Lists.wikimedia.org

Revision as of 16:00, 3 January 2007

The new Mailman setup lives on lily, and uses the standard Ubuntu package mailman. The mailing list state is under /var/lib/mailman/, the global configuration is in /etc/mailman/.

The mail server used is Exim, the web server used is lighttpd.

Mailman setup

Mailman has fairly reasonable default values, and doesn't need a lot of changes from the defaults. The following settings were modified in /etc/mailman/mm_cfg.py:

# If you change these, you have to configure your http server
# accordingly (Alias and ScriptAlias directives in most httpds)
DEFAULT_URL_PATTERN = 'http://%s/mailman/'
PRIVATE_ARCHIVE_URL = '/mailman/private'

# Default domain for email addresses of newly created MLs
DEFAULT_EMAIL_HOST = 'lists.wikimedia.org'
# Default host for web interface of newly created MLs
DEFAULT_URL_HOST   = 'lists.wikimedia.org'

Exim recognizes which lists exist under @lists.wikimedia.org, so aliases are only needed in other domains:

# Uncomment this if you configured your MTA such that it
# automatically recognizes newly created lists.
# (see /usr/share/doc/mailman/README.{EXIM,...})
# MTA=None   # Misnomer, suppresses alias output on newlist
MTA=None

# Set Reply-To to the list by default
DEFAULT_REPLY_GOES_TO_LIST = 0

Mail server setup

Routers

In Exim, the routers determine if a certain e-mail address is accepted for delivery or mail transport, and how it's going to be handled (routed). For Mailman, the following list router accepts a recipient that:

• has a domain in the domain list mailman_domains
• has a Mailman configuration file matching the local part (i.e. the mailing list exists)

Certain postfixes of the localpart, e.g. "-bounces" are accepted as well.

When the router accepts the recipient address, it's set up for delivery using the list transport (see below).

# Mailman list handling

list:
        driver = accept
        domains = +mailman_domains
        require_files = MAILMAN_LISTS_HOME/lists/$local_part/config.pck
        local_part_suffix_optional
        local_part_suffix = -bounces : -bounces+* : \
                                -confirm+* : -join : -leave : \
                                -owner : -request : -admin : \
                                -subscribe : -unsubscribe
        transport = list
        no_more

If the conditions for this router fail (i.e. the router is not run) then no subsequent routers will be tried (in the current configuration there are none that might accept), and the recipient address is failed.

Transports

An Exim transport configures a way of transporting a message, e.g. over the network (SMTP), to a file (MBOX/Maildir/etc) or using a pipe to a process. The following transport sets up delivery to Mailman:

# Mailman pipe transport

list:
        driver = pipe
        command = MAILMAN_WRAP \
                '${if def:local_part_suffix \
                        {${sg{$local_part_suffix}{-(\\w+)(\\+.*)?}{\$1}}} \
                        {post}}' \
                $local_part
        current_directory = MAILMAN_LISTS_HOME
        home_directory = MAILMAN_LISTS_HOME
        user = MAILMAN_UID
        group = MAILMAN_GID

For content scanning, temporary mbox files are written to /var/spool/exim4/scan, and deleted after scanning. To improve performance somewhat, this directory is mounted as a tmpfs filesystem, using the following line in /etc/fstab:

tmpfs   /var/spool/exim4/scan   tmpfs   defaults        0       0

Web server setup

To get Mailman running with lighttpd, a couple of small changes had to be made to the default configuration file. mod_cgi and mod_redirect need to be loaded:

server.modules              = (
           "mod_access",
           "mod_alias",
           "mod_accesslog",
           "mod_redirect",
           "mod_cgi",
)

To make path /mailman/ invoke the correct CGI scripts, use:

# Mailman
alias.url = (
       "/mailman/"     => "/usr/lib/cgi-bin/mailman/",
       "/pipermail/"   => "/var/lib/mailman/archives/public/",
       "/images/"      => "/usr/share/images/",
)

url.redirect = (
       "^/(index\.html?)?$"    => "http://meta.wikimedia.org/wiki/Mailing_lists/overview",
       "^/mailman/?$"          => "/mailman/listinfo"
)

$HTTP["url"] =~ "^/mailman/" {
       cgi.assign = ( "" => "" )
}

See also http://www.gnu.org/software/mailman/mailman-install/node10.html

SpamAssassin

SpamAssassin is installed using the default Ubuntu spamassassin package. A couple of configuration changes were made.

By default, spamd, if enabled, runs as root. To change this:

# adduser --system --home /var/lock/spamassassin --group --disabled-password --disabled-login spamd

The following settings were modified in /etc/default/spamassassin:

# Change to one to enable spamd
ENABLED=1

User preferences are disabled, spamd listens on the loopback interface only, and runs as user/group spamd:

OPTIONS="--max-children 5 --nouser-config --listen-ip=127.0.0.1 -u spamd -g spamd"

Run spamd with nice level 10:

# Set nice level of spamd
NICE="--nicelevel 10"

Tested failure modes

Because mail delivery and transport should be reliable, I have tested what happens in certain failure modes, e.g. when SpamAssassin's spamd daemon is not running.

Spamd not running

Because of the /defer_ok modifiers in the Exim ACLs, Exim will act as if no spam filtering attempts are made when spamd is not running, and will accept the message. The following lines are logged:

spam acl condition: warning - spamd connection to 127.0.0.1, port 783 failed: Connection refused
spam acl condition: all spamd servers failed
H=xxx.xxxxxxx.xx [xx.xx.xx.xx]:xxxx I=[145.97.39.157]:25 U=exim Warning: ACL "warn" statement skipped: condition test deferred

TODO

• Mail server configuration fine tuning
• Mail server configuration documentation
• Mailman configuration fine tuning
• Spam filtering (current config?)
• htdig
• Backup MX
• Automatic mailing list index script (also, 404 handlers, robots.txt...)
• Migrating existing mailing lists, with announcements
• Redirection of old URL to new
• DNS Resolver
• Monitoring
• Backups

Migration

Configuration files can be copied to lily just fine. Variables that may need to be changed are:

• reply_to_address
• host_name

Most of these can probably be done automatically. Not present in the dumped list configuration file is the list's URLs. A fix_url withlist script is provided to change this.

Archives can be copied by just transferring the .mbox file, and then rebuilding the archive from scratch with arch --wipe.

Old setup

Mailing lists live in /usr/local/mailman/ on goeje.

The current setup:

• Does not use VERP
• Does not use a separate lists domain

The templates for list messages etc. are in /usr/local/mailman/template/<langcode>; these can be customised per-list by copying them to /usr/local/mailman/lists/<listname>/<langcode>/ and editing them. Make sure they're still writable by Apache otherwise the mailman web interface doesn't work! (this means they have to be owned by group mailman and be g+w)

To add a new list:

 /usr/local/mailman/bin/newlist

Ensure /usr/local/mailman/aliases.mailman is up-to-date after doing this, and run newaliases and postfix reload.

The old symlink from /home/mailman to /usr/local/mailman has been removed as of February 15, 2006. Make sure any old directions and config files are updated to reflect this.

List archives are being removed from robots.txt as of November 3, 2006 to reduce annoying complaints about peoples' names appearing on google.

• How to remove a message from mailing list archive
• Mailman-htdig integration for searching