[Linux] Serveur Sympa (système de multi-postage auto)


Installation d’un serveur de mailing Sympa
Version de l’OS Ubuntu 16.04
Version de Sympa 6.2.16
Pré-requis Apache, Mysql

Structure du fichier host

# vim /etc/hosts	localhost	srv-sympa	srv-sympa.mondomaine.tld	srv-sympa


# vim /etc/hostname

Commencer par créer l’utilisateur sympa, mot de passe, le reste des champs est facultatif

# adduser sympa
root@srv-sympa:~# adduser sympa
Adding user `sympa' ...
Adding new group `sympa' (1001) ...
Adding new user `sympa' (1001) with group `sympa' ...
Creating home directory `/home/sympa' ...
Copying files from `/etc/skel' ...
Enter new UNIX password:
Retype new UNIX password:
passwd: password updated successfully

Installer Apache2, Mysql-server et Postfix

# apt install apache2
# apt install mysql-server
# apt install postfix

Mettre a jour cpan (version 2.11 vers 2.16)
Attention sensible a la case

# cpan
cpan1> install CPAN
cpan2> reload cpan

Installer les paquets et dépendance nécessaire a Sympa

# apt install build-essential openssl gettext mhonarc libxml2 libxml2-dev perl perl-modules-5.22 libmailtools-perl libclass-dbi-perl libmime-base32-perl libmime-tools-perl libmime-charset-perl libwww-perl libhtml-parser-perl libhtml-tagset-perl libcrypt-ciphersaber-perl libfcgi-perl libdigest-md5-file-perl libconvert-asn1-perl libnet-ldap-perl libnet-ldap-server-perl libdb-file-lock-perl libio-stringy-perl libnet-ssleay-perl libio-socket-ssl-perl libclass-dbi-pg-perl libclass-dbi-mysql-perl libclass-dbi-sqlite-perl libclass-dbi-loader-perl libunicode-map8-perl libunicode-string-perl libxml-libxml-perl libio-all-perl libhtml-format-perl libhtml-parser-perl libhtml-tree-perl libdbd-pg-perl libdbd-mysql-perl libdbi-perl libterm-progressbar-perl libxml-perl libxml-libxml-perl libhtml-stripscripts-parser-perl libmime-lite-perl libintl-perl libfile-copy-recursive-perl libarchive-zip-perl libmime-encwords-perl libnet-netmask-perl libtemplate-perl libunicode-linebreak-perl libmail-dkim-perl libsoap-lite-perl

Nécessite aussi la paquet mime-lite-html

# apt install libmime-lite-html-perl

télécharger la source et décompresser l’archive (last version du 17/06/2016)

# cd ~
# wget http://www.sympa.org/distribution/sympa-6.2.16.tar.gz && tar -xvzf sympa-6.2.16.tar.gz

Compiler sympa

# cd sympa-6.2.16
# ./configure --with-initdir=/etc/init.d/ --with-lockdir=/var/lock --with-newaliases_arg="-oA/etc/mail/sympa_aliases"
# make
# make install

Créer le fichier /etc/mail/sympa_aliases
Ce fichier s’alimentera des créations d’alias pour les listes

# mkdir -p /etc/mail
# vim /etc/mail/sympa_aliases

Renseigner les alias suivants

sympa: "| /home/sympa/bin/queue sympa@srv-sympa.mondomaine.tld"
listmaster: "| /home/sympa/bin/queue listmaster@srv-sympa.mondomaine.tld"
bounce+*: "| /home/sympa/bin/bouncequeue sympa@srv-sympa.mondomaine.tld"
abuse-feedback-report: "| /home/sympa/bin/bouncequeue sympa@srv-sympa.mondomaine.tld"
sympa-request: listmaster@srv-sympa.mondomaine.tld"
sympa-owner: listmaster@srv-sympa.mondomaine.tld"

