2.1.18.upgrade.md

GNU Mailman 2.1.18 on AWS EC2

This project describes the process of upgrading GNU Mailman on an Amazon EC2 instance. Currently the default package available in Amazon Linux is version 2.1.15. GNU Mailman has to be upgraded to version 2.1.18 in order to fix an issues caused by Yahoo's decision to bounce email not conforming to the DMARC standard.

References

• https://blog.tigertech.net/posts/mailman-updated-fixes-dmarc/
• http://www.crescendo.net/content/tech/2014/07/updating-mailman-on-centos-5-due-to-dmarc/
• https://launchpad.net/mailman/+milestone/2.1.15
• https://launchpad.net/mailman/+milestone/2.1.18
• http://www.ietf.org/mail-archive/web/ietf/current/msg87153.html
• http://wiki.list.org/DOC/What%20can%20I%20do%20about%20members%20being%20unsubscribed%20by%20bounces%20of%20Yahoo%20user's%20posts%20for%20DMARC%20policy%20reasons%3F
• http://www.spamresource.com/2014/04/up-in-arms-about-yahoos-dmarc-policy.html
• http://wiki.list.org/DEV/DMARC
• http://stallion-theme.co.uk/how-to-upgrade-mailman-mailing-list-tutorial/
• http://yum.baseurl.org/wiki/YumCommands
• http://www.gnu.org/software/tar/manual/tar.html
• http://wiki.list.org/DOC/Understanding%20group%20mismatch%20errors%20-%20how%20mailman%20implements%20security​
• https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/sec-Removing.html
• http://www.gnu.org/software/mailman/mailman-admin/node11.html

Summary

• Connect to the EC2 instance
• Archive Mailman data files
• Download the new Mailman
• Remove the old Mailman
• Install the new Mailman
• Configure the new Mailman
• Start the new Mailman
• Test and confirm

Details

Connect to your EC2 instance

ssh -i [keyfile].pem ec2-user@[somedomain.whatever]

Switch to super user

sudo su

Check the mailman version

/usr/lib/mailman/bin/version ​

Check the available versions of mailman with yum

yum list available | grep mailman

Confirm the installed version of mailman with yum

yum list installed | grep mailman

Download dnspython

cd ~
ls
wget --no-check-certificate https://pypi.python.org/packages/source/d/dnspython/dnspython-1.11.1.zip
ls -la
Unzip dnspython
unzip dnspython-1.11.1.zip
ls

Install dnspython

cd dnspython-1.11.1
python setup.py install

Download GNU Mailman 2.1.18

cd ~
wget http://ftp.gnu.org/gnu/mailman/mailman-2.1.18.tgz

Recursively check the contents of /var/lib/mailman and keep a copy of the results

ls -alR /var/lib/mailman/
ls -alR /var/lib/mailman/ > ~/mailman.lib.[yyyy-mm-dd].txt

Archive the /var/lib/mailman directory. This is the data directory, where all of the mailing definitions and archive messages are kept. This is what you will need to restore, if something goes wrong. If the upgrade proceeds as planned, you won't have to touch these files.

tar cvf ~/var-lib-mailman.[yyyy-mm-dd].tar /var/lib/mailman

Archive the Postfix virtual file

tar cvf ~/etc-postfix-virtual.[yyyy-mm-dd].tar /etc/postfix/virtual

Archive the aliases file

tar cvf ~/etc-aliases.[yyyy-mm-dd].tar /etc/aliases

Archive the /etc/mailman directory

tar cvf ~/etc-mailman.[yyyy-mm-dd].tar /etc/mailman/

Archive the /usr/lib/mailman directory

tar cvf ~/usr-lib-mailman.[yyyy-mm-dd].tar /usr/lib/mailman/

Archive the httpd mailman.conf file

tar cvf ~/etc-httpd-conf.d-mailman.conf.[yyyy-mm-dd].tar /etc/httpd/conf.d/mailman.conf ​

Check the user id and group ids of mailman and apache

cat /etc/passwd | grep mailman
cat /etc/passwd | grep apache
cat /etc/group | grep mailman
cat /etc/group | grep apache

Stop Postfix

/etc/init.d/postfix status
/etc/init.d/postfix stop
/etc/init.d/postfix status

Stop GNU Mailman

/etc/init.d/mailman status
/etc/init.d/postfix stop
/etc/init.d/postfix status

Remove GNU Mailman

yum remove mailman

Check the response from yum for messages like this

warning: /usr/lib/mailman/cron/crontab.in saved as /usr/lib/mailman/cron/crontab.in.rpmsave

warning: /usr/lib/mailman/Mailman/mm_cfg.py saved as /usr/lib/mailman/Mailman/mm_cfg.py.rpmsave

warning: /etc/httpd/conf.d/mailman.conf saved as /etc/httpd/conf.d/mailman.conf.rpmsave

Read the rpm save files, if any

cat /usr/lib/mailman/cron/crontab.in.rpmsave
cat /usr/lib/mailman/Mailman/mm_cfg.py.rpmsave
cat /etc/httpd/conf.d/mailman.conf.rpmsave

Extract the new version of GNU Mailman

cd ~
tar xzf mailman-2.1.18.tgz

Make sure the set-gid bit is set for directory: /usr/lib/mailman

cd /usr/lib/mailman/
ls -la .
chgrp mailman .
ls -la . |grep s
chmod a+rx,g+ws . 
ls -la . |grep s
ls -la .

