Operations grimoire/Mail/Sympa

From Nasqueron Agora

Sympa is a mailing list manager, with good support for multidomains, SOAP webservice.

It lives in /var/lib/sympa. It's NOT managed as a Debian package, but installed from source.

Install

$ ./configure --prefix=/var/lib/sympa
$ make
$ make install
$ cd /var/lib/sympa/bin
$ ./sympa_wizard.pl --check

Configuration is located in /etc/sympa as a Git repository.

Postfix configuration is to be amended through D849.

Web interface

Application server

We need fcgiwrap listening at /run/fcgiwrap.socket.

$ apt-get install fcgiwrap
$ systemctl status fcgiwrap 
$ ls /run/fcgiwrap.socket

Back-end nginx server

server {
        server_name lists.*;

        access_log   /var/log/nginx/lists.nasqinternal.access.log;
        error_log    /var/log/nginx/lists.nasqinternal.error.log;

        rewrite ^/$ /wws permanent;
        rewrite ^/wws$ /sympa permanent;
        rewrite ^/wws/(.*)$ /sympa/$1 permanent;

        location ^~ /static-sympa {
                alias /var/lib/sympa/static_content/;
                access_log off;
        }

        location /sympa {
                gzip off;

                include fastcgi_params;
                fastcgi_split_path_info ^(/sympa)(.+)$;
                fastcgi_param  PATH_INFO          $fastcgi_path_info;
                fastcgi_param  SCRIPT_FILENAME    /var/lib/sympa/bin/wwsympa-wrapper.fcgi;
                fastcgi_param  SERVER_NAME        $host;
                fastcgi_param  HTTP_HOST          $http_host;
                fastcgi_intercept_errors on;

                fastcgi_pass   unix:/run/fcgiwrap.socket;
        }
}

Front-end nginx server

Currently on Dwellers. It only forwards requests for lists domain to our back-end nginx.

Configuration as code.

This service should be properly defined in rOPS repository as a Salt state.

Add a domain

Sympa use special mailboxes on regular mail domains. You can so use the same domain for lists and for regular mailboxes.

To use a lists. subdomain offers the coherence between the web service URL and the mail domain.

Checklist:

  1. Add the domain to the mail server the regular way:
    1. declare to https://vma.nasqueron.org with a note it's for Sympa
    2. configure DKIM
    3. publish DNS records
  2. On the Docker Engine, add the domain to nginx and require a Let's encrypt certificate
  3. On the mail server, declare the domain to Sympa:
    1. add the domain as an escaped regexp to the domain list at /etc/sympa/sympa-alias.virtual (lists regexp will be automatically added by a script called by Sympa)
    2. create a /etc/sympa/lists.domain.tld folder, with a robot.conf for the name, logo, scenarii of the domain
    3. commit the modifications you done to /etc/sympa files (it's a Git repository)
    4. create ~sympa/list_data/lists.domain.tld folder (chmod 750, chown sympa)
    5. ln -s /etc/sympa/lists.domain.tld ~sympa/etc/
  4. Restart sympa