Difference between revisions of "E-mail"
(52 intermediate revisions by 4 users not shown) | |||
Line 1: | Line 1: | ||
− | + | = Centos 7 Setup = | |
+ | |||
+ | ; Read [https://wiki2.dovecot.org/Migration Dovecot Migration] - Good background info. | ||
+ | ; Look at [https://www.server-world.info/en/note?os=CentOS_7&p=mail Quick Install Postfix] | ||
+ | |||
+ | == Postfix == | ||
+ | |||
+ | * Merge the old einstein main.cf into the new one. | ||
+ | * Merge the old einstein master.cf into the new one. | ||
+ | * copy bottom part of /etc/aliasses into new one. | ||
+ | * copy nis-peers domains recipients-bcc from old einstein | ||
+ | * RUN: | ||
+ | postmap /etc/postfix/virtual | ||
+ | postmap /etc/postfix/domains | ||
+ | postmap /etc/postfix/nis-peers | ||
+ | postmap /etc/postfix/recipients-bcc | ||
+ | |||
+ | Start postfix and see if there are errors: | ||
+ | systemctl start postfix.service | ||
+ | journalctl -u postfix.service | ||
+ | |||
+ | Test. Note to not send the email to a NPG email address! | ||
+ | echo "Test 2" | mail -s "Test 2" holtrop@jlab.org | ||
+ | journalctl -u postfix --since "4 minutes ago" | ||
+ | |||
+ | == Spamassassin == | ||
+ | |||
+ | * Merge /etc/mail/spamassassin/local.cf | ||
+ | |||
+ | == Dovecot == | ||
+ | |||
+ | ; Read [https://wiki2.dovecot.org/QuickConfiguration QuickConfiguration] | ||
+ | |||
+ | doveconf -n -c old_einstein/dovecot.conf > test_new_dovecot.conf | ||
+ | |||
+ | This gives the following warnings: | ||
+ | |||
+ | doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:20: 'imaps' protocol is no longer necessary, remove it | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:20: 'pop3s' protocol is no longer necessary, remove it | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:93: ssl_cert_file has been replaced by ssl_cert = <file | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:94: ssl_key_file has been replaced by ssl_key = <file | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:131: login_dir has been removed | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:135: login_chroot has been replaced by service { chroot } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:141: login_user has been replaced by service { user } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:145: login_process_size has been replaced by service { vsz_limit } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:151: login_process_per_connection has been replaced by service { service_count } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:154: login_processes_count has been replaced by service { process_min_avail } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:162: login_max_processes_count has been replaced by service { process_limit } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:169: login_max_connections has been replaced by service { client_limit } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:288: mail_log_max_lines_per_sec has been removed | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:306: fsync_disable has been renamed to mail_fsync | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:340: max_mail_processes has been replaced by service { process_limit } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:435: maildir_copy_preserve_filename has been removed | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:708: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:745: passdb pam {} has been replaced by passdb { driver=pam } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:846: userdb passwd {} has been replaced by userdb { driver=passwd } | ||
+ | doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:909: auth_user has been replaced by service auth { user } | ||
+ | |||
+ | The new file now has hints on what to change in dovecot.conf and conf.d/xxx files. | ||
+ | |||
+ | === Convert crt to pem === | ||
+ | |||
+ | Dovecot now only wants a pem certificate: from [https://stackoverflow.com/questions/991758/how-to-get-pem-file-from-key-and-crt-files Stackoverflow] | ||
+ | |||
+ | openssl x509 -in mail.physics.unh.edu.crt -outform PEM -out mail.physics.unh.edu.pem | ||
+ | openssl rsa -in mail.physics.unh.edu.key -outform PEM -out mail.physics.unh.edu.private.pem | ||
+ | |||
+ | === dovecot.conf === | ||
+ | |||
+ | === conf.d/10-auth.conf === | ||
+ | |||
+ | disable_plaintext_auth = yes | ||
+ | auth_mechanisms = plain login | ||
