nixos/modules/services/mail/mailman.xml


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59

<chapter xmlns="http://docbook.org/ns/docbook"
         xmlns:xlink="http://www.w3.org/1999/xlink"
         xmlns:xi="http://www.w3.org/2001/XInclude"
         version="5.0"
         xml:id="module-services-mailman">
  <title>Mailman</title>
  <para>
    <link xlink:href="https://www.list.org">Mailman</link> is free
    software for managing electronic mail discussion and e-newsletter
    lists. Mailman and its web interface can be configured using the
    corresponding NixOS module. Note that this service is best used with
    an existing, securely configured Postfix setup, as it does not automatically configure this.
  </para>

  <section xml:id="module-services-mailman-basic-usage">
    <title>Basic usage</title>
    <para>
      For a basic configuration, the following settings are suggested:
      <programlisting>{ config, ... }: {
  services.postfix = {
    enable = true;
    relayDomains = ["hash:/var/lib/mailman/data/postfix_domains"];
    sslCert = config.security.acme.certs."lists.example.org".directory + "/full.pem";
    sslKey = config.security.acme.certs."lists.example.org".directory + "/key.pem";
    config = {
      transport_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
      local_recipient_maps = ["hash:/var/lib/mailman/data/postfix_lmtp"];
    };
  };
  services.mailman = {
    <link linkend="opt-services.mailman.enable">enable</link> = true;
    <link linkend="opt-services.mailman.serve.enable">serve.enable</link> = true;
    <link linkend="opt-services.mailman.hyperkitty.enable">hyperkitty.enable</link> = true;
    <link linkend="opt-services.mailman.hyperkitty.enable">webHosts</link> = ["lists.example.org"];
    <link linkend="opt-services.mailman.hyperkitty.enable">siteOwner</link> = "mailman@example.org";
  };
  <link linkend="opt-services.nginx.virtualHosts._name_.enableACME">services.nginx.virtualHosts."lists.example.org".enableACME</link> = true;
  <link linkend="opt-services.mailman.hyperkitty.enable">networking.firewall.allowedTCPPorts</link> = [ 25 80 443 ];
}</programlisting>
    </para>
    <para>
      DNS records will also be required:
      <itemizedlist>
        <listitem><para><literal>AAAA</literal> and <literal>A</literal> records pointing to the host in question, in order for browsers to be able to discover the address of the web server;</para></listitem>
        <listitem><para>An <literal>MX</literal> record pointing to a domain name at which the host is reachable, in order for other mail servers to be able to deliver emails to the mailing lists it hosts.</para></listitem>
      </itemizedlist>
    </para>
    <para>
      After this has been done and appropriate DNS records have been
      set up, the Postorius mailing list manager and the Hyperkitty
      archive browser will be available at
      https://lists.example.org/. Note that this setup is not
      sufficient to deliver emails to most email providers nor to
      avoid spam -- a number of additional measures for authenticating
      incoming and outgoing mails, such as SPF, DMARC and DKIM are
      necessary, but outside the scope of the Mailman module.
    </para>
  </section>
</chapter>