aboutsummaryrefslogtreecommitdiffstats
path: root/doc/mailman-install.tex
diff options
context:
space:
mode:
Diffstat (limited to 'doc/mailman-install.tex')
-rw-r--r--doc/mailman-install.tex346
1 files changed, 346 insertions, 0 deletions
diff --git a/doc/mailman-install.tex b/doc/mailman-install.tex
index 0c6aa2ad..9b188462 100644
--- a/doc/mailman-install.tex
+++ b/doc/mailman-install.tex
@@ -609,6 +609,352 @@ instead of \code{mylist@dom.ain}.
\subsection{Using the Exim mail server}
+\begin{notice}[note]
+This section is derived from Nigel Metheringham's ``HOWTO - Using Exim and
+Mailman together'', which covers Mailman 2.0.x and Exim 3. It has been
+updated to cover Mailman 2.1 and Exim 4. The original document is here:
+\url{http://www.exim.org/howto/mailman.html}.
+\end{notice}
+
+There is no Mailman configuration needed other than the standard options
+detailed in the Mailman install documentation. The Exim configuration is
+transparent to Mailman. The user and group settings for Mailman must match
+those in the config fragments given below.
+
+\subsubsection{Exim configuration}
+
+The Exim configuration is built so that a list created within Mailman
+automatically appears to Exim without the need for defining any additional
+aliases.
+
+The drawback of this configuration is that it will work poorly on systems
+supporting lists in several different mail domains. While Mailman handles
+virtual domains, it does not yet support having two distinct lists with the
+same name in different virtual domains, using the same Mailman installation.
+This will eventually change. (But see below for a variation on this scheme
+that should accommodate virtual domains better.)
+
+The configuration file excerpts below are for use in an already functional
+Exim configuration, which accepts mail for the domain in which the list
+resides. If this domain is separate from the others handled by your Exim
+configuration, then you'll need to:
+
+\begin{itemize}
+\item add the list domain, ``my.list.domain'' to \var{local_domains}
+
+\item add a ``domains=my.list.domain'' option to the director (router) for the
+ list
+
+\item (optional) exclude that domain from your other directors (routers)
+\end{itemize}
+
+\begin{notice}[note]
+The instructions in this document should work with either Exim 3 or Exim 4.
+In Exim 3, you must have a \var{local_domains} configuration setting; in Exim
+4, you most likely have a \var{local_domains} domainlist. If you don't, you
+probably know what you're doing and can adjust accordingly. Similarly, in
+Exim 4 the concept of ``directors'' has disappeared -- there are only routers
+now. So if you're using Exim 4, whenever this document says ``director'',
+read ``router''.
+\end{notice}
+
+Whether you are using Exim 3 or Exim 4, you will need to add some macros to
+the main section of your Exim config file. You will also need to define one
+new transport. With Exim 3, you'll need to add a new director; with Exim 4, a
+new router plays the same role.
+
+Finally, the configuration supplied here should allow co-habiting Mailman 2.0
+and 2.1 installations, with the proviso that you'll probably want to use
+\code{mm21} in place of \code{mailman} -- e.g., \var{MM21_HOME},
+\var{mm21_transport}, etc.
+
+\subsubsection{Main configuration settings}
+
+First, you need to add some macros to the top of your Exim config file. These
+just make the director (router) and transport below a bit cleaner. Obviously,
+you'll need to edit these based on how you configured and installed Mailman.
+
+\begin{verbatim}
+ # Home dir for your Mailman installation -- aka Mailman's prefix
+ # directory.
+ MAILMAN_HOME=/usr/local/mailman
+ MAILMAN_WRAP=MAILMAN_HOME/mail/mailman
+
+ # User and group for Mailman, should match your --with-mail-gid
+ # switch to Mailman's configure script.
+ MAILMAN_USER=mailman
+ MAILMAN_GROUP=mailman
+\end{verbatim}
+
+\subsubsection{Transport for Exim 3\label{exim3-transport}}
+
+Add this to the transports section of your Exim config file,
+i.e. somewhere between the first and second ``end'' line:
+
+\begin{verbatim}
+ mailman_transport:
+ driver = pipe
+ command = MAILMAN_WRAP \
+ '${if def:local_part_suffix \
+ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
+ {post}}' \
+ $local_part
+ current_directory = MAILMAN_HOME
+ home_directory = MAILMAN_HOME
+ user = MAILMAN_USER
+ group = MAILMAN_GROUP
+\end{verbatim}
+
+\subsubsection{Director for Exim 3}
+
+If you're using Exim 3, you'll need to add the following director to your
+config file (directors go between the second and third ``end'' lines). Also,
+don't forget that order matters -- e.g. you can make Mailman lists take
+precedence over system aliases by putting this director in front of your
+aliasfile director, or vice-versa.
+
+\begin{verbatim}
+ # Handle all addresses related to a list 'foo': the posting address.
