Blackhold

Instalación de mailman con postfix

Posted on maig 8th, 2014 by admin

Mailman es un software de gestión de listas de correo escrito en perl y desarrollado por el proyecto GNU. Vamos a instalar este mailman para lists.capa8.net

Lo primero será instalar postfix

root@lists:~# apt-get install postfix

Cuando nos aparece el menú ncurses le indicamos que lo dejamos sin configuración.

Vamos a /etc/postfix y creamos el fichero main.cf y le ponemos este contenido

# See /usr/share/postfix/main.cf.dist for a commented, more complete version


# Debian specific:  Specifying a file name will cause the first
# line of that file to be used as the name.  The Debian default
# is /etc/mailname.
#myorigin = /etc/mailname

smtpd_banner = $myhostname ESMTP
biff = no

# appending .domain is the MUA's job.
append_dot_mydomain = no

# Uncomment the next line to generate "delayed mail" warnings
#delay_warning_time = 4h

readme_directory = no

# TLS parameters
smtpd_tls_cert_file=/etc/ssl/certs/ssl-cert-snakeoil.pem
smtpd_tls_key_file=/etc/ssl/private/ssl-cert-snakeoil.key
smtpd_use_tls=yes
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache

# See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
# information on enabling SSL in the smtp client.

myhostname = tesla.$mydomain
mydomain = capa8.net
myorigin = /etc/mailname
mydestination = $myhostname, localhost.localdomain, localhost, localhost.$mydomain, lists.capa8.net, lists.capa8.cat


alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
#alias_database = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases
#virtual_alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/virtual-mailman
#virtual_alias_maps = hash:/etc/postfix/todevnull.cf

mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128

mailbox_command = procmail -a "$EXTENSION"
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
#relays_version = 3

# Mailman parameters
unknown_local_recipient_reject_code = 550
owner_request_special               = no
mailman_destination_recipient_limit = 1

smtpd_recipient_restrictions =
        permit_mynetworks,
        permit_sasl_authenticated,
        reject_unauth_pipelining,
        reject_non_fqdn_recipient,
        reject_non_fqdn_sender,
        reject_unauth_destination
        #reject_unknown_recipient_domain,
        #reject_unknown_sender_domain,
        #check_relay_domains,
#       check_sender_access hash:/etc/postfix/usuarios

#smtpd_recipient_restrictions =
#       permit_mynetworks
#       permit_sasl_authenticated,


#relayhost = 127.0.0.1
inet_protocols = ipv4

# Pujar el límit d'enviament de mailas a 20MB
message_size_limit = 230960000

transport_maps = hash:/etc/postfix/transport

broken_sasl_auth_clients = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
smtpd_sasl_auth_enable = yes
smtpd_sasl_local_domain = $myhostname
smtpd_sasl_security_options = noanonymous

En /etc/hosts ponemos que lists.capa8.net y lists.capa8.cat sea él mismo

127.0.0.1       localhost lists.capa8.net lists.capa8.cat lists

Una vez configurado postfix lo reiniciamos para ver que las configuraciones son correctas

root@lists:/etc/postfix# service postfix restart
[ ok ] Stopping Postfix Mail Transport Agent: postfix.
[ ok ] Starting Postfix Mail Transport Agent: postfix.

Ahora vamos a instalar mailman en el directorio /var/lib/mailman, pero antes para ello hemos preparado una partición lvm que pueda ser fácilmente ampliable, ya que este servidor es una maquina virtual. Más información aquí.

Instalamos el paquete lvm2

root@lists:~# apt-get install lvm2

Ahora la partición víctima /dev/sdb en este caso! :) Recuerdo que esta partición debe estar formateada como partición Linux LVM (8e)

root@lists:/etc/postfix# fdisk /dev/sdb
Command (m for help): n
Partition type:
   p   primary (0 primary, 0 extended, 4 free)
   e   extended
Select (default p): p
Partition number (1-4, default 1): 
Using default value 1
First sector (2048-20971519, default 2048): 
Using default value 2048
Last sector, +sectors or +size{K,M,G} (2048-20971519, default 20971519): 
Using default value 20971519
Command (m for help): t
Selected partition 1
Hex code (type L to list codes): 8e
Changed system type of partition 1 to 8e (Linux LVM)

Command (m for help): p

Disk /dev/sdb: 10.7 GB, 10737418240 bytes
255 heads, 63 sectors/track, 1305 cylinders, total 20971520 sectors
Units = sectors of 1 * 512 = 512 bytes
Sector size (logical/physical): 512 bytes / 512 bytes
I/O size (minimum/optimal): 512 bytes / 512 bytes
Disk identifier: 0x4be38b31

   Device Boot      Start         End      Blocks   Id  System
/dev/sdb1            2048    20971519    10484736   8e  Linux LVM

Command (m for help): w
The partition table has been altered!

