areguera / rpms / mailman

Forked from rpms/mailman 5 years ago
Clone

Blame SOURCES/mailman.INSTALL.REDHAT.in

e7a395
This file contains instructions for how to complete the installation
e7a395
of mailman after you have installed the Red Hat mailman RPM. There are
e7a395
certain items you will need to manually configure as the RPM is not
e7a395
capable of doing every installation and confirguration task.
e7a395
e7a395
First, you should note that the RPM has installed mailman in the
e7a395
following directory:
e7a395
@prefix@
e7a395
You may want to examine this directory to find additional mailman
e7a395
documentation, or other mailman files.
e7a395
e7a395
IMPORTANT NOTE FOR USERS UPGRADING FROM A PREVIOUS RED HAT MAILMAN
e7a395
INSTALLATION OR THOSE FAMILAR WITH "STANDARD MAILMAN INSTALLATIONS"
e7a395
e7a395
    Earlier Red Hat mailman rpms installed all of the mailman files under
e7a395
    /var/mailman. This did not conform to the Filesystem Hierarchy
e7a395
    Standard (FHS) and created security violations when SELinux is
e7a395
    enabled. As of mailman-2.1.5-21 the following directory and file
e7a395
    changes occurred:
e7a395
e7a395
    variable data (e.g. lists) is in @VAR_PREFIX@, library code,
e7a395
    executables, and scripts are located in @prefix@, lock files are in
e7a395
    @LOCK_DIR@, the pid file is in @PID_DIR@, qfiles are in @QUEUE_DIR@,
e7a395
    and configuration files have been moved to the new @CONFIG_DIR@.
e7a395
e7a395
    If you previously had mailman installed and have edited files in
e7a395
    /var/mailman (e.g. configuration) you will need to move those changes
e7a395
    to their new locations.
e7a395
e7a395
    A script has been provided to aid in the task of migrating your
e7a395
    mailman datafiles, it is contrib/migrate-fhs, run with -h for help
e7a395
    information.
e7a395
e7a395
    The mapping of old locations to new locations is as follows:
e7a395
e7a395
    Directory Mapping:
e7a395
    /var/mailman				--> /var/lib/mailman
e7a395
    /var/mailman/Mailman			--> /usr/lib/mailman/Mailman
e7a395
    /var/mailman/archives			--> /var/lib/mailman/archives
e7a395
    /var/mailman/bin				--> /usr/lib/mailman/bin
e7a395
    /var/mailman/cgi-bin			--> /usr/lib/mailman/cgi-bin
e7a395
    /var/mailman/cron				--> /usr/lib/mailman/cron
e7a395
    /var/mailman/data				--> /var/lib/mailman/data
e7a395
    /var/mailman/lists				--> /var/lib/mailman/lists
e7a395
    /var/mailman/locks				--> /var/lock/mailman
e7a395
    /var/mailman/logs				--> /var/log/mailman
e7a395
    /var/mailman/mail				--> /usr/lib/mailman/mail
e7a395
    /var/mailman/messages			--> /usr/lib/mailman/messages
e7a395
    /var/mailman/pythonlib			--> /usr/lib/mailman/pythonlib
e7a395
    /var/mailman/qfiles				--> /var/spool/mailman
e7a395
    /var/spool/mailman/qfiles			--> /var/spool/mailman
e7a395
    /var/mailman/scripts			--> /usr/lib/mailman/scripts
e7a395
    /var/mailman/spam				--> /var/lib/mailman/spam
e7a395
    /var/mailman/templates			--> /usr/lib/mailman/templates
e7a395
    /var/mailman/tests				--> /usr/lib/mailman/tests
e7a395
e7a395
    File Mapping:
e7a395
    /var/mailman/data/adm.pw			--> /etc/mailman/adm.pw
e7a395
    /var/mailman/data/creator.pw		--> /etc/mailman/creator.pw
e7a395
    /var/mailman/data/aliases			--> /etc/mailman/aliases
e7a395
    /var/mailman/data/virtual-mailman		--> /etc/mailman/virtual-mailman
e7a395
    /var/mailman/data/sitelist.cfg		--> /etc/mailman/sitelist.cfg
e7a395
    /var/mailman/data/master-qrunner.pid	--> /var/run/mailman/master-qrunner.pid
e7a395
e7a395
    Discussion of directory and file relocation:
e7a395
e7a395
    Two new directories were created and three existing directories which
e7a395
    were hardcoded are now configurable.