Donner les droits d’accès au user et group sympa

# newaliases -oA/etc/mail/sympa_aliases
# chown -Rvf sympa:sympa /etc/mail/

Faire un check pour vérifier que toutes les dépendances match bien

# /home/sympa/bin/sympa_wizard.pl --check

puis relancer le wizard sans le check pour l’installation

# /home/sympa/bin/sympa_wizard.pl

En gras mes modifications

** Site customization **

* Main robot hostname
domain [srv-sympa] : srv-sympa.mondomaine.tld

* Local part of sympa email address
... Effective address will be [EMAIL]@[HOST]
email [sympa] : sympa

* Gecos for service mail sent by Sympa itself
... This parameter is used for display name in the "From:" header
gecos [SYMPA] : Sympa

* Listmasters email list comma separated
... Sympa will associate listmaster privileges to these email addresses
(mail and web interfaces). Some error reports may also be sent to these
listmaster [your_email_address@srv-sympa] : admin-sympa@mondomaine.tld

* URL of main Web page
wwsympa_url [http://srv-sympa/sympa] : http://srv-sympa.mondomaine.tld/sympa

* Store distributed messages into archive
... This setting can be overridden by each list
process_archive [off] :

* Directory for storing static contents (CSS, members pictures, documentation)
directly delivered by HTTP server
static_content_path [/home/sympa/static_content] :

* URL mapped with the static_content_path directory defined above
static_content_url [/static-sympa] :

* Who is able to create lists
... This parameter is a scenario, check sympa documentation about scenarios
if you want to define one
create_list [public_listmaster] :

** Directories **

* Directory containing mailing lists subdirectories
home [/home/sympa/list_data] :

** System related **

* Syslog facility for sympa
... Do not forget to edit syslog.conf
syslog [LOCAL1] :

* Communication mode with syslogd (unix | inet)
log_socket_type [unix] :

** Sending related **

* Path to the MTA (sendmail, postfix, exim or qmail)
... should point to a sendmail-compatible binary (eg: a binary named
"sendmail" is distributed with Postfix)
sendmail [/usr/sbin/sendmail] : 

* comma separated list of operations for which blacklist filter is applied
... Setting this parameter to "none" will hide the blacklist feature
use_blacklist [send,create_list] :

* Default maximum size (in bytes) for messages (can be re-defined for each
max_size [5242880] :

* Default disk quota for shared repository
default_shared_quota [] :

** Internationalization related **

* Supported languages
... This is the set of language that will be proposed to your users for the
Sympa GUI. Don't select a language if you don't have the proper locale
packages installed.
supported_lang [ca,cs,de,el,es,et,en-US,fr,fi,hu,it,ja,ko,nl,nb,oc,pl,pt-BR,ru,sv,tr,vi,zh-CN,zh-TW] : fr

* Default language (one of supported languages)
... This is the default language used by Sympa
lang [en-US] : fr-FR

* If set to "on", enables support of legacy character set
... See also charset.conf(5) manpage
legacy_character_support_feature [off] :

* Bouncing email rate for warn list owner
bounce_warn_rate [30] :

** Tuning **

* Use of binary version of the list config structure on disk (none |
... Set this parameter to "binary_file" if you manage a big amount of lists
(1000+); it should make the web interface startup faster
cache_list_config [none] :

** Database related **

* Type of the database (mysql|Pg|Oracle|Sybase|SQLite)
... Be careful to the case
db_type [mysql] : mysql

* Name of the database
... With SQLite, the name of the DB corresponds to the DB file
db_name [sympa] : nomdeladb

* Hostname of the database server
db_host [localhost] : localhost

* User for the database connection
db_user [user_name] : usernamedeladb

* Password for the database connection
... What ever you use a password or not, you must protect the SQL server (is
it not a public internet service ?)
db_passwd [user_password] : 'lemotdepasseduuser'

** S/MIME configuration **

* Directory containing trusted CA certificates
capath [] :

