Thomas Schachtner via Mailman-users writes:
I just saw that mailman does not start (systemctl start mailman3.service) on my debian installation if the postfix configuration file is not there, so I thought it might be needed by mailman3.
Mark explained this.
But maybe [the Mailman won't start issue] is not a mailman issue but a debian-only issue...
It's that Mailman 3 recreates the postmapped database files at startup. It will happen on any stock Mailman 3 + Postfix installation if postmap can't find main.cf.
Nevertheless, I just put the file on the mailman box and everything is fine. It does not seem to be changed when starting mailman, so maybe that's safe...
At startup, Mailman reads the postfix-lmtp and postfix domains files, and (re-)creates the .db files using Postfix's postmap utility. When creating a domain or list, it adds an entry to the appropriate file, and then compiles it with postmap. Otherwise Mailman does not touch or even read those files.
I'll definitely have a look at the callout approach (currently, I have no clue what that might be...), but I also see that exposing LMTP to the Internet is dangerous...
Exposing anything to the Internet is dangerous.
Since LMTP is (usually) cleartext and unauthenticated (I'm pretty sure both Postfix and Mailman can do authenticated TLS), yes, it's riskier than say ssh. That's why I suggest firewalls and TLS connections, and then you're basically as secure as ssh. Or you can avoid exposing LMTP by having Postfix on the Mailman host, and use virtual alias or mailbox hosts with virtual_transport = lmtp:[127.0.0.1]:8024 to catch the Mailman traffic.
Steve