e7a395
e7a395
    PID_DIR is used to hold the process id and is new because FHS wants
e7a395
    pid files to be located in /var/run. The FHS says when there is only a
e7a395
    single pid file it should be located in /var/run/<name>.pid, and when
e7a395
    there are multiple pid's files they should be located together in a
e7a395
    subdirectory, /var/run/<name>/. Currently mailman only has a single
e7a395
    pid file, but it does have multiple processes (qrunners). Also SELinux
e7a395
    security policy is easier to write if processes are segregated into
e7a395
    individual subdirectories. Therefore we elected to place the mailman
e7a395
    pid file in its own subdirectory, there is some debate if this is 100%
e7a395
    FHS compliant because there is only currently a single pid file, but
e7a395
    this gives us greater future flexibility and is in the spirit of FHS.
e7a395
e7a395
    CONFIG_DIR is used to hold the site configuration files. FHS wants
e7a395
    configuration files stored in /etc/mailman. Previously configuration
e7a395
    files were mixed in with data files in DATA_DIR and with the run-time
e7a395
    code (e.g. Mailman/mm_cfg.py). CONFIG_DIR continues to exist but is
e7a395
    now restricted to data files (e.g. python pickle files). The password
e7a395
    files, alias files, and .cfg (e.g. sitelist.cfg) files have been moved
e7a395
    to CONFIG_DIR. mm_cfg.py which is the primary mailman configuration
e7a395
    file was presented a bit of a dilemma. In theory it should be located
e7a395
    in /etc/mailman, however it is executable code which argues it should
e7a395
    be located with the other executable files, it has traditionally lived
e7a395
    in $PREFIX/Mailman and experienced mailman admins will expect to find
e7a395
    it there. Modifying all the mm_cfg import statements and paths.py was
e7a395
    believed to be too invasive a change, and technically its part of the
e7a395
    "Mailman" package and moving it would take it out of the package
e7a395
    (although currently I don't think that presents any known
e7a395
    issues). Instead a compromise approach was adopted, mm_cfg.py is
e7a395
    symbolically linked into the /etc/mailman directory pointing to
e7a395
    $PREFIX/Mailman/mm_cfg.py. Thus mm_cfg.py "appears" in the
e7a395
    configuration directory but retains its traditional location, this was
e7a395
    deemed a reasonable compromise for the mailman 2.1.x timeframe.
e7a395
e7a395
    sitelist.cfg has a symbolic link in its old location in the DATA_DIR
e7a395
    pointing to its new location in the CONFIG_DIR.
e7a395
e7a395
    New Directories (can be specified as parameter to configure):
e7a395
e7a395
    CONFIG_DIR:	default=$VAR_PREFIX/data		FHS=/etc/mailman
e7a395
    PID_DIR		default=$VAR_PREFIX/data	FHS=/var/run/mailman
e7a395
e7a395
    Existing directories that can now be specified as parameter to configure:
e7a395
e7a395
    LOCK_DIR:	default=$VAR_PREFIX/locks	FHS=/var/lock/mailman
e7a395
    LOG_DIR:	default=$VAR_PREFIX/logs	FHS=/var/log/mailman
e7a395
    QUEUE_DIR	default=$VAR_PREFIX/qfiles	FHS=/var/spool/mailman
e7a395
e7a395
You can find addition documentation in the
e7a395
@DOC_DIR@/README.* files and/or
e7a395
@prefix@/README.* files.
e7a395
e7a395
Mailman is an open source project and full documentation, current
e7a395
sources, patches, etc. can be found at the following official mailman
e7a395
web sites:
e7a395
e7a395
http://www.gnu.org/software/mailman/mailman.html
e7a395
http://www.list.org
e7a395
e7a395
1. Final installation instructions:
e7a395
e7a395
    Congratulations!  You've installed the Mailman software.  To get
e7a395
    everything running you need to hook Mailman up to both your web
e7a395
    server and your mail system.
