail/mailman                                                                                            
  # User and group for Mailman, should match your --with-mail-gid switch to Mailman's configure script.                             
  MAILMAN_USER=mailman                                                                                                              
  MAILMAN_GROUP=mailman

After line 301 (acl_check_recipient):
Code:
  # Place this part after "begin acl" and the "check_recipient:" line in your exim config                                           
  # Accept bounces to lists even if callbacks or other checks would fail                                                            
   warn  message      = X-WhitelistedRCPT-nohdrfromcallback: Yes                                                                    
          condition    = \                                                                                                          
          ${if and {{match{$local_part}{(.*)-bounces\+.*}} \                                                                        
                    {exists {MAILMAN_HOME/lists/$1/config.pck}}} \                                                                  
               {yes}{no}}                                                                                                           
   accept  condition    = \                                                                                                         
          ${if and {{match{$local_part}{(.*)-bounces\+.*}} \                                                                        
                   {exists {MAILMAN_HOME/lists/$1/config.pck}}} \                                                                   
              {yes}{no}}

After line 574:
Code:
  # Place this part after "begin routers" line in your exim config                                                                  
  mailman_router:                                                                                                                   
   driver = accept                                                                                                                  
   require_files = MAILMAN_HOME/lists/$local_part/config.pck                                                                        
   local_part_suffix_optional                                                                                                       
   local_part_suffix = -admin : -bounces : -bounces+* : \                                                                           
                       -confirm : -confirm+* : \                                                                                    
                       -join : -leave : \                                                                                           
                       -owner : -request : \                                                                                        
                       -subscribe : -unsubscribe                                                                                    
   transport = mailman_transport

After line 892:
Code:
  # Place this part after "begin transports" line in your exim config                                                               
  mailman_transport:                                                                                                                
   driver = pipe                                                                                                                    
   command = MAILMAN_WRAP \                                                                                                         
             '${if def:local_part_suffix \                                                                                          
                   {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \                                                              
                   {post}}' \                                                                                                       
             $local_part                                                                                                            
   current_directory = MAILMAN_HOME                                                                                                 
   home_directory = MAILMAN_HOME                                                                                                    
   user = MAILMAN_USER                                                                                                              
   group = MAILMAN_GROUP

(Exim conf changes adapted from http://maarten.hondelink.com/index.php/Directadmin_and_Mailman )
 
Actually, may be nice to have mailman in DA itself, and those edits may be added using includes and easly managed by CB.

I'll pop a message to smtalk to see if he wanna implement it, i think was in the plan but the time is always agaisnt ass (problem aswell ofc).

And no, unless you make the edits from the file editor in DA itself, there isn't a "better way".

Regards
 
It would be great to have mailman in DA. Do you have any idea how to fix the "authentication required" errors?

Re: exim.conf -- thanks for the info. What I've done is save a copy of the edited file as exim.conf.mailmain with the idea that when custombuild updates exim.conf I can diff exim.conf and exim.conf.mailman and re-add the mailman changes.
 
You may want to open a ticket with DA to ask them to add the if_exist entries for external mailman confs, so, for who is not using it, it will not create problem, for who have those files present (like you may), will mantain the working mailman configuration ;) At least is worth a try.

Regarding the error, is mailman using a specific user? If yes there was (as far as i can remember, but cannot find it so far) a list of authroized usrs to send e-mail without authentication, maybe that would work.

Before the update was it working? From what version did you update?

Regards
 
Found!

exim.variables.conf
trusted_users=mail:majordomo:apache:diradmin

If you add the mailman user there, it should fix your problem in my personal opinion.

Regards
 
To have the custom one (and keep it over update, if it work of course), you need to create a file named exim.variables.conf.custom

Everytime CB will update the exim.conf file will generate the new exim.variables.conf based on the default with the custom one, unfurtunately there is no way to make exim load the custom, so they implemented this workaround (which is working).

Regards
 
Thanks for all the help. I really appreciate it.

