Gargleblaster.org

Mailman on freeBSD with Postfix

One of my co-workers asked me if I could help him with sending emails to over 100 people.
On certain planets this would be considered as spamming, but all the addresses are prospects or exisiting customers. Until now, he was used to send the mails one by one. But the address list grew larger and larger.

So time for me to enter the next step in mailserver-administration: Setting up a mailinglist.
In the early days of the net, I have been a co-adminstrator of a majordomo-list. But nowadays every list on the internet seems to be managed by Mailman. And since I don’t really dig perl, Mailman seemed an obvious choice.

Using ports, Mailman was very quickly installed. Some fiddling with apache-conf later and it seemed up and running.
However, making it run along side with the several virtual domains (in fact, even masquarading the FQDN of the mailserver to the mailing-domain) took some extra care.

But overriding these values in Mailman/mm_cfg.py seemed to work:

MTA = 'Postfix'
DEFAULT_EMAIL_HOST = 'domain.ex'
DEFAULT_URL_HOST = 'host.subnet.domain.ex'
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
DEFAULT_URL_PATTERN = 'http://%s/mailman/'
PUBLIC_ARCHIVE_URL = 'http://%(hostname)s/pipermail/%(listname)s'
POSTFIX_STYLE_VIRTUAL_DOMAINS = ['domain1.ex', 'domain2.ex']

And in /etc/postfix/main.cf:

owner_request_special = no
recipient_delimiter = +

# for making virtual domains work
virtual_alias_maps = mysql:/etc/postfix/mysql-virtual.cf, hash:/usr/local/mailman/data/virtual-mailman

#for making the obvious Mailman aliases work
alias_maps = mysql:/etc/postfix/mysql-aliases.cf, hash:/usr/local/mailman/data/aliases

After this ( and a good deal of coffee later) all seemed to work. Creating the lists, add some co-workers as testing guinee-pigs, everything seemed fine.

Created the list for external use, loaded 50+ emailaddresses and wrote up the announcement email.
clikckerdeclickerdie
“send”

not.
The maillog was flooded with “554 relaying not allowed” messages.
Lesson learned: configure and test your Mailman configuration with addresses outside your own domain.
Solution was to fiddle around with postfix relay options.

I changed it in /etc/postfix/main.cf to:

smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_unauth_destination

Make sure 127.0.0.1/8 belongs to mynetworks.

and tadaaa! A working mailinglist :)

Finally… sasl with virtual accounts in mysql working!

*sigh*
This bothered me from the moment I got my new postfix mailserver.
Everything worked…tls/amavisd-new/courier/plain-sasl/postfix all with mysql. But somehow I didn’t get sasl working with the virtual user accounts in mysql. I tried almost everything and nothing worked.
Once in a while I tried to get it working again, but every time it ended in a dissapointment.
Until today! Jippie!

The missing link turned out to be using the “-r ” option in saslauthd.sh.
From the saslauthd man pages:

     -r      Combine the realm with the login (with an '@' sign in between).
             e.g.  login: "foo" realm: "bar" will get passed as login:
             "foo@bar".  Note that the realm will still be passed, which may
             lead to unexpected behavior.

On freeBSD, add this to rc.conf:

saslauthd_flags="-r -a getpwent"

And in /usr/local/lib/sasl2/smtpd.conf:

sasl_pwcheck_method: auxprop
sasl_auxprop_plugin: sql
sql_engine: mysql
mech_list: login plain crammd6 digestmd5
sql_user: sql-user
sql_passwd: sql-pass
sql_database: postfix
sql_select: SELECT clear FROM postfix_users WHERE email = '%u@%r'
sql_verbose: yes

And don’t forget to restart the saslauthd after editing this file.

# saslauthd -v
saslauthd 2.1.21
authentication mechanisms: sasldb getpwent kerberos5 pam rimap