+ # Automatically detects list existence by looking
+ # for lists/$local_part/config.pck under MAILMAN_HOME.
+ mailman_director:
+ driver = smartuser
+ require_files = MAILMAN_HOME/lists/$local_part/config.pck
+ suffix_optional
+ suffix = -bounces : -bounces+* : \
+ -confirm+* : -join : -leave : \
+ -owner : -request : -admin
+ transport = mailman_transport
+\end{verbatim}
+
+\subsubsection{Router for Exim 4}
+
+In Exim 4, there's no such thing as directors -- you need to add a new router
+instead. Also, the canonical order of the configuration file was changed so
+routers come before transports, so the router for Exim 4 comes first here.
+Put this router somewhere after the ``begin routers'' line of your config
+file, and remember that order matters.
+
+\begin{verbatim}
+ mailman_router:
+ driver = accept
+ require_files = MAILMAN_HOME/lists/$local_part/config.pck
+ local_part_suffix_optional
+ local_part_suffix = -bounces : -bounces+* : \
+ -confirm+* : -join : -leave : \
+ -owner : -request : -admin
+ transport = mailman_transport
+\end{verbatim}
+% $ - emacs turds
+
+\subsubsection{Transports for Exim 4}
+
+The transport for Exim 4 is the same as for Exim 3 (see \ref{exim3-transport};
+just copy the transport given above to somewhere under the ``begin
+transports'' line of your Exim config file.
+
+\subsubsection{Additional notes}
+
+Exim should be configured to allow reasonable volume -- e.g. don't set
+\var{max_recipients} down to a silly value -- and with normal degrees of
+security -- specifically, be sure to allow relaying from 127.0.0.1, but pretty
+much nothing else. Parallel deliveries and other tweaks can also be used if
+you like; experiment with your setup to see what works. Delay warning
+messages should be switched off or configured to only happen for non-list
+mail, unless you like receiving tons of mail when some random host is down.
+
+\subsubsection{Problems}
+
+\begin{itemize}
+
+\item Mailman will send as many \code{MAIL FROM}/\code{RCPT TO} as it needs.
+ It may result in more than 10 or 100 messages sent in one connection,
+ which will exceed the default value of Exim's
+ \var{smtp_accept_queue_per_connection} value. This is bad because it
+ will cause Exim to switch into queue mode and severely delay delivery of
+ your list messages. The way to fix this is to set Mailman's
+ \var{SMTP_MAX_SESSIONS_PER_CONNECTION} (in
+ \file{\var{\$prefix}/Mailman/mm_cfg.py}) to a smaller value than Exim's
+ \var{smtp_accept_queue_per_connection}.
+
+\item Mailman should ignore Exim delay warning messages, even though Exim
+ should never send this to list messages. Mailman 2.1's general bounce
+ detection and VERP support should greatly improve the bounce detector's
+ hit rates.
+
+\item List existence is determined by the existence of a \file{config.pck}
+ file for a list. If you delete lists by foul means, be aware of this.
+
+\item If you are getting Exim or Mailman complaining about user ids when you
+ send mail to a list, check that the \var{MAILMAN_USER} and
+ \var{MAILMAN_GROUP} match those of Mailman itself (i.e. what were used
+ in the \program{configure} script). Also make sure you do not have
+ aliases in the main alias file for the list.
+\end{itemize}
+
+\subsubsection{Receiver Verification}
+
+Exim's receiver verification feature is very useful -- it lets Exim reject
+unrouteable addresses at SMTP time. However, this is most useful for
+externally-originating mail that is addressed to mail in one of your local
+domains. For Mailman list traffic, mail originates on your server, and is
+addressed to random external domains that are not under your control.
+Furthermore, each message is addressed to many recipients
+-- up to 500 if you use Mailman's default configuration and don't tweak
+\var{SMTP_MAX_RCPTS}.
+
+Doing receiver verification on Mailman list traffic is a recipe for trouble.
+In particular, Exim will attempt to route every recipient addresses in
+outgoing Mailman list posts. Even though this requires nothing more than a
+few DNS lookups for each address, it can still introduce significant delays.
+Therefore, you should disable recipient verification for Mailman traffic.
+
+Under Exim 3, put this in your main configuration section:
+
+\begin{verbatim}
+ receiver_verify_hosts = !127.0.0.1
+\end{verbatim}
+
+Under Exim 4, this is probably already taken care of for you by the default
+recipient verification ACL statement (in the \code{RCPT TO} ACL):
+
+\begin{verbatim}
+ accept domains = +local_domains
+ endpass
+ message = unknown user
+ verify = recipient
+\end{verbatim}
+
+which only does recipient verification on addresses in your domain. (That's
+not exactly the same as doing recipient verification only on messages coming
+from non-127.0.0.1 hosts, but it should do the trick for Mailman.)
