From 372c13dcbdde1ca18d192236fc5ac132bd9d82f3 Mon Sep 17 00:00:00 2001
From: liuyanglinux <yang_liu0418@163.com>
Date: Thu, 12 Jan 2023 19:26:00 +0800
Subject: [PATCH] update opengauss mailweb/mailcore/exim

---
 deploy/mail/config.yaml         | 3515 -------------------------------
 deploy/mail/exim-configmap.yaml | 1015 +++++++++
 deploy/mail/ingress.yaml        |   26 +
 deploy/mail/kustomization.yaml  |   14 +
 deploy/mail/mailcore-utils.yaml |   82 -
 deploy/mail/mailcore.yaml       |   97 +-
 deploy/mail/mtaservice.yaml     |   66 +-
 deploy/mail/nginx-config.yaml   |   60 +
 deploy/mail/secrets.yaml        |   51 +-
 deploy/mail/storage.yaml        |   14 +
 deploy/mail/webservice.yaml     |  152 +-
 11 files changed, 1297 insertions(+), 3795 deletions(-)
 delete mode 100644 deploy/mail/config.yaml
 create mode 100644 deploy/mail/exim-configmap.yaml
 create mode 100644 deploy/mail/ingress.yaml
 create mode 100644 deploy/mail/kustomization.yaml
 delete mode 100644 deploy/mail/mailcore-utils.yaml
 create mode 100644 deploy/mail/nginx-config.yaml

diff --git a/deploy/mail/config.yaml b/deploy/mail/config.yaml
deleted file mode 100644
index 3ab5ac9b..00000000
--- a/deploy/mail/config.yaml
+++ /dev/null
@@ -1,3515 +0,0 @@
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mailman-core-configmap
-  namespace: mail
-data:
-  #patch subscriptions.py for unsubscription without confirm
-  subscriptions.py: |
-    # Copyright (C) 2009-2019 by the Free Software Foundation, Inc.
-    #
-    # This file is part of GNU Mailman.
-    #
-    # GNU Mailman is free software: you can redistribute it and/or modify it under
-    # the terms of the GNU General Public License as published by the Free
-    # Software Foundation, either version 3 of the License, or (at your option)
-    # any later version.
-    #
-    # GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
-    # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-    # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-    # more details.
-    #
-    # You should have received a copy of the GNU General Public License along with
-    # GNU Mailman.  If not, see <https://www.gnu.org/licenses/>.
-    
-    """Handle subscriptions."""
-    
-    import uuid
-    import logging
-    
-    from datetime import timedelta
-    from email.utils import formataddr
-    from enum import Enum
-    from mailman.app.membership import delete_member
-    from mailman.app.workflow import Workflow
-    from mailman.core.i18n import _
-    from mailman.database.transaction import flush
-    from mailman.email.message import UserNotification
-    from mailman.interfaces.address import IAddress
-    from mailman.interfaces.bans import IBanManager
-    from mailman.interfaces.listmanager import ListDeletingEvent
-    from mailman.interfaces.mailinglist import SubscriptionPolicy
-    from mailman.interfaces.member import (
-        AlreadySubscribedError, MemberRole, MembershipIsBannedError,
-        NotAMemberError)
-    from mailman.interfaces.pending import IPendable, IPendings
-    from mailman.interfaces.subscriptions import (
-        ISubscriptionManager, ISubscriptionService,
-        SubscriptionConfirmationNeededEvent, SubscriptionPendingError, TokenOwner,
-        UnsubscriptionConfirmationNeededEvent)
-    from mailman.interfaces.template import ITemplateLoader
-    from mailman.interfaces.user import IUser
-    from mailman.interfaces.usermanager import IUserManager
-    from mailman.interfaces.workflow import IWorkflowStateManager
-    from mailman.utilities.datetime import now
-    from mailman.utilities.string import expand, wrap
-    from public import public
-    from zope.component import getUtility
-    from zope.event import notify
-    from zope.interface import implementer
-    
-    log = logging.getLogger('mailman.subscribe')
-    
-    
-    class WhichSubscriber(Enum):
-        address = 1
-        user = 2
-    
-    @implementer(IPendable)
-    class PendableSubscription(dict):
-        PEND_TYPE = 'subscription'
-    
-    
-    @implementer(IPendable)
-    class PendableUnsubscription(dict):
-        PEND_TYPE = 'unsubscription'
-    
-    
-    class _SubscriptionWorkflowCommon(Workflow):
-        """Common support between subscription and unsubscription."""
-    
-        PENDABLE_CLASS = None
-    
-        def __init__(self, mlist, subscriber):
-            super().__init__()
-            self.mlist = mlist
-            self.address = None
-            self.user = None
-            self.which = None
-            self.member = None
-            self._set_token(TokenOwner.no_one)
-            # The subscriber must be either an IUser or IAddress.
-            if IAddress.providedBy(subscriber):
-                self.address = subscriber
-                self.user = self.address.user
-                self.which = WhichSubscriber.address
-            elif IUser.providedBy(subscriber):
-                self.address = subscriber.preferred_address
-                self.user = subscriber
-                self.which = WhichSubscriber.user
-            self.subscriber = subscriber
-    
-        @property
-        def user_key(self):
-            # For save.
-            return self.user.user_id.hex
-    
-        @user_key.setter
-        def user_key(self, hex_key):
-            # For restore.
-            uid = uuid.UUID(hex_key)
-            self.user = getUtility(IUserManager).get_user_by_id(uid)
-            if self.user is None:
-                self.user = self.address.user
-    
-        @property
-        def address_key(self):
-            # For save.
-            return self.address.email
-    
-        @address_key.setter
-        def address_key(self, email):
-            # For restore.
-            self.address = getUtility(IUserManager).get_address(email)
-            assert self.address is not None
-    
-        @property
-        def subscriber_key(self):
-            return self.which.value
-    
-        @subscriber_key.setter
-        def subscriber_key(self, key):
-            self.which = WhichSubscriber(key)
-    
-        @property
-        def token_owner_key(self):
-            return self.token_owner.value
-    
-        @token_owner_key.setter
-        def token_owner_key(self, value):
-            self.token_owner = TokenOwner(value)
-    
-        def _set_token(self, token_owner):
-            assert isinstance(token_owner, TokenOwner)
-            pendings = getUtility(IPendings)
-            # Clear out the previous pending token if there is one.
-            if self.token is not None:
-                pendings.confirm(self.token)
-            # Create a new token to prevent replay attacks.  It seems like this
-            # would produce the same token, but it won't because the pending adds a
-            # bit of randomization.
-            self.token_owner = token_owner
-            if token_owner is TokenOwner.no_one:
-                self.token = None
-                return
-            pendable = self.PENDABLE_CLASS(
-                list_id=self.mlist.list_id,
-                email=self.address.email,
-                display_name=self.address.display_name,
-                when=now().replace(microsecond=0).isoformat(),
-                token_owner=token_owner.name,
-                )
-            self.token = pendings.add(pendable, timedelta(days=3650))
-    
-    @public
-    class SubscriptionWorkflow(_SubscriptionWorkflowCommon):
-        """Workflow of a subscription request."""
-    
-        PENDABLE_CLASS = PendableSubscription
-        INITIAL_STATE = 'sanity_checks'
-        SAVE_ATTRIBUTES = (
-            'pre_approved',
-            'pre_confirmed',
-            'pre_verified',
-            'address_key',
-            'subscriber_key',
-            'user_key',
-            'token_owner_key',
-            )
-    
-        def __init__(self, mlist, subscriber=None, *,
-                     pre_verified=False, pre_confirmed=False, pre_approved=False):
-            super().__init__(mlist, subscriber)
-            self.pre_verified = pre_verified
-            self.pre_confirmed = pre_confirmed
-            self.pre_approved = pre_approved
-    
-        def _step_sanity_checks(self):
-            # Ensure that we have both an address and a user, even if the address
-            # is not verified.  We can't set the preferred address until it is
-            # verified.
-            if self.user is None:
-                # The address has no linked user so create one, link it, and set
-                # the user's preferred address.
-                assert self.address is not None, 'No address or user'
-                self.user = getUtility(IUserManager).make_user(self.address.email)
-            if self.address is None:
-                assert self.user.preferred_address is None, (
-                    "Preferred address exists, but wasn't used in constructor")
-                addresses = list(self.user.addresses)
-                if len(addresses) == 0:
-                    raise AssertionError('User has no addresses: {}'.format(
-                        self.user))
-                # This is rather arbitrary, but we have no choice.
-                self.address = addresses[0]
-            assert self.user is not None and self.address is not None, (
-                'Insane sanity check results')
-            # Is this subscriber already a member?
-            if (self.which is WhichSubscriber.user and
-                    self.user.preferred_address is not None):
-                subscriber = self.user
-            else:
-                subscriber = self.address
-            if self.mlist.is_subscribed(subscriber):
-                # 2017-04-22 BAW: This branch actually *does* get covered, as I've
-                # verified by a full coverage run, but diffcov for some reason
-                # claims that the test added in the branch that added this code
-                # does not cover the change.  That seems like a bug in diffcov.
-                raise AlreadySubscribedError(           # pragma: nocover
-                    self.mlist.fqdn_listname,
-                    self.address.email,
-                    MemberRole.member)
-            # Is this email address banned?
-            if IBanManager(self.mlist).is_banned(self.address.email):
-                raise MembershipIsBannedError(self.mlist, self.address.email)
-            # Check if there is already a subscription request for this email.
-            pendings = getUtility(IPendings).find(
-                mlist=self.mlist,
-                pend_type='subscription')
-            for token, pendable in pendings:
-                if pendable['email'] == self.address.email:
-                    raise SubscriptionPendingError(self.mlist, self.address.email)
-            # Start out with the subscriber being the token owner.
-            self.push('verification_checks')
-    
-        def _step_verification_checks(self):
-            # Is the address already verified, or is the pre-verified flag set?
-            if self.address.verified_on is None:
-                if self.pre_verified:
-                    self.address.verified_on = now()
-                else:
-                    # The address being subscribed is not yet verified, so we need
-                    # to send a validation email that will also confirm that the
-                    # user wants to be subscribed to this mailing list.
-                    self.push('send_confirmation')
-                    return
-            self.push('confirmation_checks')
-    
-        def _step_confirmation_checks(self):
-            # If the list's subscription policy is open, then the user can be
-            # subscribed right here and now.
-            if self.mlist.subscription_policy is SubscriptionPolicy.open:
-                self.push('do_subscription')
-                return
-            # If we do not need the user's confirmation, then skip to the
-            # moderation checks.
-            if self.mlist.subscription_policy is SubscriptionPolicy.moderate:
-                self.push('moderation_checks')
-                return
-            # If the subscription has been pre-confirmed, then we can skip the
-            # confirmation check can be skipped.  If moderator approval is
-            # required we need to check that, otherwise we can go straight to
-            # subscription.
-            if self.pre_confirmed:
-                next_step = (
-                    'moderation_checks'
-                    if self.mlist.subscription_policy is
-                        SubscriptionPolicy.confirm_then_moderate   # noqa: E131
-                    else 'do_subscription')
-                self.push(next_step)
-                return
-            # The user must confirm their subscription.
-            self.push('send_confirmation')
-    
-        def _step_moderation_checks(self):
-            # Does the moderator need to approve the subscription request?
-            assert self.mlist.subscription_policy in (
-                SubscriptionPolicy.moderate,
-                SubscriptionPolicy.confirm_then_moderate,
-                ), self.mlist.subscription_policy
-            if self.pre_approved:
-                self.push('do_subscription')
-            else:
-                self.push('get_moderator_approval')
-    
-        def _step_get_moderator_approval(self):
-            # Here's the next step in the workflow, assuming the moderator
-            # approves of the subscription.  If they don't, the workflow and
-            # subscription request will just be thrown away.
-            self._set_token(TokenOwner.moderator)
-            self.push('subscribe_from_restored')
-            self.save()
-            log.info('{}: held subscription request from {}'.format(
-                self.mlist.fqdn_listname, self.address.email))
-            # Possibly send a notification to the list moderators.
-            if self.mlist.admin_immed_notify:
-                subject = _(
-                    'New subscription request to $self.mlist.display_name '
-                    'from $self.address.email')
-                username = formataddr(
-                    (self.subscriber.display_name, self.address.email))
-                template = getUtility(ITemplateLoader).get(
-                    'list:admin:action:subscribe', self.mlist)
-                text = wrap(expand(template, self.mlist, dict(
-                    member=username,
-                    )))
-                # This message should appear to come from the <list>-owner so as
-                # to avoid any useless bounce processing.
-                msg = UserNotification(
-                    self.mlist.owner_address, self.mlist.owner_address,
-                    subject, text, self.mlist.preferred_language)
-                msg.send(self.mlist)
-            # The workflow must stop running here.
-            raise StopIteration
-    
-        def _step_subscribe_from_restored(self):
-            # Prevent replay attacks.
-            self._set_token(TokenOwner.no_one)
-            # Restore a little extra state that can't be stored in the database
-            # (because the order of setattr() on restore is indeterminate), then
-            # subscribe the user.
-            if self.which is WhichSubscriber.address:
-                self.subscriber = self.address
-            else:
-                assert self.which is WhichSubscriber.user
-                self.subscriber = self.user
-            self.push('do_subscription')
-    
-        def _step_do_subscription(self):
-            # We can immediately subscribe the user to the mailing list.
-            self.member = self.mlist.subscribe(self.subscriber)
-            assert self.token is None and self.token_owner is TokenOwner.no_one, (
-                'Unexpected active token at end of subscription workflow')
-    
-        def _step_send_confirmation(self):
-            self._set_token(TokenOwner.subscriber)
-            self.push('do_confirm_verify')
-            self.save()
-            # Triggering this event causes the confirmation message to be sent.
-            notify(SubscriptionConfirmationNeededEvent(
-                self.mlist, self.token, self.address.email))
-            # Now we wait for the confirmation.
-            raise StopIteration
-    
-        def _step_do_confirm_verify(self):
-            # Restore a little extra state that can't be stored in the database
-            # (because the order of setattr() on restore is indeterminate), then
-            # continue with the confirmation/verification step.
-            if self.which is WhichSubscriber.address:
-                self.subscriber = self.address
-            else:
-                assert self.which is WhichSubscriber.user
-                self.subscriber = self.user
-            # Reset the token so it can't be used in a replay attack.
-            self._set_token(TokenOwner.no_one)
-            # The user has confirmed their subscription request, and also verified
-            # their email address if necessary.  This latter needs to be set on the
-            # IAddress, but there's nothing more to do about the confirmation step.
-            # We just continue along with the workflow.
-            if self.address.verified_on is None:
-                self.address.verified_on = now()
-            # The next step depends on the mailing list's subscription policy.
-            next_step = ('moderation_checks'
-                         if self.mlist.subscription_policy in (
-                             SubscriptionPolicy.moderate,
-                             SubscriptionPolicy.confirm_then_moderate,
-                             )
-                         else 'do_subscription')
-            self.push(next_step)
-    
-    @public
-    class UnSubscriptionWorkflow(_SubscriptionWorkflowCommon):
-        """Workflow of a unsubscription request."""
-    
-        PENDABLE_CLASS = PendableUnsubscription
-        INITIAL_STATE = 'subscription_checks'
-        SAVE_ATTRIBUTES = (
-            'pre_approved',
-            'pre_confirmed',
-            'address_key',
-            'user_key',
-            'subscriber_key',
-            'token_owner_key',
-            )
-    
-        def __init__(self, mlist, subscriber=None, *,
-                     pre_approved=False, pre_confirmed=False):
-            super().__init__(mlist, subscriber)
-            if IAddress.providedBy(subscriber) or IUser.providedBy(subscriber):
-                self.member = self.mlist.regular_members.get_member(
-                    self.address.email)
-            self.pre_confirmed = pre_confirmed
-            self.pre_approved = pre_approved
-    
-        def _step_subscription_checks(self):
-            assert self.mlist.is_subscribed(self.subscriber)
-            self.push('confirmation_checks')
-    
-        def _step_confirmation_checks(self):
-            # If list's unsubscription policy is open, the user can unsubscribe
-            # right now.
-            #if self.mlist.unsubscription_policy is SubscriptionPolicy.open :
-            self.push('do_unsubscription')
-            return
-            # If we don't need the user's confirmation, then skip to the moderation
-            # checks.
-            # if self.mlist.unsubscription_policy is SubscriptionPolicy.moderate:
-            #    self.push('moderation_checks')
-            #    return
-            # If the request is pre-confirmed, then the user can unsubscribe right
-            # now.
-            # if self.pre_confirmed:
-            #    self.push('do_unsubscription')
-            #    return
-            # The user must confirm their un-subsbcription.
-            # self.push('send_confirmation')
-    
-        def _step_send_confirmation(self):
-            self._set_token(TokenOwner.subscriber)
-            self.push('do_confirm_verify')
-            self.save()
-            notify(UnsubscriptionConfirmationNeededEvent(
-                self.mlist, self.token, self.address.email))
-            raise StopIteration
-    
-        def _step_moderation_checks(self):
-            # Does the moderator need to approve the unsubscription request?
-            assert self.mlist.unsubscription_policy in (
-                SubscriptionPolicy.moderate,
-                SubscriptionPolicy.confirm_then_moderate,
-                ), self.mlist.unsubscription_policy
-            if self.pre_approved:
-                self.push('do_unsubscription')
-            else:
-                self.push('get_moderator_approval')
-    
-        def _step_get_moderator_approval(self):
-            self._set_token(TokenOwner.moderator)
-            self.push('unsubscribe_from_restored')
-            self.save()
-            log.info('{}: held unsubscription request from {}'.format(
-                self.mlist.fqdn_listname, self.address.email))
-            if self.mlist.admin_immed_notify:
-                subject = _(
-                    'New unsubscription request to $self.mlist.display_name '
-                    'from $self.address.email')
-                username = formataddr(
-                    (self.subscriber.display_name, self.address.email))
-                template = getUtility(ITemplateLoader).get(
-                    'list:admin:action:unsubscribe', self.mlist)
-                text = wrap(expand(template, self.mlist, dict(
-                    member=username,
-                    )))
-                # This message should appear to come from the <list>-owner so as
-                # to avoid any useless bounce processing.
-                msg = UserNotification(
-                    self.mlist.owner_address, self.mlist.owner_address,
-                    subject, text, self.mlist.preferred_language)
-                msg.send(self.mlist)
-            # The workflow must stop running here
-            raise StopIteration
-    
-        def _step_do_confirm_verify(self):
-            # Restore a little extra state that can't be stored in the database
-            # (because the order of setattr() on restore is indeterminate), then
-            # continue with the confirmation/verification step.
-            if self.which is WhichSubscriber.address:
-                self.subscriber = self.address
-            else:
-                assert self.which is WhichSubscriber.user
-                self.subscriber = self.user
-            # Reset the token so it can't be used in a replay attack.
-            self._set_token(TokenOwner.no_one)
-            # Restore the member object.
-            self.member = self.mlist.regular_members.get_member(self.address.email)
-            # It's possible the member was already unsubscribed while we were
-            # waiting for the confirmation.
-            if self.member is None:
-                return
-            # The user has confirmed their unsubscription request
-            next_step = ('moderation_checks'
-                         if self.mlist.unsubscription_policy in (
-                              SubscriptionPolicy.moderate,
-                              SubscriptionPolicy.confirm_then_moderate,
-                              )
-                         else 'do_unsubscription')
-            self.push(next_step)
-    
-        def _step_do_unsubscription(self):
-            try:
-                delete_member(self.mlist, self.address.email)
-            except NotAMemberError:
-                # The member has already been unsubscribed.
-                pass
-            self.member = None
-            assert self.token is None and self.token_owner is TokenOwner.no_one, (
-                'Unexpected active token at end of subscription workflow')
-    
-        def _step_unsubscribe_from_restored(self):
-            # Prevent replay attacks.
-            self._set_token(TokenOwner.no_one)
-            if self.which is WhichSubscriber.address:
-                self.subscriber = self.address
-            else:
-                assert self.which is WhichSubscriber.user
-                self.subscriber = self.user
-            self.push('do_unsubscription')
-    
-    @public
-    @implementer(ISubscriptionManager)
-    class SubscriptionManager:
-        def __init__(self, mlist):
-            self._mlist = mlist
-    
-        def register(self, subscriber=None, *,
-                     pre_verified=False, pre_confirmed=False, pre_approved=False):
-            """See `ISubscriptionManager`."""
