Mailman: Difference between revisions
(Created page with "= Background = Mailman is a complex piece of software, I've taken notes while setting it up in a jail on a FreeBSD 8-stable machine. The jail has a global ipv4 and an ipv6 add...") |
No edit summary |
||
Line 29: | Line 29: | ||
daily_status_include_submit_mailq="NO" | daily_status_include_submit_mailq="NO" | ||
daily_submit_queuerun="NO" | daily_submit_queuerun="NO" | ||
</pre> | |||
== nginx == | |||
I also install <code>/usr/ports/www/nginx</code> with the following options enabled: | |||
<pre> | |||
[tykling@lists /usr/ports/www/nginx]$ sudo make showconfig | grep =on | |||
IPV6=on: Enable IPv6 support | |||
HTTP=on: Enable HTTP module | |||
HTTP_REWRITE=on: Enable http_rewrite module | |||
HTTP_SSL=on: Enable http_ssl module | |||
[tykling@lists /usr/ports/www/nginx]$ | |||
</pre> | |||
== thttpd == | |||
For cgi-bin processing (which nginx doesn't do) I install <code>/usr/ports/www/thttpd</code>. | |||
== Mailman == | |||
Finally I install <code>/usr/ports/mail/mailman</code> with the Postfix option enabled: | |||
<code> | |||
[tykling@lists /usr/ports/mail/mailman]$ sudo make showconfig | grep =on | |||
POSTFIX=on: for use with postfix | |||
[tykling@lists /usr/ports/mail/mailman]$ | |||
</code> | |||
= Configuration = | |||
The following section contains the configs I used for this server. | |||
== Postfix == | |||
The main config file <code>/usr/local/etc/postfix/main.cf</code> is very verbose by default but the defaults are fine actually, and the config below is all I need: | |||
<pre> | |||
[tykling@lists ~]$ cat /usr/local/etc/postfix/main.cf | |||
mynetworks_style = host | |||
inet_protocols = ipv4 ipv6 | |||
relay_domains = lists.thecamp.dk | |||
mailman_destination_recipient_limit = 1 | |||
transport_maps = hash:/usr/local/etc/postfix/transport | |||
recipient_delimiter = + | |||
alias_maps = hash:/usr/local/etc/postfix/aliases | |||
# TLS settings | |||
smtpd_tls_cert_file = /usr/local/www/certificates/lists.tyknet.dk.crt | |||
smtpd_tls_key_file = /usr/local/www/certificates/lists.tyknet.dk.key | |||
smtpd_tls_auth_only = yes | |||
smtpd_tls_received_header = yes | |||
smtpd_tls_security_level = may | |||
smtp_tls_CAfile = /usr/local/www/certificates/lists.tyknet.dk.crt | |||
smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache | |||
smtp_tls_security_level = may | |||
</pre> | |||
I also add the following snippet to <code>/usr/local/etc/postfix/master.cf</code>: | |||
<pre> | |||
mailman unix - n n - - pipe | |||
flags=FR user=mailman:nobody | |||
argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user} | |||
</pre> | |||
== Postfix-to-mailman.py == | |||
I use a script to get the mail from Postfix to Mailman, the script can be downloaded and installed easily and it works very well: | |||
<pre> | |||
[tykling@lists ~]$ fetch http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py | |||
postfix-to-mailman-2.1.py 100% of 4633 B 26 kBps | |||
[tykling@lists ~]$ sudo mv postfix-to-mailman-2.1.py /usr/local/mailman/postfix-to-mailman.py | |||
[tykling@lists ~]$ | |||
</pre> | |||
I edit the script to fix the path to Python and set two required variables: | |||
<pre> | |||
[tykling@lists ~]$ diff -u /usr/local/mailman/postfix-to-mailman.py postfix-to-mailman.py | |||
--- /usr/local/mailman/postfix-to-mailman.py 2012-06-10 19:33:44.557197572 +0200 | |||
+++ postfix-to-mailman.py 2012-06-10 19:33:02.609292985 +0200 | |||
@@ -1,8 +1,8 @@ | |||
-#!/usr/local/bin/python | |||
+#! /usr/bin/env python | |||
# Configuration variables - Change these for your site if necessary. | |||
-MailmanHome = "/usr/local/mailman"; # Mailman home directory. | |||
-MailmanOwner = "thomas@gibfest.dk"; # Postmaster and abuse mail recipient. | |||
+MailmanHome = "/var/mailman"; # Mailman home directory. | |||
+MailmanOwner = "postmaster@example.com"; # Postmaster and abuse mail recipient. | |||