You may want to open a ticket with DA to ask them to add the if_exist entries for external mailman confs, so, for who is not using it, it will not create problem, for who have those files present (like you may), will mantain the working mailman configuration ;) At least is worth a try.

OK, thanks.

Regarding the error, is mailman using a specific user? If yes there was (as far as i can remember, but cannot find it so far) a list of authroized usrs to send e-mail without authentication, maybe that would work.

Yes, the user is mailman.

Before the update was it working? From what version did you update?

Yes, it was working. I updated from the default exim.conf that comes with DA. (SpamBlocker 2.1, I believe)

Found!

exim.variables.conf
trusted_users=mail:majordomo:apache:diradmin

If you add the mailman user there, it should fix your problem in my personal opinion.

Regards

I changed the trusted_users line in /etc/exim.variables.conf to
trusted_users=mail:majordomo:apache:diradmin:mailman
and restarted exim, but I'm still getting the authentication required error. :(

Also smtalk did create a tutorial for Mailman: http://forum.directadmin.com/showthread.php?t=25596

And one of the step is to add the mailman user to the trusted_users ;) So that should do the trick!

Regards

I think I followed that when I originally set up mailman, but it's from 2008 so maybe things have changed?
 
Oh yes, exim.conf has chaned a lot from version 2, latest is version 4.4.2

Check the smtalk post i pasted before, not sure for what version it is, but maybe the exim.conf changes are more recent.

Regards
 
smtalk's post is from 2008. It's basically the config I'm using.
 
Oh ok, didnt' notice, so far honestly i've no more ideas, unless you add the server IP in /etc/virtual/whitelist_host_ip but that's risky, that's gonna allow every email coming from the server to be un-authenticated.

Regards
 
For now, I'm following this suggestion and adding the list from address to /etc/virtual/whitelist_senders

I wish I knew why exim is ignoring the fact that mailman is listed as a trusted user.
 
Mailman's default is to run as mailman, and it's not changed in the config file, so I guess it's running as mailman? Not sure how to tell more accurately.

Mailman's IP address is different than the server's. Could that be causing it not to be trusted by exim?
 
Hold, is not on the same server?
If not, yes, that's the problem!
To check the user (not sure if mailman work as a service) you may try:
ps aux | grep mailman

Regards
 
Yes, it's the same server, but it has two IP addresses.

Here are the results of ps aux | grep mailman:

Code:
mailman   2376  0.0  0.0 206352  1748 ?        Ss   Jul14   0:00 /usr/bin/python /usr/local/mailman/bin/mailmanctl -s -q start
mailman  20411  0.0  0.1 208708  9540 ?        S    Jul28   0:42 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
mailman  20412  0.0  0.0 203840  3576 ?        S    Jul28   0:44 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
mailman  20413  0.0  0.1 205828  8376 ?        S    Jul28   0:42 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s
mailman  20414  0.0  0.1 206532  9996 ?        S    Jul28   0:48 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s
mailman  20415  0.0  0.0 205812  5992 ?        S    Jul28   0:46 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=VirginRunner:0:1 -s
mailman  20416  0.0  0.0 203784  3540 ?        S    Jul28   0:00 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=RetryRunner:0:1 -s
mailman  20417  0.0  0.0 204100  3536 ?        S    Jul28   0:41 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=NewsRunner:0:1 -s
mailman  20418  0.0  0.0 203784  3516 ?        S    Jul28   0:41 /usr/bin/python /usr/local/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
 
Also, can you try to run it with the same IP address? And also, what SMTP Server it is connecting to? Public IP or 127.0.0.1?

Regards
 
OK, I switched to the same IP address but it's still requiring authentication.

It looks like mailman's default is to send to localhost:

/usr/local/mailman/Mailman/Defaults.py
Code:
SMTPHOST = 'localhost'
 
Forgot to add: yes, I restarted exim (and mailman).

For now, what's the least dangerous way to force exim to accept messages from mailman? Add the mailman address to /etc/virtual/whitelist_senders, add the server IP address to /etc/virtual/whitelist_host_ip, or something else?
 
Back
Top