Mailman3 on a VPS using VirtualEnv and and a Third Party SMTP service

Initial Notes

I’ll edit this post as I discover new things, and may not explicitly mark any changes

I installed Mailman3 on a cheap VPS using the instructions at https://docs.mailman3.org/en/latest/install/virtualenv.html. I’m using Mailersend to send the emails, but receiving emails in the server using postfix.

I ran into several difficulties

It helps to have gnu-screen installed so you can switch between a screen in which you’re signed on as mailman and one in which you’re signed on as a standard sudo privileged user

Dependencies

The dependencies should include gcc gettext and . So..

sudo apt install python3-dev python3-venv sassc lynx

should be

sudo apt install python3-dev python3-venv sassc lynx gcc gettext

/bin/bash

On my server, bash isn’t at /usr/bin/bash, it’s just /bin/bash. so instead of ..

sudo useradd -m -d /opt/mailman -s /usr/bin/bash mailman

use ..

sudo useradd -m -d /opt/mailman -s /bin/bash mailman

psycopg2

As the notes suggest, you don’t have to hold back the version of psycopg2-binary anymore. So instead of

(venv)$ pip install wheel mailman psycopg2-binary\<2.9

use

(venv)$ pip install wheel mailman psycopg2-binary

/etc/mailman3/mailman.cfg

The instructions don’t say specifically, but you’ll have to create the /etc/mailman3 folder

Follow instructions that are in the content of the file to create mailman-hyperkitty.cfg. Change the example passwords, keys, and email addresses

Apache2 Mods

I’m using Apache, so the appropriate mods have to be enabled

a2enmod proxy_http a2enmod proxy a2enmod headers

Gunicorn

I’m using Gunicorn. The instructions have you create a file /etc/mailman3/gunicorn.conf but Gunicorn throws a warning about the file name because it wants it to have a python extension.
So add .py to the end of the file name and make it /etc/mailman3/gunicorn.conf.py.

You’ll also have to change the reference to that file in the ExecStart line in /etc/systemd/system/mailmanweb.service

EMAIL_HOST parameters – using a third party smtp service

(This has been extremely frustrating)

I put the following code in /etc/mailman3/settings.py

EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'smtp.my_external_smtp_service.com'
EMAIL_PORT = 587
EMAIL_HOST_USER = 'the_user_name_my_smtp_service_gave_me'
EMAIL_HOST_PASSWORD = 'the_password_my_smtp_service_gave_me'
EMAIL_USE_TLS = True

and Mailman3 seemes to ignore it all. But what’s truly frustrating is when I did a test using mailman-web sendtestemail (iaw https://docs.mailman3.org/en/latest/config-web.html), it worked fine. But in operation, if I send an email to an email list, that email won’t be forwarded to list members using those parameters

In retrospect, I understand why. It’s not mailman-web’s job to forward to email lists. That task belongs to mailman core. But for anyone following instructions trying to get this to work, it could be frustrating.

I think those parameters have to remain in settings.py for mailman-web to work (not sure, I’ll test it eventually), but also those parameters go in /etc/mailman3/mailman.cfg as

incoming: mailman.mta.postfix.LMTP
outgoing: mailman.mta.deliver.deliver
lmtp_host: 127.0.0.1
lmtp_port: 8024
smtp_host: smtp.my_external_smtp_service.com
smtp_port: 587
smtp_secure_mode: STARTTLS
smtp_user: the_user_name_my_smtp_service_gave_me
smtp_pass: the_password_my_smtp_service_gave_me

With those parameters in mailman.cfg, it works fine so far

DMARC Mitigation

This may be important to anyone using an external SMTP service

I got to the point where all of the admin messages were going out fine, but the messages to list members were being rejected by my SMPT service, Mailsend.

The problem was I was sending test messages from a domain that wasn’t verified by Mailsend. Which makes sense because the whole world of people who might send a message to the list won’t all have domains verified in my Mailsend account.

The solution is to set DMARC Mitigation in the list settings (as of my writing this, I don’t know of a global setting or a way of changing the default setting, so this has to be done for each list)

This can be done through the web site. In the settings for you list, click ‘DMARC Mitigations’ in your side bar. Pick the ‘Replace..’ or ‘Wrap..’ option – I chose Replace, and click ‘Yes’ for unconditionally.

With this setting, even if someone sends an email from someone@someemail.com, the forwarded message will be from your domain.

Advertisement

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.