0d9fc34957
GitOrigin-RevId: 5ed481943351e9fd354aeb557679624224de38d5
112 lines
4.4 KiB
XML
112 lines
4.4 KiB
XML
<!-- Do not edit this file directly, edit its companion .md instead
|
||
and regenerate this file using nixos/doc/manual/md-to-db.sh -->
|
||
<chapter xmlns="http://docbook.org/ns/docbook" xmlns:xlink="http://www.w3.org/1999/xlink" xml:id="module-services-mailman">
|
||
<title>Mailman</title>
|
||
<para>
|
||
<link xlink:href="https://www.list.org">Mailman</link> is free
|
||
software for managing electronic mail discussion and e-newsletter
|
||
lists. Mailman and its web interface can be configured using the
|
||
corresponding NixOS module. Note that this service is best used with
|
||
an existing, securely configured Postfix setup, as it does not
|
||
automatically configure this.
|
||
</para>
|
||
<section xml:id="module-services-mailman-basic-usage">
|
||
<title>Basic usage with Postfix</title>
|
||
<para>
|
||
For a basic configuration with Postfix as the MTA, the following
|
||
settings are suggested:
|
||
</para>
|
||
<programlisting>
|
||
{ config, ... }: {
|
||
services.postfix = {
|
||
enable = true;
|
||
relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
|
||
sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
|
||
sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
|
||
config = {
|
||
transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||
local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
|
||
};
|
||
};
|
||
services.mailman = {
|
||
enable = true;
|
||
serve.enable = true;
|
||
hyperkitty.enable = true;
|
||
webHosts = ["lists.example.org"];
|
||
siteOwner = "mailman@example.org";
|
||
};
|
||
services.nginx.virtualHosts."lists.example.org".enableACME = true;
|
||
networking.firewall.allowedTCPPorts = [ 25 80 443 ];
|
||
}
|
||
</programlisting>
|
||
<para>
|
||
DNS records will also be required:
|
||
</para>
|
||
<itemizedlist spacing="compact">
|
||
<listitem>
|
||
<para>
|
||
<literal>AAAA</literal> and <literal>A</literal> records
|
||
pointing to the host in question, in order for browsers to be
|
||
able to discover the address of the web server;
|
||
</para>
|
||
</listitem>
|
||
<listitem>
|
||
<para>
|
||
An <literal>MX</literal> record pointing to a domain name at
|
||
which the host is reachable, in order for other mail servers
|
||
to be able to deliver emails to the mailing lists it hosts.
|
||
</para>
|
||
</listitem>
|
||
</itemizedlist>
|
||
<para>
|
||
After this has been done and appropriate DNS records have been set
|
||
up, the Postorius mailing list manager and the Hyperkitty archive
|
||
browser will be available at https://lists.example.org/. Note that
|
||
this setup is not sufficient to deliver emails to most email
|
||
providers nor to avoid spam – a number of additional measures for
|
||
authenticating incoming and outgoing mails, such as SPF, DMARC and
|
||
DKIM are necessary, but outside the scope of the Mailman module.
|
||
</para>
|
||
</section>
|
||
<section xml:id="module-services-mailman-other-mtas">
|
||
<title>Using with other MTAs</title>
|
||
<para>
|
||
Mailman also supports other MTA, though with a little bit more
|
||
configuration. For example, to use Mailman with Exim, you can use
|
||
the following settings:
|
||
</para>
|
||
<programlisting>
|
||
{ config, ... }: {
|
||
services = {
|
||
mailman = {
|
||
enable = true;
|
||
siteOwner = "mailman@example.org";
|
||
enablePostfix = false;
|
||
settings.mta = {
|
||
incoming = "mailman.mta.exim4.LMTP";
|
||
outgoing = "mailman.mta.deliver.deliver";
|
||
lmtp_host = "localhost";
|
||
lmtp_port = "8024";
|
||
smtp_host = "localhost";
|
||
smtp_port = "25";
|
||
configuration = "python:mailman.config.exim4";
|
||
};
|
||
};
|
||
exim = {
|
||
enable = true;
|
||
# You can configure Exim in a separate file to reduce configuration.nix clutter
|
||
config = builtins.readFile ./exim.conf;
|
||
};
|
||
};
|
||
}
|
||
</programlisting>
|
||
<para>
|
||
The exim config needs some special additions to work with Mailman.
|
||
Currently NixOS can’t manage Exim config with such granularity.
|
||
Please refer to
|
||
<link xlink:href="https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html">Mailman
|
||
documentation</link> for more info on configuring Mailman for
|
||
working with Exim.
|
||
</para>
|
||
</section>
|
||
</chapter>
|