angatar / mailman2 Goto Github PK

Hi!

Really appreciate your hard work in building out this image, it made deployment a breeze for us :)

We need to disable the use of TLS 1.0 and 1.1 for our deployment (specifically for port 465), as they fail our compliance checks. It doesn't seem that Exim is using the /etc/ssl/openssl/cnf config (which specifies MinProtocol = TLSv1.2). It looks like Exim may use gnuTLS instead, though there isn't an existing config for this that I could find. Attempts to create this manually /etc/gnutls/config with the relevant config values inside didn't appear to make a difference.

I could be completely off base with what I've tried so far, so would really appreciate some guidance on how I might go about resolving this.

Thanks in advance!

I am currently running this on multiple domains but it requires some manual changes to configuration files which are obviously a bit annoying because they do not survive the respawn of a container via docker or docker compose.
The changes needed are the following:

1. Add a line for each extra domain to mm_cfg.py in the following way:

add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
add_virtualhost('lists.additional_domain_1.org', 'additional_domain_1.org')
add_virtualhost('lists.additional_domain_2.org', 'additional_domain_2.org')

2. add all the relevant hostnames to /etc/exim4/update-exim4.conf.conf

# this is necessary otherwise exim will throw error 550 and reject relay
dc_other_hostnames=primary_domain.org:additional_domain_1.org:additional_domain_2.org

and to /etc/exim4/conf.d/main/04_mailman_options

domainlist mm_domains=primary_domain.org:additional_domain_1.org:additional_domain_2.org

With these changes mailman can handle multiple lists just fine.
It would be nice if we could please integrate this with the current RUN.sh script. Probably the easiest would be to introduce two new ENV variables: URL_VIRTUAL_HOSTS and EMAIL_VIRTUAL_HOSTS

Then in RUN.sh something like that:

# Convert comma-separated lists into arrays
IFS=',' read -r -a url_hosts_array <<< "$URL_VIRTUAL_HOSTS"
IFS=',' read -r -a email_hosts_array <<< "$EMAIL_VIRTUAL_HOSTS"

# Check if the arrays have the same length
if [ ${#url_hosts_array[@]} -ne ${#email_hosts_array[@]} ]; then
    echo "The lists have different lengths."
    exit 1
fi

# Add virtual hosts to /etc/mailman/mm_cfg.py
for ((i = 0; i < ${#url_hosts_array[@]}; ++i)); do
    echo "add_virtualhost('${url_hosts_array[$i]}', '${email_hosts_array[$i]}')" >> $mailmancfg
done

# Construct the domain list for Exim configuration
domain_list="$PRIMARY_DOMAIN"
for email_host in "${email_hosts_array[@]}"; do
    domain_list+=":$email_host"
done

# Update /etc/exim4/update-exim4.conf.conf - not quite compatible with the current strategy based on sed
echo "dc_other_hostnames='$domain_list'" >> /etc/exim4/update-exim4.conf.conf

# Update /etc/exim4/conf.d/main/04_mailman_options
echo "domainlist mm_domains='$domain_list'" >> /etc/exim4/conf.d/main/04_mailman_options

echo "Configuration updated successfully."

I tried to add the generated DKIM key to my DNS setup and got the error:

The following errors have occurred:-

The Value cannot be longer than 255 characters.

The generated value appears to be about 400 characters. It is necessary to split the generated key into sections by inserting '" "' every so often. Maybe an update to your scripts, or to the docs, would be in order.

All other things are working fine, thank you (other than that gmail would not accept mails from sites without a valid DKIM).

I can't get to the admin interface to configure lists. The image is run with podman, but docker will likely get the same results.

$ podman run -d --name mailman2 -p 127.0.0.1:8080:80 -e URL_ROOT= docker.io/d3fk/mailman2
b0fff7047eea84e8ecabee861568cabdcc055ad341c46892669bb388322cb3ea

$ curl 127.0.0.1:8080
<html><h2>Welcome to lists.example.com</h2></html>
$ curl 127.0.0.1:8080/admin
<head><title>Bug in Mailman version 2.1.29</title></head>
<body bgcolor=#ffffff><h2>Bug in Mailman version 2.1.29</h2>
<p><h3>We're sorry, we hit a bug!</h3>

<p>Please inform the webmaster for this site of this
problem.  Printing of traceback and other system information has been
explicitly inhibited, but the webmaster can find this information in the
Mailman error logs or the web server logs.

Hi,

First of all I am very impressed by your Mailman 2.1 container, works very nicely thank you :)

I have noticed that the below section adds a new line every time the container is restarted to /etc/mailman/mm_cfg.py

I have tested a fix locally that resolves this:

if ! grep 'DEFAULT_URL_PATTERN' $mailmancfg; then
   if [ $URL_PATTERN != "http" ]; then
      echo "DEFAULT_URL_PATTERN = 'https://%s/${URL_ROOT}'" >> $mailmancfg
   else
      echo "DEFAULT_URL_PATTERN = 'http://%s/${URL_ROOT}'" >> $mailmancfg
   fi
fi

Thanks

Daniel

I am using mailman2:stable and, after some faffing about, I have it running on self-signed certificates. However I note that if I want to supply my own certificates that the Dockerfile exposes the exim ssl directory, but not the apache ssl locations: /etc/ssl/certs/ssl-cert-snakeoil.pem and /etc/ssl/private/ssl-cert-snakeoil.key. Also, those paths do not appear to be configurable in any way.

It therefore appears to be impossible to run this with SSL_SELFSIGNED=false.

Have i missed something?

Hi!

