pyrox.dev / nixpkgs
lol
fork atom
nixpkgs / nixos / modules / services / mail / mailman.md
at master 3.3 kB view raw view rendered
1# Mailman {#module-services-mailman} 2 3[Mailman](https://www.list.org) is free 4software for managing electronic mail discussion and e-newsletter 5lists. Mailman and its web interface can be configured using the 6corresponding NixOS module. Note that this service is best used with 7an existing, securely configured Postfix setup, as it does not automatically configure this. 8 9## Basic usage with Postfix {#module-services-mailman-basic-usage} 10 11For a basic configuration with Postfix as the MTA, the following settings are suggested: 12```nix 13{ config, ... }: 14{ 15 services.postfix = { 16 enable = true; 17 settings.main = { 18 transport_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; 19 local_recipient_maps = [ "hash:/var/lib/mailman/data/postfix_lmtp" ]; 20 relay_domains = [ "hash:/var/lib/mailman/data/postfix_domains" ]; 21 smtpd_tls_chain_files = [ 22 (config.security.acme.certs."lists.example.org".directory + "/full.pem") 23 (config.security.acme.certs."lists.example.org".directory + "/key.pem") 24 ]; 25 }; 26 }; 27 services.mailman = { 28 enable = true; 29 serve.enable = true; 30 hyperkitty.enable = true; 31 webHosts = [ "lists.example.org" ]; 32 siteOwner = "mailman@example.org"; 33 }; 34 services.nginx.virtualHosts."lists.example.org".enableACME = true; 35 networking.firewall.allowedTCPPorts = [ 36 25 37 80 38 443 39 ]; 40} 41``` 42 43DNS records will also be required: 44 45 - `AAAA` and `A` records pointing to the host in question, in order for browsers to be able to discover the address of the web server; 46 - An `MX` record pointing to a domain name at which the host is reachable, in order for other mail servers to be able to deliver emails to the mailing lists it hosts. 47 48After this has been done and appropriate DNS records have been 49set up, the Postorius mailing list manager and the Hyperkitty 50archive browser will be available at 51`https://lists.example.org/`. Note that this setup is not 52sufficient to deliver emails to most email providers nor to 53avoid spam -- a number of additional measures for authenticating 54incoming and outgoing mails, such as SPF, DMARC and DKIM are 55necessary, but outside the scope of the Mailman module. 56 57## Using with other MTAs {#module-services-mailman-other-mtas} 58 59Mailman also supports other MTA, though with a little bit more configuration. For example, to use Mailman with Exim, you can use the following settings: 60```nix 61{ config, ... }: 62{ 63 services = { 64 mailman = { 65 enable = true; 66 siteOwner = "mailman@example.org"; 67 enablePostfix = false; 68 settings.mta = { 69 incoming = "mailman.mta.exim4.LMTP"; 70 outgoing = "mailman.mta.deliver.deliver"; 71 lmtp_host = "localhost"; 72 lmtp_port = "8024"; 73 smtp_host = "localhost"; 74 smtp_port = "25"; 75 configuration = "python:mailman.config.exim4"; 76 }; 77 }; 78 exim = { 79 enable = true; 80 # You can configure Exim in a separate file to reduce configuration.nix clutter 81 config = builtins.readFile ./exim.conf; 82 }; 83 }; 84} 85``` 86 87The exim config needs some special additions to work with Mailman. Currently 88NixOS can't manage Exim config with such granularity. Please refer to 89[Mailman documentation](https://mailman.readthedocs.io/en/latest/src/mailman/docs/mta.html) 90for more info on configuring Mailman for working with Exim.