Diskussion:Server/SRS14/2018

Aus Wiki StuRa HTW Dresden
< Diskussion:Server
Version vom 26. Februar 2018, 10:27 Uhr von PaulRiegel (Diskussion | Beiträge)

(Unterschied) ← Nächstältere Version | Aktuelle Version (Unterschied) | Nächstjüngere Version → (Unterschied)
Wechseln zu: Navigation, Suche

Using the Postfix mail server[Bearbeiten]

Mailman should work pretty much out of the box with a standard Postfix installation. It has been tested with various Postfix versions up to and including Postfix 2.1.5.

In order to support Mailman's optional VERP delivery, you will want to disable luser_relay (the default) and you will want to set recipient_delimiter for extended address semantics. You should comment out any luser_relay value in your main.cf and just go with the defaults. Also, add this to your main.cf file:

   recipient_delimiter = +

Using "+" as the delimiter works well with the default values for VERP_FORMAT and VERP_REGEXP in Defaults.py.

When attempting to deliver a message to a non-existent local address, Postfix may return a 450 error code. Since this is a transient error code, Mailman will continue to attempt to deliver the message for DELIVERY_RETRY_PERIOD - 5 days by default. You might want to set Postfix up so that it returns permanent error codes for non-existent local users by adding the following to your main.cf file:

   unknown_local_recipient_reject_code = 550

Finally, if you are using Postfix-style virtual domains, read the section on virtual domain support below.

Integrating Postfix and Mailman[Bearbeiten]

You can integrate Postfix and Mailman such that when new lists are created, or lists are removed, Postfix's alias database will be automatically updated. The following are the steps you need to take to make this work.

In the description below, we assume that you've installed Mailman in the default location, i.e. /usr/local/mailman. If that's not the case, adjust the instructions according to your use of configure's --prefix and --with-var-prefix options.

Note: If you are using virtual domains and you want Mailman to honor your virtual domains, read the 6.1 section below first!

   Add this to the bottom of the $prefix/Mailman/mm_cfg.py file:
           DEFAULT_SERVER_LANGUAGE = 'de'
           MTA = 'Postfix'
   The MTA variable names a module in the Mailman/MTA directory which contains the mail server-specific functions to be executed when a list is created or removed.
   Look at the Defaults.py file for the variables POSTFIX_ALIAS_CMD and POSTFIX_MAP_CMD command. Make sure these point to your postalias and postmap programs respectively. Remember that if you need to make changes, do it in mm_cfg.py.
   Run the bin/genaliases script to initialize your aliases file.
           % cd /usr/local/mailman
           % bin/genaliases
         
   Make sure that the owner of the data/aliases and data/aliases.db file is mailman, that the group owner for those files is mailman, or whatever user and group you used in the configure command, and that both files are group writable:
           % su
           % chown mailman:mailman data/aliases*
           % chmod g+w data/aliases*
         
   Hack your Postfix's main.cf file to include the following path in your alias_maps variable:
             /usr/local/mailman/data/aliases
   Note that there should be no trailing .db. Do not include this in your alias_database variable. This is because you do not want Postfix's newaliases command to modify Mailman's aliases.db file, but you do want Postfix to consult aliases.db when looking for local addresses.
   You probably want to use a hash: style database for this entry. Here's an example:
           alias_maps = hash:/etc/postfix/aliases,
               hash:/usr/local/mailman/data/aliases
   When you configure Mailman, use the --with-mail-gid=mailman switch; this will be the default if you configured Mailman after adding the mailman owner. Because the owner of the aliases.db file is mailman, Postfix will execute Mailman's wrapper program as uid and gid mailman.

That's it! One caveat: when you add or remove a list, the aliases.db file will updated, but it will not automatically run postfix reload. This is because you need to be root to run this and suid-root scripts are not secure. The only effect of this is that it will take about a minute for Postfix to notice the change to the aliases.db file and update its tables.

