[Mailman-Users] Mailman with remote smtp

[Brad Knowles]

On 7/13/07, Meenal Pant wrote:

>  webserver.foo.com is the Mailman webserver where lists are hosted and
>  smtp.foo.com is the mailserver. Both machines have sendmail running on
>  them. I have created a mail alias on smtp.foo.com  for every list hosted
>  on webserver.foo.com.

A simpler way to set this up would be to use a different hostname for 
the mailing lists, and externally you advertise in the DNS that mail 
for this machine is handled on smtp.example.com.  However, internally 
in the mail server configuration, you set it up to automatically 
forward everything it gets for lists.example.com over to 
webserver.example.com.  This way you don't have to keep creating 
aliases on smtp.example.com for the various different mailing lists, 
but you still keep the same functionality.

>                         fetchmail runs on webserver.foo.com and pops email
>  from these accounts on smtp.foo.com and these mails are then posted to
>  the lists based on aliases defined in /etc/alias on webserver.foo.com

You don't really need fetchmail in this process, although you can 
make it work -- obviously.

>  The problem is that this method is no at all scalable and portable.  Is
>  there a  better way of doing this ?

Any time you talk about splitting these functions up, you're going to 
have some more work to do to maintain the whole system.

However, one of the key ways to achieve higher scalability is 
precisely to split the functions up across multiple machines, so 
everything depends on *how* you split things up.

>  I am using a remote smtp server due to security issues.

What security issues?

>                                                           I do not want to
>  open any ports on the webserver.

Well, you're going to have a pretty hard time running a web server if 
you don't have any ports open.

>                                    However fetchmail requires running
>  sendmail in daemon mode ( listening at port 25).

If that's true, then it's only needed on the localhost interface 
(IPv4 address 127.0.0.1).  You can set things up so that it ignores 
all the other ports, and fetchmail should be fine passing things off 
to the copy that can only accept connections from the local machine.

IMO, fetchmail should be able to be set up so that it can use a 
command-line instance of sendmail that doesn't require any ports to 
be opened.

Of course, as I explained above, you shouldn't need fetchmail at all.

>                                                    Is there a good
>  security solution if I decide to run an smtp server and the mailman
>  webserver on the same machine ?

What do you mean "good security solution"?  This is the preferred 
method of setting up Mailman, and most sites run it this way.  What 
problem do you have with that?

-- 
Brad Knowles <brad at shub-internet.org>, Consultant & Author
LinkedIn Profile: <http://tinyurl.com/y8kpxu>
Slides from Invited Talks: <http://tinyurl.com/tj6q4>

09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0