Mailman on ubuntu 16.04

Install apache2

sudo apt install apache2

Install postfix

sudo apt install postfix

Install mailman

sudo apt install mailman

Setup apache

sudo cp /etc/mailman/apache.conf /etc/apache2/sites-available/mailman.conf
sudo a2ensite mailman.conf
sudo a2enmod cgi
sudo a2enmod cgid
sudo service apache2 restart

Activate the MTA option on the mailman config file (/etc/mailman/mm_cfg.py). Write or uncomment this line:

MTA = 'Postfix'

Run the script to generate aliases.

sudo /usr/lib/mailman/bin/genaliases

Use the postconf command to add the necessary configuration to /etc/postfix/main.cf:

sudo postconf -e 'relay_domains = lists.example.com'
sudo postconf -e 'transport_maps = hash:/etc/postfix/transport'
sudo postconf -e 'mailman_destination_recipient_limit = 1'
sudo postconf -e 'alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases'

In /etc/postfix/master.cf double check that you have the following transport:

mailman   unix  -       n       n       -       -       pipe
  flags=FR user=list argv=/usr/lib/mailman/bin/postfix-to-mailman.py
  ${nexthop} ${user}

Edit the file /etc/postfix/transport:

lists.example.com      mailman:

Now have Postfix build the transport map

sudo postmap -v /etc/postfix/transport

Then add mailman aliases in /etc/aliases

mailman:              "|/var/lib/mailman/mail/mailman post mailman"
mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

Fix permissions of aliases files and restart postfix

sudo chown root:list /var/lib/mailman/data/aliases
sudo chown root:list /etc/aliases
sudo newaliases
sudo /etc/init.d/postfix restart

Create mailman list

$ sudo newlist mailman mailmanadm@mydomain.com
  Enter the email of the person running the list: bhuvaneswaran at NOSPAM gmail.com
  Initial mailman password:
  To finish creating your mailing list, you must edit your /etc/aliases (orequivalent) file by adding the following lines, and possibly running the `newaliases' program:

  ## mailman mailing list
  mailman:              "|/var/lib/mailman/mail/mailman post mailman"
  mailman-admin:        "|/var/lib/mailman/mail/mailman admin mailman"
  mailman-bounces:      "|/var/lib/mailman/mail/mailman bounces mailman"
  mailman-confirm:      "|/var/lib/mailman/mail/mailman confirm mailman"
  mailman-join:         "|/var/lib/mailman/mail/mailman join mailman"
  mailman-leave:        "|/var/lib/mailman/mail/mailman leave mailman"
  mailman-owner:        "|/var/lib/mailman/mail/mailman owner mailman"
  mailman-request:      "|/var/lib/mailman/mail/mailman request mailman"
  mailman-subscribe:    "|/var/lib/mailman/mail/mailman subscribe mailman"
  mailman-unsubscribe:  "|/var/lib/mailman/mail/mailman unsubscribe mailman"

  Hit enter to notify mailman owner...

Edit /etc/aliases and run

$ sudo newaliases

Start mailman

$ sudo /etc/init.d/mailman start

Start mailman qrunner

$ sudo /var/lib/mailman/bin/mailmanctl start

Add members to list

$ vi ~/members
user1@mydomain.com
user2@mydomain.com

$ sudo /var/lib/mailman/bin/add_members -r ~/members -w y -a y mailman

Mailmain script location

/var/lib/mailman/bin

Change site password

sudo ./mmsitepass

Change list passoword

sudo ./change_pw -l <list name> -p <new password>

Discard pending post

sudo ./discard /var/lib/mailman/data/heldmsg-<list name>-<msg number>.pck

Reference:  https://help.ubuntu.com/community/Mailman

UFW command examples

sudo ufw status
sudo ufw status verbose
sudo ufw status numbered

sudo ufw allow ssh
sudo ufw allow http
sudo ufw allow https
sudo ufw allow mysql

sudo ufw delete allow https

sudo ufw allow to any port 2345
sudo ufw delete allow to any port 2345

sudo ufw allow to any port 2345 proto udp
sudo ufw delete allow to any port 2345 proto udp

sudo ufw allow from 192.168.0.5 to any port 2345
sudo ufw delete allow from 192.168.0.5 to any port 2345

sudo ufw allow from 192.168.0.0/24 to any port 2345
sudo ufw delete allow from 192.168.0.0/24 to any port 2345

UFW, IPTABLES and IP FORWARDING

BY Default, UFW blocks IP Forwarding. To enable packet forwarding, two configuration files will need to be adjusted, in /etc/default/ufw change the DEFAULT_FORWARD_POLICY to “ACCEPT”:

DEFAULT_FORWARD_POLICY="ACCEPT"

Then edit /etc/ufw/sysctl.conf and uncomment:

net/ipv4/ip_forward=1
#for IPv6 forwarding uncomment:
net/ipv6/conf/default/forwarding=1

To enable IPv4 packet forwarding by editing /etc/sysctl.conf and uncomment the following line:

net.ipv4.ip_forward=1
# If you wish to enable IPv6 forwarding also uncomment:
net.ipv6.conf.default.forwarding=1

Execute the sysctl command to enable the new settings in the configuration file:

sudo sysctl -p

Create my-iptables-rules:

$ sudo vi /etc/network/if-up.d/my-iptables-rules
#!/bin/bash
FLAG="/tmp/my-iptables-settings"
if [ -f ${FLAG} ]; then
  echo "Already set my iptables rules. Skip it."
  exit 0
fi

#sample iptables rules
iptables -t nat -A POSTROUTING -s 192.168.0.0/16 -o ppp0 -j MASQUERADE

touch ${FLAG}
exit 0

Reference:https://help.ubuntu.com/lts/serverguide/firewall.html