system-config/inventory/service/group_vars/mailman3.yaml

# System Configs
iptables_extra_public_tcp_ports:
  - 25
  - 80
  - 443
  - 465
letsencrypt_certs:
  lists-opendev-org-main:
    - "{{ inventory_hostname }}"
    - lists.opendev.org
    - lists.airshipit.org
    - lists.katacontainers.io
    - lists.openinfra.dev
    - lists.openstack.org
    - lists.starlingx.io
    - lists.zuul-ci.org
borg_backup_excludes_extra:
  # db is backed up in dumps, don't capture live files
  - /var/lib/mailman/database
  # backed up by streaming backup
  - /var/backups/mailman-mariadb
  # Can regenerate indexes from source email files
  - /var/lib/mailman/web-data/fulltext_index
# Exim Configs
exim_queue_interval: '1m'
exim_queue_run_max: '50'
exim_smtp_accept_max: '100'
exim_smtp_accept_max_per_host: '10'
exim_routers:
  - mailman_verp_router: |
      {% raw -%}
      driver = dnslookup
      condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
                              {eq{$sender_host_address}{::1}}}{yes}{no}}
      {% endraw %}
      domains = !+local_domains
      ignore_target_hosts = <; 0.0.0.0; \
                                        127.0.0.0/8; \
                                        ::1/128;fe80::/10;fe \
                                        c0::/10;ff00::/8
      senders = "*-bounces@*"
      transport = mailman_verp_smtp      
  - dnslookup: '{{ exim_dnslookup_router }}'
  - system_aliases: '{{ exim_system_aliases_router }}'
  - domain_aliases: |
      driver = redirect
      allow_fail
      allow_defer
      data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}}
      file_transport = address_file
      pipe_transport = address_pipe      
  - localuser: '{{ exim_localuser_router }}'
  - mailman_router: |
      driver = accept
      domains = {{ mm_domains }}
      local_part_suffix = -admin     : \
                                    -bounces   : -bounces+* : \
                                    -confirm   : -confirm+* : \
                                    -join      : -leave     : \
                                    -owner     : -request   : \
                                    -subscribe : -unsubscribe
      local_part_suffix_optional
      require_files = /var/lib/mailman/core/var/lists/${local_part}.${domain}
      transport = mailman_transport      
exim_transports:
  - mailman_transport: |
      debug_print = "Email for mailman"
      driver = smtp
      protocol = lmtp
      allow_localhost
      hosts = localhost
      port = 8024
      rcpt_include_affixes = true      
  - mailman_verp_smtp: |
      driver = smtp
      headers_add = Errors-To: ${return_path}
      headers_remove = Errors-To
      max_rcpt = 1
      return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}      
# Mailman Configs
mailman_multihost: true
mm_domains: 'lists.openstack.org:lists.zuul-ci.org:lists.airshipit.org:lists.starlingx.io:lists.opendev.org:lists.openinfra.dev:lists.katacontainers.io'
exim_local_domains: "@:{{ mm_domains }}"
exim_enable_spf: true
exim_aliases:
  root: "{{ ','.join(listadmins|default([])) }}"
  interop-wg: openstack-discuss
  openstack: openstack-discuss
  openstack-dev: openstack-discuss
  openstack-infra: openstack-discuss
  openstack-operators: openstack-discuss
  openstack-security: openstack-discuss
  openstack-sigs: openstack-discuss
  openstack-tc: openstack-discuss
  user-committee: openstack-discuss
  airship-discuss-owner: spam
  community-owner: spam
  edge-computing-owner: spam
  foundation-board-confidential-owner: spam
  foundation-board-owner: spam
  foundation-owner: spam
  legal-discuss-owner: spam
  mailman-owner: spam
  marketing-owner: spam
  openstack-announce-owner: spam
  openstack-docs-owner: spam
  openstack-fr-owner: spam
  openstack-i18n-owner: spam
  openstack-infra-owner: spam
  openstack-ko-owner: spam
  openstack-qa-owner: spam
  product-wg-owner: spam
  user-committee-owner: spam
  spam: ':fail: delivery temporarily disabled due to ongoing spam flood'
  # This is the local username for mailman processes, but it does not send nor
  # need to receive messages.
  mailman: ':blackhole: this address does not accept email'
