Systems - Lists



The purpose of the list server is to provide the send and manage email lists ( This is the sysadm page, user info is located at EmailListsOverview.

Physical Location

This system is located on a Debian Etch vserver on physical machine infra01.

Logical location

Applicable Documentation

  1. EmailListsOverview



Listening services


Connected Systems

Outbound network connections


Privileged remote access: Mario, Philipp (?) Privileged list management access (Sympa): UlrichSchroeter, Mario

Non-distribution packages

Risk assessments on critical packages

Ugly Hacks

after applying patches make sure the wwsympa.fcgi is sympa:sympa go+s


Stuff we've added through files / scripts


key person's list

Monthly job to send key person's list to emergency management team.

sudo crontab -l -u sympa
# m h  dom mon dow   command
1   0  1   *   1     ......

Common Tasks

Adding a list

  1. Login to sympa using the (password stored in /root/sympa-listmanagerpassword.txt)

  2. Use the GUI to create the list. Set the list so that can send email to the list without confirmation

  3. using the cacert main web interface, login and validate the list address
  4. issue a WoT certificate for the list user
  5. export/backup the WoT certificate out of your browser
  6. copy the p12 exported certificate to the list server.
  7. use openssl pkcs12 -in cacert-listname\ -nodes to export the certificate without a passwird

  8. copy the certificate and private key in the location described below and make ownership sympa:sympa. Private key should be permissions go-rwx

  9. add subscribers/ other owners

Sympa logs

Critical Configuration items


Describes what sympa lists are valid. This is referred to in /etc/postfix/ as an hash alias. The /etc/aliases.db had to have sympa group and write permissions so that running newalias as the sympa user created both alias.db files (etc/aliases.db and /etc/sympa/aliases.db) (upstream bug 5917)


S/MIME configuration items must be set even if they appear to be the default values.

supported_lang must be a subset of /etc/locale.gen (run /usr/sbin/locale-gen after changing this) otherwise user's cannot change their locale in sympa.


The configuration for the webinterface of sympa


This is the private key/X509 key for the list. This determines what is signed an how to decrypt S/MIME encrypted emails for the list.






Multiple Email Certificate Extraction bug

OCSP support

/usr/lib/cgi-bin/sympa/wwsympa-test.fcgi / ocsp code - /usr/lib/sympa/bin/

Safari and optional certificate authentication

Is yucky and needs proper Apache configuration.

OpenID authentication/access

Friendly to quick subscription by OpenID users. upstream bug 2974

Reduce SMTP chain at front end

We end up bouncing stuff that we could be rejecting.

Dynamic list generation based on other databases

Automatic lists for assurers in area XYZ. Needs to be asked for. suggestions that the webdb is for this purpose.

PGP support

So the PGP folks feel loved. Allow PGP support for support list upstream bug 4295


SystemAdministration/Systems/Lists (last edited 2012-04-21 12:13:56 by UlrichSchroeter)