-            workflow = SubscriptionWorkflow(
-                self._mlist, subscriber,
-                pre_verified=pre_verified,
-                pre_confirmed=pre_confirmed,
-                pre_approved=pre_approved)
-            list(workflow)
-            return workflow.token, workflow.token_owner, workflow.member
-    
-        def unregister(self, subscriber=None, *,
-                       pre_confirmed=False, pre_approved=False):
-            workflow = UnSubscriptionWorkflow(
-                self._mlist, subscriber,
-                pre_confirmed=pre_confirmed,
-                pre_approved=pre_approved)
-            list(workflow)
-            return workflow.token, workflow.token_owner, workflow.member
-    
-        def confirm(self, token):
-            if token is None:
-                raise LookupError
-            pendable = getUtility(IPendings).confirm(token, expunge=False)
-            if pendable is None:
-                raise LookupError
-            workflow_type = pendable.get('type')
-            assert workflow_type in (PendableSubscription.PEND_TYPE,
-                                     PendableUnsubscription.PEND_TYPE)
-            workflow = (SubscriptionWorkflow
-                        if workflow_type == PendableSubscription.PEND_TYPE
-                        else UnSubscriptionWorkflow)(self._mlist)
-            workflow.token = token
-            workflow.restore()
-            # In order to just run the whole workflow, all we need to do
-            # is iterate over the workflow object. On calling the __next__
-            # over the workflow iterator it automatically executes the steps
-            # that needs to be done.
-            list(workflow)
-            return workflow.token, workflow.token_owner, workflow.member
-    
-        def discard(self, token):
-            with flush():
-                getUtility(IPendings).confirm(token)
-                getUtility(IWorkflowStateManager).discard(token)
-    
-    def _handle_confirmation_needed_events(event, template_name):
-        subject = 'confirm {}'.format(event.token)
-        confirm_address = event.mlist.confirm_address(event.token)
-        email_address = event.email
-        # Send a verification email to the address.
-        template = getUtility(ITemplateLoader).get(template_name, event.mlist)
-        text = expand(template, event.mlist, dict(
-            token=event.token,
-            subject=subject,
-            confirm_email=confirm_address,
-            user_email=email_address,
-            # For backward compatibility.
-            confirm_address=confirm_address,
-            email_address=email_address,
-            domain_name=event.mlist.domain.mail_host,
-            contact_address=event.mlist.owner_address,
-            ))
-        msg = UserNotification(
-            email_address, confirm_address, subject, text,
-            event.mlist.preferred_language)
-        msg.send(event.mlist, add_precedence=False)
-    
-    @public
-    def handle_SubscriptionConfirmationNeededEvent(event):
-        if not isinstance(event, SubscriptionConfirmationNeededEvent):
-            return
-        _handle_confirmation_needed_events(event, 'list:user:action:subscribe')
-    
-    @public
-    def handle_UnsubscriptionConfirmationNeededEvent(event):
-        if not isinstance(event, UnsubscriptionConfirmationNeededEvent):
-            return
-        _handle_confirmation_needed_events(event, 'list:user:action:unsubscribe')
-      
-    @public
-    def handle_ListDeletingEvent(event):
-        """Delete a mailing list's members when the list is being deleted."""
-    
-        if not isinstance(event, ListDeletingEvent):
-            return
-        # Find all the members still associated with the mailing list.
-        members = getUtility(ISubscriptionService).find_members(
-            list_id=event.mailing_list.list_id)
-        for member in members:
-            member.unsubscribe()
-
-  #patch base64mime.py for the purpose of encoding fix at: https://bugs.python.org/issue44560
-  base64mime.py: |
-    # Copyright (C) 2002-2007 Python Software Foundation
-    # Author: Ben Gertzfield
-    # Contact: email-sig@python.org
-    """Base64 content transfer encoding per RFCs 2045-2047.
-    This module handles the content transfer encoding method defined in RFC 2045
-    to encode arbitrary 8-bit data using the three 8-bit bytes in four 7-bit
-    characters encoding known as Base64.
-    It is used in the MIME standards for email to attach images, audio, and text
-    using some 8-bit character sets to messages.
-    This module provides an interface to encode and decode both headers and bodies
-    with Base64 encoding.
-    RFC 2045 defines a method for including character set information in an
-    `encoded-word' in a header.  This method is commonly used for 8-bit real names
-    in To:, From:, Cc:, etc. fields, as well as Subject: lines.
-    This module does not do the line wrapping or end-of-line character conversion
-    necessary for proper internationalized headers; it only does dumb encoding and
-    decoding.  To deal with the various line wrapping issues, use the email.header
-    module.
-    """
-    __all__ = [
-        'body_decode',
-        'body_encode',
-        'decode',
-        'decodestring',
-        'header_encode',
-        'header_length',
-        ]
-    from base64 import b64encode
-    from binascii import b2a_base64, a2b_base64
-    CRLF = '\r\n'
-    NL = '\n'
-    EMPTYSTRING = ''
-    # See also Charset.py
-    MISC_LEN = 7
-    # Helpers
-    def header_length(bytearray):
-        """Return the length of s when it is encoded with base64."""
-        groups_of_3, leftover = divmod(len(bytearray), 3)
-        # 4 bytes out for each 3 bytes (or nonzero fraction thereof) in.
-        n = groups_of_3 * 4
-        if leftover:
-            n += 4
-        return n
-    def header_encode(header_bytes, charset='iso-8859-1'):
-        """Encode a single header line with Base64 encoding in a given charset.
-        charset names the character set to use to encode the header.  It defaults
-        to iso-8859-1.  Base64 encoding is defined in RFC 2045.
-        """
-        if not header_bytes:
-            return ""
-        if isinstance(header_bytes, str):
-            header_bytes = header_bytes.encode(charset)
-        encoded = b64encode(header_bytes).decode("ascii")
-        if charset == "eucgb2312_cn":
-            charset = "gb2312"
-        return '=?%s?b?%s?=' % (charset, encoded)
-    def body_encode(s, maxlinelen=76, eol=NL):
-        r"""Encode a string with base64.
-        Each line will be wrapped at, at most, maxlinelen characters (defaults to
-        76 characters).
-        Each line of encoded text will end with eol, which defaults to "\n".  Set
-        this to "\r\n" if you will be using the result of this function directly
-        in an email.
-        """
-        if not s:
-            return s
-        encvec = []
-        max_unencoded = maxlinelen * 3 // 4
-        for i in range(0, len(s), max_unencoded):
-            # BAW: should encode() inherit b2a_base64()'s dubious behavior in
-            # adding a newline to the encoded string?
-            enc = b2a_base64(s[i:i + max_unencoded]).decode("ascii")
-            if enc.endswith(NL) and eol != NL:
-                enc = enc[:-1] + eol
-            encvec.append(enc)
-        return EMPTYSTRING.join(encvec)
-    def decode(string):
-        """Decode a raw base64 string, returning a bytes object.
-        This function does not parse a full MIME header value encoded with
-        base64 (like =?iso-8859-1?b?bmloISBuaWgh?=) -- please use the high
-        level email.header class for that functionality.
-        """
-        if not string:
-            return bytes()
-        elif isinstance(string, str):
-            return a2b_base64(string.encode('raw-unicode-escape'))
-        else:
-            return a2b_base64(string)
-    # For convenience and backwards compatibility w/ standard base64 module
-    body_decode = decode
-    decodestring = decode
-  # patch base64mime.py for the purpose of encoding fix at: https://bugs.python.org/issue44560
-  quoprimime.py: |
-    # Copyright (C) 2001-2006 Python Software Foundation
-    # Author: Ben Gertzfield
-    # Contact: email-sig@python.org
-    """Quoted-printable content transfer encoding per RFCs 2045-2047.
-    This module handles the content transfer encoding method defined in RFC 2045
-    to encode US ASCII-like 8-bit data called `quoted-printable'.  It is used to
-    safely encode text that is in a character set similar to the 7-bit US ASCII
-    character set, but that includes some 8-bit characters that are normally not
-    allowed in email bodies or headers.
-    Quoted-printable is very space-inefficient for encoding binary files; use the
-    email.base64mime module for that instead.
-    This module provides an interface to encode and decode both headers and bodies
-    with quoted-printable encoding.
-    RFC 2045 defines a method for including character set information in an
-    `encoded-word' in a header.  This method is commonly used for 8-bit real names
-    in To:/From:/Cc: etc. fields, as well as Subject: lines.
-    This module does not do the line wrapping or end-of-line character
-    conversion necessary for proper internationalized headers; it only
-    does dumb encoding and decoding.  To deal with the various line
-    wrapping issues, use the email.header module.
-    """
-    __all__ = [
-        'body_decode',
-        'body_encode',
-        'body_length',
-        'decode',
-        'decodestring',
-        'header_decode',
-        'header_encode',
-        'header_length',
-        'quote',
-        'unquote',
-        ]
-    import re
-    from string import ascii_letters, digits, hexdigits
-    CRLF = '\r\n'
-    NL = '\n'
-    EMPTYSTRING = ''
-    # Build a mapping of octets to the expansion of that octet.  Since we're only
-    # going to have 256 of these things, this isn't terribly inefficient
-    # space-wise.  Remember that headers and bodies have different sets of safe
-    # characters.  Initialize both maps with the full expansion, and then override
-    # the safe bytes with the more compact form.
-    _QUOPRI_MAP = ['=%02X' % c for c in range(256)]
-    _QUOPRI_HEADER_MAP = _QUOPRI_MAP[:]
-    _QUOPRI_BODY_MAP = _QUOPRI_MAP[:]
-    # Safe header bytes which need no encoding.
-    for c in b'-!*+/' + ascii_letters.encode('ascii') + digits.encode('ascii'):
-        _QUOPRI_HEADER_MAP[c] = chr(c)
-    # Headers have one other special encoding; spaces become underscores.
-    _QUOPRI_HEADER_MAP[ord(' ')] = '_'
-    # Safe body bytes which need no encoding.
-    for c in (b' !"#$%&\'()*+,-./0123456789:;<>'
-              b'?@ABCDEFGHIJKLMNOPQRSTUVWXYZ[\\]^_`'
-              b'abcdefghijklmnopqrstuvwxyz{|}~\t'):
-        _QUOPRI_BODY_MAP[c] = chr(c)
-    # Helpers
-    def header_check(octet):
-        """Return True if the octet should be escaped with header quopri."""
-        return chr(octet) != _QUOPRI_HEADER_MAP[octet]
-    def body_check(octet):
-        """Return True if the octet should be escaped with body quopri."""
-        return chr(octet) != _QUOPRI_BODY_MAP[octet]
-    def header_length(bytearray):
-        """Return a header quoted-printable encoding length.
-        Note that this does not include any RFC 2047 chrome added by
-        `header_encode()`.
-        :param bytearray: An array of bytes (a.k.a. octets).
-        :return: The length in bytes of the byte array when it is encoded with
-            quoted-printable for headers.
-        """
-        return sum(len(_QUOPRI_HEADER_MAP[octet]) for octet in bytearray)
-    def body_length(bytearray):
-        """Return a body quoted-printable encoding length.
-        :param bytearray: An array of bytes (a.k.a. octets).
-        :return: The length in bytes of the byte array when it is encoded with
-            quoted-printable for bodies.
-        """
-        return sum(len(_QUOPRI_BODY_MAP[octet]) for octet in bytearray)
-    def _max_append(L, s, maxlen, extra=''):
-        if not isinstance(s, str):
-            s = chr(s)
-        if not L:
-            L.append(s.lstrip())
-        elif len(L[-1]) + len(s) <= maxlen:
-            L[-1] += extra + s
-        else:
-            L.append(s.lstrip())
-    def unquote(s):
-        """Turn a string in the form =AB to the ASCII character with value 0xab"""
-        return chr(int(s[1:3], 16))
-    def quote(c):
-        return _QUOPRI_MAP[ord(c)]
-    def header_encode(header_bytes, charset='iso-8859-1'):
-        """Encode a single header line with quoted-printable (like) encoding.
-        Defined in RFC 2045, this `Q' encoding is similar to quoted-printable, but
-        used specifically for email header fields to allow charsets with mostly 7
-        bit characters (and some 8 bit) to remain more or less readable in non-RFC
-        2045 aware mail clients.
-        charset names the character set to use in the RFC 2046 header.  It
-        defaults to iso-8859-1.
-        """
-        # Return empty headers as an empty string.
-        if not header_bytes:
-            return ''
-        # Iterate over every byte, encoding if necessary.
-        encoded = header_bytes.decode('latin1').translate(_QUOPRI_HEADER_MAP)
-        # Now add the RFC chrome to each encoded chunk and glue the chunks
-        # together.
-        if charset == "eucgb2312_cn":
-                charset = "gb2312"
-        return '=?%s?q?%s?=' % (charset, encoded)
-    _QUOPRI_BODY_ENCODE_MAP = _QUOPRI_BODY_MAP[:]
-    for c in b'\r\n':
-        _QUOPRI_BODY_ENCODE_MAP[c] = chr(c)
-    def body_encode(body, maxlinelen=76, eol=NL):
-        """Encode with quoted-printable, wrapping at maxlinelen characters.
-        Each line of encoded text will end with eol, which defaults to "\\n".  Set
-        this to "\\r\\n" if you will be using the result of this function directly
-        in an email.
-        Each line will be wrapped at, at most, maxlinelen characters before the
-        eol string (maxlinelen defaults to 76 characters, the maximum value
-        permitted by RFC 2045).  Long lines will have the 'soft line break'
-        quoted-printable character "=" appended to them, so the decoded text will
-        be identical to the original text.
-        The minimum maxlinelen is 4 to have room for a quoted character ("=XX")
-        followed by a soft line break.  Smaller values will generate a
-        ValueError.
-        """
-        if maxlinelen < 4:
-            raise ValueError("maxlinelen must be at least 4")
-        if not body:
-            return body
-        # quote special characters
-        body = body.translate(_QUOPRI_BODY_ENCODE_MAP)
-        soft_break = '=' + eol
-        # leave space for the '=' at the end of a line
-        maxlinelen1 = maxlinelen - 1
-        encoded_body = []
-        append = encoded_body.append
-        for line in body.splitlines():
-            # break up the line into pieces no longer than maxlinelen - 1
-            start = 0
-            laststart = len(line) - 1 - maxlinelen
-            while start <= laststart:
-                stop = start + maxlinelen1
-                # make sure we don't break up an escape sequence
-                if line[stop - 2] == '=':
-                    append(line[start:stop - 1])
-                    start = stop - 2
-                elif line[stop - 1] == '=':
-                    append(line[start:stop])
-                    start = stop - 1
-                else:
-                    append(line[start:stop] + '=')
-                    start = stop
-            # handle rest of line, special case if line ends in whitespace
-            if line and line[-1] in ' \t':
-                room = start - laststart
-                if room >= 3:
-                    # It's a whitespace character at end-of-line, and we have room
-                    # for the three-character quoted encoding.
-                    q = quote(line[-1])
-                elif room == 2:
-                    # There's room for the whitespace character and a soft break.
-                    q = line[-1] + soft_break
-                else:
-                    # There's room only for a soft break.  The quoted whitespace
-                    # will be the only content on the subsequent line.
-                    q = soft_break + quote(line[-1])
-                append(line[start:-1] + q)
-            else:
-                append(line[start:])
-        # add back final newline if present
-        if body[-1] in CRLF:
-            append('')
-        return eol.join(encoded_body)
-    # BAW: I'm not sure if the intent was for the signature of this function to be
-    # the same as base64MIME.decode() or not...
-    def decode(encoded, eol=NL):
-        """Decode a quoted-printable string.
-        Lines are separated with eol, which defaults to \\n.
-        """
-        if not encoded:
-            return encoded
-        # BAW: see comment in encode() above.  Again, we're building up the
-        # decoded string with string concatenation, which could be done much more
-        # efficiently.
-        decoded = ''
-        for line in encoded.splitlines():
-            line = line.rstrip()
-            if not line:
-                decoded += eol
-                continue
-            i = 0
-            n = len(line)
-            while i < n:
-                c = line[i]
-                if c != '=':
-                    decoded += c
-                    i += 1
-                # Otherwise, c == "=".  Are we at the end of the line?  If so, add
-                # a soft line break.
-                elif i+1 == n:
-                    i += 1
-                    continue
-                # Decode if in form =AB
-                elif i+2 < n and line[i+1] in hexdigits and line[i+2] in hexdigits:
-                    decoded += unquote(line[i:i+3])
-                    i += 3
-                # Otherwise, not in form =AB, pass literally
-                else:
-                    decoded += c
-                    i += 1
-                if i == n:
-                    decoded += eol
-        # Special case if original string did not end with eol
-        if encoded[-1] not in '\r\n' and decoded.endswith(eol):
-            decoded = decoded[:-1]
-        return decoded
-    # For convenience and backwards compatibility w/ standard base64 module
-    body_decode = decode
-    decodestring = decode
-    def _unquote_match(match):
-        """Turn a match in the form =AB to the ASCII character with value 0xab"""
-        s = match.group(0)
-        return unquote(s)
-    # Header decoding is done a bit differently
-    def header_decode(s):
-        """Decode a string encoded with RFC 2045 MIME header `Q' encoding.
-        This function does not parse a full MIME header value encoded with
-        quoted-printable (like =?iso-8859-1?q?Hello_World?=) -- please use
-        the high level email.header class for that functionality.
-        """
-        s = s.replace('_', ' ')
-        return re.sub(r'=[a-fA-F0-9]{2}', _unquote_match, s, flags=re.ASCII)
-  command.py: |
-    # Copyright (C) 1998-2021 by the Free Software Foundation, Inc.
-    #
-    # This file is part of GNU Mailman.
-    #
-    # GNU Mailman is free software: you can redistribute it and/or modify it under
-    # the terms of the GNU General Public License as published by the Free
-    # Software Foundation, either version 3 of the License, or (at your option)
-    # any later version.
-    #
-    # GNU Mailman is distributed in the hope that it will be useful, but WITHOUT
-    # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-    # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-    # more details.
-    #
-    # You should have received a copy of the GNU General Public License along with
-    # GNU Mailman.  If not, see <https://www.gnu.org/licenses/>.
-
-    """-request robot command runner."""
-
-    # See the delivery diagram in IncomingRunner.py.  This module handles all
-    # email destined for mylist-request, -join, and -leave.  It no longer handles
-    # bounce messages (i.e. -admin or -bounces), nor does it handle mail to
-    # -owner.
-
-    import base64
-    import re
-    import logging
-
-    from contextlib import suppress
-    from email.errors import HeaderParseError
-    from email.header import decode_header, make_header
-    from email.iterators import typed_subpart_iterator
-    from io import StringIO
-    from mailman.config import config
-    from mailman.core.i18n import _
-    from mailman.core.runner import Runner
-    from mailman.email.message import UserNotification
-    from mailman.interfaces.autorespond import ResponseAction
-    from mailman.interfaces.command import ContinueProcessing, IEmailResults
-    from mailman.interfaces.languages import ILanguageManager
-    from public import public
-    from zope.component import getUtility
-    from zope.interface import implementer
-
-
-    NL = '\n'
-    log = logging.getLogger('mailman.vette')
-    class CommandFinder:
-        """Generate commands from the content of a message."""
-        def __init__(self, msg, msgdata, results):
-            self.command_lines = []
-            self.ignored_lines = []
-            self.processed_lines = []
-            self.send_response = True
-            # Depending on where the message was destined to, add some implicit
-            # commands.  For example, if this was sent to the -join or -leave
-            # addresses, it's the same as if 'join' or 'leave' commands were sent
-            # to the -request address.
-            is_address_command = False
-            subaddress = msgdata.get('subaddress')
-            if subaddress == 'join':
-                self.command_lines.append('join')
-                self.send_response = False
-                is_address_command = True
-            elif subaddress == 'leave':
-                self.command_lines.append('leave')
-                is_address_command = True
-                self.send_response = False
-            elif subaddress == 'confirm':
-                mo = re.match(config.mta.verp_confirm_regexp, msg.get('to', ''))
-                if mo:
-                    self.command_lines.append('confirm ' + mo.group('cookie'))
-                    is_address_command = True
-                    self.send_response = False
-            # Stop processing if the address already contained a valid command
-            if is_address_command:
-                return
-            # Extract the subject header and do RFC 2047 decoding.
-            raw_subject = msg.get('subject', '')
-            try:
-                subject = str(make_header(decode_header(raw_subject)))
-                # Mail commands must be ASCII.
-                # NOTE(tommylikehu): remove all none ascii characters via encoding with ignore option.
-                self.command_lines.append(subject.encode('us-ascii', 'ignore'))
-            except (HeaderParseError, UnicodeError, LookupError):
-                # The Subject header was unparseable or not ASCII.  If the raw
-                # subject is a unicode object, convert it to ASCII ignoring all
-                # bogus characters.  Otherwise, there's nothing in the subject
-                # that we can use.
