Hi Steve,
thanks for your explanations!
[...] What the MTA needs is to confirm domains and list addresses. Individual addresses can be confirmed by your SQL RDBMS or by Mailman over TCP/IP. The Postgres implementation for Postfix is here:
https://gitlab.com/mailman/mailman/-/merge_requests/1161
It's not ready for merge yet, but it has been used for 6 months in production on a site with ~20k lists and ~100k posts/day. I think the same approach works for MySQL and SQLite3. The callout implementation for Exim is here:
https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/docs/mta.ht...
This probably can be adapted to Postfix but I haven't tried. See https://www.postfix.org/ADDRESS_VERIFICATION_README.html
and mailman needs the contents of the postfix configuration file.
Backwards. Mailman *creates* the Postfix configuration file but otherwise does not use it. I just saw that mailman does not start (systemctl start mailman3.service) on my debian installation if the postfix configuration file is not there, so I thought it might be needed by mailman3. But maybe this is not a mailman issue but a debian-only issue... Nevertheless, I just put the file on the mailman box and everything is fine. It does not seem to be changed when starting mailman, so maybe
I'll have a look at the database approach you mentioned: that's safe...
Are there any best practices recommendations [for sharing file systems]?
Docker clusters usually use NFS, I think. That's what the AWS configs I've heard of use, too (AWS-branded, of course, but under the hood it's NFS). If you're worried about exposing NFS to the Internet of Threats, firewalls permitting only the Mailman and Postfix hosts to access the NFS service, and certificate-authenticated TLS for the connections should be as safe as anything exposed to the Internet. One of the two systems (mailman) is currently running on a dial-up line with regularly changing IP addresses, so a static NFS mount might be difficult to establish. The minimal attack surface approach is the LMTP RCPT TO callout approach in the Exim configuration above. Mailman's LMTP service must be accessible to the MTA anyway, so then you don't need to open any other ports such as Postgres or NFS. I'll definitely have a look at the callout approach (currently, I have no clue what that might be...), but I also see that exposing LMTP to the Internet is dangerous...
Thank you! Tom