Mailman in a jail

Jim Ohlstein jim at
Fri Apr 22 11:50:01 UTC 2016


On 4/22/16 7:20 AM, Kristof Provost wrote:
>> On 22 Apr 2016, at 13:11, Jim Ohlstein <jim at
>> <mailto:jim at>> wrote:
>>> The main gotcha with Mailman is that it defaults to supporting Sendmail.
>>> It actually needs to be rebuilt to work with postfix. That's the first
>>> thing to look at. Did you install from ports or with pkg?
>> I built it with poudriere using the Postfix option.
> Okay, that’s good. I did exactly the same ;)
> It’s not quite clear to me if your problem is getting Postfix to deliver
> to mailman, or mailman to postfix.
> In my setup the list is on a separate (virtual) domain, and uses an
> aliases file
> (alias_maps = hash:/etc/aliases, hash:/usr/local/mailman/data/aliases).
> That file is maintained by mailman and will have things like 'test:
>          "|/usr/local/mailman/mail/mailman post test”’ in it.
> Return delivery (i.e. mailman sending mail) is done using the DirectSMTP
> module. My ‘SMTPHOST’ is set to the hostname of the jail (so to an IP
> address the postfix is listening on). If you’ve still got that set to
> the default of ‘localhost’ that might also explain your problems.
> It might also be worth playing with telnet inside the jail and
> confirming that you can talk to your postfix that way.

That was the problem. I more or less figured it out late last night when 
I looked at the mail logs of the front end server. My setup is like this:

web <--> fontend SSL termination/load balancer/cache <--> multiple 
backends (not web accessible)

Mailman is installed in in a jail in a backend server. That jail has a 
FQDN and it matches that of Mailman (

So in ~mailman/Mailman/ I had:


as instructed by the port upon installation.

That wound up having Mailman looking for the _real_ IP of that FQDN for 
the outgoing mail server, which led it back to the frontend server to 
which that IP is actually bound. That Postfix installation refused to 
relay because the IP range of that backend server was not allowed in 
"mynetworks" in its

Allowing that IP range on Postfix on the frontend server got outgoing 
mail working late last night. It was a fairly inelegant solution but it 
worked. Editing ~mailman/Mailman/ as follows got it working in 
the jail:

+ SMTPHOST = 'jail.ip.address'

What confused me were the port's instructions and the fact that the 
Mailman actually resolved the FQDN and looked for that IP externally.

Thanks to everyone who helped. I'm a bit embarrassed at the simplicity 
of the solution.

Jim Ohlstein

"Never argue with a fool, onlookers may not be able to tell the 
difference." - Mark Twain

More information about the freebsd-ports mailing list