-                if isinstance(raw_subject, str):
-                    safe_subject = raw_subject.encode('us-ascii', 'ignore')
-                    self.command_lines.append(safe_subject)
-            # Find the first text/plain part of the message.
-            part = None
-            for part in typed_subpart_iterator(msg, 'text', 'plain'):
-                break
-            if part is None or part is not msg:
-                # Either there was no text/plain part or we ignored some
-                # non-text/plain parts.
-                print(_('Ignoring non-text/plain MIME parts'), file=results)
-            if part is None:
-                # There was no text/plain part to be found.
-                return
-            body = part.get_payload(decode=True)
-            # text/plain parts better have string payloads.
-            assert body is not None, 'Non-string decoded payload'
-            body = body.decode(part.get_content_charset('us-ascii'), errors='replace')
-            lines = body.splitlines()
-            # Use no more lines than specified
-            max_lines = int(config.mailman.email_commands_max_lines)
-            self.command_lines.extend(lines[:max_lines])
-            self.ignored_lines.extend(lines[max_lines:])
-        def __iter__(self):
-            """Return each command line, split into space separated arguments."""
-            while self.command_lines:
-                line = self.command_lines.pop(0)
-                self.processed_lines.append(line)
-                parts = line.strip().split()
-                if len(parts) == 0:
-                    continue
-                # Ensure that all the parts are unicodes.  Since we only accept
-                # ASCII commands and arguments, ignore anything else.
-                parts = [(part.lower()
-                          if isinstance(part, str)
-                          else part.decode('ascii', 'ignore').lower())
-                         for part in parts]
-                yield parts
-    @public
-    @implementer(IEmailResults)
-    class Results:
-        """The email command results."""
-        def __init__(self, charset='us-ascii'):
-            self._output = StringIO()
-            self.charset = charset
-            print(_("""\
-    The results of your email command are provided below.
-    """), file=self._output)
-        def write(self, text):
-            if isinstance(text, bytes):
-                text = text.decode(self.charset, 'ignore')
-            self._output.write(text)
-        def __str__(self):
-            value = self._output.getvalue()
-            assert isinstance(value, str), 'Not a string: %r' % value
-            return value
-    @public
-    class CommandRunner(Runner):
-        """The email command runner."""
-        def _dispose(self, mlist, msg, msgdata):
-            message_id = msg.get('message-id', 'n/a')
-            # The policy here is similar to the Replybot policy.  If a message has
-            # "Precedence: bulk|junk|list" and no "X-Ack: yes" header, we discard
-            # the command message.
-            precedence = msg.get('precedence', '').lower()
-            ack = msg.get('x-ack', '').lower()
-            if ack != 'yes' and precedence in ('bulk', 'junk', 'list'):
-                log.info('%s Precedence: %s message discarded by: %s',
-                         message_id, precedence, mlist.request_address)
-                return False
-            # Do replybot for commands.
-            replybot = config.handlers['replybot']
-            replybot.process(mlist, msg, msgdata)
-            if mlist.autorespond_requests == ResponseAction.respond_and_discard:
-                # Respond and discard.
-                log.info('%s -request message replied and discarded', message_id)
-                return False
-            # Now craft the response and process the command lines.
-            charset = msg.get_param('charset')
-            if charset is None:
-                charset = 'us-ascii'
-            results = Results(charset)
-            # Include just a few key pieces of information from the original: the
-            # sender, date, and message id.
-            print(_('- Original message details:'), file=results)
-            subject = msg.get('subject', 'n/a')                      # noqa: F841
-            date = msg.get('date', 'n/a')                            # noqa: F841
-            from_ = msg.get('from', 'n/a')                           # noqa: F841
-            print(_('    From: $from_'), file=results)
-            print(_('    Subject: $subject'), file=results)
-            print(_('    Date: $date'), file=results)
-            print(_('    Message-ID: $message_id'), file=results)
-            print(_('\n- Results:'), file=results)
-            finder = CommandFinder(msg, msgdata, results)
-            for parts in finder:
-                command = None
-                # Try to find a command on this line.  There may be a Re: prefix
-                # (possibly internationalized) so try with the first and second
-                # words on the line.
-                if len(parts) > 0:
-                    command_name = parts.pop(0)
-                    command = config.commands.get(command_name)
-                if command is None and len(parts) > 0:
-                    command_name = parts.pop(0)
-                    command = config.commands.get(command_name)
-                if command is None:
-                    print(_('No such command: $command_name'), file=results)
-                else:
-                    status = command.process(
-                        mlist, msg, msgdata, parts, results)
-                    assert status in ContinueProcessing, (
-                        'Invalid status: %s' % status)
-                    if status == ContinueProcessing.no:
-                        break
-            # All done. If we don't need to send response, return.
-            if not finder.send_response:
-                return
-            # Strip blank lines and send the response.
-            lines = [line.strip() for line in finder.command_lines if line]
-            if len(lines) > 0:
-                print(_('\n- Unprocessed:'), file=results)
-                for line in lines:
-                    print(line, file=results)
-            lines = [line.strip() for line in finder.ignored_lines if line]
-            if len(lines) > 0:
-                print(_('\n- Ignored:'), file=results)
-                for line in lines:
-                    print(line, file=results)
-            print(_('\n- Done.'), file=results)
-            # Send a reply, but do not attach the original message.  This is a
-            # compromise because the original message is often helpful in tracking
-            # down problems, but it's also a vector for backscatter spam.
-            language = getUtility(ILanguageManager)[msgdata['lang']]
-            reply = UserNotification(msg.sender, mlist.bounces_address,
-                                     _('The results of your email commands'),
-                                     lang=language)
-            cte = msg.get('content-transfer-encoding')
-            if cte is not None:
-                reply['Content-Transfer-Encoding'] = cte
-            # Find a charset for the response body.  Try the original message's
-            # charset first, then ascii, then latin-1 and finally falling back to
-            # utf-8.
-            reply_body = str(results)
-            for charset in (results.charset, 'us-ascii', 'latin-1'):
-                with suppress(UnicodeError):
-                    reply_body.encode(charset)
-                    break
-            else:
-                charset = 'utf-8'
-            reply.set_payload(reply_body, charset=charset)
-            reply.send(mlist)
-# configmap for mail exim4 service, these three files are directly read from exim config folder
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mailman-exim4-configmap
-  namespace: mail
-data:
-  25_mm3_macros: |
-    # Place this file at
-    # /etc/exim4/conf.d/main/25_mm3_macros
-
-    domainlist mm3_domains=opengauss.org
-    MM3_LMTP_HOST=mailman-core-0.mail-suit-service.mail.svc.cluster.local
-    MM3_LMTP_PORT=8024
-    # According to the configuration of: https://mailman.readthedocs.io/en/release-3.0/src/mailman/docs/MTA.html
-    # We need updating this, for the purpose of delivering emails to the mailman
-    MM3_HOME=/opt/mailman/var
-
-    ################################################################
-    # The configuration below is boilerplate:
-    # you should not need to change it.
-
-    # The path to the list receipt (used as the required file when
-    # matching list addresses)
-    MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
-  
-  00_local_macros: |
-    DKIM_CANON = relaxed
-    DKIM_SELECTOR = default
-    DKIM_DOMAIN = opengauss.org
-    DKIM_FILE = /etc/exim4/dkim/opengauss.key
-    DKIM_PRIVATE_KEY=${if exists{DKIM_FILE}{DKIM_FILE}{0}}
-    MAIN_LOG_SELECTOR = +subject +deliver_time +received_sender +return_path_on_delivery +sender_on_delivery +unknown_in_list +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn -host_lookup_failed
-    MAIN_TLS_ENABLE = yes
-    MAIN_TLS_CERTIFICATE = ${if exists{/etc/exim4/ssl_pool/${tls_sni}.crt}{/etc/exim4/ssl_pool/${tls_sni}.crt}{/etc/exim4/ssl_pool/opengauss.org.crt}}
-    MAIN_TLS_PRIVATEKEY = ${if exists{/etc/exim4/ssl_pool/${tls_sni}.key}{/etc/exim4/ssl_pool//${tls_sni}.key}{/etc/exim4/ssl_pool/opengauss.org.key}}
-    AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true
-    daemon_smtp_ports = 25 : 465
-    tls_on_connect_ports = 465
-    MAIN_TLS_ADVERTISE_HOSTS=*
-    IGNORE_SMTP_LINE_LENGTH_LIMIT=true
-    MAIN_HARDCODE_PRIMARY_HOSTNAME = opengauss.org
-
-  55_mm3_transport: |
-    # Place this file at
-    # /etc/exim4/conf.d/transport/55_mm3_transport
-
-    mailman3_transport:
-      debug_print = "Email for mailman"
-      driver = smtp
-      protocol = lmtp
-      allow_localhost
-      hosts = MM3_LMTP_HOST
-      port = MM3_LMTP_PORT
-      rcpt_include_affixes = true
-
-  455_mm3_router: |
-    # Place this file at
-    # /etc/exim4/conf.d/router/455_mm3_router
-
-    mailman3_router:
-      driver = accept
-      domains = +mm3_domains
-      require_files = MM3_LISTCHK
-      local_part_suffix_optional
-      local_part_suffix = -admin : \
-         -bounces   : -bounces+* : \
-         -confirm   : -confirm+* : \
-         -join      : -leave     : \
-         -owner     : -request   : \
-         -subscribe : -unsubscribe
-      transport = mailman3_transport
-
-  01_exim4-config_listmacrosdefs: |
-    # Place this file at
-    # /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
-    log_file_path = /var/log/exim4/%s.%M
-    exim_path = /usr/sbin/exim4
-
-    # Macro defining the main configuration directory.
-    # We do not use absolute paths.
-    .ifndef CONFDIR
-    CONFDIR = /etc/exim4
-    .endif
-
-    # debconf-driven macro definitions get inserted after this line
-    UPEX4CmacrosUPEX4C = 1
-
-    # Create domain and host lists for relay control
-    # '@' refers to 'the name of the local host'
-
-    # List of domains considered local for exim. Domains not listed here
-    # need to be deliverable remotely.
-    domainlist local_domains = MAIN_LOCAL_DOMAINS
-
-    # List of recipient domains to relay _to_. Use this list if you're -
-    # for example - fallback MX or mail gateway for domains.
-    domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
-
-    # List of sender networks (IP addresses) to _unconditionally_ relay
-    # _for_. If you intend to be SMTP AUTH server, you do not need to enter
-    # anything here.
-    hostlist relay_from_hosts = MAIN_RELAY_NETS
-
-
-    # Decide which domain to use to add to all unqualified addresses.
-    # If MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN is defined, the primary
-    # hostname is used. If not, but MAIN_QUALIFY_DOMAIN is set, the value
-    # of MAIN_QUALIFY_DOMAIN is used. If both macros are not defined,
-    # the first line of /etc/mailname is used.
-    .ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
-    .ifndef MAIN_QUALIFY_DOMAIN
-    qualify_domain = ETC_MAILNAME
-    .else
-    qualify_domain = MAIN_QUALIFY_DOMAIN
-    .endif
-    .endif
-
-    # listen on all all interfaces?
-    .ifdef MAIN_LOCAL_INTERFACES
-    local_interfaces = MAIN_LOCAL_INTERFACES
-    .endif
-
-    .ifndef LOCAL_DELIVERY
-    # The default transport, set in /etc/exim4/update-exim4.conf.conf,
-    # defaulting to mail_spool. See CONFDIR/conf.d/transport/ for possibilities
-    LOCAL_DELIVERY=mail_spool
-    .endif
-
-    # The gecos field in /etc/passwd holds not only the name. see passwd(5).
-    gecos_pattern = ^([^,:]*)
-    gecos_name = $1
-
-    .ifndef CHECK_RCPT_LOCAL_LOCALPARTS
-    CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
-    .endif
-
-    .ifndef CHECK_RCPT_REMOTE_LOCALPARTS
-    CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
-    .endif
-
-  30_exim4-config_examples: |
-    # Place this file at
-    # /etc/exim4/conf.d/auth/30_exim4-config_examples
-
-    plain_server:
-      driver = plaintext
-      public_name = PLAIN
-      server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-      server_set_id = $auth2
-      server_prompts = :
-      .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-      server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
-      .endif
-
-    login_server:
-      driver = plaintext
-      public_name = LOGIN
-      server_prompts = "Username:: : Password::"
-      server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
-      server_set_id = $auth1
-      .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
-      server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
-      .endif
-
-    cram_md5:
-      driver = cram_md5
-      public_name = CRAM-MD5
-      client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
-      client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
-
-    # this returns the matching line from passwd.client and doubles all ^
-    PASSWDLINE=${sg{\
-                    ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
-    	        }\
-    	        {\\N[\\^]\\N}\
-    	        {^^}\
-    	    }
-
-    plain:
-      driver = plaintext
-      public_name = PLAIN
-    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-      client_send = "<; ${if !eq{$tls_out_cipher}{}\
-                        {^${extract{1}{:}{PASSWDLINE}}\
-    		     ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
-    		   }fail}"
-    .else
-      client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
-    		    ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-    .endif
-
-    login:
-      driver = plaintext
-      public_name = LOGIN
-    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
-      # Return empty string if not non-TLS AND looking up $host in passwd-file
-      # yields a non-empty string; fail otherwise.
-      client_send = "<; ${if and{\
-                              {!eq{$tls_out_cipher}{}}\
-                              {!eq{PASSWDLINE}{}}\
-                             }\
-                          {}fail}\
-                     ; ${extract{1}{::}{PASSWDLINE}}\
-    		 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-    .else
-      # Return empty string if looking up $host in passwd-file yields a
-      # non-empty string; fail otherwise.
-      client_send = "<; ${if !eq{PASSWDLINE}{}\
-                          {}fail}\
-                     ; ${extract{1}{::}{PASSWDLINE}}\
-    		 ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
-    .endif
-
-  update-exim4-conf.conf: |
-    dc_eximconfig_configtype='internet'
-    dc_other_hostnames='opengauss.org;'
-    dc_local_interfaces=''
-    dc_readhost=''
-    dc_relay_domains=''
-    dc_minimaldns='false'
-    dc_relay_nets='192.168.0.0/16'
-    dc_smarthost=''
-    CFILEMODE='644'
-    dc_use_split_config='true'
-    dc_hide_mailname=''
-    dc_mailname_in_oh='true'
-    dc_localdelivery='mail_spool'
-
-# configmap for mail web service
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mailman-web-configmap
-  namespace: mail
-data:
-  base.html: |
-    {% load i18n %}
-    {% load staticfiles %}
-    {% load gravatar %}
-    <!DOCTYPE html>
-    <html lang="en">
-    <head>
-        <meta charset="UTF-8">
-        <meta http-equiv="X-UA-Compatible" content="IE=edge">
-        <meta name="viewport" content="width=device-width, initial-scale=1">
-        <title>{% block head_title %}{{ site_name }}{% endblock %}</title>
-        <link rel="shortcut icon" href="{% static 'postorius/img/favicon.ico' %}">
-        <link rel="stylesheet" href="{% static 'postorius/libs/bootstrap/css/bootstrap.min.css' %}">
-        <link rel="stylesheet" href="{% static 'django-mailman3/css/main.css' %}">
-        <link rel="stylesheet" href="{% static 'postorius/css/style.css' %}">
-        {% block additionalcss %}{% endblock %}
-        <!-- HTML5 shim and Respond.js for IE8 support of HTML5 elements and media queries -->
-        <!-- WARNING: Respond.js doesn't work if you view the page via file:// -->
-        <!--[if lt IE 9]>
-          <script src="{% static 'postorius/libs/html5shiv/html5shiv.min.js' %}"></script>
-          <script src="{% static 'postorius/libs/respond/respond.min.js' %}"></script>
-        <![endif]-->
-    </head>
-    <body>
-    
-        <nav class="navbar navbar-default">
-                <div class="container">
-                        <div class="navbar-header">
-                                <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target="#header-nav" aria-expanded="false">
-                                        <span class="sr-only">Toggle navigation</span>
-                                        <span class="icon-bar"></span>
-                                        <span class="icon-bar"></span>
-                                        <span class="icon-bar"></span>
-                                </button>
-                                <a class="navbar-brand" href="{% url 'list_index' %}"><span><img src="{% static 'postorius/img/mailman_logo_small_trans.png' %}" alt="{% trans 'Mailman logo' %}"/> Postorius</span></a>
-                        </div>
-                        <div class="collapse navbar-collapse" id="header-nav">
-                                <ul class="nav navbar-nav">
-                                        <li><a href="{% url 'list_index' %}">
-                                                <span class="glyphicon glyphicon-envelope"></span>
-                                                {% trans 'Lists' %}
-                                        </a></li>
-                                        {% if user.is_superuser %}
-                                                <li><a href="{% url 'domain_index' %}">
-                                                        <span class="glyphicon glyphicon-globe"></span>
-                                                        {% trans 'Domains' %}
-                                                </a></li>
-                                                <li>
-                                                        <a href="{% url 'system_information' %}">
-                                                                <span class="glyphicon glyphicon-list-alt"></span>
-                                                                {% trans 'System Information' %}
-                                                        </a>
-                                                </li>
-                                        {% endif %}
-                                        {% if 'hyperkitty' in INSTALLED_APPS %}
-                                                <li><a href="{% url 'hk_root' %}">
-                                                        <span class="glyphicon glyphicon-comment"></span>
-                                                        {% trans 'Archives' %}
-                                                </a></li>
-                                        {% endif %}
-                                </ul>
-                                <ul class="nav navbar-nav navbar-right">
-                                        {% if user.is_authenticated %}
-                                                <li class="dropdown">
-                                                        <a href="#" class="dropdown-toggle" data-toggle="dropdown"
-                                                           role="button" aria-haspopup="true" aria-expanded="false">
-                                                                {% gravatar user.email 20 %}
-                                                                {{ user.username|truncatechars:"35" }}
-                                                                <span class="caret"></span>
-                                                        </a>
-                                                        <ul class="dropdown-menu">
-                                                                <li><a href="{% url 'mm_user_profile' %}">
-                                                                        <span class="glyphicon glyphicon-user"></span>
-                                                                        {% trans 'Account' %}
-                                                                </a></li>
-                                                                <li><a href="{% url 'ps_user_profile' %}">
-                                                                        <span class="glyphicon glyphicon-cog"></span>
-                                                                        {% trans 'Mailman settings' %}
-                                                                </a></li>
-                                                                {% if 'hyperkitty' in INSTALLED_APPS %}
-                                                                <li><a href="{% url 'hk_user_profile' %}">
-                                                                <span class="glyphicon glyphicon-comment"></span>
-                                                                        {% trans 'Posting activity' %}
-                                                                </a></li>
-                                                                {% endif %}
-                                                                <li role="separator" class="divider"></li>
-                                                                <li><a href="{% url LOGOUT_URL %}?next={% url 'list_index' %}">
-                                                                        <span class="glyphicon glyphicon-log-out"></span>
-                                                                        {% trans 'Logout' %}
-                                                                </a></li>
-                                                        </ul>
-                                                </li>
-                                        {% else %}
-                                                <li><a href="{% url LOGIN_URL %}?next={{ next|default:request.path|urlencode }}">
-                                                        <span class="glyphicon glyphicon-log-in"></span>
-                                                        {% trans 'Login' %}
-                                                </a></li>
-                                                <!-- <li><a href="{% url 'account_signup' %}?next={{next|default:request.path|urlencode}}">
-                                                        <span class="glyphicon glyphicon-plus-sign"></span>
-                                                        {% trans 'Sign Up' %}
-                                                </a></li> -->
-                                        {% endif %}
-                                </ul>
-                        </div>
-                </div>
-        </nav>
-    
-        <div class="container" role="main">
-                {% for message in messages %}
-                        <div class="alert alert-{{ message.tags }}">{{ message }}</div>
-                {% endfor %}
-                {% block content %}{% endblock content %}
-        </div>
-    
-        <footer class="footer">
-                <div class="container">
-                        <p class="text-center">
-                                <a href="https://postorius.readthedocs.org">{% trans 'Postorius Documentation' %}</a>
-                                &bull;
-                                <a href="http://list.org">GNU Mailman</a>
-                                &bull;
-                                {% trans 'Postorius Version' %} {{ POSTORIUS_VERSION }}
-                        </p>
-                </div>
-        </footer>
-    
-        <script src="{% static 'postorius/libs/jquery/jquery-1.11.3.min.js' %}"></script>
-        <script src="{% static 'postorius/libs/bootstrap/js/bootstrap.min.js' %}"></script>
-        <script src="{% static 'django-mailman3/js/main.js' %}"></script>
-        <script src="{% static 'postorius/js/script.js' %}"></script>
-        {% block additionaljs %}{% endblock %}
-    </body>
-    </html>
-  base2.html: |  
-    {% load i18n %}
-    {% load compress %}
-    {% load static %}
-    {% load gravatar %}
-    <!DOCTYPE HTML>
-    <html>
-        <head>
-                <meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
-                <meta name="viewport" content="width=device-width, initial-scale=1.0" />
-                <meta name="ROBOTS" content="INDEX, FOLLOW" />
-                <title>{% block head_title %}{{ site_name }}{% endblock %}</title>
-                <meta name="author" content="" />
-                <meta name="dc.language" content="en" />
-                <link rel="shortcut icon" href="{% static 'hyperkitty/img/favicon.ico' %}" />
-                <link rel="stylesheet" href="{% static 'hyperkitty/libs/jquery/smoothness/jquery-ui-1.10.3.custom.min.css' %}" type="text/css" media="all" />
-                <link rel="stylesheet" href="{% static 'hyperkitty/libs/fonts/font-awesome/css/font-awesome.min.css' %}" type="text/css" media="all" />
-                {% compress css %}
-                <link rel="stylesheet" href="{% static 'hyperkitty/libs/fonts/icomoon/icomoon.css' %}" type="text/css" media="all" />
-                <link rel="stylesheet" href="{% static 'hyperkitty/libs/fonts/droid/droid.css' %}" type="text/css" media="all" />
-                <link rel="stylesheet" href="{% static 'django-mailman3/css/main.css' %}" />
-                <link rel="stylesheet" type="text/x-scss" media="all" href="{% static 'hyperkitty/sass/hyperkitty.scss' %}" />
-                {% endcompress %}
-                {% block additional_stylesheets %} {% endblock %}
-                {% include 'hyperkitty/headers.html' %}
-        </head>
-    
-        <body>
-    
-        {% include 'hyperkitty/top.html' %}
-    
-        <nav class="navbar navbar-fixed-top navbar-default">
-                <div class="container">
-                        <div class="navbar-header col-md"> <!--part of navbar that's always present-->
-                                <button type="button" class="navbar-toggle collapsed" data-toggle="collapse" data-target=".navbar-collapse">
-                                        <span class="icon-bar"></span>
