Mailman Configuration

Mailman

Download the mailman-2.1.39 tarball, uncompress it, then compile it and install it:

./configure --prefix=/usr/local/mailman --with-python=/usr/bin/python2.7  --with-mail-gid=nogroup
make
make install

Fix permissions with:

usr/local/mailman/bin/check_perms -f

/usr/local/mailman/bin/mailmanctl restart

Apache

Configure apache, use HTTPS through letsencrypt.

Postfix

pipe to opendkim and spamassassin.

Use apache letsencrypt certificates also for postfix.

DKIM

We use OpenDKIM

Generate a 2048 bits key

opendkim-genkey -b 2048 -d ml.ninux.org -D /etc/mail/dkim-keys/ml.ninux.org -s mail -v

/etc/opendkim.conf

Syslog                  yes
UMask                   002
Domain                  ml.ninux.org
KeyFile                 /etc/mail/dkim-keys/ml.ninux.org/mail.private
Selector                mail
Socket                  inet:8892@localhost
OversignHeaders         From

The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt

DNS entries in bind for SPF, DMARC and DKIM

$ORIGIN ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
ml                      A       176.111.173.140
                        MX      10 ml
                        TXT     "v=spf1 ip4:176.111.173.140 -all"
                        SPF     "v=spf1 ip4:176.111.173.140 -all"

$ORIGIN ml.ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"

Verify with dig, e.g.

$ dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"

$ dig +short @1.1.1.1 mail._domainkey.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"