e7a395
e7a395
    - If you plan on running your MTA and web server on different
e7a395
      machines, sharing Mailman installations via NFS, be sure that
e7a395
      the clocks on those two machines are synchronized closely.  You
e7a395
      might take a look at the file Mailman/LockFile.py; the constant
e7a395
      CLOCK_SLOP helps the locking mechanism compensate for clock skew
e7a395
      in this type of environment.
e7a395
e7a395
    - Configure your web server. The RPM has made the assumption you
e7a395
      are running the apache web server (httpd). The RPM has installed
e7a395
      a mailman config file (@HTTPD_CONF_FILE@) in @HTTPD_CONF_DIR@.
e7a395
      You should edit the file to set your domain, see the
e7a395
      instructions in the config file.
e7a395
e7a395
      Now restart your web server so the new settings take effect:
e7a395
e7a395
      % /sbin/service httpd restart
e7a395
e7a395
    - Create the site password using:
e7a395
e7a395
      % @prefix@/bin/mmsitepass <your-site-password>
e7a395
e7a395
      This password can be used anywhere that individual user or
e7a395
      mailing list administrator passwords are required, giving the
e7a395
      mailman site administrator the ability to adjust these things
e7a395
      when necessary.
e7a395
e7a395
      You may also want to create a password for the site-wide "list
e7a395
      creator" role (someone other than the site administrator who as
e7a395
      privileges to create and remove lists through the web).  Use the
e7a395
      -c option to mmsitepass to set this.
e7a395
e7a395
    - Set the values for DEFAULT_EMAIL_HOST and DEFAULT_URL_HOST in
e7a395
      @prefix@/Mailman/mm_cfg.py file if the fqdn of the host you are
e7a395
      running mailman on is not the email and url host you need to use.
e7a395
e7a395
    - Update Mailman list files to new verson by running:
e7a395
      @prefix@/bin/update
e7a395
e7a395
      Users upgrading from previous releases of this package may need
e7a395
      to move their data or adjust the configuration files to point to
e7a395
      the locations where their data is.
e7a395
e7a395
    - Create a "site-wide" mailing list (Note: this must be done
e7a395
      before starting the mailman daemon). This is the one that
e7a395
      password reminders will appear to come from.  Usually this
e7a395
      should be the "mailman" mailing list, but if you need to change
e7a395
      this, be sure to change the MAILMAN_SITE_LIST variable in
e7a395
      mm_cfg.py (see below).
e7a395
e7a395
      % @prefix@/bin/newlist mailman
e7a395
e7a395
      Follow the prompts, and see the README file for more
e7a395
      information.
e7a395
e7a395
    - Start the Mailman qrunner daemon
e7a395
e7a395
      As of mailman version 2.1 mailman requires a service (daemon) to be
e7a395
      run for mailman to operate. RedHat does not ship RPM's that enable
e7a395
      services as part of package installation. You will need to enable
e7a395
      the mailman service if you want mailman to run.
e7a395
e7a395
      To enable the mailman service after package installation you may run
e7a395
      the "serviceconf" GUI tool, or you may do the following on the
e7a395
      command line as root.
e7a395
e7a395
      /sbin/service mailman start
e7a395
e7a395
      To have the mailman service automatically start at certain run
e7a395
      levels (replace the runlevel below with your desired run levels, for
e7a395
      example to start mailman at run levels 3 and 5 runlevel would be 35:
e7a395
e7a395
      /sbin/chkconfig --level runlevel mailman on
e7a395
e7a395
    - You should then subscribe yourself to the mailman list.
e7a395
e7a395
e7a395
2. Customize Mailman
e7a395
e7a395
    You should do these steps using the account you installed Mailman
e7a395
    under in section 2 above.
e7a395
e7a395
    - The file @prefix@/Mailman/Defaults.py contains a number of
e7a395
      defaults for your installation.  If any of these are incorrect,
e7a395
      override them in @prefix@/Mailman/mm_cfg.py.