* File containing trusted CA certificates
cafile [/home/sympa/default/ca-bundle.crt] :

* Password used to crypt lists private keys
key_passwd [] :

** Antivirus plug-in **

* Path to the antivirus scanner engine
... supported antivirus: Clam AntiVirus/clamscan & clamdscan, McAfee/uvscan,
Fsecure/fsav, Sophos, AVP and Trend Micro/VirusWall
antivirus_path [] :

* Antivirus plugin command argument
antivirus_args [] :

** Tag based spam filtering **

* If a spam filter (like spamassassin or j-chkmail) add a smtp headers to tag
spams, name of this header (example X-Spam-Status)
antispam_tag_header_name [X-Spam-Status] :

* Regexp applied on this header to verify message is a spam (example Yes)
antispam_tag_header_spam_regexp [^\s*Yes] :

* Regexp applied on this header to verify message is NOT a spam (example No)
antispam_tag_header_ham_regexp [^\s*No] :

* Messages are supposed to be filtered by an antispam that add one more
headers to messages. This parameter is used to select a special scenario in
order to decide the message spam status: ham, spam or unsure. This parameter
replace antispam_tag_header_name, antispam_tag_header_spam_regexp and
spam_status [x-spam-status] :

** Web interface parameters **

* Directory for storing HTML archives
... Better if not in a critical partition
arc_path [/home/sympa/arc] :

* Default index organization when entering the web archive: either threaded or
in chronological order
archive_default_index [thrd] :

* Activates a custom archiver to use instead of MHonArc. The value of this
parameter is the absolute path on the file system to the script of the
custom archiver.
custom_archiver [] :

* Type of main Web page ( lists | home )
default_home [home] :

* Syslog facility for wwsympa, archived and bounced
... Default is to use previously defined sympa log facility.
log_facility [LOCAL1] :

* Path to MHonArc mail2html plugin
... This is required for HTML mail archiving
mhonarc [/usr/bin/mhonarc] :

* Title of main Web page
title [Mailing lists service] :

* If set to "on", users will be able to post messages in HTML using a
javascript WYSIWYG editor.
use_html_editor [0] :

* Is FastCGI module for HTTP server installed (0 | 1)
... This module provide much faster web interface
use_fast_cgi [1] :

* Web domain of a virtual host
http_host [host.domain.tld] :

* The password validation techniques to be used against user passwords that
are added to mailing lists. Options come from Data::Password
password_validation [] :
/etc/sympa/sympa.conf have been updated.
Previous versions have been saved as /etc/sympa/sympa.conf.05.Mar.2017-12.51.56.

/!\ Vérifier les droits du fichier sympa.conf dans /etc/sympa, il doit être en sympa:sympa

faire un mysql_secure_installation,
puis creer la bdd, user et appliquer les droits (dans l’exemple)

mysql -u root -p
CREATE DATABASE dbsympa COLLATE UTF8_general_ci;
CREATE USER usersympa identified by 'motdepasse';
GRANT ALL PRIVILEGES ON dbsympa.* to usersympa@localhost identified by 'motdepasse';

Modification du script d’init de sympa

# vim /etc/init.d/sympa

ajouter les lignes suivantes en haut du fichier après la ligne #!/bin/sh

# Provides:             sympa
# Required-Start:       $syslog $remote_fs $network
# Required-Stop:        $syslog $remote_fs
# Default-Start:        2 3 4 5
# Default-Stop:         0 1 6
# Short-Description:    Sympa Mailing lists management
# Description:          Sympa is a powerfull mailing lists management system

réinitialise le script

# update-rc.d sympa defaults

Démarrer le serveur sympa

# /etc/init.d/sympa start

Starting Sympa subsystem:
Checking environment: success
Starting module sympa_msg.pl: success
Starting module bulk.pl: success
Starting module archived.pl: success
Starting module bounced.pl: success
Starting module task_manager.pl: success