Configure the Mailman installation. Set the installation directory to /usr/lib/mailman. IMPORTANT: Set the Var directory to /var/lib/mailman. Set the group id of the mail wrapper to mailman. Set the group id of the web server wrapper to apache.

cd ~/mailman-2.1.18
./configure --prefix=/usr/lib/mailman/ --with-var-prefix=/var/lib/mailman --with-mail-gid=mailman --with-cgi-gid=apache 

Install GNU Mailman

make
make install

Check the GNU Mailman version

/usr/lib/mailman/bin/version 

Read the Mailman aliases file. See if the mailing lists which had been defined are still listed.

cat /etc/mailman/aliases

Check the /var/lib/mailman/ directory to make sure the mailing list data are still there

ls -alR /var/lib/mailman/

Make sure that the owner of the aliases and aliases.db file is mailman, that the group owner for those files is mailman, or whatever user and group you used in the configure command, and that both files are group writable.

ls -la /etc/mailman/aliases*
chown mailman:mailman /etc/mailman/aliases*
ls -la /etc/mailman/aliases*
chmod g+w /etc/mailman/aliases*
ls -la /etc/mailman/aliases*

Run the check permissions script, and run it again with the -f flag until all of the problems are fixed

/usr/lib/mailman/bin/check_perms > ~/checked_perms.[yyyy-mm-dd].txt
/usr/lib/mailman/bin/check_perms
/usr/lib/mailman/bin/check_perms -f
/usr/lib/mailman/bin/check_perms -f

Review the Defaults file

less  /usr/lib/mailman/Mailman/Defaults.py

Review the sitelist config template.

more /etc/mailman/sitelist.cfg 

​Set the Mailman site master password

/usr/lib/mailman/bin/mmsitepass [ --- somepassword --- ]

Restore the rpmsave copy of the ​mm_cfg.py file

cp /usr/lib/mailman/Mailman/mm_cfg.py /usr/lib/mailman/Mailman/mm_cfg.py.[yyyy-mm-dd]
cp /usr/lib/mailman/Mailman/mm_cfg.py.rpmsave /usr/lib/mailman/Mailman/mm_cfg.py

Read the mm_cfg.py file

cat /usr/lib/mailman/Mailman/mm_cfg.py

Make sure these values are set. Don't forget the single quotes!

DEFAULT_URL_HOST = fqdn
DEFAULT_EMAIL_HOST = '[somedomain.whatever]'
MTA = 'Postfix'

Check the default values for Postfix alias and command

grep POSTFIX_ALIAS_CMD /usr/lib/mailman/Mailman/Defaults.py
grep POSTFIX_MAP_CMD /usr/lib/mailman/Mailman/Defaults.py

Read the mailman.conf file in the Apache config directory

less /etc/httpd/conf.d/mailman.conf

If the mailman.conf file is not there, restore the rpmsave copy

cp /etc/httpd/conf.d/mailman.conf.rpmsave /etc/httpd/conf.d/mailman.conf

Make sure this line is un-commented

RedirectMatch ^/mailman[/]*$ /mailman/listinfo

Make sure the Apache config file has an entry like this for Mailman

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
    AllowOverride None
    Options ExecCGI
    Order allow,deny
    Allow from all
</Directory>

Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
    Options MultiViews FollowSymLinks
    AllowOverride None
    Order allow,deny
    Allow from all
    AddDefaultCharset Off
</Directory>

Restart Apache

/etc/init.d/httpd status
/etc/init.d/httpd restart

​Read the Mailman init script

cat /etc/init.d/mailman

Copy the Mailman init script to /etc/init.d/

cp /usr/lib/mailman/scripts/mailman /etc/init.d/mailman

Edit the master copy of crontab.in

nano /usr/lib/mailman/cron/crontab.in

Comment out this line

#0,5,10,15,20,25,30,35,40,45,50,55 * * * * mailman /usr/lib/mailman/cron/gate_news

Copy the crontab.in file to /etc/cron.d/mailman

cp /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman

Make sure the the mailman user does not have a crontab

crontab -u mailman -l
ls -la /var/spool/cron/

​Tell Mailman to start every time you reboot your system

chkconfig --add mailman

Start Mailman

/etc/init.d/mailman start

• Open a web browser, and log into the admin page of a test list.
• Subscribe a Yahoo email address to the test list and send an email message to the test list from a Gmail account.
• Reply from the Yahoo account to the message sent from the Gmail account.
• Check the Gmail account for the reply from the Yahoo account.
• If the Gmail account does not get the message from the Yahoo account, the problem is confirmed.
• Check the mail log to see what happened when you sent the message from Yahoo and from Gmail.

cat /var/log/maillog

To fix the problem...

• Open a web browser, and log into the admin page of a test list.
• For the option of “from_is_list” select “Munge From.”
• Send a test message to the list from a Gmail account.
• Reply from the Yahoo account to the message sent from the Gmail account.
• Check the Gmail account for the reply from the Yahoo account.
• ​If the Gmail account gets the message from the Yahoo account, the problem is fixed.