# End of configuration variables. | |||
# postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py) | |||
[tykling@lists ~]$ | |||
</pre> | |||
Finally I need to make the script executable: | |||
<pre> | |||
[tykling@lists ~]$ sudo chmod +x /usr/local/mailman/postfix-to-mailman.py | |||
[tykling@lists ~]$ | |||
</pre> | |||
== nginx == | |||
I add the following to the nginx config file <code>/usr/local/etc/nginx/nginx.conf</code>: | |||
<pre> | |||
worker_processes 1; | |||
events { | |||
worker_connections 1024; | |||
} | |||
http { | |||
include mime.types; | |||
default_type application/octet-stream; | |||
sendfile on; | |||
keepalive_timeout 65; | |||
server { | |||
listen 80 default; | |||
server_name lists.thecamp.dk; | |||
rewrite ^ https://$server_name$request_uri? permanent; | |||
} | |||
server { | |||
listen 443 default; | |||
server_name lists.tyknet.dk; | |||
root /usr/local/mailman; | |||
ssl on; | |||
ssl_certificate /usr/local/www/certificates/lists.thecamp.dk.crt; | |||
ssl_certificate_key /usr/local/www/certificates/lists.thecamp.dk.key; | |||
add_header Strict-Transport-Security max-age=31536000; | |||
location = / { | |||
rewrite ^ /mailman/listinfo permanent; | |||
} | |||
location / { | |||
rewrite ^ /mailman$uri?$args; | |||
} | |||
location = /mailman/ { | |||
rewrite ^ /mailman/listinfo permanent; | |||
} | |||
location /mailman/ { | |||
#include proxy_params; | |||
proxy_pass http://lists.thecamp.dk:8080/; | |||
proxy_set_header Host $host; | |||
proxy_set_header X-Real-IP $remote_addr; | |||
} | |||
location /cgi-bin { | |||
rewrite ^/cgi-bin(.*)$ $1 permanent; | |||
} | |||
location /images/mailman { | |||
alias /usr/local/mailman/icons; | |||
} | |||
location /icons { | |||
alias /usr/local/mailman/icons; | |||
} | |||
location /pipermail { | |||
alias /usr/local/mailman/archives/public; | |||
autoindex on; | |||
} | |||
} | |||
} | |||
</pre> | |||
== thttpd == | |||
I create the following config for the thttpd webserver, <code>/usr/local/etc/thttpd.conf</code>: | |||
<pre> | |||
host=78.47.102.140 | |||
port=8080 | |||
dir=/usr/local/mailman/cgi-bin | |||
nochroot | |||
user=www | |||
cgipat=/** | |||
logfile=/var/log/thttpd.log | |||
</pre> | </pre> |
Revision as of 17:40, 10 June 2012
Background
Mailman is a complex piece of software, I've taken notes while setting it up in a jail on a FreeBSD 8-stable machine. The jail has a global ipv4 and an ipv6 address, but no loopback address.
Installation
This section outlines the ports that needs to be installed.
Postfix
I install postfix from /usr/ports/mail/postfix
and check the TLS
option. I stop Sendmail before continuing:
[tykling@lists ~]$ sudo /etc/rc.d/sendmail onestop Stopping sendmail. Stopping sendmail_clientmqueue. [tykling@lists ~]$
I add the following to /etc/rc.conf
:
sendmail_enable="NO" sendmail_submit_enable="NO" sendmail_outbound_enable="NO" sendmail_msp_queue_enable="NO" postfix_enable="YES"
I also add the following to /etc/periodic.conf
:
daily_clean_hoststat_enable="NO" daily_status_mail_rejects_enable="NO" daily_status_include_submit_mailq="NO" daily_submit_queuerun="NO"
nginx
I also install /usr/ports/www/nginx
with the following options enabled:
[tykling@lists /usr/ports/www/nginx]$ sudo make showconfig | grep =on IPV6=on: Enable IPv6 support HTTP=on: Enable HTTP module HTTP_REWRITE=on: Enable http_rewrite module HTTP_SSL=on: Enable http_ssl module [tykling@lists /usr/ports/www/nginx]$
thttpd
For cgi-bin processing (which nginx doesn't do) I install /usr/ports/www/thttpd
.
Mailman
Finally I install /usr/ports/mail/mailman
with the Postfix option enabled:
[tykling@lists /usr/ports/mail/mailman]$ sudo make showconfig | grep =on
POSTFIX=on: for use with postfix
[tykling@lists /usr/ports/mail/mailman]$
Configuration
The following section contains the configs I used for this server.