-                                        <span class="icon-bar"></span>
-                                        <span class="icon-bar"></span>
-                                </button>
-                                {% include 'hyperkitty/navbar-brand.html' %}
-                        </div> <!-- /navbar-header -->
-    
-                        <div class="navbar-collapse collapse"> <!--part of navbar that's collapsed on small screens-->
-                                <!-- show dropdown for smaller viewports b/c login name/email may be too long -->
-                                <!-- only show this extra button/dropdown if we're in small screen sizes -->
-                                <div class="nav navbar-nav navbar-right auth dropdown navbar-form hidden-tn hidden-xs hidden-md hidden-lg">
-                                        <button type="button" class="btn dropdown-toggle" id="loginDropdownMenu" data-toggle="dropdown">
-                                                {% if user.is_authenticated %}
-                                                        {% gravatar user.email 20 %}
-                                                {% else %}
-                                                        <span class="fa fa-bars"></span>
-                                                {% endif %}
-                                        </button>
-                                        <ul class="dropdown-menu" role="menu" aria-labelledby="loginDropdownMenu">
-                                                {% if user.is_authenticated %}
-                                                        <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'mm_user_profile' %}">
-                                                                <span class="fa fa-user"></span>
-                                                                {% trans 'Account' %}
-                                                        </a></li>
-                                                        {% if 'postorius' in INSTALLED_APPS %}
-                                                        <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'ps_user_profile' %}">
-                                                                <span class="fa fa-cog"></span>
-                                                                {% trans 'Mailman settings' %}
-                                                        </a></li>
-                                                        {% endif %}
-                                                        <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'hk_user_profile' %}">
-                                                                <span class="fa fa-comments"></span>
-                                                                {% trans 'Posting activity' %}
-                                                        </a></li>
-                                                        <li role="separator" class="divider"></li>
-                                                        <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url LOGOUT_URL %}?next={% url 'hk_root' %}">
-                                                                <span class="fa fa-sign-out"></span>
-                                                                {% trans "Logout" %}
-                                                        </a></li>
-                                                {% else %}
-                                                        <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url LOGIN_URL %}?next={{next|default:request.path|urlencode}}">
-                                                                <span class="fa fa-sign-in"></span>
-                                                                {% trans "Sign In" %}
-                                                        </a></li>
-                                                        <!-- <li role="presentation"><a role="menuitem" tabindex="-1" href="{% url 'account_signup' %}?next={{next|default:request.path|urlencode}}">
-                                                                <span class="fa fa-user-plus"></span>
-                                                                {% trans "Sign Up" %}
-                                                        </a></li> -->
-                                                {% endif %}
-                                        </ul>
-                                </div>
-                                <!-- larger viewports -->
-                                <ul class="nav navbar-nav navbar-right hidden-sm auth">
-                                        {% if user.is_authenticated %}
-                                                <li class="dropdown">
-                                                        <a href="#" class="dropdown-toggle" data-toggle="dropdown"
-                                                           role="button" aria-haspopup="true" aria-expanded="false">
-                                                                {% gravatar user.email 20 %}
-                                                                {{ user.username|truncatechars:"35" }}
-                                                                <span class="caret"></span>
-                                                        </a>
-                                                        <ul class="dropdown-menu">
-                                                                <li><a href="{% url 'mm_user_profile' %}">
-                                                                        <span class="fa fa-user"></span>
-                                                                        {% trans 'Account' %}
-                                                                </a></li>
-                                                                {% if 'postorius' in INSTALLED_APPS %}
-                                                                <li><a href="{% url 'ps_user_profile' %}">
-                                                                        <span class="fa fa-cog"></span>
-                                                                        {% trans 'Mailman settings' %}
-                                                                </a></li>
-                                                                {% endif %}
-                                                                <li><a href="{% url 'hk_user_profile' %}">
-                                                                        <span class="fa fa-comments"></span>
-                                                                        {% trans 'Posting activity' %}
-                                                                </a></li>
-                                                                <li role="separator" class="divider"></li>
-                                                                <li><a href="{% url LOGOUT_URL %}?next={% url 'hk_root' %}">
-                                                                        <span class="fa fa-sign-out"></span>
-                                                                        {% trans "Logout" %}
-                                                                </a></li>
-                                                        </ul>
-                                                </li>
-                                        {% else %}
-                                                <li><a href="{% url LOGIN_URL %}?next={{next|default:request.path|urlencode}}">
-                                                        <span class="fa fa-sign-in"></span>
-                                                        {% trans "Sign In" %}
-                                                </a></li>
-                                                <!-- <li><a href="{% url 'account_signup' %}?next={{next|default:request.path|urlencode}}">
-                                                        <span class="fa fa-user-plus"></span>
-                                                        {% trans "Sign Up" %}
-                                                </a></li> -->
-                                        {% endif %}
-                                </ul>
-    
-                                {% if 'postorius' in INSTALLED_APPS %}
-                                <ul class="nav navbar-nav navbar-right"><li>
-                                        {% if mlist %}
-                                        <a href="{% url 'list_summary' mlist.list_id %}">
-                                                <span class="fa fa-cog"></span>
-                                                {% trans 'Manage this list' %}
-                                        </a>
-                                        {% else %}
-                                        <a href="{% url 'list_index' %}">
-                                                <span class="fa fa-cog"></span>
-                                                {% trans 'Manage lists' %}
-                                        </a>
-                                        {% endif %}
-                                </li></ul>
-                                {% endif %}
-    
-                                <form name="search" method="get" action="{% url 'hk_search' %}" class="navbar-form navbar-right" role="search">
-                                        {% if mlist %}<input type="hidden" name="mlist" value="{{ mlist.name }}" />{% endif %}
-                                        <div class="form-group">
-                                                <div class="input-group">
-                                                        <input name="q" type="text" class="form-control"
-                                                                   placeholder="Search {% if mlist %}this list{% else %}all lists{% endif %}"
-                                                                   {% if query %}value="{{ query }}"{% endif %}
-                                                                   />
-                                                        <span class="input-group-btn">
-                                                                <button class="btn btn-default" type="submit"><span class="fa fa-search"></span></button>
-                                                        </span>
-                                                </div>
-                                        </div>
-                                </form>
-    
-                        </div> <!--/navbar-collapse -->
-                </div> <!-- /container for navbar -->
-        </nav>
-    
-        {% if messages %}
-        <div class="flashmsgs">
-        {% for msg in messages %}
-                <div class="flashmsg-wrapper">
-                        <!--<div class="alert alert-{{ msg.level_tag }} {{ msg.extra_tags }}">-->
-                        <div class="alert {{ msg.tags }}
-                                {% if msg.level == DEFAULT_MESSAGE_LEVELS.SUCCESS %}
-                                ">
-                                {% else %}
-                                alert-dismissible">
-                                <button type="button" class="close" data-dismiss="alert">&times;</button>
-                                {% endif %}
-                        {{ msg }}
-                        </div>
-                </div>
-        {% endfor %}
-        </div>
-        {% endif %}
-    
-        <div class="container">
-    
-                {% block content %} {% endblock %}
-    
-        </div> <!-- /container for content -->
-    
-        <footer class="footer">
-          <div class="container">
-                <p class="text-muted">
-                        Powered by <a href="http://hyperkitty.readthedocs.org">HyperKitty</a> version {{ HYPERKITTY_VERSION }}.
-                </p>
-          </div>
-        </footer>
-    
-        <script src="{% static 'hyperkitty/libs/jquery/jquery-1.10.1.min.js' %}"></script>
-        <script src="{% static 'hyperkitty/libs/jquery/jquery-ui-1.10.3.custom.min.js' %}"></script>
-        {% compress js %}
-        <script type="text/javascript" src="{% static 'hyperkitty/libs/bootstrap/javascripts/bootstrap.min.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/libs/jquery.expander.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/libs/d3.v2.min.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/libs/jquery.hotkeys.js' %}" />
-        <script type="text/javascript" src="{% static 'django-mailman3/js/main.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/js/hyperkitty-common.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/js/hyperkitty-index.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/js/hyperkitty-overview.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/js/hyperkitty-thread.js' %}" />
-        <script type="text/javascript" src="{% static 'hyperkitty/js/hyperkitty-userprofile.js' %}" />
-        {% endcompress %}
-        {% block additionaljs %} {% endblock %}
-    
-        {% include 'hyperkitty/bottom.html' %}
-    
-        </body>
-    </html>
-  email.py: |
-    # -*- coding: utf-8 -*-
-    #
-    # Copyright (C) 2014-2019 by the Free Software Foundation, Inc.
-    #
-    # This file is part of HyperKitty.
-    #
-    # HyperKitty is free software: you can redistribute it and/or modify it under
-    # the terms of the GNU General Public License as published by the Free
-    # Software Foundation, either version 3 of the License, or (at your option)
-    # any later version.
-    #
-    # HyperKitty is distributed in the hope that it will be useful, but WITHOUT
-    # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-    # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-    # more details.
-    #
-    # You should have received a copy of the GNU General Public License along with
-    # HyperKitty.  If not, see <http://www.gnu.org/licenses/>.
-    #
-    # Author: Aurelien Bompard <abompard@fedoraproject.org>
-    #
-
-    import os
-    import re
-    from email.message import EmailMessage
-
-    from django.conf import settings
-    from django.db import models, IntegrityError
-    from django.utils.timezone import now, get_fixed_timezone
-
-    from hyperkitty.lib.analysis import compute_thread_order_and_depth
-    from .common import VotesCachedValue
-    from .mailinglist import MailingList
-    from .thread import Thread
-    from .vote import Vote
-
-    import logging
-    logger = logging.getLogger(__name__)
-
-
-    class Email(models.Model):
-        """
-        An archived email, from a mailing-list. It is identified by both the list
-        name and the message id.
-        """
-        mailinglist = models.ForeignKey(
-            "MailingList", related_name="emails", on_delete=models.CASCADE)
-        message_id = models.CharField(max_length=255, db_index=True)
-        message_id_hash = models.CharField(max_length=255, db_index=True)
-        sender = models.ForeignKey(
-            "Sender", related_name="emails", on_delete=models.CASCADE)
-        sender_name = models.CharField(max_length=255, null=True, blank=True)
-        subject = models.CharField(max_length=512, db_index=True)
-        content = models.TextField()
-        date = models.DateTimeField(db_index=True)
-        timezone = models.SmallIntegerField()
-        in_reply_to = models.CharField(
-            max_length=255, null=True, blank=True, db_index=True)
-        # Delete behavior is handled by on_pre_delete()
-        parent = models.ForeignKey(
-            "self", blank=True, null=True, on_delete=models.DO_NOTHING,
-            related_name="children")
-        thread = models.ForeignKey(
-            "Thread", related_name="emails", on_delete=models.CASCADE)
-        archived_date = models.DateTimeField(default=now, db_index=True)
-        thread_depth = models.IntegerField(default=0)
-        thread_order = models.IntegerField(null=True, blank=True, db_index=True)
-
-        ADDRESS_REPLACE_RE = re.compile(r"([\w.+-]+)@([\w.+-]+)")
-
-        def __init__(self, *args, **kwargs):
-            super(Email, self).__init__(*args, **kwargs)
-            self.cached_values = {
-                "votes": VotesCachedValue(self),
-            }
-
-        def __lt__(self, other):
-            return self.date < other.date
-
-        class Meta:
-            unique_together = ("mailinglist", "message_id")
-
-        def get_votes(self):
-            return self.cached_values["votes"]()
-
-        def vote(self, value, user):
-            # Checks if the user has already voted for this message.
-            existing = self.votes.filter(user=user).first()
-            if existing is not None and existing.value == value:
-                return  # Vote already recorded (should I raise an exception?)
-            if value not in (0, 1, -1):
-                raise ValueError("A vote can only be +1 or -1 (or 0 to cancel)")
-            if existing is not None:
-                # vote changed or cancelled
-                if value == 0:
-                    existing.delete()
-                else:
-                    existing.value = value
-                    existing.save()
-            else:
-                # new vote
-                vote = Vote(email=self, user=user, value=value)
-                vote.save()
-
-        def set_parent(self, parent):
-            if self.id == parent.id:
-                raise ValueError("An email can't be its own parent")
-            # Compute the subthread
-            subthread = [self]
-
-            def _collect_children(current_email):
-                children = list(current_email.children.all())
-                if not children:
-                    return
-                subthread.extend(children)
-                for child in children:
-                    _collect_children(child)
-            _collect_children(self)
-            # now set my new parent value
-            old_parent_id = self.parent_id
-            self.parent = parent
-            self.save(update_fields=["parent_id"])
-            # If my future parent is in my current subthread, I need to set its
-            # parent to my current parent
-            if parent in subthread:
-                parent.parent_id = old_parent_id
-                parent.save(update_fields=["parent_id"])
-                # do it after setting the new parent_id to avoid having two
-                # parent_ids set to None at the same time (IntegrityError)
-            if self.thread_id != parent.thread_id:
-                # we changed the thread, reattach the subthread
-                former_thread = self.thread
-                for child in subthread:
-                    child.thread = parent.thread
-                    child.save(update_fields=["thread_id"])
-                    if child.date > parent.thread.date_active:
-                        parent.thread.date_active = child.date
-                parent.thread.save()
-                # if we were the starting email, or former thread may be empty
-                if former_thread.emails.count() == 0:
-                    former_thread.delete()
-            compute_thread_order_and_depth(parent.thread)
-
-        def as_message(self, escape_addresses=True):
-            # http://wordeology.com/computer/how-to-send-good-unicode-email-with-python.html
-            # http://stackoverflow.com/questions/31714221/how-to-send-an-email-with-quoted
-            # http://stackoverflow.com/questions/9403265/how-do-i-use-python/9509718#9509718
-            msg = EmailMessage()
-
-            # Headers
-            unixfrom = "From %s %s" % (
-                self.sender.address, self.archived_date.strftime("%c"))
-            assert isinstance(self.sender.address, str)
-            header_from = self.sender.address
-            if self.sender_name and self.sender_name != self.sender.address:
-                header_from = "%s <%s>" % (self.sender_name, header_from)
-            header_to = self.mailinglist.name
-            msg.set_unixfrom(unixfrom)
-            headers = (
-                ("From", header_from),
-                ("To", header_to),
-                ("Subject", self.subject),
-                )
-            for header_name, header_value in headers:
-                msg[header_name] = header_value
-            tz = get_fixed_timezone(self.timezone)
-            header_date = self.date.astimezone(tz).replace(microsecond=0)
-            # Date format: http://tools.ietf.org/html/rfc5322#section-3.3
-            msg["Date"] = header_date.strftime("%a, %d %b %Y %H:%M:%S %z")
-            msg["Message-ID"] = "<%s>" % self.message_id
-            if self.in_reply_to:
-                msg["In-Reply-To"] = self.in_reply_to
-
-            # Body
-            content = self.ADDRESS_REPLACE_RE.sub(r"\1(a)\2", self.content)
-
-            # Enforce `multipart/mixed` even when there are no attachments
-            # Q: Why are all emails supposed to be multipart?
-            msg.set_content(content, subtype='plain')
-            msg.make_mixed()
-
-            # Attachments
-            for attachment in self.attachments.order_by("counter"):
-                mimetype = attachment.content_type.split('/', 1)
-                msg.add_attachment(attachment.get_content(), maintype=mimetype[0],
-                                   subtype=mimetype[1], filename=attachment.name)
-
-            return msg
-
-        @property
-        def display_fixed(self):
-            return "@@" in self.content
-
-        def _set_message_id_hash(self):
-            from hyperkitty.lib.utils import get_message_id_hash  # circular import
-            if not self.message_id_hash:
-                self.message_id_hash = get_message_id_hash(self.message_id)
-
-        def on_post_init(self):
-            self._set_message_id_hash()
-
-        def on_post_created(self):
-            self.thread.on_email_added(self)
-            self.mailinglist.on_email_added(self)
-            if not getattr(settings, "HYPERKITTY_BATCH_MODE", False):
-                # For batch imports, let the cron job do the work
-                from hyperkitty.tasks import check_orphans
-                check_orphans.delay(self.id)
-
-        def on_pre_save(self):
-            self._set_message_id_hash()
-            # Link to the thread
-            if self.thread_id is None:
-                # Create the thread if not found
-                thread, _thread_created = Thread.objects.get_or_create(
-                    mailinglist=self.mailinglist,
-                    thread_id=self.message_id_hash)
-                self.thread = thread
-            # Make sure there is only one email with parent_id == None in a thread
-            if self.parent_id is not None:
-                return
-            starters = Email.objects.filter(
-                    thread=self.thread, parent_id__isnull=True
-                ).values_list("id", flat=True)
-            if len(starters) > 0 and list(starters) != [self.id]:
-                raise IntegrityError("There can be only one email with "
-                                     "parent_id==None in the same thread")
-
-        def on_post_save(self):
-            pass
-
-        def on_pre_delete(self):
-            # Reset parent_id
-            children = self.children.order_by("date")
-            if not children:
-                return
-            if self.parent is None:
-                #  Temporarily set the email's parent_id to not None, to allow the
-                #  next email to be the starting email (there's a check on_save for
-                #  duplicate thread starters)
-                self.parent = self
-                self.save(update_fields=["parent"])
-                starter = children[0]
-                starter.parent = None
-                starter.save(update_fields=["parent"])
-                children.all().update(parent=starter)
-            else:
-                children.update(parent=self.parent)
-
-        def on_post_delete(self):
-            try:
-                thread = Thread.objects.get(id=self.thread_id)
-            except Thread.DoesNotExist:
-                pass
-            else:
-                thread.on_email_deleted(self)
-            try:
-                mlist = MailingList.objects.get(pk=self.mailinglist_id)
-            except MailingList.DoesNotExist:
-                pass
-            else:
-                mlist.on_email_deleted(self)
-
-        def on_vote_added(self, vote):
-            from hyperkitty.tasks import rebuild_email_cache_votes
-            rebuild_email_cache_votes.delay(self.id)
-
-        on_vote_deleted = on_vote_added
-
-
-    class Attachment(models.Model):
-        email = models.ForeignKey(
-            "Email", related_name="attachments", on_delete=models.CASCADE)
-        counter = models.SmallIntegerField()
-        name = models.CharField(max_length=255)
-        content_type = models.CharField(max_length=255)
-        encoding = models.CharField(max_length=255, null=True)
-        size = models.IntegerField(null=True)
-        content = models.BinaryField(null=True)
-
-        class Meta:
-            unique_together = ("email", "counter")
-
-        def on_pre_save(self):
-            # set the size
-            if not self.size and self.content is not None:
-                self.size = len(self.content)
-
-        def _get_folder(self):
-            global_folder = getattr(
-                settings, "HYPERKITTY_ATTACHMENT_FOLDER", None)
-            if global_folder is None:
-                return None
-            mlist = self.email.mailinglist.name
-            try:
-                listname, domain = mlist.rsplit("@", 1)
-            except ValueError:
-                listname = "none"
-                domain = mlist
-            return os.path.join(
-                global_folder, domain, listname,
-                self.email.message_id_hash[0:2],
-                self.email.message_id_hash[2:4],
-                self.email.message_id_hash[4:6],
-                str(self.email.id),
-            )
-
-        def get_content(self):
-            folder = self._get_folder()
-            if folder is None:
-                return bytes(self.content)
-            filepath = os.path.join(folder, str(self.counter))
-            if not os.path.exists(filepath):
-                logger.error("Could not find local attachment %s for email %s",
-                             self.counter, self.email.id)
-                return ""
-            with open(filepath, "rb") as f:
-                content = f.read()
-            return content
-
-        def set_content(self, content):
-            if isinstance(content, str):
-                if self.encoding is not None:
-                    content = content.encode(self.encoding)
-                else:
-                    content = content.encode('utf-8')
-            self.size = len(content)
-            folder = self._get_folder()
-            if folder is None:
-                self.content = content
-                return
-            if not os.path.exists(folder):
-                os.makedirs(folder)
-            with open(os.path.join(folder, str(self.counter)), "wb") as f:
-                f.write(content)
-            self.content = None
-  settings_local.py: |
-    import os
-    import socket
-    import ipaddress
-
-    DEBUG = False
-
-    EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
-    #NOTE: this is the MTA host, we need to update it.
-    EMAIL_HOST = 'mailman-exim4-service.mail.svc.cluster.local'
-    EMAIL_HOST_USER = os.environ.get('EMAIL_HOST_USER')
-    EMAIL_HOST_PASSWORD = os.environ.get('EMAIL_HOST_PASSWORD')
-    EMAIL_PORT = 25
-    
-    mailman_ip_address = socket.gethostbyname(os.environ.get('MAILMAN_HOST_IP')).split('.')
-    mailman_ip_cidr = "{0}.{1}.0.0/16".format(mailman_ip_address[0], mailman_ip_address[1])
-    MAILMAN_ARCHIVER_FROM = [str(ip) for ip in ipaddress.IPv4Network(mailman_ip_cidr)]
-    MAILMAN_NODE_IP_CIDR = "192.168.0.0/16"
-    MAILMAN_NODE_IP_FROM = [str(ip) for ip in ipaddress.IPv4Network(MAILMAN_NODE_IP_CIDR)]
-    MAILMAN_ARCHIVER_FROM.extend(MAILMAN_NODE_IP_FROM)
-
-    SERVICE_IP = socket.gethostbyname("mailweb.opengauss.org")
-
-    ALLOWED_HOSTS = [
-        "localhost",  # Archiving API from Mailman, keep it.
-        # Add here all production URLs you may have.
-        "192.168.0.164",
-        "mailman-core-0.mail-suit-service.mail.svc.cluster.local",
-        "mailman-web-0.mail-suit-service.mail.svc.cluster.local",
-        #NOTE: This is the public ip address of the served host
-        "opengauss.org",
-        #NOTE: this can be removed if domain name finally get used.
-        "49.0.246.28",
-        "119.8.40.18",
-        "mailweb.opengauss.org",
-        "mail.opengauss.org",
-        "mailman-web",
-        "mailman-web-service.mail.svc.cluster.local:8000",
-        SERVICE_IP,
-        os.environ.get('SERVE_FROM_DOMAIN'),
-        os.environ.get('DJANGO_ALLOWED_HOSTS'),
-    ]
-
-    COMPRESS_CSS_HASHING_METHOD = 'content'
-    INSTALLED_APPS = [
-      'hyperkitty',
-      'postorius',
-      'django_mailman3',
-      'django.contrib.admin',
-      'django.contrib.auth',
-      'django.contrib.contenttypes',
-      'django.contrib.sessions',
-      'django.contrib.sites',
-      'django.contrib.messages',
-      'django.contrib.staticfiles',
-      'rest_framework',
-      'django_gravatar',
-      'compressor',
-      'haystack',
-      'django_extensions',
-      'django_q',
-      'allauth',
-      'allauth.account',
-      'allauth.socialaccount',
-    ]
-  default.conf: |
-    server {
-        listen 443 ssl;
-  
-        root /opt/mailman-web-data;
-        index index.html;
-        server_name mailweb.opengauss.org;
-        ssl_certificate /etc/nginx/ssl/server.crt;
-        ssl_certificate_key  /etc/nginx/ssl/server.key;
-        server_tokens off;
-        location /static {
-          alias /opt/mailman-web-data/static;
-        }
-        location / {
-          uwsgi_pass 127.0.0.1:8080;
-          include uwsgi_params;
-          uwsgi_read_timeout 300;
-        }
-        location ^~ /admin {
-          deny all;
-        }
-        location /accounts/signup {
-        rewrite ^/accounts/signup(.*)$ /postorius/lists/;
-        }
-    }
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mailman-webpage-hack
-  namespace: mail
-data:
-  list_forms.py: |
-    # -*- coding: utf-8 -*-
-    # Copyright (C) 2017-2019 by the Free Software Foundation, Inc.
-    #
-    # This file is part of Postorius.
-    #
-    # Postorius is free software: you can redistribute it and/or modify it under
-    # the terms of the GNU General Public License as published by the Free
-    # Software Foundation, either version 3 of the License, or (at your option)
-    # any later version.
-    #
-    # Postorius is distributed in the hope that it will be useful, but WITHOUT
-    # ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
-    # FITNESS FOR A PARTICULAR PURPOSE.  See the GNU General Public License for
-    # more details.
-    #
-    # You should have received a copy of the GNU General Public License along with
-    # Postorius.  If not, see <http://www.gnu.org/licenses/>.
-    #
-
-    import os
-    import re
-    from django import forms
-    from django.core.validators import validate_email
-    from django.core.exceptions import ValidationError
-    from django.utils.safestring import mark_safe
-    from django.utils.translation import ugettext_lazy as _
-    from django_mailman3.lib.mailman import get_mailman_client
-
-    from postorius.forms.fields import ListOfStringsField
-
-
-    ACTION_CHOICES = (
-        ("hold", _("Hold for moderation")),
-        ("reject", _("Reject (with notification)")),
-        ("discard", _("Discard (no notification)")),
-        ("accept", _("Accept immediately (bypass other rules)")),
-        ("defer", _("Default processing")),
-    )
-
-
-    EMPTY_STRING = ''
-
-
-    class ListNew(forms.Form):
-
-        """
-        Form fields to add a new list. Languages are hard coded which should
-        be replaced by a REST lookup of available languages.
-        """
-        listname = forms.CharField(
-            label=_('List Name'),
-            required=True,
-            error_messages={'required': _('Please enter a name for your list.'),
-                            'invalid': _('Please enter a valid list name.')})
-        mail_host = forms.ChoiceField()
-        list_owner = forms.EmailField(
-            label=_('Initial list owner address'),
-            error_messages={
-                'required': _("Please enter the list owner's email address.")},
-            required=True)
-        advertised = forms.ChoiceField(
-            widget=forms.RadioSelect(),
-            label=_('Advertise this list?'),
-            error_messages={
-                'required': _("Please choose a list type.")},
-            required=True,
-            choices=(
-                (True, _("Advertise this list in list index")),
-                (False, _("Hide this list in list index"))))
-        list_style = forms.ChoiceField()
-        description = forms.CharField(
-            label=_('Description'),
-            required=False)
-
-        def __init__(self, domain_choices, style_choices, *args, **kwargs):
-            super(ListNew, self).__init__(*args, **kwargs)
-            self.fields["mail_host"] = forms.ChoiceField(
-                widget=forms.Select(),
-                label=_('Mail Host'),
-                required=True,
-                choices=domain_choices,
-                error_messages={'required': _("Choose an existing Domain."),
-                                'invalid': _("Choose a valid Mail Host")})
-            self.fields["list_style"] = forms.ChoiceField(
-                widget=forms.Select(),
-                label=_('List Style'),
-                required=True,
-                choices=style_choices,
-                error_messages={'required': _("Choose a List Style."),
-                                'invalid': _("Choose a valid List Style.")})
-            if len(domain_choices) < 2:
-                self.fields["mail_host"].help_text = _(
-                    "Site admin has not created any domains")
-                # if len(choices) < 2:
-                #    help_text=_("No domains available: " +
-                #                "The site admin must create new domains " +
-                #                "before you will be able to create a list")
-
-        def clean_listname(self):
-            try:
-                validate_email(self.cleaned_data['listname'] + '@example.net')
-            except ValidationError:
-                # TODO (maxking): Error should atleast point to what is a valid
-                # listname. It may not always be obvious which characters aren't
-                # allowed in a listname.
-                raise forms.ValidationError(_("Please enter a valid listname"))
-            return self.cleaned_data['listname']
-
-        class Meta:
-
-            """
-            Class to handle the automatic insertion of fieldsets and divs.
-
-            To use it: add a list for each wished fieldset. The first item in
-            the list should be the wished name of the fieldset, the following
-            the fields that should be included in the fieldset.
-            """
-            layout = [["List Details",
-                       "listname",
-                       "mail_host",
-                       "list_style",
-                       "list_owner",
-                       "description",
-                       "advertised"], ]
-
-
-    class ListSubscribe(forms.Form):
-        """Form fields to join an existing list.
-        """
-
-        email = forms.ChoiceField(
-            label=_('Your email address'),
-            validators=[validate_email],
-            widget=forms.Select(),
-            error_messages={
-                'required': _('Please enter an email address.'),
-                'invalid': _('Please enter a valid email address.')})
-
-        display_name = forms.CharField(
-            label=_('Your name (optional)'), required=False)
-
-        def __init__(self, user_emails, *args, **kwargs):
-            super(ListSubscribe, self).__init__(*args, **kwargs)
-            self.fields['email'].choices = ((address, address)
-                                            for address in user_emails)
-
-
-    class ListAnonymousSubscribe(forms.Form):
-        """Form fields to join an existing list as an anonymous user.
-        """
-
-        email = forms.CharField(
-            label=_('Your email address'),
-            validators=[validate_email],
-            error_messages={
-                'required': _('Please enter an email address.'),
-                'invalid': _('Please enter a valid email address.')})
-
-        display_name = forms.CharField(
-            label=_('Your name (optional)'), required=False)
-
-        privacy_check = forms.BooleanField(
-            initial=False,
-            required=True,
-            label=_(mark_safe(
-                'I have read and agree to the community <a href="%s">Privacy Statement</a> and '
-                '<a href="%s">Community Conduct</a>.' % (os.getenv("PRIVACY_LINK", "#"), os.getenv("CONDUCT_LINK"))
-            )),
-            widget=forms.CheckboxInput())
-
-
-    class ListSettingsForm(forms.Form):
-        """
-        Base class for list settings forms.
-        """
-        mlist_properties = []
-
-        def __init__(self, *args, **kwargs):
-            self._mlist = kwargs.pop('mlist')
-            super(ListSettingsForm, self).__init__(*args, **kwargs)
-
-
-    SUBSCRIPTION_POLICY_CHOICES = (
-        ('open', _('Open')),
-        ('confirm', _('Confirm')),
-        ('moderate', _('Moderate')),
-        ('confirm_then_moderate', _('Confirm, then moderate')),
-    )
-
-
-    class ListSubscriptionPolicyForm(ListSettingsForm):
-        """
-        List subscription policy settings.
-        """
-        subscription_policy = forms.ChoiceField(
-            label=_('Subscription Policy'),
-            choices=SUBSCRIPTION_POLICY_CHOICES,
-            help_text=_('Open: Subscriptions are added automatically\n'
-                        'Confirm: Subscribers need to confirm the subscription '
-                        'using an email sent to them\n'
-                        'Moderate: Moderators will have to authorize '
-                        'each subscription manually.\n'
-                        'Confirm then Moderate: First subscribers have to confirm,'
-                        ' then a moderator '
-                        'needs to authorize.'))
-
-
-    class ArchiveSettingsForm(ListSettingsForm):
-        """
-        Set the general archive policy.
-        """
-        mlist_properties = ['archivers']
-
-        archive_policy_choices = (
-            ("public", _("Public archives")),
-            ("private", _("Private archives")),
-            ("never", _("Do not archive this list")),
-        )
-
-        archive_policy = forms.ChoiceField(
-            choices=archive_policy_choices,
-            widget=forms.RadioSelect,
-            label=_('Archive policy'),
-            help_text=_('Policy for archiving messages for this list'),
-        )
-
-        archivers = forms.MultipleChoiceField(
-            widget=forms.CheckboxSelectMultiple,
-            label=_('Active archivers'),
-            required=False)  # May be empty if no archivers are desired.
-
-        def __init__(self, *args, **kwargs):
-            super(ArchiveSettingsForm, self).__init__(*args, **kwargs)
-            archiver_opts = sorted(self._mlist.archivers.keys())
-            self.fields['archivers'].choices = sorted(
-                [(key, key) for key in archiver_opts])
-            if self.initial:
-                self.initial['archivers'] = [
-                    key for key in archiver_opts if self._mlist.archivers[key] is True]   # noqa
-
-        def clean_archivers(self):
-            result = {}
-            for archiver, etc in self.fields['archivers'].choices:
-                result[archiver] = archiver in self.cleaned_data['archivers']
-            self.cleaned_data['archivers'] = result
-            return result
-
-
-    class MessageAcceptanceForm(ListSettingsForm):
-        """
-        List messages acceptance settings.
-        """
-        acceptable_aliases = ListOfStringsField(
-            label=_("Acceptable aliases"),
-            required=False,
-            help_text=_(
-                'This is a list, one per line, of addresses and regexps matching '
-                'addresses that are acceptable in To: or Cc: in lieu of the list '
-                'posting address when `require_explicit_destination\' is enabled. '
-                ' Entries are either email addresses or regexps matching email '
-                'addresses.  Regexps are entries beginning with `^\' and are '
-                'matched against every recipient address in the message. The '
-                'matching is performed with Python\'s re.match() function, meaning'
-                ' they are anchored to the start of the string.'))
-        require_explicit_destination = forms.BooleanField(
-            widget=forms.RadioSelect(choices=((True, _('Yes')), (False, _('No')))),
-            required=False,
-            label=_('Require Explicit Destination'),
-            help_text=_(
-                'This checks to ensure that the list posting address or an '
-                'acceptable alias explicitly appears in a To: or Cc: header in '
-                'the post.'))
-        administrivia = forms.BooleanField(
-            widget=forms.RadioSelect(choices=((True, _('Yes')), (False, _('No')))),
-            required=False,
-            label=_('Administrivia'),
-            help_text=_(
-                'Administrivia tests will check postings to see whether it\'s '
-                'really meant as an administrative request (like subscribe, '
-                'unsubscribe, etc), and will add it to the the administrative '
-                'requests queue, notifying the administrator of the new request, '
-                'in the process.'))
-        default_member_action = forms.ChoiceField(
-            widget=forms.RadioSelect(),
-            label=_('Default action to take when a member posts to the list'),
-            error_messages={
-                'required': _("Please choose a default member action.")},
-            required=True,
-            choices=ACTION_CHOICES,
-            help_text=_(
-                'Default action to take when a member posts to the list.\n'
-                'Hold: This holds the message for approval by the list '
-                'moderators.\n'
-                'Reject: this automatically rejects the message by sending a '
-                'bounce notice to the post\'s author. The text of the bounce '
-                'notice can be configured by you.\n'
-                'Discard: this simply discards the message, with no notice '
-                'sent to the post\'s author.\n'
-                'Accept: accepts any postings without any further checks.\n'
-                'Default Processing: run additional checks and accept '
-                'the message.'))
-        default_nonmember_action = forms.ChoiceField(
-            widget=forms.RadioSelect(),
-            label=_('Default action to take when a non-member posts to the '
-                    'list'),
-            error_messages={
-                'required': _("Please choose a default non-member action.")},
-            required=True,
-            choices=ACTION_CHOICES,
-            help_text=_(
-                'When a post from a non-member is received, the message\'s sender '
-                'is matched against the list of explicitly accepted, held, '
-                'rejected (bounced), and discarded addresses. '
-                'If no match is found, then this action is taken.'))
-        max_message_size = forms.IntegerField(
-            min_value=0,
-            label=_('Maximum message size'),
-            required=False,
-            help_text=_(
-                'The maximum allowed message size. '
-                'This can be used to prevent emails with large attachments. '
-                'A size of 0 disables the check.'))
-        max_num_recipients = forms.IntegerField(
-            min_value=0,
-            label=_('Maximum number of recipients'),
-            required=False,
-            help_text=_(
-                'The maximum number of recipients for a message. '
-                'This can be used to prevent mass mailings from being accepted. '
-                'A value of 0 disables the check.'))
-
-        def clean_acceptable_aliases(self):
-            # python's urlencode will drop this attribute completely if an empty
-            # list is passed with doseq=True. To make it work for us, we instead
-            # use an empty string to signify an empty value. In turn, Core will
-            # also consider an empty value to be empty list for list-of-strings
-            # field.
-            if not self.cleaned_data['acceptable_aliases']:
-                return EMPTY_STRING
-            for alias in self.cleaned_data['acceptable_aliases']:
-                if alias.startswith('^'):
-                    try:
-                        re.compile(alias)
-                    except re.error as e:
-                        raise forms.ValidationError(
-                            _('Invalid alias regexp: {}: {}').format(alias, e.msg))
-                else:
-                    try:
-                        validate_email(alias)
-                    except ValidationError:
-                        raise forms.ValidationError(
-                            _('Invalid alias email: {}').format(alias))
-            return self.cleaned_data['acceptable_aliases']
-
-
-    class DigestSettingsForm(ListSettingsForm):
-        """
-        List digest settings.
-        """
-        digest_size_threshold = forms.DecimalField(
-            label=_('Digest size threshold'),
-            help_text=_('How big in Kb should a digest be before '
-                        'it gets sent out?'))
-
-
-    class DMARCMitigationsForm(ListSettingsForm):
-        """
-        DMARC Mitigations list settings.
-        """
-        dmarc_mitigate_action = forms.ChoiceField(
-            label=_('DMARC mitigation action'),
-            widget=forms.Select(),
-            required=False,
-            error_messages={
-                'required': _("Please choose a DMARC mitigation action.")},
-            choices=(
-                ('no_mitigation', _('No DMARC mitigations')),
-                ('munge_from', _('Replace From: with list address')),
-                ('wrap_message',
-                 _('Wrap the message in an outer message From: the list.')),
-                ('reject', _('Reject the message')),
-                ('discard', _('Discard the message'))),
-            help_text=_(
-                'The action to apply to messages From: a domain publishing a '
-                'DMARC policy of reject or quarantine or to all messages if '
-                'DMARC Mitigate unconditionally is True.'))
-        dmarc_mitigate_unconditionally = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('DMARC Mitigate unconditionally'),
-            help_text=_(
-                'If DMARC mitigation action is munge_from or wrap_message, '
-                'should it apply to all messages regardless of the DMARC policy '
-                'of the From: domain.'))
-        dmarc_moderation_notice = forms.CharField(
-            label=_('DMARC rejection notice'),
-            required=False,
-            widget=forms.Textarea(),
-            help_text=_(
-                'Text to replace the default reason in any rejection notice to '
-                'be sent when DMARC mitigation action of reject applies.'))
-        dmarc_wrapped_message_text = forms.CharField(
-            label=_('DMARC wrapped message text'),
-            required=False,
-            widget=forms.Textarea(),
-            help_text=_(
-                'Text to be added as a separate text/plain MIME part preceding '
-                'the original message part in the wrapped message when DMARC '
-                'mitigation action of wrap message applies.'))
-
-
-    class AlterMessagesForm(ListSettingsForm):
-        """
-        Alter messages list settings.
-        """
-        filter_content = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Filter content'),
-            help_text=_('Should Mailman filter the content of list traffic '
-                        'according to the settings below?'))
-        collapse_alternatives = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Collapse alternatives'),
-            help_text=_('Should Mailman collapse multipart/alternative to '
-                        'its first part content?'))
