Archiv für den Monat: Februar 2014

mailman with suexec (here in a froxlor environment)

The Software GNU mailman is a great mailinglist-tool, which can be installed on a small server, ensuring independence from big companies like google & co.

In my setup, I’m using apache2 together with suexec and postfix. Unfortunately, mailman doesn’t work easy with suexec. I’m also using froxlor, which makes it easy to setup new domains, emails etc. for customers or family. Mailman isn’t integrated in froxlor (there is an outdated custom module, though), so I had to setup something on my own.

Please remember to update the following placeholders in the scripts below:

  • your.ip.add.ress
  • list.yourdomain.tld
  • admin@account

Here’s what I have done:

# Download and extract mailman
mkdir -p ~/work/mailman
cd ~/work/mailman
tar xvfz mailman-2.1.17.tgz
# Add user and group
sudo addgroup mailman
sudo adduser mailman --ingroup mailman
# Secure stuff: no directory, no Login
sudo sed -i 's/mailman:x:\([0-9]*\):\([0-9]*\):Mailman,,,:\/home\/mailman:\/bin\/bash/mailman:x:\1:\2:Mailman,,,:\/nonexistent:\/bin\/false/' /etc/passwd
# We need to identify which is our docroot, we're creating the install dir there.
# This is most certainly "/var/www"
docrootpart=$(sudo /usr/lib/apache2/suexec -V 2>&1 | grep AP_DOC_ROOT | sed 's/.*"\(.*\)"/\1/')
sudo mkdir -p $myprefix
cd $myprefix
sudo chgrp mailman .
sudo chmod a+rx,g+ws .
cd ~/work/mailman/mailman-2.1.17
# configure, make and install
./configure --prefix=$myprefix --with-username=mailman --with-groupname=mailman --with-cgi-gid=mailman --with-mail-gid=mailman
sudo make install
cd $myprefix
sudo bash -c 'bin/check_perms -f'
# Using information from
sudo chown -R mailman:mailman $myprefix/cgi-bin*
sudo chmod g-w $myprefix/cgi-bin
sudo chmod g-s $myprefix/cgi-bin/*

After this, you now must create the mailman.conf-file at /etc/apache2/conf.d/mailman.conf:

Remember to check your docroot, you might have to change the /var/www below at all occurences. If you’re using SSL, change the 80 to 443 and add all the SSLEngine On etc. lines from your local apache configuration, which pretty much includes everything starting with SSL.

<VirtualHost your.ip.add.ress:80>
        ServerName      list.yourdomain.tld
        ServerAlias     list.yourdomain.tld
        SuexecUserGroup mailman mailman
        DocumentRoot    "/var/www/mailman"
        Alias /pipermail/ /var/www/mailman/archives/public/
        Alias /icons/ /var/www/mailman/icons/
        ScriptAlias /admin /var/www/mailman/cgi-bin/admin
        ScriptAlias /admindb /var/www/mailman/cgi-bin/admindb
        ScriptAlias /confirm /var/www/mailman/cgi-bin/confirm
        ScriptAlias /create /var/www/mailman/cgi-bin/create
        ScriptAlias /edithtml /var/www/mailman/cgi-bin/edithtml
        ScriptAlias /listinfo /var/www/mailman/cgi-bin/listinfo
        ScriptAlias /options /var/www/mailman/cgi-bin/options
        ScriptAlias /private /var/www/mailman/cgi-bin/private
        ScriptAlias /rmlist /var/www/mailman/cgi-bin/rmlist
        ScriptAlias /roster /var/www/mailman/cgi-bin/roster
        ScriptAlias /subscribe /var/www/mailman/cgi-bin/subscribe
        ScriptAlias /mailman/ /var/www/mailman/cgi-bin/
        ScriptAlias / /var/www/mailman/cgi-bin/listinfo
<Directory "/var/www/mailman/archives/public/">
        AddDefaultCharset off

Now restart the apache webserver:

sudo service apache2 restart

Mailman is now available under http://list.yourdomain.tld/mailman/create (shouldn’t throw any errors anymore). Do NOT create a mailing list just yet. If you’re still getting errors like 500 (Internal Server Error), check your log files, especially your suexec.log, probably located at /var/log/apache2/suexec.log

# Change postfix configuration
sudo bash -c 'echo "recipient_delimiter = +" >>/etc/postfix/'
sudo bash -c 'echo "unknown_local_recipient_reject_code = 550" >>/etc/postfix/'
# Change mailman configuration
cd $myprefix/Mailman
sudo bash -c 'echo "MTA = '\''Postfix'\''" >>'
cd $myprefix
# Generate aliases
sudo bin/genaliases
sudo chown mailman:mailman data/aliases*
sudo chmod g+w data/aliases*
sudo sed -i 's/alias_maps\ =\ \$alias_database/alias_maps\ =\ \$alias_database,hash:\/var\/www\/mailman\/data\/aliases/' /etc/postfix/

Mailman is now configured, let’s create our first mailling list, this must be the „mailman“-list, this is only an internal mailing list.

## Configure mailman internal
# maillinglist "mailman"
cd $myprefix
sudo bin/newlist mailman
# Configure siteliste (use default)
sudo bin/config_list -i data/sitelist.cfg mailman
# Enable cron - make sure to change the MAILTO-Information to your email!
cd $myprefix/cron
sudo bash -c 'echo "MAILTO=admin@account" >crontab.ok'
sudo bash -c 'cat >>crontab.ok'
sudo crontab -u mailman crontab.ok
# Add virtual host (here: list.yourdomain.tld)
cd $myprefix/Mailman
sudo bash -c 'echo "add_virtualhost('\''list.yourdomain.tld'\'')" >>'
# Now as we're super-secure, we're adding the https-Information
# Make sure that this is supported by your webserver and fully configured, otherwise skip the next two lines!
sudo bash -c 'echo "DEFAULT_URL_PATTERN = '\''https://%s/mailman/'\''" >>'
sudo bash -c 'echo "PUBLIC_ARCHIVE_URL = '\''https://%(hostname)s/pipermail/%(listname)s'\''" >>'
# Default-Host
sudo bash -c 'echo "DEFAULT_EMAIL_HOST = '\''list.yourdomain.tld'\''" >>'
sudo bash -c 'echo "DEFAULT_URL_HOST = '\''list.yourdomain.tld'\''" >>'
# for ubuntu/debian, we're adding the startup-script and enable mailman to run after reboot
sudo cp $myprefix/scripts/mailman /etc/init.d/mailman
sudo update-rc.d mailman defaults
sudo /etc/init.d/mailman start
# Set asswords
sudo $myprefix/bin/mmsitepass

You’re all set, mailman is fully operational and running. Here’s the example on how to add a list „yourlist“ in mailman. This will create the list and uses to configuration options: Replies always go to the list, and the information written in the mailinglist is NOT open for the internet to see, making this a private list.

  1. Go to https://list.yourdomain.tld/mailman/create
  2. After creating the list, go to the admin-page of the list:
  3. https://list.yourdomain.tld/mailman/admin/yourlist
  4. Login with the mailed password
  5. reply_goes_to_list –> this list
  6. archive_private –> private