system-config/inventory/service/group_vars/mailman3.yaml

# System Configs
iptables_extra_public_tcp_ports:
  - 25
  - 80
  - 443
  - 465
letsencrypt_certs:
  lists-opendev-org-main:
    - "{{ inventory_hostname }}"
    - lists.opendev.org
    - lists.airshipit.org
    - lists.katacontainers.io
    - lists.openinfra.dev
    - lists.openstack.org
    - lists.starlingx.io
    - lists.zuul-ci.org
borg_backup_excludes_extra:
  # db is backed up in dumps, don't capture live files
  - /var/lib/mailman/database
  # backed up by streaming backup
  - /var/backups/mailman-mariadb
  # Can regenerate indexes from source email files
  - /var/lib/mailman/web-data/fulltext_index
# Exim Configs
exim_queue_interval: '1m'
exim_queue_run_max: '50'
exim_smtp_accept_max: '100'
exim_smtp_accept_max_per_host: '10'
exim_routers:
  - mailman_verp_router: |
      {% raw -%}
      driver = dnslookup
      condition = ${if or{{eq{$sender_host_address}{127.0.0.1}}\
                              {eq{$sender_host_address}{::1}}}{yes}{no}}
      {% endraw %}
      domains = !+local_domains
      ignore_target_hosts = <; 0.0.0.0; \
                                        127.0.0.0/8; \
                                        ::1/128;fe80::/10;fe \
                                        c0::/10;ff00::/8
      senders = "*-bounces@*"
      transport = mailman_verp_smtp
  - dnslookup: '{{ exim_dnslookup_router }}'
  - system_aliases: '{{ exim_system_aliases_router }}'
  - domain_aliases: |
      driver = redirect
      allow_fail
      allow_defer
      data = ${lookup{$local_part@$domain}lsearch{/etc/aliases.domain}}
      file_transport = address_file
      pipe_transport = address_pipe
  - localuser: '{{ exim_localuser_router }}'
  - mailman_router: |
      driver = accept
      domains = {{ mm_domains }}
      local_part_suffix = -admin     : \
                                    -bounces   : -bounces+* : \
                                    -confirm   : -confirm+* : \
                                    -join      : -leave     : \
                                    -owner     : -request   : \
                                    -subscribe : -unsubscribe
      local_part_suffix_optional
      require_files = /var/lib/mailman/core/var/lists/${local_part}.${domain}
      transport = mailman_transport
exim_transports:
  - mailman_transport: |
      debug_print = "Email for mailman"
      driver = smtp
      protocol = lmtp
      allow_localhost
      hosts = localhost
      port = 8024
      rcpt_include_affixes = true
  - mailman_verp_smtp: |
      driver = smtp
      headers_add = Errors-To: ${return_path}
      headers_remove = Errors-To
      max_rcpt = 1
      return_path = ${local_part:$return_path}+$local_part=$domain@${domain:$return_path}
mailman_multihost: true