Recently, some major service providers (notably Yahoo, Comcast and AOL) decided to bounce email that did not conform to the DMARC standard. As a side effect, this broke many long-standing configurations for mailing lists. Full details on this can be read elsewhere:
If you’re like me, you have a CentOS 5 machine running mailman. Newer versions of mailman do have patches for this issue, but they seem to be unported to the CentOS 5 line. Version 2.1.9 of mailman is what is available in yum. I do not have the luxury to completely upgrade this box at this time.
So the solution seems to be upgrading mailman by hand. As there don’t seem to be any FAQs on this out there, here is how I did it:
Step 1 – Backup Mailman Content
Stop email and backup your mailman content. Thankfully mailman saves all the “important” stuff is saved in a directory structure that is portable and easily backed up:
service postfix stop
service mailman stop
tar cvf ~/mailman-archive.tar lists archives data
tar cvf ~/mailman-config.tar /etc/mailman /etc/aliases
If you have made a custom apache configuration for your mailman by editing the mailman.conf dropped into apache’s cond.d directory, you will want to back that up too.
Step 2 – Remove existing mailman
Here’s where I say “have a backup” and you nod your head without listening. Yum will remove the outdated version of mailman and its configs. But it will leave all the list data in place.
yum remove mailman
In my case, nothing depended on mailman. So it only removed mailman.
If this is not true for you and it want’s to removed other things, I would use rpm with “–nodeps” as the removal command.
Be very careful with nodeps. It is an antipattern. Make sure you know what you are doing.
Step 3 – Download and install mailman
Newer versions of mailman have a dependency on dnspython, and that is not available as a yum package. So you will need to download and compile it:
yum install unzip wget
wget --no-check-certificate https://pypi.python.org/packages/source/d/dnspython/dnspython-1.11.1.zip
python setup.py install
Download mailman; compile and install it with CentOs-like settings:
tar xzf mailman-2.1.18.tgz
./configure --prefix=/var/lib/mailman/ --with-cgi-gid=apache --with-mail-gid=nobody
This installs ALL of mailman into /var/lib/mailman.
Previously, CentOs put the binaries in /usr/lib and a few other places and /var/lib/mailman was only the content of the lists. I am putting it everything in /var/lib/mailman so it will be easier to remove if they ever upgrade the yum version of mailman and I want to use that.
So, symlink the old path so everything still works out fine:
ln -s /var/lib/mailman
Step 4 – Permissions, Init.d, and Cron
Check file permissions using mailman’s provided utility:
If there are file errors, you can use the same util to fix them:
Install and configure the init.d script:
cp -v /var/lib/mailman/scripts/mailman /etc/init.d/
chkconfig mailman on
Install and configure the cron jobs:
cp -v /usr/lib/mailman/cron/crontab.in /etc/cron.d/mailman
Step 5 – Configure Apache
Edit /etc/httpd/conf.d/mailman.conf to look something like this:
ScriptAlias /mailman/ /var/lib/mailman/cgi-bin/
Allow from all
Alias /pipermail/ /var/lib/mailman/archives/public/
Options Indexes MultiViews FollowSymLinks
Allow from all
# Uncomment the following line, replacing www.example.com with your server's
# name, to redirect queries to /mailman to the listinfo page (recommended).
# RedirectMatch ^/mailman[/]*$ http://www.example.com/mailman/listinfo
Step 7 – Log in and configure your lists for DMARC
Restart apache to pick up the new config:
service apache restart
At this point you should be able to access your lists, see archives, etc from the web interface.
As with some mailman upgrades, your admin password may have been reset. You can set it by using the command line:
You will need to log into each list’s admin page, and for the option of “from_is_list” select “Munge From.” This will change how the mailing list handles the “From” of each email. Rather than making it appear like the person sent the email as the list, it will say something like “Person Name as List Name” or such. Which is accepted as legal as it does not mangle the DMARC checksum.
Step 6 – Restart mail
Restart mailman and your MTA:
service mailman start
service postfix start
At this point, your mailing list should be functional. Send a test message and watch maillog to see if it is delivered to any Yahoo receipients.
I hope this helps.