+ | |||
+ | === conf.d/10-mail.conf === | ||
+ | |||
+ | protocols = imap pop3 | ||
+ | dotlock_use_excl = yes | ||
+ | maildir_copy_with_hardlinks = no | ||
+ | mail_location = maildir:/var/spool/mail/%u | ||
+ | # | ||
+ | # Sieve Plugin | ||
+ | # | ||
+ | plugin { | ||
+ | sieve = %h/.sieve | ||
+ | } | ||
+ | |||
+ | === conf.d/10-master.conf === | ||
+ | |||
+ | # Postfix smtp-auth | ||
+ | unix_listener /var/spool/postfix/private/auth { | ||
+ | group = postfix | ||
+ | mode = 0660 | ||
+ | user = postfix | ||
+ | } | ||
+ | unix_listener auth-master { | ||
+ | group = dovecot | ||
+ | mode = 0600 | ||
+ | user = dovecot | ||
+ | } | ||
+ | user = root | ||
+ | } | ||
+ | |||
+ | service imap-login { | ||
+ | chroot = login | ||
+ | client_limit = 256 | ||
+ | process_limit = 128 | ||
+ | process_min_avail = 3 | ||
+ | service_count = 1 | ||
+ | user = dovecot | ||
+ | vsz_limit = 64 M | ||
+ | |||
+ | inet_listener imap { | ||
+ | #port = 143 | ||
+ | } | ||
+ | inet_listener imaps { | ||
+ | #port = 993 | ||
+ | #ssl = yes | ||
+ | } | ||
+ | |||
+ | service imap { | ||
+ | process_limit = 1024 | ||
+ | } | ||
+ | |||
+ | service pop3-login { | ||
+ | chroot = login | ||
+ | client_limit = 256 | ||
+ | process_limit = 128 | ||
+ | process_min_avail = 3 | ||
+ | service_count = 1 | ||
+ | user = dovecot | ||
+ | vsz_limit = 64 M | ||
+ | } | ||
+ | |||
+ | service pop3 { | ||
+ | process_limit = 1024 | ||
+ | } | ||
+ | |||
+ | === conf.d/10-ssl.conf === | ||
+ | |||
+ | Make sure the certs are copied! | ||
+ | |||
+ | ssl_cert = </usr/share/ssl/certs/mail.physics.unh.edu.crt | ||
+ | ssl_key = </usr/share/ssl/certs/mail.physics.unh.edu.key | ||
+ | |||
+ | === conf.d/15-lda.conf === | ||
+ | |||
+ | protocol lda { | ||
+ | mail_plugins = $mail_plugins sieve | ||
+ | } | ||
+ | |||
+ | |||
+ | === conf.d/20-lmtp.conf === | ||
+ | protocol lmtp { | ||
+ | mail_plugins = $mail_plugins sieve | ||
+ | } | ||
+ | |||
+ | === conf.d/10-logging.conf === | ||
+ | |||
+ | mail_debug = yes | ||
+ | mail_log_prefix = "%Us(%u): " | ||
+ | login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c | ||
+ | verbose_ssl = yes | ||
+ | |||
+ | === conf.d/auth-system.conf.ext === | ||
+ | |||
+ | in passed{ section | ||
+ | args = dovecot | ||
+ | |||
+ | = OLD CENTOS5 = | ||
+ | |||
+ | ;[https://access.redhat.com/documentation/en-US/Red_Hat_Enterprise_Linux/5/html/Deployment_Guide/ch-email.html Master documentation for RedHat Enterprise 5] | ||
+ | |||
+ | This is the set of programs that service NPG e-mail. | ||
+ | |||
+ | The order of operations for starting mail by hand is as follows: | ||
+ | Dovecot, Spamassassin, Postfix, Mailman. | ||
+ | |||
+ | And to safely stop the mail system, stop the services in this order: | ||
+ | Mailman, Postfix, Spamassassin, Dovecot. | ||
+ | |||
+ | The reason for this order is we stop recieving mail from other servers once postfix is down, stop processing incoming/outgoing mail with spamassassin because there's no more incoming/outgoing mail, and then we stop users from being able to get their mail and change things with dovecot. This allows us to take the mail system down and not bounce or lose any, since the servers trying to send us mail simply wait until we're receiving again. | ||
+ | |||
== [[Postfix]] == | == [[Postfix]] == | ||
− | Centralized set of programs to send/recieve mail, as well as put recieved mail through spam/virus filters. | + | Centralized set of programs to send/recieve mail, as well as put recieved mail through spam/virus filters. The RPM is pretty good in that it automatically puts entries for some of the below programs in the appropriate configuration files. Sometimes it's necessary to un-comment them, though. |
+ | |||
+ | Configuration is: /etc/postfix/main.cf | ||
+ | |||
+ | ==== Noteworthy Variations on standard setup ==== | ||
+ | |||
+ | main.cfg | ||
+ | |||
+ | <pre> | ||
+ | # LIMITS | ||
+ | # | ||
+ | # The maximal size in bytes of a message, including envelope information. | ||
+ | # Default is 10 MiB. | ||
+ | message_size_limit = 51200000 | ||
+ | </pre> | ||
+ | |||
+ | For '''authentication''', the previous (before 11/4/2014) setup used the Cyrus SASL module, which was not configured correctly. It would look for a database that did not exist, and it would request authentication methods (AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN GSSAP) most of which would not work. This messed up mail from Apple Yosemite systems, causing fail2ban to ban the ip. | ||
