I am experimenting with containerizing Mailman 3. Currently, it seems like it's supposed to write to a directory which the MTA can read. Essentially the directory /var/lists/ is used such that a subdirectory in the form of <list>.<domain> tells the MTA to receive list mail. You can see this here in the exim conf they use an example,
MM3_LMTP_PORT=8024
# MM3_HOME must be set to mailman's var directory, wherever it is
# according to your installation.
MM3_HOME=/opt/mailman/var
MM3_UID=list
MM3_GID=list
################################################################
# The configuration below is boilerplate:
# you should not need to change it.
# The path to the list receipt (used as the required file when
# matching list addresses)
MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
A directory like this,
/var/lists/foo.bar.com
Tells Exim to accept mail at [email protected] as deliverable.
Is it possible to configure Mailman3 and Exim such that files aren't used? This is desirable because I would like Mailman3 to run in a rootless container (separate filesystem namespace) so a compromised Mailman can't access other files owned by the Exim user (and vise-versa, that a compromised Exim can't get raw-write access to the mailing list store).
