On 7/13/07, Meenal Pant wrote: > webserver.foo.com is the Mailman webserver where lists are hosted and > smtp.foo.com is the mailserver. Both machines have sendmail running on > them. I have created a mail alias on smtp.foo.com for every list hosted > on webserver.foo.com.
A simpler way to set this up would be to use a different hostname for the mailing lists, and externally you advertise in the DNS that mail for this machine is handled on smtp.example.com. However, internally in the mail server configuration, you set it up to automatically forward everything it gets for lists.example.com over to webserver.example.com. This way you don't have to keep creating aliases on smtp.example.com for the various different mailing lists, but you still keep the same functionality. > fetchmail runs on webserver.foo.com and pops email > from these accounts on smtp.foo.com and these mails are then posted to > the lists based on aliases defined in /etc/alias on webserver.foo.com You don't really need fetchmail in this process, although you can make it work -- obviously. > The problem is that this method is no at all scalable and portable. Is > there a better way of doing this ? Any time you talk about splitting these functions up, you're going to have some more work to do to maintain the whole system. However, one of the key ways to achieve higher scalability is precisely to split the functions up across multiple machines, so everything depends on *how* you split things up. > I am using a remote smtp server due to security issues. What security issues? > I do not want to > open any ports on the webserver. Well, you're going to have a pretty hard time running a web server if you don't have any ports open. > However fetchmail requires running > sendmail in daemon mode ( listening at port 25). If that's true, then it's only needed on the localhost interface (IPv4 address 127.0.0.1). You can set things up so that it ignores all the other ports, and fetchmail should be fine passing things off to the copy that can only accept connections from the local machine. IMO, fetchmail should be able to be set up so that it can use a command-line instance of sendmail that doesn't require any ports to be opened. Of course, as I explained above, you shouldn't need fetchmail at all. > Is there a good > security solution if I decide to run an smtp server and the mailman > webserver on the same machine ? What do you mean "good security solution"? This is the preferred method of setting up Mailman, and most sites run it this way. What problem do you have with that? -- Brad Knowles <[EMAIL PROTECTED]>, Consultant & Author LinkedIn Profile: <http://tinyurl.com/y8kpxu> Slides from Invited Talks: <http://tinyurl.com/tj6q4> 09 F9 11 02 9D 74 E3 5B D8 41 56 C5 63 56 88 C0 ------------------------------------------------------ Mailman-Users mailing list [email protected] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp
