In a previous blog post, I lamented Gmail not accepting posts from a mailing list I administer. I ended up setting up an SPF record for the domain, which didn't seem to work at first, but after a while I didn't see bounces anymore.

This became current again, as today I noticed that my mail.log has a lot of entries like the following:

Sep 14 07:17:11 ks3353770 postfix/smtp[20101]: 98D4E60C58: host
gmail-smtp-in.l.google.com[173.194.66.26] said: 421-4.7.0
[37.187.19.113 15] Our system has detected an unusual rate of
421-4.7.0 unsolicited mail originating from your IP address. To
protect our 421-4.7.0 users from spam, mail sent from your IP address
has been temporarily 421-4.7.0 rate limited. Please visit 421-4.7.0
http://www.google.com/mail/help/bulk_mail.html to review our Bulk 421
4.7.0 Email Senders Guidelines. lj9si9839389wic.105 - gsmtp (in reply
to end of DATA command)

It seems that Gmail has just relaxed the controls, only throttling the messages, not rejecting them anymore. This is a big step in the right direction, although I'd like to see more precise documentation why the messages are tagged as they are. I understand why Google would want to keep the exact algorithms and processes shrouded in mystery; to keep the spammers ignorant and make it more difficult to develop counter-measures, and to also keep competitors out of the loop.

I installed GNU Mailman to hopefully make Gmail accept my mailing list emails without the hassle of throttling, so that my users would not see unnecessary delay.

I am running a Debian-based installation on my server, so I was hoping I could just get it running with the packages in the repository. Maintaining source installations is a pain.

% sudo apt-get install mailman

Although Nginx and Mailman page in Nginx wiki talks about using thttpd, I have good expeciences with fastcgi and Nginx, albeit using supervisord, so I am going to try fcgiwrap out, as explained in Mailman and Fast CGI.

I needed to tweak the configuration a bit, and probably this still needs changes (for archive access etc.):

root /usr/local/mailman/cgi-bin;

location / {
  rewrite ^ /mailman/listinfo permanent;
}


location /mailman {
  fastcgi_split_path_info ^/mailman/([^/]*)(.*)$;
  fastcgi_param SCRIPT_FILENAME $document_root/$fastcgi_script_name;
  fastcgi_param PATH_INFO $fastcgi_path_info;
  #fastcgi_param PATH_TRANSLATED   $document_root$fastcgi_path_info;
  include /etc/nginx/fastcgi_params;
  fastcgi_pass  unix:/var/run/fcgiwrap.socket;
}

location /icons {
  alias /usr/local/mailman/icons;
}

Oh, and I like OVH's DNS configuration. Adding a new CNAME field for my the new mailing list administration interface was a breeze.

The only difficulties I had were with conflicting documentation: /etc/mailman/postfix-to-mailman.py in the installation and official Mailman documentation http://www.list.org/mailman-install/postfix-integration.html seemed to be in conflict. From Mark Sapiro's comment in MailMan wiki article

I do not recommend people follow this article. I do not recommend postfix_to_mailman.py which is a 3rd party module neither distributed nor officially supported by the GNU Mailman project.

I got the hint and started reading the Mailman documentation. I was a little bit confused, should I add lists.liskot.org to virtual domains or not? After a while I decided that I should.

I tried sending the email to my new shining list, but I got this bounce and log message:

Sep 14 12:19:27 ks3353770 Mailman mail-wrapper: Group mismatch error.
Mailman expected the mail wrapper script to be executed as group
"daemon", but the system's mail server executed the mail script
as group "mail-nobody".  Try tweaking the mail server to run
the script as group "daemon", or re-run configure, providing the
command line option `--with-mail-gid=mail-nobody'.

I tried googling this for some time, but could not find an answer. I gave up, downloaded the source code, created the suggested user and group mailman and compiled. After fixing some lingering configuration problems, I got the following log message:

Sep 14 15:02:38 ks3353770 Mailman mail-wrapper: Group mismatch error.
Mailman expected the mail wrapper script to be executed as group
"mail-nobody", but the system's mail server executed the mail script
as group "mailman".  Try tweaking the mail server to run
the script as group "mail-nobody", or re-run configure, providing
the command line option `--with-mail-gid=mailman'.

Ah ha hah hah. For some reason postfix runs the Mailman programs now as mailman, instead of mail-nobody. I reconfigure with ./configure --with-mail-gid=mailman --with-cgi-gid=www-data, retried and did not get a bounce. I did not get anything in fact, but this was resolved soon.

After following the rest of the installation guide and restarting Mailman qrunner (cp scripts/mailman /etc/init.d/mailman; service mailman start) I got my first mails from Mailman. Uninstalling the Debian stock Mailman left some files behind, namely /etc/mailman and /etc/init.d/mailman, which were confusing after the installation from source, so remember to cp /usr/local/mailman/scripts/mailman /etc/init.d/mailman and rm -rf /etc/mailman.

Visiting the Mailman web interface, I noticed that the link to the archives was wrong, as were URLs for form handling. After tweaking /usr/local/mailman/Mailman/mm_cfg.py with

DEFAULT_EMAIL_HOST = 'lists.liskot.org'
DEFAULT_URL_HOST = 'lists.liskot.org'
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
VIRTUAL_HOSTS.clear()
add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)

and still not getting it to work (I restarted Nginx and fcgiwrap a few times here), I re-read the documentation, and noticed that the configuration will only take effect on new lists. Old lists need to be updated by running sudo -u mailman bin/withlist -l -a -r fix_url, as described here after which the Archive link was correct.

Now I need to test the interface with real users and migrate the old lists to the new interface.