+
+\subsubsection{SMTP Callback}
+-------------
+
+Exim's SMTP callback feature is an even more powerful way to detect bogus
+sender addresses than normal sender verification. Unfortunately, lots of
+servers send bounce messages with a bogus address in the header, and there are
+plenty that send bounces with bogus envelope senders (even though they're
+supposed to just use an empty envelope sender for bounces).
+
+In order to ensure that Mailman can disable/remove bouncing addresses, you
+generally want to receive bounces for Mailman lists, even if those bounces are
+themselves not bounceable. Thus, you might want to disable SMTP callback on
+bounce messages.
+
+With Exim 4, you can accomplish this using something like the following in
+your \code{RCPT TO} ACL:
+
+\begin{verbatim}
+ # Accept bounces to lists even if callbacks or other checks would fail
+ warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes
+ condition = \
+ ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {exists {MAILMAN_HOME/lists/$1/config.pck}}} \
+ {yes}{no}}
+ {yes}{no}}
+
+ accept condition = \
+ ${if and {{match{$local_part}{(.*)-bounces\+.*}} \
+ {exists {MAILMAN_HOME/lists/$1/config.pck}}} \
+ {yes}{no}}
+ {yes}{no}}
+
+ # Now, check sender address with SMTP callback.
+ deny !verify = sender/callout=90s
+\end{verbatim}
+
+If you also do SMTP callbacks on header addresses, you'll want something like
+this in your \code{DATA} ACL:
+
+\begin{verbatim}
+ deny !condition = $header_X-WhitelistedRCPT-nohdrfromcallback:
+ !verify = header_sender/callout=90s
+\end{verbatim}
+% $ - emacs turd
+
+\subsubsection{Doing VERP with Exim and Mailman}
+
+VERP will send one email, with a separate envelope sender (return path), for
+each of your subscribers -- read the information in
+\file{\var{\$prefix}/Mailman/Default.py} for the options that start with VERP.
+In a nutshell, all you need to do to enable VERP with Exim is to add these lines to \file{\var{\$prefix}/Mailman/mm_cfg.py}:
+
+\begin{verbatim}
+ VERP_PASSWORD_REMINDERS = Yes
+ VERP_PERSONALIZED_DELIVERIES = Yes
+ VERP_DELIVERY_INTERVAL = Yes
+ VERP_CONFIRMATIONS = Yes
+\end{verbatim}
+
+(The director (router) above is smart enough to deal with VERP bounces.)
+
+\subsubsection{Virtual Domains}
+
+One approach to handling virtual domains is to use a separate Mailman
+installation for each virtual domain. Currently, this is the only way to have
+lists with the same name in different virtual domains handled by the same
+machine.
+
+In this case, the \var{MAILMAN_HOME} and \var{MAILMAN_WRAP} macros are useless
+-- you can remove them. Change your director (router) to something like this:
+
+\begin{verbatim}
+ require_files = /virtual/${domain}/mailman/lists/${lc:$local_part}/config.pck
+\end{verbatim}
+% $ - emacs turd
+
+and change your transport like this:
+
+\begin{verbatim}
+ command = /virtual/${domain}/mailman/mail/mailman \
+ ${if def:local_part_suffix \
+ {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}}
+ {post}} \
+ $local_part
+ current_directory = /virtual/${domain}/mailman
+ home_directory = /virtual/${domain}/mailman
+\end{verbatim}
+% $ - emacs turd
+
+\subsubsection{List Verification}
+
+This is how a set of address tests for the Exim lists look on a working
+system. The list in question is \email{quixote-users@mems-exchange.org}, and
+these commands were run on the \code{mems-exchange.org} mail server ("% "
+indicates the Unix shell prompt):
+
+\begin{verbatim}
+ % exim -bt quixote-users
+ quixote-users@mems-exchange.org
+ router = mailman_main_router, transport = mailman_transport
+
+ % exim -bt quixote-users-request
+ quixote-users-request@mems-exchange.org
+ router = mailman_router, transport = mailman_transport
+
+ % exim -bt quixote-users-bounces
+ quixote-users-bounces@mems-exchange.org
+ router = mailman_router, transport = mailman_transport
+
+ % exim -bt quixote-users-bounces+luser=example.com
+ quixote-users-bounces+luser=example.com@mems-exchange.org
+ router = mailman_router, transport = mailman_transport
+\end{verbatim}
+
+If your \program{exim -bt} output looks something like this, that's a start:
+at least it means Exim will pass the right messages to the right Mailman
+commands. It by no means guarantees that your Exim/Mailman installation is
+functioning perfectly, though!
+
+\subsubsection{Document History}
+
+Originally written by Nigel Metheringham \email{postmaster@exim.org}. Updated
+by Marc Merlin \email{marc_soft@merlins.org} for Mailman 2.1, Exim 4.
+Overhauled/reformatted/clarified/simplified by Greg Ward
+\email{gward@python.net}.
+
\subsection{Using the Sendmail mail server}
\begin{notice}[warning]