  # TODO It would be better to bypass verification for postorius@listdomain
  # and set a :fail: rule for anyone trying to send email to this addr.
  # But that requires updating our main exim config so that needs more thought.
  postorius: ':blackhole: outgoing email only from this address'
exim_domain_aliases:
  community@lists.openstack.org: community@lists.openinfra.dev
  edge-computing@lists.openstack.org: edge-computing@lists.opendev.org
  foundation@lists.openstack.org: foundation@lists.openinfra.dev
  foundation-board@lists.openstack.org: foundation-board@lists.openinfra.dev
  foundation-board-confidential@lists.openstack.org: foundation-board-confidential@lists.openinfra.dev
  goldmembers@lists.openstack.org: goldmembers@lists.openinfra.dev
  marketing@lists.openstack.org: marketing@lists.openinfra.dev
  staff@lists.openstack.org: staff@lists.openinfra.dev
  summit-programming-committee@lists.openinfra.dev: summit-track-chairs@lists.openinfra.dev
  summitsponsors@lists.openstack.org: summitsponsors@lists.openinfra.dev
  openinfralabs@lists.opendev.org: ':fail: this mailing list is not in use'
mailman_sites:
  # First entry in this list is the primary web domain
  - listdomain: lists.opendev.org
    install_languages: ['en']
    lists:
      - name: computing-force-network
        description: 'Organizing efforts around Computing Force Network related area'
        owner: 'niujie@outlook.com'
      - name: edge-computing
        description: 'Organizing efforts around the edge-computing focus area.'
        owner: 'ildiko@openinfra.dev'
      - name: floss-mooc
        description: 'Discussions & Coordination around the FLOSS MOOC being collaboratively developed here: https://gitlab.com/mooc-floss/mooc-floss'
        owner: 'knelson@openinfra.dev'
      - name: nbmp-discuss
        description: 'Collaborating on Network Based Media Processing related platform and infrastructure systems usage and development.'
        owner: 'ildiko@openstack.org'
      - name: openinfralabs
        description: 'No longer active'
        owner: 'mnaser@vexxhost.com'
      - name: rust-vmm
        description: 'Collaborating on Rust-based virtual machine monitors.'
        owner: 'claire@openstack.org'
      - name: rustyk8s
        description: 'Collaborating on Rust-based Kubernetes API.'
        owner: 'allison@lohutok.net'
      - name: service-announce
        description: 'Announcement list for OpenDev services.'
        owner: 'cboylan@sapwetik.org'
      - name: service-discuss
        description: 'Discussion list for OpenDev services.'
        owner: 'cboylan@sapwetik.org'
      - name: service-incident
        description: 'Private list for OpenDev incident coordination.'
        owner: 'cboylan@sapwetik.org'
        private: true
  - listdomain: lists.zuul-ci.org
    install_languages: ['en']
    lists:
      - name: zuul-announce
        description: 'Announcements of Zuul releases and other important information.'
        owner: 'corvus@inaugust.com'
      - name: zuul-discuss
        description: 'Discussion of Zuul usage and development.'
        owner: 'corvus@inaugust.com'
      - name: zuul-jobs-failures
        description: 'Gets notifications about zuul-jobs periodic job failures.'
        owner: 'corvus@inaugust.com'
  - listdomain: lists.airshipit.org
    install_languages: ['en']
    lists:
      - name: airship-announce
        description: 'Announcements of Airship releases and other important information.'
        owner: 'jonathan@openstack.org'
      - name: airship-discuss
        description: 'Discussion of Airship usage and development.'
        owner: 'jonathan@openstack.org'
      - name: airship-embargo-notice
        description: 'Embargoed security vulnerability announcements for Airship consumers.'
        owner: 'andrew.walters@att.com'
        private: true
      - name: airship-job-failures
        description: 'Notification messages for failures from CICD jobs.'
        owner: 'roman.gorshunov@att.com'
      - name: airship-security
        description: 'Public Airship security advisories.'
        owner: 'andrew.walters@att.com'
  - listdomain: lists.katacontainers.io
    install_languages: ['en']
    lists:
      - name: embargo-notice
        description: 'Announcements of embargoed notices for the Kata Containers project'
        owner: 'jonathan@openstack.org'
        private: true
      - name: kata-dev
        description: 'Kata Containers Development Mailing List (not for usage questions)'
        owner: 'jonathan@openstack.org'
      - name: kata-hypervisor
        description: 'Discussion of security and virtualization targeted at container use cases'
        owner: 'jonathan@openstack.org'
  - listdomain: lists.openinfra.dev
    install_languages: ['en']
    lists:
      - name: asia-advisory-board
        description: 'Private coordination within the OpenInfra Asia Advisory Board.'
        owner: 'wes@openinfra.dev'
        private: true
      - name: community
        description: 'The OpenInfra Community team is the main contact point for anybody running a local OpenInfra Group.'