e7a395
e7a395
      DO NOT EDIT Defaults.py!
e7a395
e7a395
      Note: If you have upgraded your mailman installation RPM will
e7a395
      save a copy of your previous version of mm_cfg.py in
e7a395
      mm_cfg.py.rpmsave.
e7a395
e7a395
      See the comments in Defaults.py for details.  Once a list is
e7a395
      created, editing many of these variables will have no effect.
e7a395
      At that point, you'll need to configure your lists through the
e7a395
      web admin interface or through the command line script
e7a395
      @prefix@/bin/withlist or @prefix@/bin/config_list.
e7a395
e7a395
      Note: Do *not* change HOME_DIR or MAILMAN_DIR.  These are set
e7a395
      automatically by the configure script when the RPM was created.
e7a395
e7a395
    - Create the site password using:
e7a395
e7a395
      % @prefix@/bin/mmsitepass <your-site-password>
e7a395
e7a395
      This password can be used anywhere that individual user or
e7a395
      mailing list administrator passwords are required, giving the
e7a395
      mailman site administrator the ability to adjust these things
e7a395
      when necessary.
e7a395
e7a395
      You may also want to create a password for the site-wide "list
e7a395
      creator" role (someone other than the site administrator who as
e7a395
      privileges to create and remove lists through the web).  Use the
e7a395
      -c option to mmsitepass to set this.
e7a395
e7a395
e7a395
3. Troubleshooting
e7a395
e7a395
    If you encounter problems with running Mailman, first check the
e7a395
    "Common Problems" section, below.  If your problem is not covered
e7a395
    there, check both the FAQ file and the online FAQ Wizard.
e7a395
    Check for errors in the mailman log files which can be found in
e7a395
e7a395
    @LOG_DIR@
e7a395
e7a395
    Mailman logs errors to this file:
e7a395
e7a395
    @LOG_DIR@/error
e7a395
e7a395
    If you encounter an error, send an error report to
e7a395
    mailman-users@python.org.  Include a description of what you're
e7a395
    doing to cause the problem, and the relevant lines from your
e7a395
    syslog.  Also include information on your operating system, which
e7a395
    version of Python you're using, and which version of Mailman
e7a395
    you're installing.
e7a395
e7a395
e7a395
4. Common Problems
e7a395
e7a395
    Problem:  All Mailman web pages give a 404 File not found error.
e7a395
e7a395
    Solution: Your web server has not been set up properly for handling
e7a395
              Mailman's cgi commands.  Make sure you've:
e7a395
e7a395
              1) Configured the web server to give permissions to
e7a395
                 @prefix@/cgi-bin
e7a395
              2) Restarted the web server properly.
e7a395
e7a395
              Consult your web server's documentation for instructions
e7a395
              on how to do these things.
e7a395
e7a395
e7a395
    Problem:  All Mailman web pages give an "Internal Server Error".
e7a395
e7a395
    Solution: The likely problem is that you are using the wrong GID or
e7a395
              UID for CGI scripts.  Check your syslog.  If you see, for
e7a395
              example, a line like:
e7a395
e7a395
                  Attempt to exec script with invalid gid 51, expected 99
e7a395
e7a395
              You need to reinstall Mailman, and specify $CGI_GID to be 51,
e7a395
              as described in the installation instructions.
e7a395
e7a395
e7a395
    Problem:  I send mail to the list, and get back mail saying the
e7a395
              list is not found!
e7a395
e7a395
    Solution: You probably didn't add the necessary aliases to the system
e7a395
              alias database, given to you when you ran the newlist
e7a395
              command.  If you did add them, you likely did not update
e7a395
              the alias database, or your system requires you to run
e7a395
              newaliases explicitly.  Refer to section 5 above for
e7a395
              more information.
e7a395
e7a395
e7a395
    Problem:  I send mail to the list, and get back mail saying,
e7a395
              "unknown mailer error".