I just deployed your image with docker-compose.
Used this environment file:
HOSTNAME=lists
DOMAINNAME=mydomain.hu
URL_HOST=lists.mydomain.hu
URL_ROOT=""
URL_PATTERN=https
SSL_FROM_CONTAINER=true
SSL_SELFSIGNED=false
EMAIL_HOST=lists.mydomain.hu
ENABLE_SPF_CHECK=false
LIST_ADMIN=[email protected]
MASTER_PASSWORD=supersecretpassword
PGID=1000
PUID=1000

Everything is fine, i can create new lists, i can manage it, i can add user to it. Except the email sending itself.
I got this error for every email sending try:
F=[email protected] rejected RCPT [email protected]: relay not permitted
Its sound like an exim issue for me. I used postfix everywhere so im no familiar with exim config.

I only use the lists.mydomain.hu for he WEB URL and for the EMAIL host too.
Can you help me out what i do wrong?
Thx!
Peter

Hi all,

I'm looking for an example docker-compose file to deploy a test instance of this tool (I'm really not a Docker expert): would anyone mind sharing one?

Thanks in advance for any help!

I am using the docker-compose variant which works fine until I reboot my docker host. After that emails to maillists are accepted but not conveyed any longer.

I investigated this issue futher and found out that mailan's qrunner lock files are not deleted when stopping the container. Manually deleting the files solved the problem temporarily: docker-compose exec mailman bash -c "rm -f /var/run/lock/mailman/*"; docker-compose restart

I also observed that docker-compose stop takes 10 seconds - thats the default timeout after which the processes are forcibly terminated. Increasing the timeout (compose option stop_grace_period: 3m ) leads to same result.

I shortly inspected /run.sh. Here the mailman process is started by /etc/init.d/mailman start but never stopped when catching a SIGTERM signal. Consequently a container restart does not cleanup the locks which inhibits queue processing.

See title.

cron might need syslog, too.

Hi,

I am migrating lists from another server to a new image. My process is as follows:
tar up the following directories on the old server:

/var/lib/mailman/archives/private/[list].mbox
/var/lib/mailman/archives/private/[list]
/var/lib/mailman/lists/[list]/

and then I untar them on the container - I have mounted volumes as follows:
-v $(pwd)/lists:/var/lib/mailman/lists
-v $(pwd)/archives:/var/lib/mailman/archives \

I execute a shell on the docker image:
docker exec -it mailman /bin/bash

and check the permissions (repeat if it fails):
/usr/lib/mailman/bin/check_perms -f

I then fix the links:
/usr/lib/mailman/bin/withlist -l -r fix_url [list] -v -u [website url]

At this point I can browse all of my archives.

I send an email to the list address and it arrives at the server - /var/log/exim4/mainlog shows:
2021-04-16 15:46:28 1lXQfs-0000zK-5y <= mjudd@sa.[tld] H=(sa.[tld]) [redacted ip] P=esmtps X=TLS1.0:DHE_RSA_AES_256_CBC_SHA1:256 CV=no S=1565 id=d7ae7820-a057-aeb7-03c1-b5d8190774b2@sa.[tld]
2021-04-16 15:46:28 1lXQfs-0000zK-5y => tech <[email protected].[tld]> R=mailman_router T=mailman_transport
2021-04-16 15:46:28 1lXQfs-0000zK-5y Completed

As I understand it, all of the subscribed users on the list should receive a copy of that email - but they do not.

Have I missed a step in the migration ? Do I need to regenerate some aliases ??
Thanks for any help you might be able to provide.

None of the mailman aliases in /etc/aliases work. Exim issues pipe_transport unset in system_aliases router

The solution is something like:

.ifndef SYSTEM_ALIASES_PIPE_TRANSPORT
SYSTEM_ALIASES_PIPE_TRANSPORT = address_pipe
SYSTEM_ALIASES_USER = Debian-exim
SYSTEM_ALIASES_GROUP = daemon
.endif

somewhere in the main section of the split config.

Hi,
I've copied the dkim TXT record to my DNS and I am receiving a syntax error:

listsdkim._domainkey.lists.sa.[tld] IN TXT "v=DKIM1; k=rsa; p=MIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEA75p6i6YYw51PuRd9eSGgVwC09+d8PNSEX6m2qxb3GF0hlUzjFkR2uab0j9fLigNSI4cfqR6XDL5wFqf4VOuiOqvRsdgQgYf+3RFLZgKy+YwcKNHPYrKcwnXQZSKaJylJ9X9DlqJFAVr4m6XdOowCuVAtIJdsAh2eJ9HbkUGuqVVl+kobR7HzFGt7Yo6bdaQaQu8v70mejGg7YYaf3jaGg1knVJS2rz5ay3Di3xBjxRewRic0L3PO5c5onyCtOLSkrCuhg7oV+FaIqpQ50EG/BYJJHNChn0e1DP5T34o2fK/audQyCtaNzEujSO2nvTrfu2k//2app2QvgRZmnEj6CwIDAQAB"

[tld] = I removed my domain name

The error in bind is:
dns_rdata_fromtext: /etc/bind/primary/sa/sa:275: syntax error

I can generate a separate dkim which does work:

lists._domainkey.sa.[tld] IN TXT "v=DKIM1;t=s;p=MIGfMA0GCSqGSIb3DQEBAQUAA4GNADCBiQKBgQDHaugpuWW72XLAGF+jXTALY89jpYUYt2Ca7j9tH2DXU7SDp8T1XcU3Ol5oLX5w8wGwTs/G361Rr4/W98c37LFoZWkte21JO9TGB944jqIkL1FXbJF4GsaDmetcaGO63ICAzBbNIx/8cdwlvbVTdFWsvWgf4DCyIVvhwr+8qc42hwIDAQAB"

Any ideas? Can I just use my key ? Can i update the private key somewhere on the image ?

Thanks for any help you can provide.