+ | We switched to Dovecot SASL module on 11/4/2014, which seems to behave correctly. Lines in mail.cfg that were changed: | ||
+ | |||
+ | <pre> | ||
+ | # Enabling cyrus sasl | ||
+ | ############################# Switch to Dovecot 11/4/2014 - Maurik | ||
+ | #smtpd_sasl_path = smtpd | ||
+ | |||
+ | # Enabling dovecot sasl | ||
+ | smtpd_sasl_type = dovecot | ||
+ | ########################### Switch 11/4/2014 - Maurik -- make sure Dovecot is setup to put auth in /var/spool/postfix/private/auth | ||
+ | smtpd_sasl_path = private/auth | ||
+ | |||
+ | </pre> | ||
+ | |||
+ | Note that this also required a change in the /etc/dovecot.conf file. | ||
− | = | + | <pre> |
+ | mynetworks = 10.0.0.0/24, 127.0.0.0/8, 10.8.16.0/24, 132.177.88.0/22 hash:/etc/postfix/nis-peers | ||
+ | </pre> | ||
− | + | master.cfg | |
− | + | <pre> | |
+ | spamassassin unix - n n - - pipe | ||
+ | user=spamd argv=/usr/bin/spamc -u ${user} -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient} | ||
+ | </pre> | ||
+ | Note: The -u ${user} flag will allow spamc to run as that user (the recipient of the mail) and to then parse the ~user/.spamassassin/user_prefs files. If that file does not exist, spamc will create it. | ||
+ | This is an important aspect of the spam system. Without it, the user has no control over the spam settings and can thus not run a personal, more strict (or loose) policy. | ||
− | == SpamAssassin == | + | THIS USED TO READ: |
− | Postfix uses SpamAssassin to filter e-mail | + | <pre> |
+ | # | ||
+ | |||
+ | spamassassin unix - n n - - pipe | ||
+ | user=spamd argv=/usr/local/bin/postfixfilter -f ${sender} ${recipient} | ||
+ | </pre> | ||
+ | These customizations did nothing, but prevented proper running of spamc. | ||
+ | |||
+ | == [[Dovecot]] == | ||
+ | |||
+ | We run dovecot as our mail server. We're using a pretty much default setup, for ease of administration. The dovecot website has all necessary documention, and most of the system is fairly self-explanatory. The only thing that's weird is we have the [[sieve]] plugin, so that we can have and process sieve scripts for filtering. | ||
+ | |||
+ | == [[SpamAssassin]] == | ||
+ | Postfix uses SpamAssassin to filter e-mail. Needs an entry in ''/etc/postfix/master.cf'' and Procmail configuration | ||
* [http://wiki.apache.org/spamassassin/StartUsing Start Using SpamAssassin links] | * [http://wiki.apache.org/spamassassin/StartUsing Start Using SpamAssassin links] | ||
* [http://wiki.apache.org/spamassassin/UsingSpamAssassin Already Using SA tips] | * [http://wiki.apache.org/spamassassin/UsingSpamAssassin Already Using SA tips] | ||
− | |||
− | + | Presently, we only mark spam with some header flags, and by prepending "[SPAM] " to the subject of spammy messages. This allows the user's "sieve" script to figure out what to do with the email marked as spam. It can be discarded or stored in a junk mail folder, depending on the user's setup. | |
− | |||
− | |||
− | |||
− | |||
− | |||
− | [ | ||
− | + | More information is at the [[SpamAssassin]] page | |
− | + | == GNU Mailman == | |
+ | Manages mailing lists. Currently, we have three mailing lists. "Mailman" is a list used internally by the service. "Npg-admins" goes to us, the admins. "Npg-users" should go to all the users who have an account on our systems, if it's kept up to date.<br/> | ||
+ | |||
+ | In the event of strange errors with mailman (say, from rebuilding einstein), you should set <code>STEALTH_MODE = 0</code> in /usr/lib/mailman/scripts/driver so that you can see errors in the web interface. This allows you to find strange errors like writing to /var/log/mailman/error, or any traceback information. | ||
+ | |||
+ | If you're having any permissions errors, you should (as true root, not sudo) run /usr/lib/mailman/bin/check_perms. If it gives any errors, run it with the <code>-f</code> flag to fix permissions automatically. This should take care of everything for you. | ||
− | |||
− | |||
[https://einstein.unh.edu/mailman Web interface on einstein]<br/> | [https://einstein.unh.edu/mailman Web interface on einstein]<br/> | ||
[http://www.gnu.org/software/mailman/mailman.html More info] | [http://www.gnu.org/software/mailman/mailman.html More info] |
Latest revision as of 22:04, 4 August 2017
Centos 7 Setup
- Read Dovecot Migration - Good background info.