Virtual domains[Bearbeiten]

Note: This section describes how to integrate Mailman with Postfix for automatic generation of Postfix virtual_alias_maps for Mailman list addresses. Mailman's support of virtual domains is limited in that list names must be globally unique within a single Mailman instance, i.e., two lists may not have the same name even if they are in different domains.

Postfix 2.0 supports ``virtual alias domains, essentially what used to be called ``Postfix-style virtual domains in earlier Postfix versions. To make virtual alias domains work with Mailman, you need to do some setup in both Postfix and Mailman. Mailman will write all virtual alias mappings to a file called, by default, /usr/local/mailman/data/virtual-mailman. It will also use postmap to create the virtual-mailman.db file that Postfix will actually use.

First, you need to set up the Postfix virtual alias domains as described in the Postfix documentation (see Postfix's virtual(5) manpage). Note that it's your responsibility to include the virtual-alias.domain anything line as described manpage (in recent Postfix this is not required if the domain is included in virtual_alias_domains in main.cf); Mailman will not include this line in virtual-mailman. You are highly encouraged to make sure your virtual alias domains are working properly before integrating with Mailman.

Next, add a path to Postfix's virtual_alias_maps variable, pointing to the virtual-mailman file, e.g.:

   virtual_alias_maps = <your normal virtual alias files>,
       hash:/usr/local/mailman/data/virtual-mailman

assuming you've installed Mailman in the default location. If you're using an older version of Postfix which doesn't have the virtual_alias_maps variable, use the virtual_maps variable instead.

Next, in your mm_cfg.py file, you will want to set the variable POSTFIX_STYLE_VIRTUAL_DOMAINS to the list of virtual domains that Mailman should update. This may not be all of the virtual alias domains that your Postfix installation supports! The values in this list will be matched against the host_name attribute of mailing lists objects, and must be an exact match.

Here's an example. Say that Postfix is configured to handle the virtual domains dom1.ain, dom2.ain, and dom3.ain, and further that in your main.cf file you've got the following settings:

   myhostname = mail.dom1.ain
   mydomain = dom1.ain
   mydestination = $myhostname, localhost.$mydomain
   virtual_alias_maps =
       hash:/some/path/to/virtual-dom1,
       hash:/some/path/to/virtual-dom2,
       hash:/some/path/to/virtual-dom2

If in your virtual-dom1 file, you've got the following lines:

   dom1.ain  IGNORE
   @dom1.ain @mail.dom1.ain

this tells Postfix to deliver anything addressed to dom1.ain to the same mailbox at mail.dom1.com, its default destination.

In this case you would not include dom1.ain in POSTFIX_STYLE_VIRTUAL_DOMAINS because otherwise Mailman will write entries for mailing lists in the dom1.ain domain as

   mylist@dom1.ain         mylist
   mylist-request@dom1.ain mylist-request
   # and so on...

The more specific entries trump your more general entries, thus breaking the delivery of any dom1.ain mailing list.

However, you would include dom2.ain and dom3.ain in mm_cfg.py:

   POSTFIX_STYLE_VIRTUAL_DOMAINS = ['dom2.ain', 'dom3.ain']

Now, any list that Mailman creates in either of those two domains, will have the correct entries written to /usr/local/mailman/data/virtual-mailman.

As above with the data/aliases* files, you want to make sure that both data/virtual-mailman and data/virtual-mailman.db are user and group owned by mailman.

Create a site-wide mailing list[Bearbeiten]

After you have completed the integration of Mailman and your mail server, you need to create a ``site-wide mailing list. This is the one that password reminders will appear to come from, and it is required for proper Mailman operation. Usually this should be a list called mailman, but if you need to change this, be sure to change the MAILMAN_SITE_LIST variable in mm_cfg.py. You can create the site list with this command, following the prompts:

   % bin/newlist mailman

Now configure your site list. There is a convenient template for a generic site list in the installation directory, under data/sitelist.cfg which can help you with this. You should review the configuration options in the template, but note that any options not named in the sitelist.cfg file won't be changed.

The template can be applied to your site list by running:

   % bin/config_list -i data/sitelist.cfg mailman

After applying the sitelist.cfg options, be sure you review the site list's configuration via the admin pages.

You should also subscribe yourself to the site list.

Start the Mailman qrunner[Bearbeiten]

Mailman depends on a process called the ``qrunner to delivery all email messages it sees. You must start the qrunner by executing the following command from the $prefix directory:

   % bin/mailmanctl start
   % cp scripts/mailman /etc/init.d/mailman

Create the site password[Bearbeiten]

There are two site-wide passwords that you can create from the command line, using the bin/mmsitepass script. The first is the ``site password which can be used anywhere a password is required in the system. The site password will get you into the administration page for any list, and it can be used to log in as any user. Think root for a Unix system, so pick this password wisely!

The second password is a site-wide ``list creator password. You can use this to delegate the ability to create new mailing lists without providing all the privileges of the site password. Of course, the owner of the site password can also create new mailing lists, but the list creator password is limited to just that special role.

To set the site password, use this command:

   % $prefix/bin/mmsitepass <your-site-password>

To set the list creator password, use this command: https://www.gnu.org/software/mailman/mailman-install/index.html

   % $prefix/bin/mmsitepass -c <list-creator-password>

It is okay not to set a list creator password, but you probably do want a site password.


Weblinks[Bearbeiten]

https://www.gnu.org/software/mailman/mailman-install/index.html

mehr Spam vermeiden[Bearbeiten]

Wie wohl nahezu alle, werden auch die Mail-Adressen vom StuRa mit reichlich Spam versogt, die gar über Mail-Verteiler durch uns verbreitet werden.

Aktuell ist es unangenehm viel.

Um es besser zu machen, kann wohl ein dahingehender article von ixsystems dienen.

--Paul 06:57, 6. Feb. 2015 (CET)

alte Pakete[Bearbeiten]

pkg_info
apache24-2.4.6_1    Version 2.4.x of Apache web server
apr-1.4.8.1.5.3     Apache Portability Library
autoconf-2.69       Automatically configure source code on many Un*x platforms
autoconf-wrapper-20131203 Wrapper script for GNU autoconf
automake-1.14       GNU Standards-compliant Makefile generator
automake-wrapper-20131203 Wrapper script for GNU automake
bacula-client-5.2.12_3 Network backup solution (client)
db41-4.1.25_4       The Berkeley DB package, revision 4.1
db42-4.2.52_5       The Berkeley DB package, revision 4.2
db47-4.7.25.4       The Berkeley DB package, revision 4.7
dialog4ports-0.1.5_2 Console Interface to configure ports
dovecot-2.2.9       Secure and compact IMAP and POP3 servers
expat-2.1.0         XML 1.0 parser written in C
gdbm-1.11           GNU database manager
gettext-0.18.3.1    GNU gettext package
gmake-3.82_1        GNU version of 'make' utility
help2man-1.43.3     Automatically generating simple manual pages from program o
libexecinfo-1.1_3   A library for inspecting program's backtrace
libffi-3.0.13_1     Foreign Function Interface
libiconv-1.14_1     A character set conversion library
libidn-1.28_1       Internationalized Domain Names command line tool
libsigsegv-2.10     Handling page faults in user mode
libtool-2.4.2_2     Generic shared library support script
libyaml-0.1.4_2     A YAML 1.1 parser and emitter written in C
lzo2-2.06_1         Portable speedy, lossless data compression library
m4-1.4.17,1         GNU m4
maildrop-2.7.1      Mail delivery agent (MDA) with filtering abilities
mailman-2.1.17      Mailing list manager with user-friendly web front-end
p5-BerkeleyDB-0.54  Perl5 interface to the Berkeley DB package
p5-Digest-HMAC-1.03 Perl5 interface to HMAC Message-Digest Algorithms
p5-IO-Multiplex-1.13 IO::Multiplex - Manage IO on many file handles
p5-IO-Socket-INET6-2.69 Perl module with object interface to AF_INET6 domain socket
p5-IO-stringy-2.110 Perl5 module for using IO handles with non-file objects
p5-Locale-gettext-1.05_3 Message handling functions
p5-Net-DNS-0.73     Perl5 interface to the DNS resolver, and dynamic updates
p5-Net-LibIDN-0.12_1 This module provides access to the libidn library
p5-Net-Server-2.007 Configurable base class for writing internet servers in Per
p5-Parse-Syslog-1.10 Perl5 routines that present a simple interface to parse sys
p5-Socket6-0.25_1   IPv6 related part of the C socket.h defines and structure m
pcre-8.33           Perl Compatible Regular Expressions library
perl5.14-5.14.4_4   Practical Extraction and Report Language
pkgconf-0.9.4       Utility to help to configure compiler and linker flags
portaudit-0.6.2     Checks installed ports against a list of security vulnerabi
portupgrade-2.4.12,2 FreeBSD ports/packages administration and management tool s
postfix-2.10.2,1    Secure alternative to widely-used Sendmail
postgrey-1.34_7     Greylisting policy server for Postfix
python-2.7_1,2      The "meta-port" for the default version of Python interpret
python2-2_2         The "meta-port" for version 2 of the Python interpreter
python27-2.7.6_1    Interpreted object-oriented programming language
ruby-1.9.3.484,1    An object-oriented interpreted scripting language
ruby19-bdb-0.6.6_1  Ruby interface to Oracle Berkeley DB revision 2 or later
ruby19-date2-4.0.19 An alternative date class for Ruby
sudo-1.8.8          Allow others to run commands as root
vim-lite-7.4.110    Vi "workalike", with many additional features (Lite package
zsh-5.0.4           The Z shell

textlicher Inhalt von Mails werden wegen html foo, der nun standardmäßig bei der Hochschulverwaltung verwendet wird, entfernt und damit bei Mailman nicht archiviert[Bearbeiten]

vermutete Ursache

collapse_alternatives und convert_html_to_plaintext (unter contentfilter ([MIME-/HTML-Filter])) sind voreingestellt auf Ja gestellt.

--Paul 18:16, 19. Sep. 2017 (CEST)

--Paul 19:39, 19. Sep. 2017 (CEST)

kläglicher Versuch auf die Schnelle

vermutlich bryachte das gar keine Auswirkung, da die "globale" Variable filter_content mit dem gesetzten Wert False (oder 0) ohnehin keine Regel zum Filtern zur Anwendung bringt. sudo /usr/local/mailman/bin/config_list -o test.output test && grep filter_content test.output && sudo rm test.output

filter_content = False

sudo /usr/local/mailman/bin/config_list -o test.output test && grep collapse_alternatives test.output && grep convert_html_to_plaintext test.output && sudo rm test.output

# href="?VARHELP=contentfilter/collapse_alternatives"
# >collapse_alternatives</a> is enabled.
collapse_alternatives = True
# href="?VARHELP=contentfilter/convert_html_to_plaintext"
# >convert_html_to_plaintext</a> is enabled and the site is configured
convert_html_to_plaintext = True

$EDITOR new-settings-for-lists

collapse_alternatives = False
convert_html_to_plaintext = False

$EDITOR apply-new-settings-for-all-lists.sh

#! /bin/sh
for i in $(sudo /usr/local/mailman/bin/list_lists -b) ; do sudo /usr/local/mailman/bin/config_list -i new-settings-for-lists $i ; done

sh ./apply-new-settings-for-all-lists.sh


sudo /usr/local/mailman/bin/config_list -o test.output test && grep collapse_alternatives test.output && grep convert_html_to_plaintext test.output && sudo rm test.output

# href="?VARHELP=contentfilter/collapse_alternatives"
# >collapse_alternatives</a> is enabled.
collapse_alternatives = 0
# href="?VARHELP=contentfilter/convert_html_to_plaintext"
# >convert_html_to_plaintext</a> is enabled and the site is configured
convert_html_to_plaintext = 0

sudo /usr/local/mailman/bin/arch test /usr/local/mailman/archives/private/test.mbox/test.mbox


--Paul 22:28, 19. Sep. 2017 (CEST)

nondigest foo?