Debian: Installing Mailman with Exim4

I recently installed Mailman with Exim4, which was a challenge considering all the manual configuration you have to do. I found a few guides on the install, but they didn’t seem to be “complete” enough to get the system working. Turns out, the biggest challenge was Exim4. The configuration files are confusing, especially since there are two sets of configuration files.

I used the following guide from http://www.debian-administration.org/article/Mailman_and_Exim4 as a baseline. I’ve added my own notes to make the install go through smoother. This is probably the best guide I’ve found so far on this topic. Debian allows for easy installation of the software packages, however the configuration is all manual work. 😉

Installing and Configuring Mailman

To install mailman, simply run the following command:

apt-get install mailman

During the install, you will be prompted to choose which languages you want mailman to support.

After the install is complete, follow the instructions given during the install and setup the Mailman-specific mailing list.

newlist mailman

There are just a few changes that must be made to the basic configuration. Open /etc/mailman/mm_cfg.py and edit the following items:

# Default domain for email addresses of newly created mailing lists
DEFAULT_EMAIL_HOST = 'list.example.org'

# Default host for the web interface of newly created mailing lists
DEFAULT_URL_HOST   = ‘list.example.org’

# Uncomment this. In this setup, the alias file won’t need to be changed.
MTA=None   # Misnomer, suppresses alias output on newlist

Restart mailman so that the configuration changes take effect:

/etc/init.d/mailman restart

Now would be a good time to set up any other mailing lists you will need using the same “newlist” command. If your list will be using anything other than the DEFAULT_URL_HOST we set up earlier as its web interface hostname, make sure to pass that to newlist with the -u flag.

Exim Configuration

Previously, you had to update the /etc/alias for each list you add on Mailman. This is no longer necessary with Exim. I strongly suggest using the split config since its much easier to locate the right section in the configuration file to modify.  By default, its setup as a single file so you will need to update the setting by running “dpkg-reconfigure exim4-config“. On the next to last screen, set the configuration on multiple files vs. a single file.

Create the files listed below.

/etc/exim4/conf.d/main/04_mailman_options:
# Mailman macro definitions

# Home dir for the Mailman installation
MM_HOME=/var/lib/mailman

# User and group for Mailman
MM_UID=list
MM_GID=list

#
# Domains that your lists are in – colon separated list
# you may wish to add these into local_domains as well
domainlist mm_domains=list.example.org

# The path of the Mailman mail wrapper script
MM_WRAP=MM_HOME/mail/mailman
#
# The path of the list config file (used as a required file when
# verifying list addresses)
MM_LISTCHK=MM_HOME/lists/${lc::$local_part}/config.pck

/etc/exim4/conf.d/router/450_mailman_aliases:
mailman_router:
  driver = accept
  domains = +mm_domains
  require_files = MM_LISTCHK
  local_part_suffix_optional
  local_part_suffix = -admin : \
    -bounces   : -bounces+*  : \
    -confirm   : -confirm+*  : \
    -join      : -leave      : \
    -owner     : -request    : \
    -subscribe : -unsubscribe
  transport = mailman_transport


/etc/exim4/conf.d/transport/40_mailman_pipe:
mailman_transport:
  driver = pipe
  command = MM_WRAP \
    '${if def:local_part_suffix \
    {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
    {post}}' \
    $local_part
  current_directory = MM_HOME
  home_directory = MM_HOME
  user = MM_UID
  group = MM_GID


After you finish creating the various configuration files, run the following commands to build the updated configuration file and restart exim:
update-exim4.conf
/etc/init.d/exim4 restart

Apache Configuration

mailman uses CGI to create a web interface for its mailing lists. We need to configure Apache in order to get this piece working. First create a file to store some new aliases for the web server.

/etc/apache2/conf.d/mailman:
Alias /pipermail /var/lib/mailman/archives/public
Alias /images/mailman /usr/share/images/mailman
<directory /var/lib/mailman/archives/public>
    DirectoryIndex index.html
</directory>

Then create (or edit) a VirtualHost entry to allow the scripts to run.

/etc/apache2/sites-available/list.example.org:
<virtualhost *:80>
        ServerName list.example.org
        ServerAdmin [email protected]
        DocumentRoot /var/www/
        <directory /var/www/>
                Options Indexes FollowSymLinks MultiViews
                AllowOverride None
                Order allow,deny
                allow from all
                # This directive allows us to have apache2's default start page
                # in /apache2-default/, but still have / go to the right place
                RedirectMatch ^/$ /cgi-bin/mailman/listinfo
        </directory>
If this is a new file, remember to symlink it to the sites-enabled directory.

        ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/
        <directory “/usr/lib/cgi-bin”>
                AllowOverride None
                Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
                Order allow,deny
                Allow from all
        </directory>
</virtualhost>

Finally, restart Apache so that the changes take effect.
/etc/init.d/apache2 restart

Mailman troubleshooting:

If your lists are not showing up on the website, you will need to change
/var/lib/mailman/Mailman/Defaults.py

In the section “VIRTUAL_HOST_OVERVIEW“, set it to “No“.
Restart Mailman /etc/init.d/mailman restart

Locking down the Create Lists “feature”
e.g. If you have the proper authority, you can also create a new mailing list
By default, Mailman leaves the Create Lists feature wide open so anyone can create new lists. For most places, this is a bad thing.  To lock it down, go to your Apache2 configuration to block access to the folder.  Go to /etc/apache2/site-enabled/000-default (if you only have 1 web host on the server) and find the section before

ScriptAlias /cgi-bin/ /usr/lib/cgi-bin/

Add the following above the ScriptAlias line:

<Location /cgi-bin/mailman/create>
Allow from [YOUR IP]
Deny from all
</Location>

Restart Apache2 and the creation of lists should now be limited to your computer only.

Exim4 troubleshooting:

ERROR: Low level smtp error: (111,’Connection refused’)

This basically means a few things.

First, is your hostname a FQDN? Fully qualified domain name. Basically, it needs to be “mysite.com” as opposed to just “mysite”.  Go to /etc/hosts file. Is 127.0.0.1 setup as localhost and 127.0.1.1 setup as mydomain.com?

Second, your firewall could be interferring. If your iptables rules are too strict, then you won’t be able to connect to your own smtp port.  To test, run “telnet localhost 25”
If you get a connection refused or it hangs, then this means a few things.

Third, Exim4 is not configured properly. Run “dpkg-reconfigure exim4-config”
Make sure your sendmail is setup to be an “internet site” so that other computers can send email to it. Set relay domains to blank. And make sure the configration is setup using the multiple configuration files.

ERROR: 550 relay not permitted
This has to do with Mailman unable to send email to the clients due to the relay setting in Exim not being configured properly. If you get this far, Exim is able to take the e-mail posts and route it to the Mailman. In Exim, make sure localhost has permission to post messages. Run “dpkg-reconfigure exim4-config”  In the relay network option, set them to: “127.0.1.1;127.0.0.1”. This will allow your computer to send email out. By default, Mailman sends everything through localhost, so it needs to match up with Exim. To verify whether you can connect, make sure you can “telnet localhost 25”.