2023-01-20 10:41:00 +00:00
|
|
|
|
<!-- Do not edit this file directly, edit its companion .md instead
|
|
|
|
|
|
and regenerate this file using nixos/doc/manual/md-to-db.sh -->
|
|
|
|
|
|
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-mailman">
|
2020-06-15 15:56:04 +00:00
|
|
|
|
<title>Mailman</title>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
<link xlink:href="https://www.list.org">Mailman</link> is free
|
|
|
|
|
|
software for managing electronic mail discussion and e-newsletter
|
|
|
|
|
|
lists. Mailman and its web interface can be configured using the
|
|
|
|
|
|
corresponding NixOS module. Note that this service is best used with
|
2023-01-20 10:41:00 +00:00
|
|
|
|
an existing, securely configured Postfix setup, as it does not
|
|
|
|
|
|
automatically configure this.
|
2020-06-15 15:56:04 +00:00
|
|
|
|
</para>
|
|
|
|
|
|
<section xml:id="module-services-mailman-basic-usage">
|
2020-12-25 13:55:36 +00:00
|
|
|
|
<title>Basic usage with Postfix</title>
|
2020-06-15 15:56:04 +00:00
|
|
|
|
<para>
|
2023-01-20 10:41:00 +00:00
|
|
|
|
For a basic configuration with Postfix as the MTA, the following
|
|
|
|
|
|
settings are suggested:
|
|
|
|
|
|
</para>
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
|
{ config, ... }: {
|
2020-06-15 15:56:04 +00:00
|
|
|
|
services.postfix = {
|
|
|
|
|
|
enable = true;
|
2023-01-20 10:41:00 +00:00
|
|
|
|
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
|
|
|
|
|
sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
|
|
|
|
|
|
sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
|
2020-06-15 15:56:04 +00:00
|
|
|
|
config = {
|
2023-01-20 10:41:00 +00:00
|
|
|
|
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
|
|
|
|
|
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
2020-06-15 15:56:04 +00:00
|
|
|
|
};
|
|
|
|
|
|
};
|
|
|
|
|
|
services.mailman = {
|
2023-01-20 10:41:00 +00:00
|
|
|
|
enable = true;
|
|
|
|
|
|
serve.enable = true;
|
|
|
|
|
|
hyperkitty.enable = true;
|
|
|
|
|
|
webHosts = ["lists.example.org"];
|
|
|
|
|
|
siteOwner = "mailman@example.org";
|
2020-06-15 15:56:04 +00:00
|
|
|
|
};
|
2023-01-20 10:41:00 +00:00
|
|
|
|
services.nginx.virtualHosts."lists.example.org".enableACME = true;
|
|
|
|
|
|
networking.firewall.allowedTCPPorts = [ 25 80 443 ];
|
|
|
|
|
|
}
|
|
|
|
|
|
</programlisting>
|
2020-06-15 15:56:04 +00:00
|
|
|
|
<para>
|
|
|
|
|
|
DNS records will also be required:
|
|
|
|
|
|
</para>
|
2023-01-20 10:41:00 +00:00
|
|
|
|
<itemizedlist spacing="compact">
|
|
|
|
|
|
<listitem>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
<literal>AAAA</literal> and <literal>A</literal> records
|
|
|
|
|
|
pointing to the host in question, in order for browsers to be
|
|
|
|
|
|
able to discover the address of the web server;
|
|
|
|
|
|
</para>
|
|
|
|
|
|
</listitem>
|
|
|
|
|
|
<listitem>
|
|
|
|
|
|
<para>
|
|
|
|
|
|
An <literal>MX</literal> record pointing to a domain name at
|
|
|
|
|
|
which the host is reachable, in order for other mail servers
|
|
|
|
|
|
to be able to deliver emails to the mailing lists it hosts.
|
|
|
|
|
|
</para>
|
|
|
|
|
|
</listitem>
|
|
|
|
|
|
</itemizedlist>
|
2020-06-15 15:56:04 +00:00
|
|
|
|
<para>
|
2023-01-20 10:41:00 +00:00
|
|
|
|
After this has been done and appropriate DNS records have been set
|
|
|
|
|
|
up, the Postorius mailing list manager and the Hyperkitty archive
|
|
|
|
|
|
browser will be available at https://lists.example.org/. Note that
|
|
|
|
|
|
this setup is not sufficient to deliver emails to most email
|
|
|
|
|
|
providers nor to avoid spam – a number of additional measures for
|
|
|
|
|
|
authenticating incoming and outgoing mails, such as SPF, DMARC and
|
|
|
|
|
|
DKIM are necessary, but outside the scope of the Mailman module.
|
2020-06-15 15:56:04 +00:00
|
|
|
|
</para>
|
|
|
|
|
|
</section>
|
2020-12-25 13:55:36 +00:00
|
|
|
|
<section xml:id="module-services-mailman-other-mtas">
|
|
|
|
|
|
<title>Using with other MTAs</title>
|
|
|
|
|
|
<para>
|
2023-01-20 10:41:00 +00:00
|
|
|
|
Mailman also supports other MTA, though with a little bit more
|
|
|
|
|
|
configuration. For example, to use Mailman with Exim, you can use
|
|
|
|
|
|
the following settings:
|
|
|
|
|
|
</para>
|
|
|
|
|
|
<programlisting>
|
|
|
|
|
|
{ config, ... }: {
|
2020-12-25 13:55:36 +00:00
|
|
|
|
services = {
|
|
|
|
|
|
mailman = {
|
|
|
|
|
|
enable = true;
|
2023-01-20 10:41:00 +00:00
|
|
|
|
siteOwner = "mailman@example.org";
|
|
|
|
|
|
enablePostfix = false;
|
2020-12-25 13:55:36 +00:00
|
|
|
|
settings.mta = {
|
2023-01-20 10:41:00 +00:00
|
|
|
|
incoming = "mailman.mta.exim4.LMTP";
|
|
|
|
|
|
outgoing = "mailman.mta.deliver.deliver";
|
|
|
|
|
|
lmtp_host = "localhost";
|
|
|
|
|
|
lmtp_port = "8024";
|
|
|
|
|
|
smtp_host = "localhost";
|
|
|
|
|
|
smtp_port = "25";
|
|
|
|
|
|
configuration = "python:mailman.config.exim4";
|
2020-12-25 13:55:36 +00:00
|
|
|
|
};
|
|
|
|
|
|
};
|
|
|
|
|
|
exim = {
|
|
|
|
|
|
enable = true;
|
|
|
|
|
|
# You can configure Exim in a separate file to reduce configuration.nix clutter
|
|
|
|
|
|
config = builtins.readFile ./exim.conf;
|
|
|
|
|
|
};
|
|
|
|
|
|
};
|
2023-01-20 10:41:00 +00:00
|
|
|
|
}
|
|
|
|
|
|
</programlisting>
|
2020-12-25 13:55:36 +00:00
|
|
|
|
<para>
|
2023-01-20 10:41:00 +00:00
|
|
|
|
The exim config needs some special additions to work with Mailman.
|
|
|
|
|
|
Currently NixOS can’t manage Exim config with such granularity.
|
|
|
|
|
|
Please refer to
|
|
|
|
|
|
<link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman
|
|
|
|
|
|
documentation</link> for more info on configuring Mailman for
|
|
|
|
|
|
working with Exim.
|
2020-12-25 13:55:36 +00:00
|
|
|
|
</para>
|
|
|
|
|
|
</section>
|
2020-06-15 15:56:04 +00:00
|
|
|
|
</chapter>
|