        owner: 'allison@openinfra.dev'
      - name: europe-advisory-board
        description: 'Private coordination within the OpenInfra EU Advisory Board.'
        owner: 'wes@openinfra.dev'
        private: true
      - name: foundation
        description: 'General discussion list for activities of the OpenInfra Foundation'
        owner: 'jonathan@openinfra.dev'
      - name: foundation-board
        description: 'OpenInfra Foundation Board of Directors'
        owner: 'jonathan@openinfra.dev'
      - name: foundation-board-confidential
        description: 'OpenInfra Foundation Board of Directors'
        owner: 'jonathan@openinfra.dev'
        private: true
      - name: goldmembers
        description: 'The discussion list for Gold Members of the OpenInfra Foundation'
        owner: 'jonathan@openinfra.dev'
        private: true
      - name: marketing
        description: 'The OpenInfra Marketing list is the meant to facilitate discussion and best practice sharing among marketers and event organizers in the OpenInfra community.'
        owner: 'allison@openinfra.dev'
      - name: nordix
        description: 'Discussion and coordination of Nordix environment'
        owner: 'robert.tomczyk@est.tech'
      - name: openinfra-asia
        description: 'Discussion related to the OpenInfra Asia hub.'
        owner: 'wes@openinfra.dev'
      - name: openinfra-europe
        description: 'Discussion related to the OpenInfra EU hub.'
        owner: 'wes@openinfra.dev'
      - name: staff
        description: 'Private list for OpenInfra Foundation staff members'
        owner: 'mark@openinfra.dev'
        private: true
      - name: summit-track-chairs
        description: 'OpenInfra Summit track chair communications'
        owner: 'erin@openinfra.dev'
        private: true
      - name: summitsponsors
        description: 'Coordination among OpenInfra Summit event sponsors'
        owner: 'erin@openinfra.dev'
        private: true
  - listdomain: lists.starlingx.io
    install_languages: ['en']
    lists:
      - name: starlingx-announce
        description: 'Announcements of StarlingX releases and other important information.'
        owner: 'jonathan@openstack.org'
      - name: starlingx-discuss
        description: 'Discussion of StarlingX usage and development.'
        owner: 'jonathan@openstack.org'
  - listdomain: lists.openstack.org
    install_languages: ['de', 'fr', 'it', 'ko', 'ru', 'vi', 'zh_TW']
    lists:
      - name: embargo-notice
        description: 'Announcements to stakeholders for embargoed security vulnerabilities.'
        owner: 'fungi@yuggoth.org'
        private: true
      - name: legal-discuss
        description: 'Discussions on legal matters related to the project'
        owner: 'thierry@openinfra.dev'
      - name: openstack-announce
        description: 'Key announcements about OpenStack & Security advisories'
        owner: 'fungi@yuggoth.org'
      - name: openstack-discuss
        description: 'Discussion of OpenStack usage and development.'
        owner: 'fungi@yuggoth.org'
      - name: openstack-es
        description: 'Lista de correo acerca de OpenStack en español'
        owner: 'flavio@redhat.com'
      - name: openstack-fr
        description: 'List of the OpenStack french user group'
        owner: 'erwan@erwan.com'
      - name: openstack-hpc
        description: 'High-Performance Computing OpenStack List'
        owner: 'brian.schott@nimbisservices.com'
      - name: openstack-i18n
        description: 'List of the OpenStack Internationalization team.'
        owner: 'guoyingc@cn.ibm.com'
      - name: openstack-it
        description: 'Discussioni su OpenStack in italiano'
        owner: 'stefano@openstack.org'
      - name: openstack-ko
        description: 'OpenStack Korea Community Discussions in Korean (오픈스택 한국 커뮤니티 메일링리스트)'
        owner: 'ianyrchoi@gmail.com'
      - name: openstack-mentoring
        description: 'List to coordinate interactions between mentors and mentees of the OpenStack mentoring program. Also for questions about the mentoring program (i.e. how to get involved, how it works, etc.'
        owner: 'amy@demarco.com'
      - name: openstack-stable-maint
        description: 'A mailing list for the OpenStack Stable Branch test reports.'
        owner: 'tony@bakeyournoodle.com'
      - name: openstack-zh
        description: 'OpenStack社区中文讨论群组'
        owner: 'yeluaiesec@gmail.com'
      - name: release-announce
        description: 'Announcement of official OpenStack releases.'
        owner: 'thierry@openstack.org'
      - name: release-job-failures
        description: 'Notification messages for failures from release-related build jobs.'
        owner: 'doug@doughellmann.com'