Installer les modules complémentaires

# apt install libapache2-mod-fastcgi apache2-suexec-custom libcgi-fast-perl

Activer fastcgi et suexec

# a2enmod fastcgi
# a2enmod suexec

Redemarrer apache

# systemctl restart apache2

Création du vhost

# vim /etc/apache2/sites-available/sympa.conf
FastCgiServer /home/sympa/bin/wwsympa-wrapper.fcgi -processes 2

ServerName srv-sympa.mondomaine.tld
ServerAdmin postmaster@mondomaine.tld

ScriptAlias /sympa /home/sympa/bin/wwsympa-wrapper.fcgi
DirectoryIndex sympa/
SuExecUserGroup        sympa sympa
DocumentRoot    /var/www

Alias /wwsicons /usr/share/sympa/icons
Alias /static-sympa /home/sympa/static_content

SetHandler fastcgi-script
AddHandler fastcgi-script .fcgi .fpl .pl
Options +ExecCGI
Options +FollowSymLinks
Require all granted

Options +FollowSymLinks
Require all granted

Puis activer le vhost et reloader apache

# a2ensite sympa.conf
# systemctl reload apache2


Modification du main.cf pour que sympa ajoute les alias dans /etc/mail/sympa_aliases

# vim /etc/postfix/main.cf

Modifier alias_maps comme ci dessous

alias_maps = hash:/etc/aliases,hash:/etc/mail/sympa_aliases

Modifier alias_database comme ci dessous

alias_database = hash:/etc/aliases,hash:/etc/mail/sympa_aliases

Modifier egalement la directive mydestination en ajoutant le domaine du serveur sympa

mydestination = $myhostname, srv-sympa.mondomaine.tld, srv-sympa, localhost.localdomain, localhost

Renseigner relayhost si Sympa dépend d’un autre serveur de messagerie

relayhost = [serveurmail.mondomaine.tld]:25

Vérifier vos reseaux autorisés

mynetworks =

Modifier ensuite le fichier master.cf :

# vim /etc/postfix/master.cf

Ajouter en fin de fichier

  sympa     unix  -       n       n       -       -       pipe
      flags=R user=sympa argv=/home/sympa/bin/queue ${recipient}
  sympabounce  unix  -       n       n       -       -       pipe
      flags=R user=sympa argv=/home/sympa/bin/bouncequeue ${recipient}

Puis redémarrer postfix

# systemctl restart postfix


Configurer les traces

# vim /etc/rsyslog.conf

Ajouter a la fin de fichier

# Specifique a Sympa
local1.*       /var/log/sympa

Puis de redémarrer le serveur de log :

# systemctl restart rsyslog


Installation de sympa est terminé.
/!\ Penser a configurer le record A

voici un exemple chez mon registrar

@           A     189.xxx.xxx.xxx
srv-mail    A     189.xxx.xxx.xxx
srv-sympa   A     234.xxx.xxx.xxx
@           MX    srv-mail.mondomaine.tld. (10)

/!\ Penser a ouvrir le port 25 sur le FW

voici un petit aperçu de la partie exploitation.
Il faut cliquer sur première connexion pour pouvoir modifier l’adresse du listmaster et pour que d’autres utilisateurs puisses creer un compte et des listes après validation du listmaster.

Entrer le mail du listmaster ou un utilisateur qui désire utiliser le service (requis validation)


A réception créer le mdp et modifier le nom

Cliquer sur accueil pour voir les différentes options
Choisir création de liste

Définir un nom, objet, description et choisir le type de liste.

Après validation, il faut activer la liste

L’Administrateur validera les listes

Chercher une liste regroupe les listes créer par les utilisateurs autorisés

Il y a énormément de possibilités avec Sympa,

Voici une très bonne documentation quand a la mise en place de sympa

No votes yet.
Please wait...

Laisser un commentaire

Votre adresse de messagerie ne sera pas publiée. Les champs obligatoires sont indiqués avec *