-        convert_html_to_plaintext = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Convert html to plaintext'),
-            help_text=_('Should Mailman convert text/html parts to plain text? '
-                        'This conversion happens after MIME attachments '
-                        'have been stripped.'))
-        anonymous_list = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Anonymous list'),
-            help_text=_('Hide the sender of a message, '
-                        'replacing it with the list address '
-                        '(Removes From, Sender and Reply-To fields)'))
-        include_rfc2369_headers = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Include RFC2369 headers'),
-            help_text=_(
-                'Yes is highly recommended. RFC 2369 defines a set of List-* '
-                'headers that are normally added to every message sent to the '
-                'list membership. These greatly aid end-users who are using '
-                'standards compliant mail readers. They should normally always '
-                'be enabled. However, not all mail readers are standards '
-                'compliant yet, and if you have a large number of members who are '
-                'using non-compliant mail readers, they may be annoyed at these '
-                'headers. You should first try to educate your members as to why '
-                'these headers exist, and how to hide them in their mail clients. '
-                'As a last resort you can disable these headers, but this is not '
-                'recommended (and in fact, your ability to disable these headers '
-                'may eventually go away).'))
-        allow_list_posts = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_("Include the list post header"),
-            help_text=_(
-                "This can be set to no for announce lists that do not wish to "
-                "include the List-Post header because posting to the list is "
-                "discouraged."))
-        reply_to_address = forms.CharField(
-            label=_('Explicit reply-to address'),
-            required=False,
-            help_text=_(
-                'This option allows admins to set an explicit Reply-to address. '
-                'It is only used if the reply-to is set to use an explicitly set '
-                'header'))
-        first_strip_reply_to = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            help_text=_(
-                'Should any existing Reply-To: header found in the original '
-                'message be stripped? If so, this will be done regardless of '
-                'whether an explict Reply-To: header is added by Mailman or not.'))
-        reply_goes_to_list = forms.ChoiceField(
-            label=_('Reply goes to list'),
-            widget=forms.Select(),
-            required=False,
-            error_messages={
-                'required': _("Please choose a reply-to action.")},
-            choices=(
-                ('no_munging', _('No Munging')),
-                ('point_to_list', _('Reply goes to list')),
-                ('explicit_header', _('Explicit Reply-to header set')),
-                ('explicit_header_only', _('Explicit Reply-to set; no Cc added'))),
-            help_text=_(
-                'Where are replies to list messages directed? No Munging is '
-                'strongly recommended for most mailing lists. \nThis option '
-                'controls what Mailman does to the Reply-To: header in messages '
-                'flowing through this mailing list. When set to No Munging, no '
-                'Reply-To: header is '
-                'added by Mailman, although if one is present in the original '
-                'message, it is not stripped. Setting this value to either Reply '
-                'to List, Explicit Reply, or Reply Only causes Mailman to insert '
-                'a specific Reply-To: header in all messages, overriding the '
-                'header in the original message if necessary '
-                '(Explicit Reply inserts the value of reply_to_address). '
-                'Explicit Reply-to set; no Cc added is useful for'
-                'announce-only lists where you want to avoid someone replying '
-                'to the list address. There are many reasons not to introduce or '
-                'override the Reply-To: header. One is that some posters depend '
-                'on their own Reply-To: settings to convey their valid return '
-                'address. Another is that modifying Reply-To: makes it much more '
-                'difficult to send private replies. See `Reply-To\' Munging '
-                'Considered Harmful for a general discussion of this issue. '
-                'See Reply-To Munging Considered Useful for a dissenting opinion. '
-                'Some mailing lists have restricted '
-                'posting privileges, with a parallel list devoted to discussions. '
-                'Examples are `patches\' or `checkin\' lists, where software '
-                'changes are posted by a revision control system, but discussion '
-                'about the changes occurs on a developers mailing list. To '
-                'support these types of mailing lists, select Explicit Reply and '
-                'set the Reply-To: address option to point to the parallel list.'))
-        posting_pipeline = forms.ChoiceField(
-            label=_('Pipeline'),
-            widget=forms.Select(),
-            required=False,
-            choices=lambda: ((p, p) for p in get_mailman_client()
-                             .pipelines['pipelines']),
-            help_text=_('Type of pipeline you want to use for this mailing list'))
-
-
-    class ListAutomaticResponsesForm(ListSettingsForm):
-        """
-        List settings for automatic responses.
-        """
-        autorespond_choices = (
-            ("respond_and_continue", _("Respond and continue processing")),
-            ("respond_and_discard", _("Respond and discard message")),
-            ("none", _("No automatic response")))
-        autorespond_owner = forms.ChoiceField(
-            choices=autorespond_choices,
-            widget=forms.RadioSelect,
-            label=_('Autorespond to list owner'),
-            help_text=_('Should Mailman send an auto-response to '
-                        'emails sent to the -owner address?'))
-        autoresponse_owner_text = forms.CharField(
-            label=_('Autoresponse owner text'),
-            widget=forms.Textarea(),
-            required=False,
-            help_text=_('Auto-response text to send to -owner emails.'))
-        autorespond_postings = forms.ChoiceField(
-            choices=autorespond_choices,
-            widget=forms.RadioSelect,
-            label=_('Autorespond postings'),
-            help_text=_('Should Mailman send an auto-response to '
-                        'mailing list posters?'))
-        autoresponse_postings_text = forms.CharField(
-            label=_('Autoresponse postings text'),
-            widget=forms.Textarea(),
-            required=False,
-            help_text=_('Auto-response text to send to mailing list posters.'))
-        autorespond_requests = forms.ChoiceField(
-            choices=autorespond_choices,
-            widget=forms.RadioSelect,
-            label=_('Autorespond requests'),
-            help_text=_(
-                'Should Mailman send an auto-response to emails sent to the '
-                '-request address? If you choose yes, decide whether you want '
-                'Mailman to discard the original email, or forward it on to the '
-                'system as a normal mail command.'))
-        autoresponse_request_text = forms.CharField(
-            label=_('Autoresponse request text'),
-            widget=forms.Textarea(),
-            required=False,
-            help_text=_('Auto-response text to send to -request emails.'))
-        autoresponse_grace_period = forms.CharField(
-            label=_('Autoresponse grace period'),
-            help_text=_(
-                'Number of days between auto-responses to either the mailing list '
-                'or -request/-owner address from the same poster. Set to zero '
-                '(or negative) for no grace period (i.e. auto-respond to every '
-                'message).'))
-        respond_to_post_requests = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Notify users of held messages'),
-            help_text=_(
-                'Should Mailman notify users about their messages held for '
-                'approval. If you say \'No\', no notifications will be sent '
-                'to users about the pending approval on their messages.'))
-        send_welcome_message = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            required=False,
-            label=_('Send welcome message'),
-            help_text=_(
-                'Send welcome message to newly subscribed members? '
-                'Turn this off only if you plan on subscribing people manually '
-                'and don\'t want them to know that you did so. This option is '
-                'most useful for transparently migrating lists from some other '
-                'mailing list manager to Mailman.'))
-        welcome_message_uri = forms.CharField(
-            label=_('URI for the welcome message'),
-            required=False,
-            help_text=_(
-                'If a welcome message is to be sent to subscribers, you can '
-                'specify a URI that gives the text of this message.'),
-        )
-        goodbye_message_uri = forms.CharField(
-            label=_('URI for the good bye message'),
-            required=False,
-            help_text=_(
-                'If a good bye message is to be sent to unsubscribers, you can '
-                'specify a URI that gives the text of this message.'),
-        )
-        admin_immed_notify = forms.BooleanField(
-            widget=forms.RadioSelect(choices=((True, _('Yes')), (False, _('No')))),
-            required=False,
-            label=_('Admin immed notify'),
-            help_text=_(
-                'Should the list moderators get immediate notice of new requests, '
-                'as well as daily notices about collected ones? List moderators '
-                '(and list administrators) are sent daily reminders of requests '
-                'pending approval, like subscriptions to a moderated list, '
-                'or postings that are being held for one reason or another. '
-                'Setting this option causes notices to be sent immediately on the '
-                'arrival of new requests as well. '))
-        admin_notify_mchanges = forms.BooleanField(
-            widget=forms.RadioSelect(choices=((True, _('Yes')), (False, _('No')))),
-            required=False,
-            label=_('Notify admin of membership changes'),
-            help_text=_('Should administrator get notices of '
-                        'subscribes and unsubscribes?'))
-
-
-    class ListIdentityForm(ListSettingsForm):
-        """
-        List identity settings.
-        """
-        advertised = forms.TypedChoiceField(
-            choices=((True, _('Yes')), (False, _('No'))),
-            widget=forms.RadioSelect,
-            label=_('Show list on index page'),
-            help_text=_('Choose whether to include this list '
-                        'on the list of all lists'))
-        description = forms.CharField(
-            label=_('Description'),
-            required=False,
-            help_text=_(
-                'This description is used when the mailing list is listed with '
-                'other mailing lists, or in headers, and so forth. It should be '
-                'as succinct as you can get it, while still identifying what the '
-                'list is.'),
-        )
-        info = forms.CharField(
-            label=_('Information'),
-            help_text=_('A longer description of this mailing list.'),
-            required=False,
-            widget=forms.Textarea())
-        display_name = forms.CharField(
-            label=_('Display name'),
-            required=False,
-            help_text=_('Display name is the name shown in the web interface.')
-        )
-        subject_prefix = forms.CharField(
-            label=_('Subject prefix'),
-            strip=False,
-            required=False,
-        )
-
-        def clean_subject_prefix(self):
-            """
-            Strip the leading whitespaces from the subject_prefix form field.
-            """
-            return self.cleaned_data.get('subject_prefix', '').lstrip()
-
-
-    class ListMassSubscription(forms.Form):
-        """Form fields to masssubscribe users to a list.
-        """
-        emails = ListOfStringsField(
-            label=_('Emails to mass subscribe'),
-            help_text=_(
-                'The following formats are accepted:\n'
-                'jdoe@example.com\n'
-                '&lt;jdoe@example.com&gt;\n'
-                'John Doe &lt;jdoe@example.com&gt;\n'
-                '"John Doe" &lt;jdoe@example.com&gt;\n'
-                'jdoe@example.com (John Doe)\n'
-                'Use the last three to associate a display name with'
-                ' the address\n'),
-        )
-
-
-    class ListMassRemoval(forms.Form):
-
-        """Form fields to remove multiple list users.
-        """
-        emails = ListOfStringsField(
-            label=_('Emails to Unsubscribe'),
-            help_text=_('Add one email address on each line'),
-        )
-
-        class Meta:
-
-            """
-            Class to define the name of the fieldsets and what should be
-            included in each.
-            """
-            layout = [["Mass Removal", "emails"]]
-
-
-    class ListAddBanForm(forms.Form):
-        """Ban an email address for a list."""
-        # TODO maxking: This form should only accept valid emails or regular
-        # expressions. Anything else that doesn't look like a valid email address
-        # or regexp for email should not be a valid value for the field. However,
-        # checking for that might not be easy.
-        email = forms.CharField(
-            label=_('Add ban'),
-            help_text=_(
-                'You can ban a single email address or use a regular expression '
-                'to match similar email addresses.'),
-            error_messages={
-                'required': _('Please enter an email address.'),
-                'invalid': _('Please enter a valid email address.')})
-
-
-    class ListHeaderMatchForm(forms.Form):
-        """Edit a list's header match."""
-
-        HM_ACTION_CHOICES = [(None, _("Default antispam action"))] + \
-                            [a for a in ACTION_CHOICES if a[0] != 'defer']
-
-        header = forms.CharField(
-            label=_('Header'),
-            help_text=_('Email header to filter on (case-insensitive).'),
-            error_messages={
-                'required': _('Please enter a header.'),
-                'invalid': _('Please enter a valid header.')})
-        pattern = forms.CharField(
-            label=_('Pattern'),
-            help_text=_('Regular expression matching the header\'s value.'),
-            error_messages={
-                'required': _('Please enter a pattern.'),
-                'invalid': _('Please enter a valid pattern.')})
-        action = forms.ChoiceField(
-            label=_('Action'),
-            error_messages={'invalid': _('Please enter a valid action.')},
-            required=False,
-            choices=HM_ACTION_CHOICES,
-            help_text=_('Action to take when a header matches')
-        )
-
-
-    class ListHeaderMatchFormset(forms.BaseFormSet):
-        def clean(self):
-            """Checks that no two header matches have the same order."""
-            if any(self.errors):
-                # Don't bother validating the formset unless
-                # each form is valid on its own
-                return
-            orders = []
-            for form in self.forms:
-                try:
-                    order = form.cleaned_data['ORDER']
-                except KeyError:
-                    continue
-                if order in orders:
-                    raise forms.ValidationError('Header matches must have'
-                                                ' distinct orders.')
-                orders.append(order)
-
-
-    class MemberModeration(forms.Form):
-        """
-        Form handling the member's moderation_action.
-        """
-        moderation_action = forms.ChoiceField(
-            widget=forms.Select(),
-            label=_('Moderation'),
-            required=False,
-            choices=[(None, _('List default'))] + list(ACTION_CHOICES),
-            help_text=_(
-                'Default action to take when this member posts to the list. \n'
-                'List default -- follow the list\'s default member action. \n'
-                'Hold -- This holds the message for approval by the list '
-                'moderators. \n'
-                'Reject -- this automatically rejects the message by sending a '
-                'bounce notice to the post\'s author. The text of the bounce '
-                'notice can be configured by you. \n'
-                'Discard -- this simply discards the message, with no notice '
-                'sent to the post\'s author. \n'
-                'Accept -- accepts any postings without any further checks. \n'
-                'Defer -- default processing, run additional checks and accept '
-                'the message. \n'))
-
-
-    class ChangeSubscriptionForm(forms.Form):
-        email = forms.ChoiceField()
-
-        def __init__(self, user_emails, *args, **kwargs):
-            super(ChangeSubscriptionForm, self).__init__(*args, **kwargs)
-            self.fields['email'] = forms.ChoiceField(
-                label=_('Select Email'),
-                required=False,
-                widget=forms.Select(),
-                choices=((address, address) for address in user_emails))
-  summary.html: |
-    {% extends "postorius/base.html" %}
-    {% load i18n %}
-    {% load bootstrap_tags %}
-    {% load nav_helpers %}
-
-    {% block head_title %}
-    {% trans 'Info' %} | {{ list.fqdn_listname }} - {{ block.super }}
-    {% endblock %}
-
-    {% block content %}
-
-    {% list_nav 'list_summary' 'Summary' %}
-
-    <p>{{ list.settings.description }}</p>
-    {% if list.settings.info %}
-    <p><pre style="white-space: pre-wrap; word-break: normal; border: none; background: none;">{{ list.settings.info }}</pre></p>
-    {% endif %}
-    <p>{% trans 'To contact the list owners, use the following email address:' %} <em>{{ list.settings.owner_address }}</em></p>
-
-    {# Archives #}
-    {% if hyperkitty_enabled %}
-    {% if not public_archive and not user.is_authenticated %}
-    <p>
-        {% trans 'You have to login to visit the archives of this list.' %}
-    </p>
-    {% else %}
-    {% url 'hk_list_overview' list.fqdn_listname as hyperkitty_list_url %}
-    <p>
-        {% blocktrans %}
-        To see the prior postings to this list, visit
-        <a href="{{ hyperkitty_list_url }}">the archives</a>.
-        {% endblocktrans %}
-    </p>
-    {% endif %}
-    {% endif %}
-
-    <hr />
-
-    {# Subscription #}
-    {% if user.is_authenticated %}
-    {% if user_subscribed %}
-    <h2>{% trans 'Subscription / Unsubscription' %}</h2>
-    <p>
-        {% trans 'You are subscribed to this list with the following address:' %} <em>{{ subscribed_address }}</em>
-    </p>
-    {% url 'user_list_options' list.list_id as user_list_options_url %}
-    <p>
-        {% blocktrans %}
-        You can manage your subscription on <a href="{{ user_list_options_url }}">your list options page</a>
-        {% endblocktrans %}
-    </p>
-    <p>
-    <form method="post" action="{% url 'list_unsubscribe' list.list_id %}">
-        {% csrf_token %}
-        <input type="hidden" name="email" value="{{ subscribed_address }}" />
-        <button type="submit" class="btn btn-danger">{% trans 'Unsubscribe' %}</button>
-    </form>
-    </p>
-    {% elif user_request_pending %}
-    <h4>{% trans "You have a subscription request pending. If you don't hear back soon, please contact the list owners." %}</h4>
-    {% else %}
-    <h2>{% trans 'Subscribe to this list' %}</h2>
-    <p>
-        {% blocktrans with address=list.settings.join_address %}
-        To subscribe you can send an email with 'subscribe' in the subject to
-        <a href="mailto:{{ address }}?subject=Subscribe">{{ address }}</a>
-        or use the form below:
-        {% endblocktrans %}
-    </p>
-    <form action="{% url 'list_subscribe' list.list_id %}" method="post" class="form-horizontal">
-        {% bootstrap_form_horizontal subscribe_form 2 8 'Subscribe' %}
-    </form>
-    {% endif %}
-    {% else %}
-    <div>
-        <p>
-            {% blocktrans %}
-            You can also subscribe without creating an account.
-            If you wish to do so, please use the form below.
-            {% endblocktrans%}
-        </p>
-        <form action="{% url 'list_anonymous_subscribe' list.list_id %}"
-              method="post" class="form-horizontal">
-            {% bootstrap_form_horizontal anonymous_subscription_form 2 8 'Subscribe' %}
-        </form>
-    </div>
-    {% endif %}
-
-    {# List metrics #}
-    {% if user.is_authenticated %}
-    {% if user.is_list_owner or user.is_superuser %}
-    <hr />
-    <h3>{% trans 'List metrics' %}</h3>
-    <dl class="dl-horizontal">
-        <dt>{% trans 'Created at' %}</dt><dd>{{ list.settings.created_at }}</dd>
-        <dt>{% trans 'Last post at' %}</dt><dd>{{ list.settings.last_post_at }}</dd>
-        <dt>{% trans 'Digest last sent at' %}</dt><dd>{{ list.settings.digest_last_sent_at }}</dd>
-        <dt>{% trans 'Volume' %}</dt><dd>{{ list.settings.volume }}</dd>
-    </dl>
-    {% endif %}
-    {% endif %}
-    {% endblock %}
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: core-entrypoint-configmap
-  namespace: mail
-data:
-  docker-entrypoint.sh: |
-    #! /bin/bash
-    set -e
-
-    function wait_for_postgres () {
-        # Check if the postgres database is up and accepting connections before
-        # moving forward.
-        # TODO: Use python3's psycopg2 module to do this in python3 instead of
-        # installing postgres-client in the image.
-        until psql $DATABASE_URL -c '\l'; do
-            >&2 echo "Postgres is unavailable - sleeping"
-            sleep 1
-        done
-        >&2 echo "Postgres is up - continuing"
-    }
-
-    function wait_for_mysql () {
-        # Check if MySQL is up and accepting connections.
-        HOSTNAME=$(python3 -c "from urllib.parse import urlparse; o = urlparse('$DATABASE_URL'); print(o.hostname);")
-        until mysqladmin ping --host "$HOSTNAME" --silent; do
-            >&2 echo "MySQL is unavailable - sleeping"
-            sleep 1
-        done
-        >&2 echo "MySQL is up - continuing"
-    }
-
-    # Empty the config file.
-    echo "# This file is autogenerated at container startup." > /etc/mailman.cfg
-
-    # Check if $MM_HOSTNAME is set, if not, set it to the value returned by
-    # `hostname -i` command to set it to whatever IP address is assigned to the
-    # container.
-    if [[ ! -v MM_HOSTNAME ]]; then
-        export MM_HOSTNAME=`hostname -i`
-    fi
-
-    if [[ ! -v SMTP_HOST ]]; then
-        export SMTP_HOST='172.19.199.1'
-    fi
-
-    if [[ ! -v SMTP_PORT ]]; then
-        export SMTP_PORT=25
-    fi
-
-    # Check if REST port, username, and password are set, if not, set them
-    # to default values.
-    if [[ ! -v MAILMAN_REST_PORT ]]; then
-        export MAILMAN_REST_PORT='8001'
-    fi
-
-    if [[ ! -v MAILMAN_REST_USER ]]; then
-        export MAILMAN_REST_USER='restadmin'
-    fi
-
-    if [[ ! -v MAILMAN_REST_PASSWORD ]]; then
-        export MAILMAN_REST_PASSWORD='restpass'
-    fi
-
-    function setup_database () {
-        if [[ ! -v DATABASE_URL ]]
-        then
-            echo "Environemnt variable DATABASE_URL should be defined..."
