[Mailman-Developers] Users, Bounces, and Virtual Domains (was (no subject))

[Dave Klingler]

Hi folks.  I've been lurking on this thread for a little while and I thought
I might have something relevant to add.  I'd normally send it to the users
list but I thought it might lead to some useful discussion.

I'm attempting to bring up several lists on one of my servers using virtfs.
For those not familiar with virtfs, it's an easy way of using chroot to create
several "virtual machines" on one server, each answering to its own IP address
and each behaving like it's a standalone machine.  In my installation, all of
my "virtual" machines sit off on a big raid partition, so they look like
/storage/virtual/domainA.com,/storage/virtual/domainB.net, and so on.

The advantages are

1.  It's easy to manage.  I can pop into any machine whether or not it has 
shell access and move files around easily.  I can also create a new domain
from a template in under thirty seconds and start adding users and email
accounts.

2.  It's more secure.  I'm moving everything to virtual domains because the 
chrooted virtual machines don't have to have any of the tools I'd normally
need just to manage a machine, i.e. su, compilers, etc.  If someone managed
to gain root, it's still hard to get past the chrooted environment.

3.  Email is really easy to manage, because instead of using sendmail's 
mechanism for multiple domains (sorta clumsy compared to the elegant mechanism
in apache, for instance), I can just create recklessly and wickedly create 
users, willy nilly ha ha!  Ignore that last indiscression.

The disadvantages are:

1.  It takes a little more storage.  Each machine occupies a few megs of drive
space.  

2.  Getting mailman up and running properly has tied my face in unsightly 
knots.

So I'm an example of the situation that's come up hypothetically the last few 
days in the discussion of virtual domains.  I'd love to be able to have a 
robust mailing list manager, with an MTA that will lovingly listen to any IP
I choose, that will manage users across lists and domains opaquely to them 
and transparently to me.  Alternately, I might want some day for them or me to 
be able to manage their own accounts across domains just the same way they
might manage their own accounts in one domain.  I want separate domains that 
behave as separate domains in their entirety because they're often easier to
manage that way, and more secure.  I want I want I want...

If anyone wants to play, this is what I've done:

1.  I set up several virtual domains on a separate storage server, with their
own copies of sendmail called by a daemon that in turn is called by inetd
that's part of the virtfs package.

2.  I set up separate copies of mailman in each, and because they will be
called/used by both apache (which doesn't use chroot) and sendmail (which does)
I created a nice long symbolic link from a directory hung off the virtual 
root called /storage/virtual/domainA/home/mailman to the virtual /home/mailman
directory.  That way both apache and the chrooted sendmail can find their 
way to the mailman files, which have been set up with the --prefix= 
/storage/virtual/domainA/home/mailman option in configure.

3.  I've spent many hours trying to figure out why it doesn't work this
way.  I need to go buy the O'Reilly Python book, I guess.  Somehow mail
to test-request@domainA.net gets black-holed with "operating system error"
and I haven't figured out why.

There you have it.  I hope my concrete example of one of your hypothetical
situations helps, and if anyone takes pity on me and figures out why I'm
dysfunctional I'd be really grateful.  

Thanks!
Dave Klingler