- Look at Quick Install Postfix
Postfix
- Merge the old einstein main.cf into the new one.
- Merge the old einstein master.cf into the new one.
- copy bottom part of /etc/aliasses into new one.
- copy nis-peers domains recipients-bcc from old einstein
- RUN:
postmap /etc/postfix/virtual postmap /etc/postfix/domains postmap /etc/postfix/nis-peers postmap /etc/postfix/recipients-bcc
Start postfix and see if there are errors:
systemctl start postfix.service journalctl -u postfix.service
Test. Note to not send the email to a NPG email address!
echo "Test 2" | mail -s "Test 2" holtrop@jlab.org journalctl -u postfix --since "4 minutes ago"
Spamassassin
- Merge /etc/mail/spamassassin/local.cf
Dovecot
- Read QuickConfiguration
doveconf -n -c old_einstein/dovecot.conf > test_new_dovecot.conf
This gives the following warnings:
doveconf: Warning: NOTE: You can get a new clean config file with: doveconf -n > dovecot-new.conf doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:20: 'imaps' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:20: 'pop3s' protocol is no longer necessary, remove it doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:93: ssl_cert_file has been replaced by ssl_cert = <file doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:94: ssl_key_file has been replaced by ssl_key = <file doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:131: login_dir has been removed doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:135: login_chroot has been replaced by service { chroot } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:141: login_user has been replaced by service { user } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:145: login_process_size has been replaced by service { vsz_limit } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:151: login_process_per_connection has been replaced by service { service_count } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:154: login_processes_count has been replaced by service { process_min_avail } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:162: login_max_processes_count has been replaced by service { process_limit } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:169: login_max_connections has been replaced by service { client_limit } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:288: mail_log_max_lines_per_sec has been removed doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:306: fsync_disable has been renamed to mail_fsync doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:340: max_mail_processes has been replaced by service { process_limit } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:435: maildir_copy_preserve_filename has been removed doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:708: add auth_ prefix to all settings inside auth {} and remove the auth {} section completely doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:745: passdb pam {} has been replaced by passdb { driver=pam } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:846: userdb passwd {} has been replaced by userdb { driver=passwd } doveconf: Warning: Obsolete setting in old_einstein/dovecot.conf:909: auth_user has been replaced by service auth { user }
The new file now has hints on what to change in dovecot.conf and conf.d/xxx files.
Convert crt to pem
Dovecot now only wants a pem certificate: from Stackoverflow
openssl x509 -in mail.physics.unh.edu.crt -outform PEM -out mail.physics.unh.edu.pem openssl rsa -in mail.physics.unh.edu.key -outform PEM -out mail.physics.unh.edu.private.pem
dovecot.conf
conf.d/10-auth.conf
disable_plaintext_auth = yes auth_mechanisms = plain login
conf.d/10-mail.conf
protocols = imap pop3 dotlock_use_excl = yes maildir_copy_with_hardlinks = no mail_location = maildir:/var/spool/mail/%u # # Sieve Plugin # plugin { sieve = %h/.sieve }
conf.d/10-master.conf
# Postfix smtp-auth unix_listener /var/spool/postfix/private/auth { group = postfix mode = 0660 user = postfix } unix_listener auth-master { group = dovecot mode = 0600 user = dovecot } user = root }
service imap-login { chroot = login client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 user = dovecot vsz_limit = 64 M inet_listener imap { #port = 143 } inet_listener imaps { #port = 993 #ssl = yes }
service imap { process_limit = 1024 }
service pop3-login { chroot = login client_limit = 256 process_limit = 128 process_min_avail = 3 service_count = 1 user = dovecot vsz_limit = 64 M }
service pop3 { process_limit = 1024 }
conf.d/10-ssl.conf
Make sure the certs are copied!
ssl_cert = </usr/share/ssl/certs/mail.physics.unh.edu.crt ssl_key = </usr/share/ssl/certs/mail.physics.unh.edu.key
conf.d/15-lda.conf
protocol lda { mail_plugins = $mail_plugins sieve }
conf.d/20-lmtp.conf
protocol lmtp { mail_plugins = $mail_plugins sieve }
conf.d/10-logging.conf
mail_debug = yes mail_log_prefix = "%Us(%u): " login_log_format_elements = user=<%u> method=%m rip=%r lip=%l mpid=%e %c verbose_ssl = yes
conf.d/auth-system.conf.ext
in passed{ section
args = dovecot
OLD CENTOS5
This is the set of programs that service NPG e-mail.
