From: dbucklin@sdf.org Date: 2018-05-15 Subject: Installing Postfix and Mailman on Debian Jessie I recently set up Mailman, a mailing list manager, on a small VPS running Debian GNU/Linux. I also set up Postfix as my MTA. It took me a week of evenings and I had a hard time getting it done. I collected my notes along the way so that they may benefit someone else. I've organized my notes as a commentary on the official installa- tion documentation. The official documentation is comprehensive, but it makes a number of assumptions that don't apply to this par- ticular installation scenario. I hope my commentary can act as a helping hand for those in a similar situation (i.e. installing Mailman 1.2.1 and Postfix 2.11.3 using apt on Debian 8 (Jessie)). As you read the Postfix Basic Configuration [1] and the GNU Mailman Installation Manual [3] you can refer to my notes on each section, below. This is not a complete guide and won't make much sense without the installation manual. Note that I already had Python 2.7.9, Apache 2.4.10, and msmtp 1.4.32 installed and configured. I have also registered my domain, example.com, and set up a DNS A record that points example.com to my VPS. I want to host my lists at lists.example.com which will require me to use a virtual domain. I'm using example.com as a placeholder. You will need to use your chosen domain during your installation. Basic Installation To install Mailman and Postfix using apt, I typed sudo apt install mailman postfix at the command line. The Postfix installer asked me to provide a FQDN. I gave it example.com. Mailman asked me to select a lan- guage. I selected English. Postfix Configuration I followed the Postfix Basic Configuration [1] guide. I reviewed all the defaults and almost all of them looked correct for my situ- ation. In /etc/postfix/main.cf, I added mydomain = example.com Looking at the chroot discussion, the readme suggests that "Postfix daemons that deliver mail locally" can't be run chrooted. I will certainly be delivering mail locally. I also created an MX record for example.com and opened port 25 to TCP connections. At this point, you should be able to restart Postfix sudo /etc/init.d/postfix restart and send a test email to a local user (e.g. dbucklin@example.com). If your test fails, refer to the Troubleshooting section at the end of this document. Mailman Configuration # 1 Installation Requirements We are not going to be installing from source, but do verify that you have a recent patch of python 2.7 installed. As I write this, the Mailman wiki recommends Python 2.7.14. I had Python 2.7.9 in- stalled. This section also says, "you will need an ANSI C compiler to build Mailman's security wrappers." I assume this only applies if you are installing from source. I didn't compile anything directly during this process. # 2 Set up your system The manual suggests creating a user and group called mailman. I installed Mailman using apt. This install process created the list user and group, so I didn't need to create any users or groups, and I didn't have to create an installation directory or manipulate permissions at this point. # 3 Build Mailman I didn't install from source, so there's no need to do any of this. # 4 Check your installation I ran check_perms with the -f switch, but I still had to change some files manually so that they were owned by root:list. For my installation, the value of $prefix was /usr/lib/mailman. # 5 Set up your web server The Debian distribution of Mailman comes with a sample apache.conf file that is actually fairly complete for this purpose. I started by appending those settings to my apache2.conf file. cat /etc/mailman/apache.conf >> /etc/apache2/apache2.conf This covered the majority of the individual steps in this section. I had to change occurrences of Order allow,deny Allow from all to Require all granted It's not addressed in the installation manual, but I had to enable the Apache CGI module. sudo a2enmod cgid Before I did this, apache was serving up binary files instead of running scripts. I continued to have problems until I restarted my browser. In /etc/mailman/mm_cfg.py I added DEFAULT_EMAIL_HOST = 'lists.example.com' DEFAULT_URL_HOST = 'lists.example.com' DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/' and commented out the existing settings for those values. I restarted apache with sudo apachectl restart but you could also use sudo /etc/init.d/apache restart Apache says, "AH00112: Warning: DocumentRoot [/var/www/lists] does not exist" which makes sense since there's no such folder. I can now access my Mailman web interface at http://exam- ple.com/cgi-bin/mailman/admin. I found that the create list function was publicly available. I didn't want that, so I had to disable it. I didn't find a cleaner way to do this, I just changed the permissions on the create script. sudo chmod o-x /usr/lib/cgi-bin/mailman/create # 6 Set up your mail server I'm using Postfix because I heard it was the easiest to set up. ## 6.1 Using the Postfix mail server The only thing I did in this section was add unknown_local_recipient_reject_code = 550 to /etc/postfix/main.cf. ### 6.1.1 Integrating Postfix and Mailman I have a number of notes on this section. Debian includes a script, postfix-to-mailman.py, that claims to make alias management