Calling ioctl() to re-read partition table.
Syncing disks.

Ahora vamos a crear el volumen físico LVM

root@lists:/etc/postfix# pvcreate /dev/sdb1
  Writing physical volume data to disk "/dev/sdb1"
  Physical volume "/dev/sdb1" successfully created

Ahora el grupo de volumen

root@lists:/etc/postfix# vgcreate volgroup_01 /dev/sdb1
  Volume group "volgroup_01" successfully created

Para ver como queda

root@lists:/etc/postfix# pvscan
  PV /dev/sdb1   VG volgroup_01   lvm2 [10.00 GiB / 2.00 GiB free]
  Total: 1 [10.00 GiB] / in use: 1 [10.00 GiB] / in no VG: 0 [0   ]

Y el volumen lógico (del disco de 10Gb que tengo voy a usar 8Gb de momento)

root@lists:/etc/postfix# lvcreate -L8G -n vol_mailman volgroup_01
  Logical volume "vol_mailman" created
root@lists:/etc/postfix# lvscan
  ACTIVE            '/dev/volgroup_01/vol_mailman' [8.00 GiB] inherit

Para ver el volumen lógico:

root@lists:/etc/postfix# lvscan
  ACTIVE            '/dev/volgroup_01/vol_mailman' [8.00 GiB] inherit

Y ahora le damos formato de partición ext4 al volumen lógico

root@lists:/etc/postfix# mkfs.ext4 /dev/volgroup_01/vol_mailman 

Ahora vamos a crear el punto de montaje (importante hacerlo antes de instalar mailman, sino va a tocar mover todos los ficheros).

root@lists:~# vi /etc/fstab
/dev/mapper/volgroup_01-vol_mailman     /var/lib/mailman        ext4    auto    0       0

Creamos el punto de montaje

root@lists:~# mkdir /var/lib/mailman

Lo montamos y miramos que se haya montado en modo rw

root@lists:~# mount /var/lib/mailman
root@lists:~# mount
/dev/mapper/volgroup_01-vol_mailman on /var/lib/mailman type ext4 (rw,relatime,user_xattr,barrier=1,data=ordered)

Ahora ya podemos proseguir con la instalación de mailman

root@lists:~# apt-get install mailman

Saldrá un menú de ncurses donde indicaremos los idiomas que queremos instalar en nuestro mailman. En cualquier momento si necesitamos añadir alguno podemos añadirlo haciendo un dpkg-reconfigure mailman.

Al final de la instalación nos dice esto

[warn] Site list for mailman missing (looking for list named 'mailman'). ... (warning).
[warn] Please create it; until then, mailman will refuse to start. ... (warning).

Para sacar el warning, creamos una primera lista llamada mailman, que nos va a servir también para hacer pruebas

root@lists:~# cd /var/lib/mailman/bin
root@lists:/var/lib/mailman/bin# ./newlist mailman
Enter the email of the person running the list: usuario@dominio.net
Initial mailman password: 
To finish creating your mailing list, you must edit your /etc/aliases (or
equivalent) file by adding the following lines, and possibly running the
`newaliases' program:

## mailman mailing list
mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Hit enter to notify mailman owner...

Y volvemos a iniciar mailman

root@lists:/var/lib/mailman/bin# service mailman restart
[....] Restarting Mailman master qrunner: mailmanctlPID unreadable in: /var/run/mailman/mailman.pid
[Errno 2] No such file or directory: '/var/run/mailman/mailman.pid'
Is qrunner even running?
. ok 

Y este es el output del restart si mailman ya estaba funcionando

root@lists:/var/lib/mailman/bin# service mailman restart
[ ok ] Restarting Mailman master qrunner: mailmanctl[....] Waiting...done.
. ok 

Ahora toca configurar apache para poder acceder a la administración web de las listas. Vamos a crear el virtualhost para lists.capa8.net

root@lists:/etc/apache2/sites-available# vi lists.capa8.net
<VirtualHost *:80>

 ServerName lists.capa8.net
 ServerAdmin info@capa8.net
 DocumentRoot /usr/lib/cgi-bin/mailman/

 DirectoryIndex listinfo index.html

 ErrorLog /var/log/apache2/lists.capa8.net-error.log
 CustomLog /var/log/apache2/lists.capa8.net-access.log combined

 Alias /pipermail/ /var/lib/mailman/archives/public/
 Alias /images/mailman/ /usr/share/images/mailman/