e7a395
e7a395
    Solution: The likely problem is that you are using the wrong GID or
e7a395
              UID for mail.  Check your syslog.  If you see, for
e7a395
              example, a line like:
e7a395
e7a395
                  Attempt to exec script with invalid gid 51, expected 99
e7a395
e7a395
              You need to reinstall Mailman, and specify $MAIL_GID to
e7a395
              be 51, as described in the installation
e7a395
              instructions. see notes on Postfix below, as by default
e7a395
              it will create these problems on installation.
e7a395
e7a395
e7a395
    Problem:  I use Postfix for my MTA and the mail wrapper programs
e7a395
              are logging complaints about the wrong GID.
e7a395
e7a395
    Solution: Create a separate aliases file for Postfix in its
e7a395
              main.cf config file under the variable "alias_maps". Put
e7a395
              the file somewhere in Mailman's home directory, or
e7a395
              somewhere else where the user mailman has write access
e7a395
              to it; *as user mailman* call Postfix's "postalias" on the
e7a395
              alias file.
e7a395
e7a395
              % postalias <the alias file>
e7a395
e7a395
              Also as user mailman, run
e7a395
e7a395
              % python -c'import os; print os.getgid()'
e7a395
e7a395
              This should print out the group id that Mailman should
e7a395
              be configured to expect when the mail wrapper programs
e7a395
              are run.  Call it "thegid".  Rebuild Mailman with
e7a395
e7a395
              % ./configure --with-mail-gid=thegid
e7a395
e7a395
              See also the "Using the Postfix mail server" section of
e7a395
              the mailman installation manual for more information on
e7a395
              connecting Postfix and Mailman.  The manual is available
e7a395
              in several formats at /usr/share/doc/mailman-*/admin/www.
e7a395
e7a395
e7a395
    Problem:  I send mail to the list, and get back mail saying,
e7a395
              "sh: mailman not available for sendmail programs"
e7a395
e7a395
    Solution: Your system uses sendmail restricted shell (smrsh).  You
e7a395
              need to configure smrsh by creating a symbolic link from
e7a395
              the mail wrapper (@prefix@/mail/mailman) to the directory
e7a395
              identifying executables allowed to run under smrsh.
e7a395
e7a395
              Some common names for this directory are
e7a395
              /var/admin/sm.bin, /usr/admin/sm.bin or /etc/smrsh.
e7a395
e7a395
              Note that on Debian Linux, the system makes
e7a395
              /usr/lib/sm.bin, which is wrong, you will need to create
e7a395
              the directory /usr/admin/sm.bin and add the link there.
e7a395
              Note further any aliases newaliases spits out will need
e7a395
              to be adjusted to point to the secure link to the
e7a395
              wrapper.
e7a395
e7a395
e7a395
    Problem:  I messed up when I called configure.  How do I clean
e7a395
              things up and re-install?
e7a395
e7a395
    Solution: % make clean
e7a395
              % ./configure --with-the-right-options
e7a395
              % make install
e7a395
e7a395
e7a395
-------------------- Other Useful Information -----------------
e7a395
e7a395
RPM Preserves User Modified Files
e7a395
---------------------------------
e7a395
e7a395
The rpm during installation will preserve changes you have made to
e7a395
configuration files and templates from a previous installation. This
e7a395
is almost always what is desired. However you may want to check for
e7a395
the existence of files with either the .rpmsave or the .rpmnew
e7a395
extension and verify if any of these backup files created during the
e7a395
RPM install exist and if you are indeed using the version of the file
e7a395
you desire.
e7a395
e7a395
Note: The installation directory for non-data files changed from
e7a395
@VAR_PREFIX@ to @prefix@ in mailman-2.1.5-20. Configuration files and
e7a395
templates that were user modified in a previous installation will need
e7a395
to manually move those changes from the earlier @VAR_PREFIX@ to the
e7a395
new @prefix@ installation directory.
e7a395
e7a395
Here are a few commands that will aid you in this process:
e7a395
e7a395
List any rpm backup files in the mailman installation directory:
e7a395
e7a395
% find @prefix@ @VAR_PREFIX@ -name '*.rpm*'
e7a395
e7a395
List any configuration files NOT in the mailman installation directory
e7a395
you might miss with the above command which also have the potental for
e7a395
backup copies. Given this short list you'll have to look for a
e7a395
matching backup file.
