diff options
Diffstat (limited to 'doc')
-rw-r--r-- | doc/mailman-install.tex | 346 |
1 files changed, 346 insertions, 0 deletions
diff --git a/doc/mailman-install.tex b/doc/mailman-install.tex index 0c6aa2ad..9b188462 100644 --- a/doc/mailman-install.tex +++ b/doc/mailman-install.tex @@ -609,6 +609,352 @@ instead of \code{mylist@dom.ain}. \subsection{Using the Exim mail server} +\begin{notice}[note] +This section is derived from Nigel Metheringham's ``HOWTO - Using Exim and +Mailman together'', which covers Mailman 2.0.x and Exim 3. It has been +updated to cover Mailman 2.1 and Exim 4. The original document is here: +\url{http://www.exim.org/howto/mailman.html}. +\end{notice} + +There is no Mailman configuration needed other than the standard options +detailed in the Mailman install documentation. The Exim configuration is +transparent to Mailman. The user and group settings for Mailman must match +those in the config fragments given below. + +\subsubsection{Exim configuration} + +The Exim configuration is built so that a list created within Mailman +automatically appears to Exim without the need for defining any additional +aliases. + +The drawback of this configuration is that it will work poorly on systems +supporting lists in several different mail domains. While Mailman handles +virtual domains, it does not yet support having two distinct lists with the +same name in different virtual domains, using the same Mailman installation. +This will eventually change. (But see below for a variation on this scheme +that should accommodate virtual domains better.) + +The configuration file excerpts below are for use in an already functional +Exim configuration, which accepts mail for the domain in which the list +resides. If this domain is separate from the others handled by your Exim +configuration, then you'll need to: + +\begin{itemize} +\item add the list domain, ``my.list.domain'' to \var{local_domains} + +\item add a ``domains=my.list.domain'' option to the director (router) for the + list + +\item (optional) exclude that domain from your other directors (routers) +\end{itemize} + +\begin{notice}[note] +The instructions in this document should work with either Exim 3 or Exim 4. +In Exim 3, you must have a \var{local_domains} configuration setting; in Exim +4, you most likely have a \var{local_domains} domainlist. If you don't, you +probably know what you're doing and can adjust accordingly. Similarly, in +Exim 4 the concept of ``directors'' has disappeared -- there are only routers +now. So if you're using Exim 4, whenever this document says ``director'', +read ``router''. +\end{notice} + +Whether you are using Exim 3 or Exim 4, you will need to add some macros to +the main section of your Exim config file. You will also need to define one +new transport. With Exim 3, you'll need to add a new director; with Exim 4, a +new router plays the same role. + +Finally, the configuration supplied here should allow co-habiting Mailman 2.0 +and 2.1 installations, with the proviso that you'll probably want to use +\code{mm21} in place of \code{mailman} -- e.g., \var{MM21_HOME}, +\var{mm21_transport}, etc. + +\subsubsection{Main configuration settings} + +First, you need to add some macros to the top of your Exim config file. These +just make the director (router) and transport below a bit cleaner. Obviously, +you'll need to edit these based on how you configured and installed Mailman. + +\begin{verbatim} + # Home dir for your Mailman installation -- aka Mailman's prefix + # directory. + MAILMAN_HOME=/usr/local/mailman + MAILMAN_WRAP=MAILMAN_HOME/mail/mailman + + # User and group for Mailman, should match your --with-mail-gid + # switch to Mailman's configure script. + MAILMAN_USER=mailman + MAILMAN_GROUP=mailman +\end{verbatim} + +\subsubsection{Transport for Exim 3\label{exim3-transport}} + +Add this to the transports section of your Exim config file, +i.e. somewhere between the first and second ``end'' line: + +\begin{verbatim} + mailman_transport: + driver = pipe + command = MAILMAN_WRAP \ + '${if def:local_part_suffix \ + {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \ + {post}}' \ + $local_part + current_directory = MAILMAN_HOME + home_directory = MAILMAN_HOME + user = MAILMAN_USER + group = MAILMAN_GROUP +\end{verbatim} + +\subsubsection{Director for Exim 3} + +If you're using Exim 3, you'll need to add the following director to your +config file (directors go between the second and third ``end'' lines). Also, +don't forget that order matters -- e.g. you can make Mailman lists take +precedence over system aliases by putting this director in front of your +aliasfile director, or vice-versa. + +\begin{verbatim} + # Handle all addresses related to a list 