The order of operations for starting mail by hand is as follows:
Dovecot, Spamassassin, Postfix, Mailman.
And to safely stop the mail system, stop the services in this order:
Mailman, Postfix, Spamassassin, Dovecot.
The reason for this order is we stop recieving mail from other servers once postfix is down, stop processing incoming/outgoing mail with spamassassin because there's no more incoming/outgoing mail, and then we stop users from being able to get their mail and change things with dovecot. This allows us to take the mail system down and not bounce or lose any, since the servers trying to send us mail simply wait until we're receiving again.
Postfix
Centralized set of programs to send/recieve mail, as well as put recieved mail through spam/virus filters. The RPM is pretty good in that it automatically puts entries for some of the below programs in the appropriate configuration files. Sometimes it's necessary to un-comment them, though.
Configuration is: /etc/postfix/main.cf
Noteworthy Variations on standard setup
main.cfg
# LIMITS # # The maximal size in bytes of a message, including envelope information. # Default is 10 MiB. message_size_limit = 51200000
For authentication, the previous (before 11/4/2014) setup used the Cyrus SASL module, which was not configured correctly. It would look for a database that did not exist, and it would request authentication methods (AUTH CRAM-MD5 DIGEST-MD5 PLAIN LOGIN GSSAP) most of which would not work. This messed up mail from Apple Yosemite systems, causing fail2ban to ban the ip. We switched to Dovecot SASL module on 11/4/2014, which seems to behave correctly. Lines in mail.cfg that were changed:
# Enabling cyrus sasl ############################# Switch to Dovecot 11/4/2014 - Maurik #smtpd_sasl_path = smtpd # Enabling dovecot sasl smtpd_sasl_type = dovecot ########################### Switch 11/4/2014 - Maurik -- make sure Dovecot is setup to put auth in /var/spool/postfix/private/auth smtpd_sasl_path = private/auth
Note that this also required a change in the /etc/dovecot.conf file.
mynetworks = 10.0.0.0/24, 127.0.0.0/8, 10.8.16.0/24, 132.177.88.0/22 hash:/etc/postfix/nis-peers
master.cfg
spamassassin unix - n n - - pipe user=spamd argv=/usr/bin/spamc -u ${user} -f -e /usr/sbin/sendmail -oi -f ${sender} ${recipient}
Note: The -u ${user} flag will allow spamc to run as that user (the recipient of the mail) and to then parse the ~user/.spamassassin/user_prefs files. If that file does not exist, spamc will create it. This is an important aspect of the spam system. Without it, the user has no control over the spam settings and can thus not run a personal, more strict (or loose) policy.
THIS USED TO READ:
# spamassassin unix - n n - - pipe user=spamd argv=/usr/local/bin/postfixfilter -f ${sender} ${recipient}
These customizations did nothing, but prevented proper running of spamc.
Dovecot
We run dovecot as our mail server. We're using a pretty much default setup, for ease of administration. The dovecot website has all necessary documention, and most of the system is fairly self-explanatory. The only thing that's weird is we have the sieve plugin, so that we can have and process sieve scripts for filtering.
SpamAssassin
Postfix uses SpamAssassin to filter e-mail. Needs an entry in /etc/postfix/master.cf and Procmail configuration
Presently, we only mark spam with some header flags, and by prepending "[SPAM] " to the subject of spammy messages. This allows the user's "sieve" script to figure out what to do with the email marked as spam. It can be discarded or stored in a junk mail folder, depending on the user's setup.
More information is at the SpamAssassin page
GNU Mailman
Manages mailing lists. Currently, we have three mailing lists. "Mailman" is a list used internally by the service. "Npg-admins" goes to us, the admins. "Npg-users" should go to all the users who have an account on our systems, if it's kept up to date.
In the event of strange errors with mailman (say, from rebuilding einstein), you should set STEALTH_MODE = 0
in /usr/lib/mailman/scripts/driver so that you can see errors in the web interface. This allows you to find strange errors like writing to /var/log/mailman/error, or any traceback information.
If you're having any permissions errors, you should (as true root, not sudo) run /usr/lib/mailman/bin/check_perms. If it gives any errors, run it with the -f
flag to fix permissions automatically. This should take care of everything for you.