[Mailman-Users] Mailman with remote smtp
brad at shub-internet.org
Sat Jul 14 04:53:11 CEST 2007
On 7/13/07, Meenal Pant wrote:
> webserver.foo.com is the Mailman webserver where lists are hosted and
> smtp.foo.com is the mailserver. Both machines have sendmail running on
> them. I have created a mail alias on smtp.foo.com for every list hosted
> on webserver.foo.com.
A simpler way to set this up would be to use a different hostname for
the mailing lists, and externally you advertise in the DNS that mail
for this machine is handled on smtp.example.com. However, internally
in the mail server configuration, you set it up to automatically
forward everything it gets for lists.example.com over to
webserver.example.com. This way you don't have to keep creating
aliases on smtp.example.com for the various different mailing lists,
but you still keep the same functionality.
> fetchmail runs on webserver.foo.com and pops email
> from these accounts on smtp.foo.com and these mails are then posted to
> the lists based on aliases defined in /etc/alias on webserver.foo.com
You don't really need fetchmail in this process, although you can
make it work -- obviously.
> The problem is that this method is no at all scalable and portable. Is
> there a better way of doing this ?
Any time you talk about splitting these functions up, you're going to
have some more work to do to maintain the whole system.
However, one of the key ways to achieve higher scalability is
precisely to split the functions up across multiple machines, so
everything depends on *how* you split things up.
> I am using a remote smtp server due to security issues.
What security issues?
> I do not want to
> open any ports on the webserver.
Well, you're going to have a pretty hard time running a web server if
you don't have any ports open.
> However fetchmail requires running
> sendmail in daemon mode ( listening at port 25).
If that's true, then it's only needed on the localhost interface
(IPv4 address 127.0.0.1). You can set things up so that it ignores
all the other ports, and fetchmail should be fine passing things off
to the copy that can only accept connections from the local machine.
IMO, fetchmail should be able to be set up so that it can use a
command-line instance of sendmail that doesn't require any ports to
Of course, as I explained above, you shouldn't need fetchmail at all.
> Is there a good
> security solution if I decide to run an smtp server and the mailman
> webserver on the same machine ?
What do you mean "good security solution"? This is the preferred
method of setting up Mailman, and most sites run it this way. What
problem do you have with that?
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>
09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0
More information about the Mailman-Users