'foo': the posting address. + # Automatically detects list existence by looking + # for lists/$local_part/config.pck under MAILMAN_HOME. + mailman_director: + driver = smartuser + require_files = MAILMAN_HOME/lists/$local_part/config.pck + suffix_optional + suffix = -bounces : -bounces+* : \ + -confirm+* : -join : -leave : \ + -owner : -request : -admin + transport = mailman_transport +\end{verbatim} + +\subsubsection{Router for Exim 4} + +In Exim 4, there's no such thing as directors -- you need to add a new router +instead. Also, the canonical order of the configuration file was changed so +routers come before transports, so the router for Exim 4 comes first here. +Put this router somewhere after the ``begin routers'' line of your config +file, and remember that order matters. + +\begin{verbatim} + mailman_router: + driver = accept + require_files = MAILMAN_HOME/lists/$local_part/config.pck + local_part_suffix_optional + local_part_suffix = -bounces : -bounces+* : \ + -confirm+* : -join : -leave : \ + -owner : -request : -admin + transport = mailman_transport +\end{verbatim} +% $ - emacs turds + +\subsubsection{Transports for Exim 4} + +The transport for Exim 4 is the same as for Exim 3 (see \ref{exim3-transport}; +just copy the transport given above to somewhere under the ``begin +transports'' line of your Exim config file. + +\subsubsection{Additional notes} + +Exim should be configured to allow reasonable volume -- e.g. don't set +\var{max_recipients} down to a silly value -- and with normal degrees of +security -- specifically, be sure to allow relaying from 127.0.0.1, but pretty +much nothing else. Parallel deliveries and other tweaks can also be used if +you like; experiment with your setup to see what works. Delay warning +messages should be switched off or configured to only happen for non-list +mail, unless you like receiving tons of mail when some random host is down. + +\subsubsection{Problems} + +\begin{itemize} + +\item Mailman will send as many \code{MAIL FROM}/\code{RCPT TO} as it needs. + It may result in more than 10 or 100 messages sent in one connection, + which will exceed the default value of Exim's + \var{smtp_accept_queue_per_connection} value. This is bad because it + will cause Exim to switch into queue mode and severely delay delivery of + your list messages. The way to fix this is to set Mailman's + \var{SMTP_MAX_SESSIONS_PER_CONNECTION} (in + \file{\var{\$prefix}/Mailman/mm_cfg.py}) to a smaller value than Exim's + \var{smtp_accept_queue_per_connection}. + +\item Mailman should ignore Exim delay warning messages, even though Exim + should never send this to list messages. Mailman 2.1's general bounce + detection and VERP support should greatly improve the bounce detector's + hit rates. + +\item List existence is determined by the existence of a \file{config.pck} + file for a list. If you delete lists by foul means, be aware of this. + +\item If you are getting Exim or Mailman complaining about user ids when you + send mail to a list, check that the \var{MAILMAN_USER} and + \var{MAILMAN_GROUP} match those of Mailman itself (i.e. what were used + in the \program{configure} script). Also make sure you do not have + aliases in the main alias file for the list. +\end{itemize} + +\subsubsection{Receiver Verification} + +Exim's receiver verification feature is very useful -- it lets Exim reject +unrouteable addresses at SMTP time. However, this is most useful for +externally-originating mail that is addressed to mail in one of your local +domains. For Mailman list traffic, mail originates on your server, and is +addressed to random external domains that are not under your control. +Furthermore, each message is addressed to many recipients +-- up to 500 if you use Mailman's default configuration and don't tweak +\var{SMTP_MAX_RCPTS}. + +Doing receiver verification on Mailman list traffic is a recipe for trouble. +In particular, Exim will attempt to route every recipient addresses in +outgoing Mailman list posts. Even though this requires nothing more than a +few DNS lookups for each address, it can still introduce significant delays. +Therefore, you should disable recipient verification for Mailman traffic. + +Under Exim 3, put this in your main configuration section: + +\begin{verbatim} + receiver_verify_hosts = !127.0.0.1 +\end{verbatim} + +Under Exim 4, this is probably already taken care of for you by the default +recipient verification ACL statement (in the \code{RCPT TO} ACL): + +\begin{verbatim} + accept domains = +local_domains + endpass + message = unknown user + verify = recipient +\end{verbatim} + +which only does recipient verification on addresses in your domain. (That's +not exactly the same as doing recipient verification only