Postfix
The main config file /usr/local/etc/postfix/main.cf
is very verbose by default but the defaults are fine actually, and the config below is all I need:
[tykling@lists ~]$ cat /usr/local/etc/postfix/main.cf mynetworks_style = host inet_protocols = ipv4 ipv6 relay_domains = lists.thecamp.dk mailman_destination_recipient_limit = 1 transport_maps = hash:/usr/local/etc/postfix/transport recipient_delimiter = + alias_maps = hash:/usr/local/etc/postfix/aliases # TLS settings smtpd_tls_cert_file = /usr/local/www/certificates/lists.tyknet.dk.crt smtpd_tls_key_file = /usr/local/www/certificates/lists.tyknet.dk.key smtpd_tls_auth_only = yes smtpd_tls_received_header = yes smtpd_tls_security_level = may smtp_tls_CAfile = /usr/local/www/certificates/lists.tyknet.dk.crt smtp_tls_session_cache_database = btree:/var/db/postfix/smtp_tls_session_cache smtp_tls_security_level = may
I also add the following snippet to /usr/local/etc/postfix/master.cf
:
mailman unix - n n - - pipe flags=FR user=mailman:nobody argv=/usr/local/mailman/postfix-to-mailman.py ${nexthop} ${user}
Postfix-to-mailman.py
I use a script to get the mail from Postfix to Mailman, the script can be downloaded and installed easily and it works very well:
[tykling@lists ~]$ fetch http://www.gurulabs.com/downloads/postfix-to-mailman-2.1.py postfix-to-mailman-2.1.py 100% of 4633 B 26 kBps [tykling@lists ~]$ sudo mv postfix-to-mailman-2.1.py /usr/local/mailman/postfix-to-mailman.py [tykling@lists ~]$
I edit the script to fix the path to Python and set two required variables:
[tykling@lists ~]$ diff -u /usr/local/mailman/postfix-to-mailman.py postfix-to-mailman.py --- /usr/local/mailman/postfix-to-mailman.py 2012-06-10 19:33:44.557197572 +0200 +++ postfix-to-mailman.py 2012-06-10 19:33:02.609292985 +0200 @@ -1,8 +1,8 @@ -#!/usr/local/bin/python +#! /usr/bin/env python # Configuration variables - Change these for your site if necessary. -MailmanHome = "/usr/local/mailman"; # Mailman home directory. -MailmanOwner = "thomas@gibfest.dk"; # Postmaster and abuse mail recipient. +MailmanHome = "/var/mailman"; # Mailman home directory. +MailmanOwner = "postmaster@example.com"; # Postmaster and abuse mail recipient. # End of configuration variables. # postfix-to-mailman-2.1.py (to be installed as postfix-to-mailman.py) [tykling@lists ~]$
Finally I need to make the script executable:
[tykling@lists ~]$ sudo chmod +x /usr/local/mailman/postfix-to-mailman.py [tykling@lists ~]$
nginx
I add the following to the nginx config file /usr/local/etc/nginx/nginx.conf
:
worker_processes 1; events { worker_connections 1024; } http { include mime.types; default_type application/octet-stream; sendfile on; keepalive_timeout 65; server { listen 80 default; server_name lists.thecamp.dk; rewrite ^ https://$server_name$request_uri? permanent; } server { listen 443 default; server_name lists.tyknet.dk; root /usr/local/mailman; ssl on; ssl_certificate /usr/local/www/certificates/lists.thecamp.dk.crt; ssl_certificate_key /usr/local/www/certificates/lists.thecamp.dk.key; add_header Strict-Transport-Security max-age=31536000; location = / { rewrite ^ /mailman/listinfo permanent; } location / { rewrite ^ /mailman$uri?$args; } location = /mailman/ { rewrite ^ /mailman/listinfo permanent; } location /mailman/ { #include proxy_params; proxy_pass http://lists.thecamp.dk:8080/; proxy_set_header Host $host; proxy_set_header X-Real-IP $remote_addr; } location /cgi-bin { rewrite ^/cgi-bin(.*)$ $1 permanent; } location /images/mailman { alias /usr/local/mailman/icons; } location /icons { alias /usr/local/mailman/icons; } location /pipermail { alias /usr/local/mailman/archives/public; autoindex on; } } }
thttpd
I create the following config for the thttpd webserver, /usr/local/etc/thttpd.conf
:
host=78.47.102.140 port=8080 dir=/usr/local/mailman/cgi-bin nochroot user=www cgipat=/** logfile=/var/log/thttpd.log