[Mailman-Users] separate mx, mailman and web host

Lucio Chiappetti lucio at lambrate.inaf.it
Fri Apr 1 10:38:47 CEST 2011

On Wed, 30 Mar 2011, Mark Sapiro wrote:
> Lucio Chiappetti wrote:

>>>> (QUESTION 5)
>>>> The arrangement on the target system will be more complicated.
>> because our aliases are mantained on the NIS master server. The master and
>> slave servers are also the domain main and backup MX.
>> However the web server is on a third machine. A configuration like the one
>> I use on my test machine (local sendmail aliases inherited from local
>> mailman aliases, which "pipe" into local mailman executables) is likely
>> to work there ...

> I don't think I actually understand the configuration or what the
> problem is.
> Ultimately, mail to a list must be delivered to the Mailman machine,
> but I don't understand why the existing MXs can't relay it there or
> can they?

So far not unless explicitly aliased.
This is how I see it (and how our other things work currently).

- all our e-mail are of the form  user at domain
   NOT user at host.domain

- all outgoing mail is masqueraded as user at domain by sendmail

- the DNS advertises two MX's for the domain. We do not advertise MX's for
   particular hosts. Hosts other than MX's should have the SMTP port
   blocked by a firewall on the boundary router (we are several institutes
   in the same building, the boundary router is not managed by ours).

- incoming mail of the form user at domain is delivered to other hosts
   via alias expansion managed by NIS. So some users get it delivered
   to user at personalhost, some other to user at projectimapserver.

- our current mailing lists (e.g. staff at domain) are managed by :include:
   in the NIS aliases source, pointing to list of addresses in include
   files. The expansion works because all local hosts (including the MX's)
   can access (via NFS) the included files. We do manage both "system"
   lists (include file in a system directory) and "project" lists (include
   file in an user directory)

   We plan to replace those lists by mailman-managed lists.

- mailman will be installed on a given host (I call it mmhost for the
   purposes of this mail, but the real name will be different). Most
   likely it will be our www server (www.domain where www is a CNAME
   for its real host name), NOT the MXs (the two MXs are redundant,
   and are also the primary and secondary DNS and NIS servers).

- I know now that DEFAULT_URL_HOST shall point to www.domain (or
   perhaps a dedicated virtual www server)

- I know now that DEFAULT_EMAIL_HOST can be set to "domain" to make
   lists and service addresses of the form "list at domain"
   (preferred to list at mmhost.domain)

- I know from my tests how to coerce sendmail and mailman to use (and
   automatically create)  LOCAL aliases of the form

   listname:  "|/usr/lib/mailman/mail/mailman post listname"

   but of course THESE aliases are not suitable to be NIS aliases.
   /usr/lib/mailman/mail/mailman won't exist on the MXs and on the
   clients !

- I can imagine two ways out of it.

   a) having some manual or crontab operated script which for all
      mailman alias on the mmhost, replicates in the NIS aliases
      aliases of the form

      listname: listname at mmhost
      listname-owner : listname-owner at mmhost

   b) renouncing to the listname at domain in favour of listname at mmhost.domain
      addresses, and doing some clever use of MX records and sendmail
      mailertable to route all mail for mmhost (firewalled from outside)
      to such machine

I read also FAQs 4.84 and 4.72. Any more suitable for our configuration ?

Lucio Chiappetti - INAF/IASF - via Bassini 15 - I-20133 Milano (Italy)
For more info : http://www.iasf-milano.inaf.it/~lucio/personal.html

More information about the Mailman-Users mailing list