on messages coming +from non-127.0.0.1 hosts, but it should do the trick for Mailman.) + +\subsubsection{SMTP Callback} +------------- + +Exim's SMTP callback feature is an even more powerful way to detect bogus +sender addresses than normal sender verification. Unfortunately, lots of +servers send bounce messages with a bogus address in the header, and there are +plenty that send bounces with bogus envelope senders (even though they're +supposed to just use an empty envelope sender for bounces). + +In order to ensure that Mailman can disable/remove bouncing addresses, you +generally want to receive bounces for Mailman lists, even if those bounces are +themselves not bounceable. Thus, you might want to disable SMTP callback on +bounce messages. + +With Exim 4, you can accomplish this using something like the following in +your \code{RCPT TO} ACL: + +\begin{verbatim} + # Accept bounces to lists even if callbacks or other checks would fail + warn message = X-WhitelistedRCPT-nohdrfromcallback: Yes + condition = \ + ${if and {{match{$local_part}{(.*)-bounces\+.*}} \ + {exists {MAILMAN_HOME/lists/$1/config.pck}}} \ + {yes}{no}} + {yes}{no}} + + accept condition = \ + ${if and {{match{$local_part}{(.*)-bounces\+.*}} \ + {exists {MAILMAN_HOME/lists/$1/config.pck}}} \ + {yes}{no}} + {yes}{no}} + + # Now, check sender address with SMTP callback. + deny !verify = sender/callout=90s +\end{verbatim} + +If you also do SMTP callbacks on header addresses, you'll want something like +this in your \code{DATA} ACL: + +\begin{verbatim} + deny !condition = $header_X-WhitelistedRCPT-nohdrfromcallback: + !verify = header_sender/callout=90s +\end{verbatim} +% $ - emacs turd + +\subsubsection{Doing VERP with Exim and Mailman} + +VERP will send one email, with a separate envelope sender (return path), for +each of your subscribers -- read the information in +\file{\var{\$prefix}/Mailman/Default.py} for the options that start with VERP. +In a nutshell, all you need to do to enable VERP with Exim is to add these lines to \file{\var{\$prefix}/Mailman/mm_cfg.py}: + +\begin{verbatim} + VERP_PASSWORD_REMINDERS = Yes + VERP_PERSONALIZED_DELIVERIES = Yes + VERP_DELIVERY_INTERVAL = Yes + VERP_CONFIRMATIONS = Yes +\end{verbatim} + +(The director (router) above is smart enough to deal with VERP bounces.) + +\subsubsection{Virtual Domains} + +One approach to handling virtual domains is to use a separate Mailman +installation for each virtual domain. Currently, this is the only way to have +lists with the same name in different virtual domains handled by the same +machine. + +In this case, the \var{MAILMAN_HOME} and \var{MAILMAN_WRAP} macros are useless +-- you can remove them. Change your director (router) to something like this: + +\begin{verbatim} + require_files = /virtual/${domain}/mailman/lists/${lc:$local_part}/config.pck +\end{verbatim} +% $ - emacs turd + +and change your transport like this: + +\begin{verbatim} + command = /virtual/${domain}/mailman/mail/mailman \ + ${if def:local_part_suffix \ + {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} + {post}} \ + $local_part + current_directory = /virtual/${domain}/mailman + home_directory = /virtual/${domain}/mailman +\end{verbatim} +% $ - emacs turd + +\subsubsection{List Verification} + +This is how a set of address tests for the Exim lists look on a working +system. The list in question is \email{quixote-users@mems-exchange.org}, and +these commands were run on the \code{mems-exchange.org} mail server ("% " +indicates the Unix shell prompt): + +\begin{verbatim} + % exim -bt quixote-users + quixote-users@mems-exchange.org + router = mailman_main_router, transport = mailman_transport + + % exim -bt quixote-users-request + quixote-users-request@mems-exchange.org + router = mailman_router, transport = mailman_transport + + % exim -bt quixote-users-bounces + quixote-users-bounces@mems-exchange.org + router = mailman_router, transport = mailman_transport + + % exim -bt quixote-users-bounces+luser=example.com + quixote-users-bounces+luser=example.com@mems-exchange.org + router = mailman_router, transport = mailman_transport +\end{verbatim} + +If your \program{exim -bt} output looks something like this, that's a start: +at least it means Exim will pass the right messages to the right Mailman +commands. It by no means guarantees that your Exim/Mailman installation is +functioning perfectly, though! + +\subsubsection{Document History} + +Originally written by Nigel Metheringham \email{postmaster@exim.org}. Updated +by Marc Merlin \email{marc_soft@merlins.org} for Mailman 2.1, Exim 4. +Overhauled/reformatted/clarified/simplified by Greg Ward +\email{gward@python.net}. + \subsection{Using the Sendmail mail server} \begin{notice}[warning] |