Mailman Configuration

Mailman

Download the mailman-2.1.39 tarball, uncompress it, then compile it and install it:

./configure --prefix=/usr/local/mailman --with-python=/usr/bin/python2.7  --with-mail-gid=nogroup
make
make install

Fix permissions with:

usr/local/mailman/bin/check_perms -f

/usr/local/mailman/bin/mailmanctl restart

Apache

Configure apache, use HTTPS through letsencrypt.

In bind, create A record for ml.ninux.org

$ORIGIN ninux.org.
ml                      A       176.111.173.140

Use certbot to obtain a letsencrypt certificate:

certbot --apache -d ml.ninux.org run 

Postfix

In main.cf

#DKIM
milter_default_action = accept
milter_protocol = 2
smtpd_milters = inet:localhost:8892
non_smtpd_milters = inet:localhost:8892

Use apache letsencrypt certificates also for postfix

smtpd_tls_cert_file=/etc/letsencrypt/live/ml.ninux.org/fullchain.pem
smtpd_tls_key_file=/etc/letsencrypt/live/ml.ninux.org/privkey.pem
smtpd_use_tls=yes

In master.cf

mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/local/mailman/bin/postfix-to-mailman.py ${nexthop} ${user}
policyd-spf  unix  -       n       n       -       0       spawn
  user=policyd-spf argv=/usr/sbin/postfix-policyd-spf-perl

DKIM

We use OpenDKIM

Generate a 2048 bits key

opendkim-genkey -b 2048 -d ml.ninux.org -D /etc/mail/dkim-keys/ml.ninux.org -s mail -v

/etc/opendkim.conf

Syslog                  yes
UMask                   002
Domain                  ml.ninux.org
KeyFile                 /etc/mail/dkim-keys/ml.ninux.org/mail.private
Selector                mail
Socket                  inet:8892@localhost
OversignHeaders         From

The DNS entry to be added to bind is in /etc/mail/dkim-keys/ml.ninux.org/mail.txt

DNS entries in bind for SPF, DMARC and DKIM

$ORIGIN ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"
ml                      A       176.111.173.140
                        MX      10 ml
                        TXT     "v=spf1 ip4:176.111.173.140 -all"
                        SPF     "v=spf1 ip4:176.111.173.140 -all"

$ORIGIN ml.ninux.org.
_dmarc                  TXT     "v=DMARC1\; p=none\; sp=none\; adkim=r\; aspf=r\; rua=mailto:nino@ninux.org\; ruf=mailto:nino@ninux.org\; fo=1\;"
mail._domainkey         TXT     "v=DKIM1\; h=sha256\; k=rsa\; " "p=MIIBI...NeyP" "a...B"

Verify with dig, e.g.

$ dig +short @1.1.1.1 mail._domainkey.ml.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"

$ dig +short @1.1.1.1 mail._domainkey.ninux.org TXT
"v=DKIM1; h=sha256; k=rsa; " "p=MIIBI...NeyP" "a...B"