Carlos Williams writes:

I am wanting to implement MailMan for my company LAN. I am currently running my email server on Postfix. I am wondering if someone can answer these questions for me. If I install MailMan / Apache on my mail server, will the MailMan list be visible by anyone on the web who can access my mail server via Apache?

No, only to those with the admin password. It may also be possible to get the list of members by email, but (a) list members (or the admin) can exclude their own addresses from that list and (b) the facility can be turned off entirely (which it is by default AFAIK).

However, as Adam McGregor pointed out, this really isn't an issue of Mailman security at all as you've described it so far. It's a question of locking down the firewall in general, the MTA, and Apache.

First, you may want to consider a separate host which runs Postfix, Apache, and Mailman. The only users are root, mailman, and www-data. This is not an MX, in fact it probably shouldn't be routable at all from outside the LAN/VPN. I ran my (very small) Mailman lists from a Pentium 133 MHz with 80MB of RAM running Linux until it died last year. Mailman per se thus can run on any hardware you can buy off the shelf today. Performance should not be a problem until you have lists

10000 members with frequent traffic; the price of the hardware will be determined by the reliability you demand.

If you are installing a webserver on the existing mail host only to provide the Mailman web interface, you can restrict access to Apache at the firewall. This implies that admins do their work, and list members access their membership configurations, via the corporate LAN or VPN.

Mailman restricts access to the membership list and other admin functions to those with the admin password. If you use a strong password and have access via https rather than http, the worrying risk to the admin pages is social (disgruntled admins, bribery, rootkit on the admin's machine) rather than technical, even with access via the public Internet. (I still recommend restricting access to the Mailman pages to inside the LAN/VPN, though.)

I am worried about spammers using MailMan to harvest valid email addresses.

The main vulnerability here is the archives. Some obfuscation of the addresses in the messages can be done by the default archiver. But a better route is to restrict access to those pages (or to Apache itself) to inside-the-LAN IP addresses.

Can someone please tell me if this is possible and or how I should consider configuring MailMan for my LAN?

If I were you, I wouldn't worry about configuring Mailman for security at all. I'd configure the firewall and Apache to require strong authorization (eg, the VPN or attached directly to the LAN) to access Mailman admin and user pages (including the list archives) at all. If people need access from outside the physical LAN, they should use a VPN.

Carlos Williams writes:

I am wanting to implement MailMan for my company LAN. I am currently running my email server on Postfix. I am wondering if someone can answer these questions for me. If I install MailMan / Apache on my mail server, will the MailMan list be visible by anyone on the web who can access my mail server via Apache?

No, only to those with the admin password. It may also be possible to get the list of members by email, but (a) list members (or the admin) can exclude their own addresses from that list and (b) the facility can be turned off entirely (which it is by default AFAIK).

However, as Adam McGregor pointed out, this really isn't an issue of Mailman security at all as you've described it so far. It's a question of locking down the firewall in general, the MTA, and Apache.

First, you may want to consider a separate host which runs Postfix, Apache, and Mailman. The only users are root, mailman, and www-data. This is not an MX, in fact it probably shouldn't be routable at all from outside the LAN/VPN. I ran my (very small) Mailman lists from a Pentium 133 MHz with 80MB of RAM running Linux until it died last year. Mailman per se thus can run on any hardware you can buy off the shelf today. Performance should not be a problem until you have lists

10000 members with frequent traffic; the price of the hardware will be determined by the reliability you demand.

If you are installing a webserver on the existing mail host only to provide the Mailman web interface, you can restrict access to Apache at the firewall. This implies that admins do their work, and list members access their membership configurations, via the corporate LAN or VPN.

Mailman restricts access to the membership list and other admin functions to those with the admin password. If you use a strong password and have access via https rather than http, the worrying risk to the admin pages is social (disgruntled admins, bribery, rootkit on the admin's machine) rather than technical, even with access via the public Internet. (I still recommend restricting access to the Mailman pages to inside the LAN/VPN, though.)

I am worried about spammers using MailMan to harvest valid email addresses.

The main vulnerability here is the archives. Some obfuscation of the addresses in the messages can be done by the default archiver. But a better route is to restrict access to those pages (or to Apache itself) to inside-the-LAN IP addresses.

Can someone please tell me if this is possible and or how I should consider configuring MailMan for my LAN?

If I were you, I wouldn't worry about configuring Mailman for security at all. I'd configure the firewall and Apache to require strong authorization (eg, the VPN or attached directly to the LAN) to access Mailman admin and user pages (including the list archives) at all. If people need access from outside the physical LAN, they should use a VPN.