easier. I did not have success with it. A number of sources I found indicated that using postfix-to-mail- man.py is neither supported nor recommended. My advice is to ig- nore it and stick to the official install manual. The script is only distributed with Debian distributions of Linux. I don't understand why 6.1.1 and 6.1.2 are not reversed. If you are using virtual domains (e.g. lists.example.com), then you will need to configure them in Mailman before you can generate aliases. If you are using virtual domains, you'll need to skip ahead to sec- tion 6.1.2 and then come back here. There is a typo in section 6.1.1 in the note that recommends read- ing the next section first. The copy says, "read the 6.1 section below first," but the link points to section 6.1.2. After setting MTA = 'Postfix' in /usr/lib/mailman/Mail- man/mm_cfg.py, and before running genaliases, you need to create a list in your virtual domain. Something like: newlist -e lists.example.com testlist Now, when you run genaliases, sudo /usr/lib/mailman/bin/genaliases it should create /var/lib/mailman/data/aliases /var/lib/mailman/data/aliases.db /var/lib/mailman/data/virtual-mailman /var/lib/mailman/data/virtual-mailman.db Note that, though the install location for Mailman is /usr/lib/mailman, the map files created by genaliases live in /var/lib/mailman/data. I changed the ownership and permissions on these files. sudo chown list:list /var/lib/mailman/data/{aliases,aliases.db,virtual-mailman,virtual-mailman.db} sudo chmod g+w /var/lib/mailman/data/{aliases,aliases.db,virtual-mailman,virtual-mailman.db} Restart Postfix sudo /etc/init.d/postfix restart Restart Mailman sudo /etc/init.d/mailman restart ### 6.1.2 Virtual domains If you are using virtual domains, (e.g. lists.example.com), then DNS will need to be working for these domains. My domain configu- ration at the registrar refers to my VPS provider's name servers. In my VPS's DNS configuration, I added DNS records for my virtual domain. added A record for lists.example.com added mx record for lists.example.com In /usr/lib/mailman/Mailman/mm_cfg.py add MTA='Postfix' POSTFIX_STYLE_VIRTUAL_DOMAINS=['lists.example.com'] Setting up virtual alias domains in Postfix involved: Update alias maps in /etc/postfix/main.cf alias_maps = hash:/etc/aliases,hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases virtual_alias_domains = lists.example.com virtual_alias_maps = hash:/var/lib/mailman/data/virtual-mailman I copied /etc/aliases to /var/lib/mailman/data/aliases, but I'm not sure it was necessary. Now, return to 6.1.1 to create your list and generate aliases. # 7 Review your site defaults I skipped this part, assuming that the defaults would be fine. # 8 Create a site-wide mailing list In /usr/lib/mailman sudo bin/newlist mailman Troubleshooting At this point, you should have a working Mailman server. If you are not getting mail, but think you should, here's where to start. * You should be able to open a telnet connection to lists.exam- ple.com on port 25. If you can't, check your DNS and firewall set- tings. * Check your spam folder! * You can inspect mail that is queued for delivery by using `mailq` or `/usr/sbin/postqueue -p`. They appear to do the same thing. * You can inspect mail system activity at /var/log/mail.log. If you can spare a window, you might run `tail -f /var/log/mail.log` to keep an eye on things. Wait. Why? It has been pointed out to me that maintaining a mailing list can be a lot of work. There are security issues to think about, spam to fight, upgrades to apply, and let's just ignore the human ele- ment for now. I agree that to do this right can be a lot of work. From a practical perspective, I'm taking this one step at a time. At a higher level, this is an expression of my dissatisfaction with a toxic social media environment. I want to see a return to a state where these communication mediums are built and maintained for the benefit of all. References Here's a pile of resources that I found during this adventure. 1. http://www.postfix.org/BASIC_CONFIGURATION_README.html 2. https://www.linux.com/learn/install-and-configure-postfix-mail-server 3. http://list.org/mailman-install/ 4. https://askubuntu.com/questions/422689/mailman-web-interface-not-working 5. https://mail.python.org/pipermail/mailman-users/2007-April/056639.html 6. https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=718284 7. https://serverfault.com/questions/735559/early-mail-rejection-with-mailman-in-postfix 8. https://serverfault.com/questions/534649/postfix-and-mailman 9. https://stackoverflow.com/questions/27431010/postfix-mailman-recipient-address-rejected-user-unknown-in-local-recipient-tab 10. https://wiki.list.org/DOC/How%20do%20I%20configure%20postfix_to_mailman.py%3F 11. http://www.postfix.org/qmgr.8.html 12. http://www.postfix.org/trivial-rewrite.8.html 13. http://www.postfix.org/transport.5.html 14. http://www.postfix.org/virtual.5.html 15. http://www.postfix.org/VIRTUAL_README.html 16. https://www.suse.com/support/kb/doc/?id=3279773 17. https://mail.python.org/pipermail/mailman-users/2007-April/056640.html 18. https://mail.python.org/pipermail/mailman-users/2012-October/074154.html 19. https://www.gnu.org/software/mailman/mailman-admin.pdf 20. https://wiki.list.org/DOC/Making%20Sure%20Your%20Lists%20Are%20Private