Mailman 3 on lists.mailman3.org
I'm starting to look at getting a production mailman-users@mailman3.org list set up and running.
I haven't gotten too far into it, but I see one issue and have a question.
The issue is that there is an MX record for mailman3.org pointing to mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it has a CNAME pointing to mailman.iad1.psf.io which is the canonical name of the server.
RFC 2181, sec 10.3 says the target of and MX must have address records, not CNAME. I.e. mail.mailman3.org should not have a CNAME, but rather an A record pointing to 104.239.228.201 or I suppose instead, the MX for mailman3.org could point directly at mailman.iad1.psf.io.
Anyway, this is not an immediate concern, but will need to be addressed.
For my question, there is a MM 3 installation on the server now done, I think, by Abhilash (@maxking). It seems only partly done. I.e. there's a whole bunch of stuff in /opt/mailman that looks fairly complete, there's some stuff for it in the nginx and postfix configs, there are systemd scripts for starting and stopping mailman, but there's no mailman user or group on the server. This latter may be the result of the PSFs salt management.
Anyway, the question is is this usable? should it be upgraded? what else needs to be done (not in detail, just whatever pieces are known to be missing)?
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Hi Mark,
On 03/05/2016 04:14 PM, Mark Sapiro wrote:
I'm starting to look at getting a production mailman-users@mailman3.org list set up and running.
I haven't gotten too far into it, but I see one issue and have a question.
The issue is that there is an MX record for mailman3.org pointing to mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it has a CNAME pointing to mailman.iad1.psf.io which is the canonical name of the server.
RFC 2181, sec 10.3 says the target of and MX must have address records, not CNAME. I.e. mail.mailman3.org should not have a CNAME, but rather an A record pointing to 104.239.228.201 or I suppose instead, the MX for mailman3.org could point directly at mailman.iad1.psf.io.
Anyway, this is not an immediate concern, but will need to be addressed.
For my question, there is a MM 3 installation on the server now done, I think, by Abhilash (@maxking). It seems only partly done. I.e. there's a whole bunch of stuff in /opt/mailman that looks fairly complete, there's some stuff for it in the nginx and postfix configs, there are systemd scripts for starting and stopping mailman, but there's no mailman user or group on the server. This latter may be the result of the PSFs salt management.
Yes, I did setup a Mailman 3 instance on that server, but haven't actually looked at it recently. I was just playing around and probably did not create the Mailman user or Group, but I should have. I hooked everything up though and it was working. There must be configuration files for gunicorn too, to deploy Postorius and Hyperkitty.
Anyway, the question is is this usable? should it be upgraded? what else needs to be done (not in detail, just whatever pieces are known to be missing)?
I guess it should be upgraded to the latest mailman version. I installed everything from the latest master branch (that time) instead from the released version. Although, a fresh install using bundler won't hurt. We can then upgrade our own servers before rolling out the releases ;-)
Mailman-Developers mailing list Mailman-Developers@python.org https://mail.python.org/mailman/listinfo/mailman-developers Mailman FAQ: http://wiki.list.org/x/AgA3 Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/raj.abhilash1%40g...
Security Policy: http://wiki.list.org/x/QIA9
-- thanks, Abhilash Raj
On Mar 05, 2016, at 04:14 PM, Mark Sapiro wrote:
The issue is that there is an MX record for mailman3.org pointing to mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it has a CNAME pointing to mailman.iad1.psf.io which is the canonical name of the server.
RFC 2181, sec 10.3 says the target of and MX must have address records, not CNAME. I.e. mail.mailman3.org should not have a CNAME, but rather an A record pointing to 104.239.228.201 or I suppose instead, the MX for mailman3.org could point directly at mailman.iad1.psf.io.
Fixed by setting mail. to an A record. Give it time to propagate, and it has a 3h TTL.
Cheers, -Barry
On 03/06/2016 09:37 AM, Barry Warsaw wrote:
On Mar 05, 2016, at 04:14 PM, Mark Sapiro wrote:
The issue is that there is an MX record for mailman3.org pointing to mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it has a CNAME pointing to mailman.iad1.psf.io which is the canonical name of the server. ... Fixed by setting mail. to an A record. Give it time to propagate, and it has a 3h TTL.
Looks good. Thanks Barry.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Mark Sapiro writes:
On 03/06/2016 09:37 AM, Barry Warsaw wrote:
On Mar 05, 2016, at 04:14 PM, Mark Sapiro wrote:
The issue is that there is an MX record for mailman3.org pointing to mail.mailman3.org, but mail.mailman3.org doesn't have an A record; it has a CNAME pointing to mailman.iad1.psf.io which is the canonical name of the server. ... Fixed by setting mail. to an A record. Give it time to propagate, and it has a 3h TTL.
Looks good. Thanks Barry.
But note that as a practical matter some receiving sites demand (or use to demand) that a sender's PTR roundtrip (ie, A -> PTR -> same A).
Is that not a problem any more?
Steve
On 03/06/2016 05:35 PM, Stephen J. Turnbull wrote:
But note that as a practical matter some receiving sites demand (or use to demand) that a sender's PTR roundtrip (ie, A -> PTR -> same A).
Is that not a problem any more?
Thanks for bringing this up.
It is definitely still a problem and it is a problem here too, but these are two separate issues. The issue I raised and which is now fixed is regarding mail to xxx@mailman3.org. That's where the MX for mailman3.org should point to a name with an A and not a CNAME record.
I neglected to even think about the full circle DNS which is for outgoing mail. The issue here is that the server's IP address has no rDNS PTR record at all. The authority for this is rackspace, so they would need to install a PTR from 201.228.239.104.in-addr.arpa. (i.e.rDNS for 104.239.228.201) to mail.mailman3.org. Probably infrastructure@python.org can help with this.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On Mar 06, 2016, at 09:31 PM, Mark Sapiro wrote:
I neglected to even think about the full circle DNS which is for outgoing mail. The issue here is that the server's IP address has no rDNS PTR record at all. The authority for this is rackspace, so they would need to install a PTR from 201.228.239.104.in-addr.arpa. (i.e.rDNS for 104.239.228.201) to mail.mailman3.org. Probably infrastructure@python.org can help with this.
I pinged Donald off line; this should be set up now.
Cheers, -Barry
On 03/07/2016 06:59 AM, Barry Warsaw wrote:
I pinged Donald off line; this should be set up now.
Yes. It looks good. I should make significant progress on the setup this week.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
participants (4)
-
Abhilash Raj -
Barry Warsaw -
Mark Sapiro -
Stephen J. Turnbull