Ralph Weber writes:
I am moving the website www.t10.org from a private/corporate VM to AWS EC2s.
For many years, t10.org has had very happy results with using Mailman 2 for its email reflector, and I have no real concerns about moving to Mailman 3. My bugbear is the fact that I need the following mixed bag of incoming email addresses to work in concert with each other to receive and handle emails.
t10@t10.org (Primary Mailman Reflector) chair@t10.org (Mailman Reflector to direct messages to the T10 chair and his designates)
- docs@t10.org (document posting mechanics - serviced by a small mountain of home-grown code code
- bbs@t10.org (other publicly accessible services - serviced by code that recalls the days when everything as done on a Bulletin Board System, BBS)
This isn't a Mailman question, to be frank. As Abhilash points out, Mailman doesn't care about other mailboxes served by its host (unless they conflict with list names or adinistrative addresses derived from list names, which evidently yours do not). It's a question about the mail service at AWS. I've not seen any documentation in our project about setting up at AWS; I don't know anybody who has done so. (I haven't looked for either though.)
I took a quick look for AWS SES documentation. They don't seem to have any real documentation online for the general public, only lists of features. They also seem to be very focused on sending rather than receiving. Much talk of how much mail you can send, bulk emailing, statistics on responses, and the like. None about setting up for incoming mail.
Probably I could get access to online help if I signed up for a free account, but that's above my pay grade.
My best guess is that the AWS Simple Email Service (SES) needs to sit in front of both Mailman and the home-grown code,
I don't know if AWS provides an alternative Complicated Email Service, but yes, something like SES is going to have to sit in front of the various mailboxes.
Mailman itself has a certain amount of capability to deal with the main email protocols, but it is definitely not capable of replacing the main mail server. For security reasons I would definitely advise against any Mailman 3 presence directly on the Internet. It was designed on the assumption that it would talk to the Internet via a standard mail server, Postorius (for administration), and HyperKitty (for mail archives)[1], and occasionally to admins logging in with shell accounts.
All available evidence read to date
URLs, please. As I wrote above, Amazon's documentation is at best not very discoverable.
suggests that the default AWS installation
Whose default installation of Mailman? AWS's? Typical 3rd party configurations?
of Mailman 3 assumes that Mailman 3 is the *only* receiver of emails in the configuration.
That's possible, but it's likely an artifact of the application -- I would expect that many who host Mailman on AWS do so to isolate Mailman from other services they provide. So it seems reasonable that in many such installations Mailman is *the* service for that instance.
But mail servers are designed to be many inputs, many outputs services. If SES itself is as restricted as you fear, surely AWS provides an alternative, more powerful mail service. I can imagine quite a few restrictions, other than the backing application, on the SES that Amazon *might* impose. But without access to documentation, we can't say much.
Or... Hercules may have already cleaned the Augean Stables, and left behind a AWS Lambda function that can serve as a keystone puzzle piece for solving my dilemma.
Good luck on that. I don't know of any, but that would be a quick solution for you. I hope somebody here knows more. As evidenced by Andrew's post, there are folks thinking about it, so maybe somebody's actually tried -- anybody? Successes? Pitfalls to watch for?
The other issue Andrew mentions could be important. Since Solar Winds I'm seeing daily attempts to access my O365 server (nonexistent) from AWS. Given the size of AWS, I think they probably actually do a good job of keeping felonious behavior to a minimum[2], but a lot of folks I know are happy to cut off huge netblocks until somebody they know actually complains. :-(
Footnotes: [1] Or more precisely, some webservice providing those services mediating between the Internet and Mailman sitting cozily behind a firewall.
[2] DigitalOcean, on the other hand, is accumulating blocked /24s, and even /16s, at my firewall. But that's another story.