 # Redirigeix automaticamnet a HTTPS
 RewriteEngine On
 RewriteCond %{HTTPS} off
 RewriteRule (.*) https://%{HTTP_HOST}%{REQUEST_URI}

</VirtualHost>

<IfModule mod_ssl.c>
<VirtualHost *:443>

 ServerName lists.capa8.net
 ServerAdmin info@capa8.net
 DocumentRoot /usr/lib/cgi-bin/mailman/

 DirectoryIndex listinfo index.html

 ErrorLog /var/log/apache2/lists.capa8.net-ssl-error.log
 CustomLog /var/log/apache2/lists.capa8.net-ssl-access.log combined

 Alias /pipermail/ /var/lib/mailman/archives/public/
 Alias /images/mailman/ /usr/share/images/mailman/

 # SSL Engine
 SSLEngine on
 SSLCertificateFile /etc/apache2/ssl/server.crt.insecure
 SSLCertificateKeyFile /etc/apache2/ssl/server.key.insecure


 <Directory /usr/lib/cgi-bin/mailman/>
 AllowOverride None
 Options ExecCGI
 AddHandler cgi-script .cgi
 Order allow,deny
 Allow from all
 </Directory>
 <Directory /var/lib/mailman/archives/public/>
 Options FollowSymlinks
 AllowOverride None
 Order allow,deny
 Allow from all
 </Directory>

 <Directory /usr/share/images/mailman/>
 AllowOverride None
 Order allow,deny
 Allow from all
 </Directory>

 ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin
 ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb
 ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm
 ScriptAlias /create /usr/lib/cgi-bin/mailman/create
 ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml
 ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo
 ScriptAlias /options /usr/lib/cgi-bin/mailman/options
 ScriptAlias /private /usr/lib/cgi-bin/mailman/private
 ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist
 ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster
 ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe
</VirtualHost>
</IfModule>

Habilitamos un par de módulos de apache y reiniciamos el servicio

root@lists:/etc/apache2/sites-available# a2enmod rewrite ssl
Enabling module rewrite.
Enabling module ssl.
See /usr/share/doc/apache2.2-common/README.Debian.gz on how to configure SSL and create self-signed certificates.
To activate the new configuration, you need to run:
  service apache2 restart
root@lists:/etc/apache2/sites-available# service apache2 restart
[....] Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
 ... waiting apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
. ok 

Cargamos el virtualhost

root@lists:/etc/apache2/sites-available# a2ensite lists.capa8.net

Ahora generamos las llaves. En este caso vamos a generar unas no validadas (inseguras), pero si queremos crear unas válidas seguimos este post.

root@lists:/etc/apache2/ssl# openssl req -nodes -newkey rsa:2048 -keyout server.key.insecure -out server.csr.insecure
root@lists:/etc/apache2/ssl# openssl x509 -req -in server.csr.insecure -signkey server.key.insecure -out server.crt.insecure

Y reiniciamos apache

root@lists:/etc/apache2/ssl# service apache2 restart
[....] Restarting web server: apache2apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
 ... waiting .apache2: Could not reliably determine the server's fully qualified domain name, using 127.0.0.1 for ServerName
. ok 

Una cosa útil será cambiar el password del administrador de listas

root@lists:/etc/apache2/ssl# cd /var/lib/mailman/bin
root@lists:/var/lib/mailman/bin# ./change_pw -a --password=passwordmailman
New mailman password: passwordmailman

Antes de seguir adelante vamos a cambiar un par de cosas del fichero de configuración de mailman (estamos omitiendo el cgi-bin en la url)

root@lists:/etc/mailman# vi mm_cfg.py 
#-------------------------------------------------------------
# If you change these, you have to configure your http server
# accordingly (Alias and ScriptAlias directives in most httpds)
#DEFAULT_URL_PATTERN = 'http://%s/cgi-bin/mailman/'
DEFAULT_URL_PATTERN = 'https://%s/'
PRIVATE_ARCHIVE_URL = '/private'
IMAGE_LOGOS         = '/images/mailman/'

Reiniciamos mailman para aplicar el cambio de la configuración

root@lists:/etc/mailman# service mailman restart
[ ok ] Restarting Mailman master qrunner: mailmanctl[....] Waiting...done.
. ok 

Arreglamos la configuración de las url

root@lists:/var/lib/mailman/bin# ./withlist -l -a -r fix_url -- -v
Importing fix_url...
Running fix_url.fix_url()...
Loading list mailman (locked)
Setting web_page_url to: https://lists.capa8.net/
Setting host_name to: lists.capa8.net
Saving list
Finalizing

Y ahora ya podemos acceder al administrador de listas via web:

https://lists.capa8.net

No entro con la administración de listas de mailman ya que esto da para otro post! :)

« »

guy fawkes