e7a395
e7a395
% rpm -qc mailman | egrep -v '@prefix@|@VAR_PREFIX@'
e7a395
e7a395
When rpm preserves a user modified file it installs the newest version
e7a395
of the file by appending the .rpmnew extension to the file name thus
e7a395
preserving the file but making the latest version avialable. If rpm
e7a395
replaces a user modified file the file being replaced is renamed to
e7a395
have the .rpmsave extension. RPM only performs these backup operations
e7a395
if the file is marked as being a configuration file in the rpm spec
e7a395
file, it is not performed in general on all files in the package.
e7a395
e7a395
e7a395
Mailman Cron Jobs:
e7a395
------------------
e7a395
e7a395
Mailman relies on the cron daemon to schedule periodic actions. These
e7a395
are contained in a crontab file. Previous versions of the mailman RPM
e7a395
from Red Hat created the cron jobs by running the crontab(1) command
e7a395
during the RPM installation phase. The cron jobs are now handled
e7a395
slightly differently. Rather than invoking crontab which loaded the
e7a395
cron jobs into a private cron file a mailman crontab file is installed
e7a395
into /etc/cron.d. The crontab file and the commands it runs were
e7a395
modified from the upstream distribution so these commands would run
e7a395
under the correct SELinux security profile.
e7a395
e7a395
Previously the cron jobs were installed when the RPM was
e7a395
installed. This was less than optimal because the act of having the
e7a395
mailman RPM installed on a system should not cause the cron jobs to
e7a395
run. A better solution is to only run the mailman cron jobs if the
e7a395
mailman service is enabled. This is accomplished by installing the
e7a395
mailman crontab file in /etc/cron.d when the mailman service is
e7a395
started by mailman init.d script (e.g. either at boot time or via
e7a395
/sbin/service). When the mailman service is stopped the crontab file
e7a395
is removed from /etc/cron.d. The crontab file is copied from
e7a395
@prefix@/cron/crontab.in to /etc/cron.d/mailman. Thus if you edit the
e7a395
cron jobs you will need to edit the master copy in @prefix@/cron
e7a395
otherwise your edits will be lost the next time the mailman service is
e7a395
started or restarted. To pick up any changes made to the crontab file
e7a395
edit the master copy in @prefix@/cron and then use /sbin/service to
e7a395
restart mailman (e.g. /sbin/service mailman restart). Some may wonder
e7a395
why the crontab file in /etc/cron.d is not symbolically linked to the
e7a395
master copy when the service starts and unlinked when it stops. The
e7a395
reason is because newer versions of cron will refuse for security
e7a395
reasons to run any crontabs which are links to other files or
e7a395
writeable by anybody else except root.
e7a395
e7a395
Choosing your MTA (sendmail or postfix) on Red Hat Systems:
e7a395
-----------------------------------------------------------
e7a395
e7a395
Red Hat ships two different MTA's, sendmail and postfix. Because the
e7a395
sendmail and postfix rpms's share file names when installed the
e7a395
conflict is accomodated by utilizing the "alternatives" mechanism
e7a395
which manages a set of links. When one of the MTA's is selected via
e7a395
/usr/sbin/alternatives links are established which point to the
e7a395
correct files for that MTA. There are two ways to select your MTA:
e7a395
The system-switch-mail package contains a GUI front end to the
e7a395
alternatives mechanism and /usr/bin/system-switch-mail is an easy way
e7a395
to select your MTA, or you can invoke alternatives directly like this:
e7a395
e7a395
% /usr/sbin/alternatives --config mta
e7a395
e7a395
Note: Selecting your preferred MTA is distinct from configuring the
e7a395
MTA, you will need to consult the documentation for the MTA you
e7a395
selected for information on how to configure it.
e7a395
e7a395

e7a395
Local Variables:
e7a395
mode: indented-text
e7a395
indent-tabs-mode: nil
e7a395
End: