From:
[email protected]
Date: 2018-05-15
Subject: Installing Postfix and Mailman on Debian Jessie
I recently set up Mailman, a mailing list manager, on a small VPS
running Debian GNU/Linux. I also set up Postfix as my MTA. It
took me a week of evenings and I had a hard time getting it done.
I collected my notes along the way so that they may benefit someone
else.
I've organized my notes as a commentary on the official installa-
tion documentation. The official documentation is comprehensive,
but it makes a number of assumptions that don't apply to this par-
ticular installation scenario. I hope my commentary can act as a
helping hand for those in a similar situation (i.e. installing
Mailman 1.2.1 and Postfix 2.11.3 using apt on Debian 8 (Jessie)).
As you read the Postfix Basic Configuration [1] and the GNU Mailman
Installation Manual [3] you can refer to my notes on each section,
below. This is not a complete guide and won't make much sense
without the installation manual.
Note that I already had Python 2.7.9, Apache 2.4.10, and msmtp
1.4.32 installed and configured. I have also registered my domain,
example.com, and set up a DNS A record that points example.com to
my VPS. I want to host my lists at lists.example.com which will
require me to use a virtual domain. I'm using example.com as a
placeholder. You will need to use your chosen domain during your
installation.
Basic Installation
To install Mailman and Postfix using apt, I typed
sudo apt install mailman postfix
at the command line. The Postfix installer asked me to provide a
FQDN. I gave it example.com. Mailman asked me to select a lan-
guage. I selected English.
Postfix Configuration
I followed the Postfix Basic Configuration [1] guide. I reviewed
all the defaults and almost all of them looked correct for my situ-
ation. In /etc/postfix/main.cf, I added
mydomain = example.com
Looking at the chroot discussion, the readme suggests that "Postfix
daemons that deliver mail locally" can't be run chrooted. I will
certainly be delivering mail locally.
I also created an MX record for example.com and opened port 25 to
TCP connections. At this point, you should be able to restart
Postfix
sudo /etc/init.d/postfix restart
and send a test email to a local user (e.g.
[email protected]).
If your test fails, refer to the Troubleshooting section at the end
of this document.
Mailman Configuration
# 1 Installation Requirements
We are not going to be installing from source, but do verify that
you have a recent patch of python 2.7 installed. As I write this,
the Mailman wiki recommends Python 2.7.14. I had Python 2.7.9 in-
stalled.
This section also says, "you will need an ANSI C compiler to build
Mailman's security wrappers." I assume this only applies if you
are installing from source. I didn't compile anything directly
during this process.
# 2 Set up your system
The manual suggests creating a user and group called mailman. I
installed Mailman using apt. This install process created the list
user and group, so I didn't need to create any users or groups, and
I didn't have to create an installation directory or manipulate
permissions at this point.
# 3 Build Mailman
I didn't install from source, so there's no need to do any of this.
# 4 Check your installation
I ran check_perms with the -f switch, but I still had to change
some files manually so that they were owned by root:list. For my
installation, the value of $prefix was /usr/lib/mailman.
# 5 Set up your web server
The Debian distribution of Mailman comes with a sample apache.conf
file that is actually fairly complete for this purpose. I started
by appending those settings to my apache2.conf file.
cat /etc/mailman/apache.conf >> /etc/apache2/apache2.conf
This covered the majority of the individual steps in this section.
I had to change occurrences of
Order allow,deny
Allow from all
to
Require all granted
It's not addressed in the installation manual, but I had to enable
the Apache CGI module.
sudo a2enmod cgid
Before I did this, apache was serving up binary files instead of
running scripts.
I continued to have problems until I restarted my browser.
In /etc/mailman/mm_cfg.py I added
DEFAULT_EMAIL_HOST = 'lists.example.com'
DEFAULT_URL_HOST = 'lists.example.com'
DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
and commented out the existing settings for those values.
I restarted apache with
sudo apachectl restart
but you could also use
sudo /etc/init.d/apache restart
Apache says, "AH00112: Warning: DocumentRoot [/var/www/lists] does
not exist" which makes sense since there's no such folder.
I can now access my Mailman web interface at
http://exam-
ple.com/cgi-bin/mailman/admin.
I found that the create list function was publicly available. I
didn't want that, so I had to disable it. I didn't find a cleaner
way to do this, I just changed the permissions on the create
script.
sudo chmod o-x /usr/lib/cgi-bin/mailman/create
# 6 Set up your mail server
I'm using Postfix because I heard it was the easiest to set up.
## 6.1 Using the Postfix mail server
The only thing I did in this section was add
unknown_local_recipient_reject_code = 550
to /etc/postfix/main.cf.
### 6.1.1 Integrating Postfix and Mailman
I have a number of notes on this section.
Debian includes a script, postfix-to-mailman.py, that claims to
make alias management easier. I did not have success with it. A
number of sources I found indicated that using postfix-to-mail-
man.py is neither supported nor recommended. My advice is to ig-
nore it and stick to the official install manual. The script is
only distributed with Debian distributions of Linux.
I don't understand why 6.1.1 and 6.1.2 are not reversed. If you
are using virtual domains (e.g. lists.example.com), then you will
need to configure them in Mailman before you can generate aliases.
If you are using virtual domains, you'll need to skip ahead to sec-
tion 6.1.2 and then come back here.
There is a typo in section 6.1.1 in the note that recommends read-
ing the next section first. The copy says, "read the 6.1 section
below first," but the link points to section 6.1.2.
After setting MTA = 'Postfix' in /usr/lib/mailman/Mail-
man/mm_cfg.py, and before running genaliases, you need to create a
list in your virtual domain. Something like:
newlist -e lists.example.com testlist
Now, when you run genaliases,
sudo /usr/lib/mailman/bin/genaliases
it should create
/var/lib/mailman/data/aliases
/var/lib/mailman/data/aliases.db
/var/lib/mailman/data/virtual-mailman
/var/lib/mailman/data/virtual-mailman.db
Note that, though the install location for Mailman is
/usr/lib/mailman, the map files created by genaliases live in
/var/lib/mailman/data.
I changed the ownership and permissions on these files.
sudo chown list:list /var/lib/mailman/data/{aliases,aliases.db,virtual-mailman,virtual-mailman.db}
sudo chmod g+w /var/lib/mailman/data/{aliases,aliases.db,virtual-mailman,virtual-mailman.db}
Restart Postfix
sudo /etc/init.d/postfix restart
Restart Mailman
sudo /etc/init.d/mailman restart
### 6.1.2 Virtual domains
If you are using virtual domains, (e.g. lists.example.com), then
DNS will need to be working for these domains. My domain configu-
ration at the registrar refers to my VPS provider's name servers.
In my VPS's DNS configuration, I added DNS records for my virtual
domain.
added A record for lists.example.com
added mx record for lists.example.com
In /usr/lib/mailman/Mailman/mm_cfg.py add
MTA='Postfix'
POSTFIX_STYLE_VIRTUAL_DOMAINS=['lists.example.com']
Setting up virtual alias domains in Postfix involved:
Update alias maps in /etc/postfix/main.cf
alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases
alias_database = hash:/etc/aliases
virtual_alias_domains = lists.example.com
virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman
I copied /etc/aliases to /var/lib/mailman/data/aliases, but I'm not
sure it was necessary.
Now, return to 6.1.1 to create your list and generate aliases.
# 7 Review your site defaults
I skipped this part, assuming that the defaults would be fine.
# 8 Create a site-wide mailing list
In /usr/lib/mailman
sudo bin/newlist mailman
Troubleshooting
At this point, you should have a working Mailman server. If you are
not getting mail, but think you should, here's where to start.
* You should be able to open a telnet connection to lists.exam-
ple.com on port 25. If you can't, check your DNS and firewall set-
tings.
* Check your spam folder!
* You can inspect mail that is queued for delivery by using
`mailq` or `/usr/sbin/postqueue -p`. They appear to do the same
thing.
* You can inspect mail system activity at /var/log/mail.log. If
you can spare a window, you might run `tail -f /var/log/mail.log`
to keep an eye on things.
Wait. Why?
It has been pointed out to me that maintaining a mailing list can
be a lot of work. There are security issues to think about, spam
to fight, upgrades to apply, and let's just ignore the human ele-
ment for now. I agree that to do this right can be a lot of work.
From a practical perspective, I'm taking this one step at a time.
At a higher level, this is an expression of my dissatisfaction with
a toxic social media environment. I want to see a return to a
state where these communication mediums are built and maintained
for the benefit of all.
References
Here's a pile of resources that I found during this adventure.
1.
http://www.postfix.org/BASIC_CONFIGURATION_README.html
2.
https://www.linux.com/learn/install-and-configure-postfix-mail-server
3.
http://list.org/mailman-install/
4.
https://askubuntu.com/questions/422689/mailman-web-interface-not-working
5.
https://mail.python.org/pipermail/mailman-users/2007-April/056639.html
6.
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718284
7.
https://serverfault.com/questions/735559/early-mail-rejection-with-mailman-in-postfix
8.
https://serverfault.com/questions/534649/postfix-and-mailman
9.
https://stackoverflow.com/questions/27431010/postfix-mailman-recipient-address-rejected-user-unknown-in-local-recipient-tab
10.
https://wiki.list.org/DOC/How%20do%20I%20configure%20postfix_to_mailman.py%3F
11.
http://www.postfix.org/qmgr.8.html
12.
http://www.postfix.org/trivial-rewrite.8.html
13.
http://www.postfix.org/transport.5.html
14.
http://www.postfix.org/virtual.5.html
15.
http://www.postfix.org/VIRTUAL_README.html
16.
https://www.suse.com/support/kb/doc/?id=3279773
17.
https://mail.python.org/pipermail/mailman-users/2007-April/056640.html
18.
https://mail.python.org/pipermail/mailman-users/2012-October/074154.html
19.
https://www.gnu.org/software/mailman/mailman-admin.pdf
20.
https://wiki.list.org/DOC/Making%20Sure%20Your%20Lists%20Are%20Private