How to Install Mailman 3 on a Debian 10 Server.
This document is a How-To on installing Mailman 3 on a Debian 10 server. The server environment will include Debian 10, NGINX, Let's Encrypt, Postfix, and PosgresDB.
Prepare Server Environment
1. Create a VPS running Debian 10. I recommend something from Digital Ocean or Linode. The server should be a minimum of 1 CPU and 2 Gigabyte of Memory. 25-50 Gb of storage should be sufficient.
2. Log into the server as root.
$ ssh root@your_server_ip
3. Create a New User: mailman
# adduser mailman
You will be asked some questions about this new user when running the above command. Please make sure you use a strong password for mailman as it will be typically known that any server running Mailman 3 will have a mailman user setup on it.
4. Let's go ahead and grant the 'mailman' user SUDO privileges while logged in as root:
# usermod -aG sudo mailman
5. I recommend setting up a basic firewall to tighten up security on this Mailman 3 server. UFW is one that can be installed on a Debian 10 server:
# apt update # apt install ufw
Once UFW is installed, you need to make sure you allow the various applications that Mailman 3 will be using through UFW. Some of these applications are the following: OpenSSH, Nginx Full, and Postfix.
So here is an example of what to do immediately after you install UFW:
# ufw app list
Output Available applications: . . . OpenSSH . . .
This tells us what available applications we can configure UFW to allow. So let's add OpenSSH to UFW:
# ufw allow OpenSSH
Now we can enable UFW:
# ufw enable
You can see what is allowed through the UFW firewall by running the following command:
# ufw status
Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6)
Webserver Installation: NGINX
1. Both Django, Postorius, and Hyperkitty requires a web server. So let's install NGINX.
apt install nginx
2. Now that Nginx is installed, we need to allow it through the UFW Firewall.
# ufw allow 'Nginx Full'
Let's verify the change.
# ufw status
Output Status: active To Action From -- ------ ---- OpenSSH ALLOW Anywhere Nginx HTTP ALLOW Anywhere OpenSSH (v6) ALLOW Anywhere (v6) Nginx HTTP (v6) ALLOW Anywhere (v6)
3. Let's make sure Nginx is running.
# systemctl status nginx
Output ● nginx.service - A high performance web server and a reverse proxy server Loaded: loaded (/lib/systemd/system/nginx.service; enabled; vendor preset: enabled) Active: active (running) since Wed 2019-07-03 12:52:54 UTC; 4min 23s ago Docs: man:nginx(8) Main PID: 3942 (nginx) Tasks: 3 (limit: 4719) Memory: 6.1M CGroup: /system.slice/nginx.service ├─3942 nginx: master process /usr/sbin/nginx -g daemon on; master_process on; ├─3943 nginx: worker process └─3944 nginx: worker process
If your output has Active: active (running) then you are good to go.
With Nginx confirmed to be running you should be able to access it via your server' IP address:
Learning how to manage the Nginx processes and setting up server blocks is beyond the scope of this How-To. However feel free to contact me if you would like for me to edit this document and add those instructions into this particular section.
Securing Your Nginx Installation: Let's Encrypt
1. The first step in securing Nginx is to install Certbot. This means first installing the dependencies for Certbot.
# apt install python3-acme python3-certbot python3-mock python3-openssl python3-pkg-resources python3-pyparsing python3-zope.interface
Now we are ready to install Certbot:
# apt install python3-certbot-nginx
Normally you would need to allow SSL traffic through the AFW firewall but we have already done previously in this how-to so we can continue on.
2. The next step is to fetch a SSL certificate for your Mailman 3 list domain name. This how-to assumes you know how to add a server block to Nginx. I keep my server blocks in /etc/nginx/conf.d/. You will need to make sure you have a server block setup already for your domain name before proceeding.
To obtain a SSL certificate for your domain name run:
# certbot --nginx -d your_domain
Certbox will go through its motions. At the end it is going to ask you whether you want to redirect all HTTP traffic to HTTPS. Choose 2 if yes which is what I recommend doing.
That's it! We are now ready to install Postfix because after all, Mailman 3 needs to send out mail.
Mail Server Installation: Postfix
1. Ok, we are now ready to install Postfix. The first thing we do here is install mailtuils:
# apt install mailutils
Now we install Postfix:
# apt install postfix
2. Now you will be presented with an interactive dialogue:
General type of mail configuration: Internet Site
System Mail Name: server hostname
3. Let's configure Postfix now. Open the main Postfix configuration file:
# nano /etc/postfix/main.cf
4. Make sure inet_interfaces is set to all:
inet_interfaces = all
5. Now let's set myhostname and mydestination:
myhostname = server_hostname mydestination = $myhostname, localhost.$myhostname, localhost
Save and close the file.
6. Time to apply the changes:
# systemctl restart postfix
7. You can test your postfix installation by doing the following:
# echo "This is the body of the email" | mail -s "This is the subject line" your_email_address
8. The final step is to allow postfix through the firewall:
# ufw allow postfix
Now you have a working SMTP server and it's time to install and setup a database server for Mailman 3.
Database Server Installation: Postgres
Setup of a Python Virtual Environment
Installation of Potentially Needed Applications
Now that we have a working web, email and database server it’s time to install a number of potentially needed applications. Install the following applications as root:
# apt install ruby-sass # apt install memcached # apt install fail2ban # apt install gettext
Setup Directories and Files for Mailman 3
Create and Enter Virtual Environment
Installation of Additional Applications via PIP