-            exit 1
-        fi
-
-        # Translate mysql:// urls to mysql+mysql:// backend:
-        if [[ "$DATABASE_URL" == mysql://* ]]; then
-            DATABASE_URL="mysql+pymysql://${DATABASE_URL:8}"
-            echo "Database URL was automatically rewritten to: $DATABASE_URL"
-        fi
-
-        # If DATABASE_CLASS is not set, guess it for common databases:
-        if [ -z "$DATABASE_CLASS" ]; then
-            if [[ ("$DATABASE_URL" == mysql:*) ||
-                    ("$DATABASE_URL" == mysql+*) ]]; then
-                DATABASE_CLASS=mailman.database.mysql.MySQLDatabase
-            fi
-            if [[ ("$DATABASE_URL" == postgres:*) ||
-                    ("$DATABASE_URL" == postgres+*) ]]; then
-                DATABASE_CLASS=mailman.database.postgresql.PostgreSQLDatabase
-            fi
-        fi
-
-        cat >> /etc/mailman.cfg <<EOF
-    [database]
-    class: $DATABASE_CLASS
-    url: $DATABASE_URL
-    EOF
-    }
-
-
-    # Check if $DATABASE_URL is defined, if not, use a standard sqlite database.
-    #
-    # If the $DATABASE_URL is defined and is postgres, check if it is available
-    # yet. Do not start the container before the postgresql boots up.
-    #
-    # TODO: If the $DATABASE_URL is defined and is mysql, check if the database is
-    # available before the container boots up.
-    #
-    # TODO: Check the database type and detect if it is up based on that. For now,
-    # assume that postgres is being used if DATABASE_URL is defined.
-    if [[ ! -v DATABASE_URL ]]; then
-        echo "DATABASE_URL is not defined. Using sqlite database..."
-    else
-        setup_database
-    fi
-
-
-    if [[ "$DATABASE_TYPE" = 'postgres' ]]
-    then
-        wait_for_postgres
-    elif [[ "$DATABASE_TYPE" = 'mysql' ]]
-    then
-        wait_for_mysql
-    fi
-
-    # Generate a basic mailman.cfg.
-    cat >> /etc/mailman.cfg << EOF
-    [runner.retry]
-    sleep_time: 10s
-
-    [webservice]
-    hostname: $MM_HOSTNAME
-    port: $MAILMAN_REST_PORT
-    admin_user: $MAILMAN_REST_USER
-    admin_pass: $MAILMAN_REST_PASSWORD
-
-    [archiver.hyperkitty]
-    class: mailman_hyperkitty.Archiver
-    enable: yes
-    configuration: /etc/mailman-hyperkitty.cfg
-
-    EOF
-
-    # Generate a basic configuration to use exim
-    cat > /tmp/exim-mailman.cfg <<EOF
-    [mta]
-    incoming: mailman.mta.exim4.LMTP
-    outgoing: mailman.mta.deliver.deliver
-    lmtp_host: $MM_HOSTNAME
-    lmtp_port: 8024
-    smtp_host: $SMTP_HOST
-    smtp_port: $SMTP_PORT
-    smtp_user: $EMAIL_HOST_USER
-    smtp_pass: $EMAIL_HOST_PASSWORD
-    configuration: python:mailman.config.exim4
-
-    EOF
-
-    cat > /etc/postfix-mailman.cfg << EOF
-    [postfix]
-    transport_file_type: regex
-    # While in regex mode, postmap_command is never used, a placeholder
-    # is added here so that it doesn't break anything.
-    postmap_command: true
-    EOF
-
-    # Generate a basic configuration to use postfix.
-    cat > /tmp/postfix-mailman.cfg <<EOF
-    [mta]
-    incoming: mailman.mta.postfix.LMTP
-    outgoing: mailman.mta.deliver.deliver
-    lmtp_host: $MM_HOSTNAME
-    lmtp_port: 8024
-    smtp_host: $SMTP_HOST
-    smtp_port: $SMTP_PORT
-    smtp_user: $EMAIL_HOST_USER
-    smtp_pass: $EMAIL_HOST_PASSWORD
-    configuration: /etc/postfix-mailman.cfg
-
-    EOF
-
-    if [ "$MTA" == "exim" ]
-    then
-        echo "Using Exim configuration"
-        cat /tmp/exim-mailman.cfg >> /etc/mailman.cfg
-    elif [ "$MTA" == "postfix" ]
-    then
-        echo "Using Postfix configuration"
-        cat /tmp/postfix-mailman.cfg >> /etc/mailman.cfg
-    else
-        echo "No MTA environment variable found, defaulting to Exim"
-        cat /tmp/exim-mailman.cfg >> /etc/mailman.cfg
-    fi
-
-    rm -f /tmp/{postfix,exim}-mailman.cfg
-
-    if [[ -e /opt/mailman/mailman-extra.cfg ]]
-    then
-        echo "Found configuration file at /opt/mailman/mailman-extra.cfg"
-        cat /opt/mailman/mailman-extra.cfg >> /etc/mailman.cfg
-    fi
-
-
-    if [[ ! -v HYPERKITTY_API_KEY ]]; then
-        echo "HYPERKITTY_API_KEY not defined, please set this environment variable..."
-        echo "exiting..."
-        exit 1
-    fi
-
-    if [[ ! -v HYPERKITTY_URL ]]; then
-        echo "HYPERKITTY_URL not set, using the default value of http://mailman-web:8000/hyperkitty"
-        export HYPERKITTY_URL="http://mailman-web:8000/hyperkitty/"
-    fi
-
-    # Generate a basic mailman-hyperkitty.cfg.
-    cat > /etc/mailman-hyperkitty.cfg <<EOF
-    [general]
-    base_url: $HYPERKITTY_URL
-    api_key: $HYPERKITTY_API_KEY
-    EOF
-
-    # Generate the LMTP files for postfix if needed.
-    mailman aliases
-
-    # Now chown the places where mailman wants to write stuff.
-    #chown -R mailman /opt/mailman
-
-    exec su-exec mailman "$@"
-
----
-apiVersion: v1
-kind: ConfigMap
-metadata:
-  name: mailman-core-base-py-configmap
-  namespace: mail
-data:
-  base.py: |
-    import re
-    import copy
-    import socket
-    import logging
-    import smtplib
-
-    from mailman.config import config
-    from mailman.interfaces.mta import IMailTransportAgentDelivery
-    from mailman.mta.connection import Connection
-    from public import public
-    from zope.interface import implementer
-
-
-    log = logging.getLogger('mailman.smtp')
-
-
-    @public
-    @implementer(IMailTransportAgentDelivery)
-    class BaseDelivery:
-        """Base delivery class."""
-
-        def __init__(self):
-            """Create a basic deliverer."""
-            username = (config.mta.smtp_user if config.mta.smtp_user else None)
-            password = (config.mta.smtp_pass if config.mta.smtp_pass else None)
-            self._connection = Connection(
-                config.mta.smtp_host, int(config.mta.smtp_port),
-                int(config.mta.max_sessions_per_connection),
-                username, password)
-
-        def _deliver_to_recipients(self, mlist, msg, msgdata, recipients):
-            """Low-level delivery to a set of recipients.
-
-            :param mlist: The mailing list being delivered to.
-            :type mlist: `IMailingList`
-            :param msg: The original message being delivered.
-            :type msg: `Message`
-            :param msgdata: Additional message metadata for this delivery.
-            :type msgdata: dictionary
-            :param recipients: The recipients of this message.
-            :type recipients: sequence
-            :return: delivery failures as defined by `smtplib.SMTP.sendmail`
-            :rtype: dictionary
-            """
-            # Do the actual sending.
-            sender = self._get_sender(mlist, msg, msgdata)
-            message_id = msg['message-id']
-            # Since the recipients can be a set or a list, sort the recipients by
-            # email address for predictability and testability.
-            try:
-                from_msg_list = re.findall(r'<(.*?)>', msg["From"])
-                if len(from_msg_list) == 1:
-                    msg_list = from_msg_list[0].split("@")
-                    if msg_list[-1] == "qq.com":
-                        new_msg = copy.deepcopy(msg)
-                        for key, value in msg.items():
-                            if key == "From":
-                                del new_msg["From"]
-                                break
-                        msg = new_msg
-                refused = self._connection.sendmail(
-                    sender, sorted(recipients), msg.as_string())
-            except smtplib.SMTPRecipientsRefused as error:
-                log.error('%s recipients refused: %s', message_id, error)
-                refused = error.recipients
-            except smtplib.SMTPResponseException as error:
-                log.error('%s response exception: %s', message_id, error)
-                refused = dict(
-                    # recipient -> (code, error)
-                    (recipient, (error.smtp_code, error.smtp_error))
-                    for recipient in recipients)
-            except (socket.error, IOError, smtplib.SMTPException) as error:
-                # MTA not responding, or other socket problems, or any other
-                # kind of SMTPException.  In that case, nothing got delivered,
-                # so treat this as a temporary failure.  We use error code 444
-                # for this (temporary, unspecified failure, cf RFC 5321).
-                log.error('%s low level smtp error: %s', message_id, error)
-                error = str(error)
-                refused = dict(
-                    # recipient -> (code, error)
-                    (recipient, (444, error))
-                    for recipient in recipients)
-            return refused
-
-        def _get_sender(self, mlist, msg, msgdata):
-            """Return the envelope sender to use.
-
-            The message metadata can override the calculation of the sender, but
-            otherwise it falls to the list's -bounces robot.  If this message is
-            not intended for any specific mailing list, the site owner's address
-            is used.
-
-            :param mlist: The mailing list being delivered to.
-            :type mlist: `IMailingList`
-            :param msg: The original message being delivered.
-            :type msg: `Message`
-            :param msgdata: Additional message metadata for this delivery.
-            :type msgdata: dictionary
-            :return: The envelope sender.
-            :rtype: string
-            """
-            sender = msgdata.get('sender')
-            if sender is None:
-                return (config.mailman.site_owner
-                        if mlist is None
-                        else mlist.bounces_address)
-            return sender
-
-
-    @public
-    class IndividualDelivery(BaseDelivery):
-        """Deliver a unique individual message to each recipient.
-
-        This is a framework delivery mechanism.  By using mixins, registration,
-        and subclassing you can customize this delivery class to do any
-        combination of VERP, full personalization, individualized header/footer
-        decoration and even full mail merging.
-
-        The core concept here is that for each recipient, the deliver() method
-        iterates over the list of registered callbacks, each of which have a
-        chance to modify the message before final delivery.
-        """
-
-        def __init__(self):
-            """See `BaseDelivery`."""
-            super().__init__()
-            self.callbacks = []
-
-        def deliver(self, mlist, msg, msgdata):
-            """See `IMailTransportAgentDelivery`.
-
-            Craft a unique message for every recipient.  Encode the recipient's
-            delivery address in the return envelope so there can be no ambiguity
-            in bounce processing.
-            """
-            refused = {}
-            recipients = msgdata.get('recipients', set())
-            for recipient in recipients:
-                log.debug('IndividualDelivery to: %s', recipient)
-                # Make a copy of the original messages and operator on it, since
-                # we're going to munge it repeatedly for each recipient.
-                message_copy = copy.deepcopy(msg)
-                msgdata_copy = msgdata.copy()
-                # Squirrel the current recipient away in the message metadata.
-                # That way the subclass's _get_sender() override can encode the
-                # recipient address in the sender, e.g. for VERP.
-                msgdata_copy['recipient'] = recipient
-                # See if the recipient is a member of the mailing list, and if so,
-                # squirrel this information away for use by other modules, such as
-                # the header/footer decorator.  XXX 2012-03-05 this is probably
-                # highly inefficient on the database.
-                member = mlist.members.get_member(recipient)
-                msgdata_copy['member'] = member
-                for callback in self.callbacks:
-                    callback(mlist, message_copy, msgdata_copy)
-                status = self._deliver_to_recipients(
-                    mlist, message_copy, msgdata_copy, [recipient])
-                refused.update(status)
-            return refused
\ No newline at end of file
diff --git a/deploy/mail/exim-configmap.yaml b/deploy/mail/exim-configmap.yaml
new file mode 100644
index 00000000..167f4ee8
--- /dev/null
+++ b/deploy/mail/exim-configmap.yaml
@@ -0,0 +1,1015 @@
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: exim-configmap
+  namespace: mail
+data:
+  exim_conf: |
+    #########
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # This file was generated dynamically from
+    # split config files in the /etc/exim/conf.d/ directory.
+    # The config files are supplemented with package installation/configuration
+    # settings managed by debconf. This data is stored in
+    # /etc/exim/update-exim.conf.conf
+    # Any changes you make here will be lost.
+    # See /usr/share/doc/exim-base/README.Debian.gz and update-exim.conf(8)
+    # for instructions of customization.
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    # WARNING WARNING WARNING
+    #########
+    DKIM_CANON = relaxed
+    DKIM_SELECTOR = default
+    DKIM_DOMAIN = opengauss.org
+    DKIM_FILE = /etc/exim/dkim/opengauss.key
+    DKIM_PRIVATE_KEY=${if exists{DKIM_FILE}{DKIM_FILE}{0}}
+    MAIN_LOG_SELECTOR = +subject +deliver_time +received_sender +return_path_on_delivery +sender_on_delivery +unknown_in_list +smtp_protocol_error +smtp_syntax_error +tls_certificate_verified +tls_peerdn -host_lookup_failed
+    MAIN_TLS_ENABLE = yes
+    MAIN_TLS_CERTIFICATE = ${if exists{/etc/exim/ssl_pool/${tls_sni}.crt}{/etc/exim/ssl_pool/${tls_sni}.crt}{/etc/exim/ssl_pool/opengauss.org.crt}}
+    MAIN_TLS_PRIVATEKEY = ${if exists{/etc/exim/ssl_pool/${tls_sni}.key}{/etc/exim/ssl_pool//${tls_sni}.key}{/etc/exim/ssl_pool/opengauss.org.key}}
+    AUTH_SERVER_ALLOW_NOTLS_PASSWORDS = true
+    daemon_smtp_ports = 25 : 465
+    tls_on_connect_ports = 465
+    MAIN_TLS_ADVERTISE_HOSTS=*
+    IGNORE_SMTP_LINE_LENGTH_LIMIT=true
+
+    log_file_path = /var/log/exim/%s.%M
+    exim_path = /usr/sbin/exim
+
+    .ifndef CONFDIR
+    CONFDIR = /etc/exim
+    .endif
+
+    UPEX4CmacrosUPEX4C = 1
+    ##############################################
+    # the following macro definitions were created
+    # dynamically by /usr/sbin/update-exim.conf
+    .ifndef MAIN_PACKAGE_VERSION
+    MAIN_PACKAGE_VERSION=4.93-13ubuntu1.6
+    .endif
+    .ifndef MAIN_LOCAL_DOMAINS
+    MAIN_LOCAL_DOMAINS=@:localhost:opengauss.org
+    .endif
+    .ifndef MAIN_RELAY_TO_DOMAINS
+    MAIN_RELAY_TO_DOMAINS=
+    .endif
+    .ifndef ETC_MAILNAME
+    ETC_MAILNAME=localhost
+    .endif
+    .ifndef LOCAL_DELIVERY
+    LOCAL_DELIVERY=mail_spool
+    .endif
+    .ifndef MAIN_RELAY_NETS
+    MAIN_RELAY_NETS=192.168.0.0/16 : 127.0.0.1 : ::::1
+    .endif
+    .ifndef DCreadhost
+    DCreadhost=
+    .endif
+    .ifndef DCsmarthost
+    DCsmarthost=
+    .endif
+    .ifndef DC_eximconfig_configtype
+    DC_eximconfig_configtype=internet
+    .endif
+    .ifndef DCconfig_internet
+    DCconfig_internet=1
+    .endif
+    ##############################################
+
+
+    domainlist local_domains = MAIN_LOCAL_DOMAINS
+
+    domainlist relay_to_domains = MAIN_RELAY_TO_DOMAINS
+
+    hostlist relay_from_hosts = MAIN_RELAY_NETS
+
+    .ifndef MAIN_PRIMARY_HOSTNAME_AS_QUALIFY_DOMAIN
+    .ifndef MAIN_QUALIFY_DOMAIN
+    qualify_domain = ETC_MAILNAME
+    .else
+    qualify_domain = MAIN_QUALIFY_DOMAIN
+    .endif
+    .endif
+
+    .ifdef MAIN_LOCAL_INTERFACES
+    local_interfaces = MAIN_LOCAL_INTERFACES
+    .endif
+
+    .ifndef LOCAL_DELIVERY
+    LOCAL_DELIVERY=mail_spool
+    .endif
+
+    gecos_pattern = ^([^,:]*)
+    gecos_name = $1
+
+    .ifndef CHECK_RCPT_LOCAL_LOCALPARTS
+    CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
+    .endif
+
+    .ifndef CHECK_RCPT_REMOTE_LOCALPARTS
+    CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
+    .endif
+
+    .ifndef MAIN_ACL_CHECK_MAIL
+    MAIN_ACL_CHECK_MAIL = acl_check_mail
+    .endif
+    acl_smtp_mail = MAIN_ACL_CHECK_MAIL
+
+    .ifndef MAIN_ACL_CHECK_RCPT
+    MAIN_ACL_CHECK_RCPT = acl_check_rcpt
+    .endif
+    acl_smtp_rcpt = MAIN_ACL_CHECK_RCPT
+
+    .ifndef MAIN_ACL_CHECK_DATA
+    MAIN_ACL_CHECK_DATA = acl_check_data
+    .endif
+    acl_smtp_data = MAIN_ACL_CHECK_DATA
+
+    .ifdef MESSAGE_SIZE_LIMIT
+    message_size_limit = MESSAGE_SIZE_LIMIT
+    .endif
+
+    .ifdef MAIN_ALLOW_DOMAIN_LITERALS
+    allow_domain_literals
+    .endif
+
+    .ifndef DC_minimaldns
+    .ifndef MAIN_HOST_LOOKUP
+    MAIN_HOST_LOOKUP = *
+    .endif
+    host_lookup = MAIN_HOST_LOOKUP
+    .endif
+
+    dns_dnssec_ok = 1
+
+    .ifdef MAIN_HARDCODE_PRIMARY_HOSTNAME
+    primary_hostname = MAIN_HARDCODE_PRIMARY_HOSTNAME
+    .endif
+
+    prdr_enable = true
+
+    .ifdef MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+    smtp_accept_max_nonmail_hosts = MAIN_SMTP_ACCEPT_MAX_NOMAIL_HOSTS
+    .endif
+
+    .ifndef MAIN_FORCE_SENDER
+    local_from_check = false
+    local_sender_retain = true
+    untrusted_set_sender = *
+    .endif
+
+    .ifndef MAIN_IGNORE_BOUNCE_ERRORS_AFTER
+    MAIN_IGNORE_BOUNCE_ERRORS_AFTER = 2d
+    .endif
+    ignore_bounce_errors_after = MAIN_IGNORE_BOUNCE_ERRORS_AFTER
+
+    .ifndef MAIN_TIMEOUT_FROZEN_AFTER
+    MAIN_TIMEOUT_FROZEN_AFTER = 7d
+    .endif
+    timeout_frozen_after = MAIN_TIMEOUT_FROZEN_AFTER
+
+    .ifndef MAIN_FREEZE_TELL
+    MAIN_FREEZE_TELL = postmaster
+    .endif
+    freeze_tell = MAIN_FREEZE_TELL
+
+    .ifndef SPOOLDIR
+    SPOOLDIR = /var/spool/exim
+    .endif
+    spool_directory = SPOOLDIR
+
+    .ifdef MAIN_KEEP_ENVIRONMENT
+    keep_environment = MAIN_KEEP_ENVIRONMENT
+    .else
+    keep_environment =
+    .endif
+    .ifdef MAIN_ADD_ENVIRONMENT
+    add_environment = MAIN_ADD_ENVIRONMENT
+    .endif
+
+    .ifdef _OPT_MAIN_SMTPUTF8_ADVERTISE_HOSTS
+    .ifndef MAIN_SMTPUTF8_ADVERTISE_HOSTS
+    MAIN_SMTPUTF8_ADVERTISE_HOSTS =
+    .endif
+    smtputf8_advertise_hosts = MAIN_SMTPUTF8_ADVERTISE_HOSTS
+    .endif
+
+    .ifdef MAIN_TLS_ENABLE
+    .ifndef MAIN_TLS_ADVERTISE_HOSTS
+    MAIN_TLS_ADVERTISE_HOSTS = *
+    .endif
+    tls_advertise_hosts = MAIN_TLS_ADVERTISE_HOSTS
+
+    .ifdef MAIN_TLS_CERTKEY
+    tls_certificate = MAIN_TLS_CERTKEY
+    .else
+    .ifndef MAIN_TLS_CERTIFICATE
+    MAIN_TLS_CERTIFICATE = CONFDIR/exim.crt
+    .endif
+    tls_certificate = MAIN_TLS_CERTIFICATE
+
+    .ifndef MAIN_TLS_PRIVATEKEY
+    MAIN_TLS_PRIVATEKEY = CONFDIR/exim.key
+    .endif
+    tls_privatekey = MAIN_TLS_PRIVATEKEY
+    .endif
+
+    .ifndef MAIN_TLS_VERIFY_CERTIFICATES
+    MAIN_TLS_VERIFY_CERTIFICATES = ${if exists{/etc/ssl/certs/ca-certificates.crt}\
+                                        {/etc/ssl/certs/ca-certificates.crt}\
+                {/dev/null}}
+    .endif
+    tls_verify_certificates = MAIN_TLS_VERIFY_CERTIFICATES
+
+    .ifdef MAIN_TLS_VERIFY_HOSTS
+    tls_verify_hosts = MAIN_TLS_VERIFY_HOSTS
+    .endif
+
+    .ifdef MAIN_TLS_TRY_VERIFY_HOSTS
+    tls_try_verify_hosts = MAIN_TLS_TRY_VERIFY_HOSTS
+    .endif
+
+    .else
+    .endif
+
+    domainlist mm3_domains=opengauss.org
+    MM3_LMTP_HOST=mailman-core-0.mail-suit-service.mail.svc.cluster.local
+    MM3_LMTP_PORT=8024
+    MM3_HOME=/opt/mailman/var
+
+    MM3_LISTCHK=MM3_HOME/lists/${local_part}.${domain}
+
+    .ifdef MAIN_LOG_SELECTOR
+    log_selector = MAIN_LOG_SELECTOR
+    .endif
+
+    begin acl
+
+    acl_local_deny_exceptions:
+      accept
+        hosts = ${if exists{CONFDIR/host_local_deny_exceptions}\
+                    {CONFDIR/host_local_deny_exceptions}\
+                    {}}
+      accept
+        senders = ${if exists{CONFDIR/sender_local_deny_exceptions}\
+                      {CONFDIR/sender_local_deny_exceptions}\
+                      {}}
+      accept
+        hosts = ${if exists{CONFDIR/local_host_whitelist}\
+                    {CONFDIR/local_host_whitelist}\
+                    {}}
+      accept
+        senders = ${if exists{CONFDIR/local_sender_whitelist}\
+                      {CONFDIR/local_sender_whitelist}\
+                      {}}
+
+      .ifdef LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
+      .include LOCAL_DENY_EXCEPTIONS_LOCAL_ACL_FILE
+      .endif
+      
+      .ifdef WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
+      .include WHITELIST_LOCAL_DENY_LOCAL_ACL_FILE
+      .endif
+
+    acl_check_mail:
+
+      accept
+
+    .ifndef CHECK_RCPT_LOCAL_LOCALPARTS
+    CHECK_RCPT_LOCAL_LOCALPARTS = ^[.] : ^.*[@%!/|`#&?]
+    .endif
+
+    .ifndef CHECK_RCPT_REMOTE_LOCALPARTS
+    CHECK_RCPT_REMOTE_LOCALPARTS = ^[./|] : ^.*[@%!`#&?] : ^.*/\\.\\./
+    .endif
+
+    acl_check_rcpt:
+
+      accept
+        hosts = :
+        control = dkim_disable_verify
+
+    .ifdef DC_minimaldns
+      warn
+        control = dkim_disable_verify
+    .else
+    .ifdef DISABLE_DKIM_VERIFY
+      warn
+        control = dkim_disable_verify
+    .endif
+    .endif
+
+      .ifdef CHECK_RCPT_LOCAL_LOCALPARTS
+      deny
+        domains = +local_domains
+        local_parts = CHECK_RCPT_LOCAL_LOCALPARTS
+        message = restricted characters in address
+      .endif
+
+      
+
+      .ifdef CHECK_RCPT_REMOTE_LOCALPARTS
+      deny
+        domains = !+local_domains
+        local_parts = CHECK_RCPT_REMOTE_LOCALPARTS
+        message = restricted characters in address
+      .endif
+
+      accept
+        .ifndef CHECK_RCPT_POSTMASTER
+        local_parts = postmaster
+        .else
+        local_parts = CHECK_RCPT_POSTMASTER
+        .endif
+        domains = +local_domains : +relay_to_domains
+
+      .ifdef CHECK_RCPT_VERIFY_SENDER
+      deny
+        message = Sender verification failed
+        !acl = acl_local_deny_exceptions
+        !verify = sender
+      .endif
+
+      deny
+        !acl = acl_local_deny_exceptions
+        senders = ${if exists{CONFDIR/local_sender_callout}\
+                            {CONFDIR/local_sender_callout}\
+                      {}}
+        !verify = sender/callout
+
+      accept
+        hosts = +relay_from_hosts
+        control = submission/sender_retain
+        control = dkim_disable_verify
+
+      accept
+        authenticated = *
+        control = submission/sender_retain
+        control = dkim_disable_verify
+
+      require message	= nice hosts say HELO first
+              condition	= ${if def:sender_helo_name}
+
+      require
+        message = relay not permitted
+        domains = +local_domains : +relay_to_domains
+
+      require
+        verify = recipient
+
+      deny
+        !acl = acl_local_deny_exceptions
+        recipients = ${if exists{CONFDIR/local_rcpt_callout}\
+                                {CONFDIR/local_rcpt_callout}\
+                          {}}
+        !verify = recipient/callout
+
+      deny
+        message = sender envelope address $sender_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+        log_message = sender envelope address is locally blacklisted.
+        !acl = acl_local_deny_exceptions
+        senders = ${if exists{CONFDIR/local_sender_blacklist}\
+                      {CONFDIR/local_sender_blacklist}\
+                      {}}
+
+      deny
+        message = sender IP address $sender_host_address is locally blacklisted here. If you think this is wrong, get in touch with postmaster
+        log_message = sender IP address is locally blacklisted.
+        !acl = acl_local_deny_exceptions
+        hosts = ${if exists{CONFDIR/local_host_blacklist}\
+                    {CONFDIR/local_host_blacklist}\
+                    {}}
+
+      .ifdef CHECK_RCPT_REVERSE_DNS
+      warn
+        condition = ${if and{{def:sender_host_address}{!def:sender_host_name}}\
+                          {yes}{no}}
+        add_header = X-Host-Lookup-Failed: Reverse DNS lookup failed for $sender_host_address (${if eq{$host_lookup_failed}{1}{failed}{deferred}})
+      .endif
+
+      .ifdef CHECK_RCPT_SPF
+      deny
+        message = [SPF] $sender_host_address is not allowed to send mail from \
+                  ${if def:sender_address_domain {$sender_address_domain}{$sender_helo_name}}.
+        log_message = SPF check failed.
+        !acl = acl_local_deny_exceptions
+        condition = ${run{/usr/bin/spfquery.mail-spf-perl --ip \
+                      ${quote:$sender_host_address} --identity \
+                      ${if def:sender_address_domain \
+                          {--scope mfrom  --identity ${quote:$sender_address}}\
+                          {--scope helo --identity ${quote:$sender_helo_name}}}}\
+                      {no}{${if eq {$runrc}{1}{yes}{no}}}}
+
+      defer
+        message = Temporary DNS error while checking SPF record.  Try again later.
+        !acl = acl_local_deny_exceptions
+        condition = ${if eq {$runrc}{5}{yes}{no}}
+
+      warn
+        condition = ${if <={$runrc}{6}{yes}{no}}
+        add_header = Received-SPF: ${if eq {$runrc}{0}{pass}\
+                                    {${if eq {$runrc}{2}{softfail}\
+                                    {${if eq {$runrc}{3}{neutral}\
+              {${if eq {$runrc}{4}{permerror}\
+              {${if eq {$runrc}{6}{none}{error}}}}}}}}}\
+            } client-ip=$sender_host_address; \
+            ${if def:sender_address_domain \
+              {envelope-from=${sender_address}; }{}}\
+            helo=$sender_helo_name
+
+      warn
+        log_message = Unexpected error in SPF check.
+        condition = ${if >{$runrc}{6}{yes}{no}}
+      .endif
+
+      .ifdef CHECK_RCPT_IP_DNSBLS
+      warn
+        dnslists = CHECK_RCPT_IP_DNSBLS
+        add_header = X-Warning: $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message = $sender_host_address is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+      .endif
+
+      .ifdef CHECK_RCPT_DOMAIN_DNSBLS
+      warn
+        !senders = ${if exists{CONFDIR/local_domain_dnsbl_whitelist}\
+                        {CONFDIR/local_domain_dnsbl_whitelist}\
+                        {}}
+        dnslists = CHECK_RCPT_DOMAIN_DNSBLS
+        add_header = X-Warning: $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+        log_message = $sender_address_domain is listed at $dnslist_domain ($dnslist_value: $dnslist_text)
+      .endif
+
+      .ifdef CHECK_RCPT_LOCAL_ACL_FILE
+      .include CHECK_RCPT_LOCAL_ACL_FILE
+      .endif
+
+      accept
+        domains = +relay_to_domains
+        endpass
+        verify = recipient
+
+      accept
+
+    acl_check_data:
+
+      .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+      deny    message    = maximum allowed line length is 998 octets, \
+                          got $max_received_linelength
+              condition  = ${if > {$max_received_linelength}{998}}
+      .endif
+
+      .ifndef NO_CHECK_DATA_VERIFY_HEADER_SYNTAX
+      deny
+        !acl = acl_local_deny_exceptions
+        !verify = header_syntax
+        message = header syntax
+        log_message = header syntax ($acl_verify_message)
+      .endif
+
+      .ifdef CHECK_DATA_VERIFY_HEADER_SENDER
+      deny
+        message = No verifiable sender address in message headers
+        !acl = acl_local_deny_exceptions
+        !verify = header_sender
+      .endif
+
+      .ifdef CHECK_DATA_LOCAL_ACL_FILE
+      .include CHECK_DATA_LOCAL_ACL_FILE
+      .endif
+
+      accept
+
+    begin routers
+
+    .ifdef MAIN_ALLOW_DOMAIN_LITERALS
+    domain_literal:
+      debug_print = "R: domain_literal for $local_part@$domain"
+      driver = ipliteral
+      domains = ! +local_domains
+      transport = remote_smtp
+    .endif
+
+    hubbed_hosts:
+      debug_print = "R: hubbed_hosts for $domain"
+      driver = manualroute
+      domains = "${if exists{CONFDIR/hubbed_hosts}\
+                      {partial-lsearch;CONFDIR/hubbed_hosts}\
+                  fail}"
+      same_domain_copy_routing = yes
+      route_data = ${lookup{$domain}partial-lsearch{CONFDIR/hubbed_hosts}}
+      transport = remote_smtp
+
+    .ifdef DCconfig_internet
+
+    dnslookup_relay_to_domains:
+      debug_print = "R: dnslookup_relay_to_domains for $local_part@$domain"
+      driver = dnslookup
+      domains = ! +local_domains : +relay_to_domains
+      transport = remote_smtp
+      same_domain_copy_routing = yes
+      no_more
+
+    .ifndef ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS
+    ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS = <; 0.0.0.0 ; 127.0.0.0/8 ; 192.168.0.0/16 ; 172.16.0.0/12 ; 10.0.0.0/8 ; 169.254.0.0/16 ; 255.255.255.255 ; ::/128 ; ::1/128 ; fc00::/7 ; fe80::/10 ; 100::/64
+    .endif
+
+    dnslookup:
+      debug_print = "R: dnslookup for $local_part@$domain"
+      driver = dnslookup
+      domains = ! +local_domains
+      transport = remote_smtp
+      same_domain_copy_routing = yes
+      ignore_target_hosts = ROUTER_DNSLOOKUP_IGNORE_TARGET_HOSTS
+      no_more
+
+    .endif
+
+    .ifdef DCconfig_local
+    nonlocal:
+      debug_print = "R: nonlocal for $local_part@$domain"
+      driver = redirect
+      domains = ! +local_domains
+      allow_fail
+      data = :fail: Mailing to remote domains not supported
+      no_more
+
+    .endif
+
+    .ifdef DCconfig_smarthost DCconfig_satellite
+
+    smarthost:
+      debug_print = "R: smarthost for $local_part@$domain"
+      driver = manualroute
+      domains = ! +local_domains
+      transport = remote_smtp_smarthost
+      route_list = * DCsmarthost byname
+      host_find_failed = ignore
+      same_domain_copy_routing = yes
+      no_more
+
+    .endif
+
+    COND_LOCAL_SUBMITTER = "\
+                  ${if match_ip{$sender_host_address}{:@[]}\
+                        {1}{0}\
+        }"
+
+    real_local:
+      debug_print = "R: real_local for $local_part@$domain"
+      driver = accept
+      domains = +local_domains
+      condition = COND_LOCAL_SUBMITTER
+      local_part_prefix = real-
+      check_local_user
+      transport = LOCAL_DELIVERY
+
+    system_aliases:
+      debug_print = "R: system_aliases for $local_part@$domain"
+      driver = redirect
+      domains = +local_domains
+      allow_fail
+      allow_defer
+      data = ${lookup{$local_part}lsearch{/etc/aliases}}
+      .ifdef SYSTEM_ALIASES_USER
+      user = SYSTEM_ALIASES_USER
+      .endif
+      .ifdef SYSTEM_ALIASES_GROUP
+      group = SYSTEM_ALIASES_GROUP
+      .endif
+      .ifdef SYSTEM_ALIASES_FILE_TRANSPORT
+      file_transport = SYSTEM_ALIASES_FILE_TRANSPORT
+      .endif
+      .ifdef SYSTEM_ALIASES_PIPE_TRANSPORT
+      pipe_transport = SYSTEM_ALIASES_PIPE_TRANSPORT
+      .endif
+      .ifdef SYSTEM_ALIASES_DIRECTORY_TRANSPORT
+      directory_transport = SYSTEM_ALIASES_DIRECTORY_TRANSPORT
+      .endif
+
+    mailman3_router:
+      driver = accept
+      domains = +mm3_domains
+      require_files = MM3_LISTCHK
+      local_part_suffix_optional
+      local_part_suffix = -admin : \
+        -bounces   : -bounces+* : \
+        -confirm   : -confirm+* : \
+        -join      : -leave     : \
+        -owner     : -request   : \
+        -subscribe : -unsubscribe
+      transport = mailman3_transport
+
+    .ifdef DCconfig_satellite
+    hub_user:
+      debug_print = "R: hub_user for $local_part@$domain"
+      driver = redirect
+      domains = +local_domains
+      data = ${local_part}@DCreadhost
+      check_local_user
+
+    hub_user_smarthost:
+      debug_print = "R: hub_user_smarthost for $local_part@$domain"
+      driver = manualroute
+      domains = DCreadhost
+      transport = remote_smtp_smarthost
+      route_list = * DCsmarthost byname
+      host_find_failed = ignore
+      same_domain_copy_routing = yes
+      check_local_user
+    .endif
+
+    userforward:
+      debug_print = "R: userforward for $local_part@$domain"
+      driver = redirect
+      domains = +local_domains
+      check_local_user
+      file = $home/.forward
+      require_files = $local_part:$home/.forward
+      no_verify
+      no_expn
+      check_ancestor
+      allow_filter
+      forbid_smtp_code = true
+      directory_transport = address_directory
+      file_transport = address_file
+      pipe_transport = address_pipe
+      reply_transport = address_reply
+      skip_syntax_errors
+      syntax_errors_to = real-$local_part@$domain
+      syntax_errors_text = \
+        This is an automatically generated message. An error has\n\
+        been found in your .forward file. Details of the error are\n\
+        reported below. While this error persists, you will receive\n\
+        a copy of this message for every message that is addressed\n\
+        to you. If your .forward file is a filter file, or if it is\n\
+        a non-filter file containing no valid forwarding addresses,\n\
+        a copy of each incoming message will be put in your normal\n\
+        mailbox. If a non-filter file contains at least one valid\n\
+        forwarding address, forwarding to the valid addresses will\n\
+        happen, and those will be the only deliveries that occur.
+
+    procmail:
+      debug_print = "R: procmail for $local_part@$domain"
+      driver = accept
+      domains = +local_domains
+      check_local_user
+      transport = procmail_pipe
+      require_files = ${local_part}:\
+                      ${if exists{/etc/procmailrc}\
+                        {/etc/procmailrc}{${home}/.procmailrc}}:\
+                      +/usr/bin/procmail
+      no_verify
+      no_expn
+
+    maildrop:
+      debug_print = "R: maildrop for $local_part@$domain"
+      driver = accept
+      domains = +local_domains
+      check_local_user
+      transport = maildrop_pipe
+      require_files = ${local_part}:${home}/.mailfilter:+/usr/bin/maildrop
+      no_verify
+      no_expn
+
+    .ifndef FIRST_USER_ACCOUNT_UID
+    FIRST_USER_ACCOUNT_UID = 0
+    .endif
+
+    .ifndef DEFAULT_SYSTEM_ACCOUNT_ALIAS
+    DEFAULT_SYSTEM_ACCOUNT_ALIAS = :fail: no mail to system accounts
+    .endif
+
+    COND_SYSTEM_USER_AND_REMOTE_SUBMITTER = "\
+                  ${if and{{! match_ip{$sender_host_address}{:@[]}}\
+                            {<{$local_user_uid}{FIRST_USER_ACCOUNT_UID}}}\
+                        {1}{0}\
+        }"
+
+    lowuid_aliases:
+      debug_print = "R: lowuid_aliases for $local_part@$domain (UID $local_user_uid)"
+      check_local_user
+      driver = redirect
+      allow_fail
+      domains = +local_domains
+      condition = COND_SYSTEM_USER_AND_REMOTE_SUBMITTER
+      data = ${if exists{CONFDIR/lowuid-aliases}\
+                  {${lookup{$local_part}lsearch{CONFDIR/lowuid-aliases}\
+                  {$value}{DEFAULT_SYSTEM_ACCOUNT_ALIAS}}}\
+                  {DEFAULT_SYSTEM_ACCOUNT_ALIAS}}
+
+    local_user:
+      debug_print = "R: local_user for $local_part@$domain"
+      driver = accept
+      domains = +local_domains
+      check_local_user
+      local_parts = ! root
+      transport = LOCAL_DELIVERY
+      cannot_route_message = Unknown user
+
+    mail4root:
+      debug_print = "R: mail4root for $local_part@$domain"
+      driver = redirect
+      domains = +local_domains
+      data = /var/mail/mail
+      file_transport = address_file
+      local_parts = root
+      user = mail
+      group = mail
+
+    begin transports
+
+    .ifdef HIDE_MAILNAME
+    REMOTE_SMTP_HEADERS_REWRITE=*@+local_domains $1@DCreadhost frs : *@ETC_MAILNAME $1@DCreadhost frs
+    REMOTE_SMTP_RETURN_PATH=${if match_domain{$sender_address_domain}{+local_domains}{${sender_address_local_part}@DCreadhost}{${if match_domain{$sender_address_domain}{ETC_MAILNAME}{${sender_address_local_part}@DCreadhost}fail}}}
+    .endif
+
+    .ifdef REMOTE_SMTP_HELO_FROM_DNS
+    .ifdef REMOTE_SMTP_HELO_DATA
+    REMOTE_SMTP_HELO_DATA==${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
+    .else
+    REMOTE_SMTP_HELO_DATA=${lookup dnsdb {ptr=$sending_ip_address}{$value}{$primary_hostname}}
+    .endif
+    .endif
+
+    address_file:
+      debug_print = "T: address_file for $local_part@$domain"
+      driver = appendfile
+      delivery_date_add
+      envelope_to_add
+      return_path_add
+
+    address_pipe:
+      debug_print = "T: address_pipe for $local_part@$domain"
+      driver = pipe
+      return_fail_output
+
+    address_reply:
+      debug_print = "T: autoreply for $local_part@$domain"
+      driver = autoreply
+
+    mail_spool:
+      debug_print = "T: appendfile for $local_part@$domain"
+      driver = appendfile
+      file = /var/mail/$local_part
+      delivery_date_add
+      envelope_to_add
+      return_path_add
+      group = mail
+      mode = 0660
+      mode_fail_narrower = false
+
+    maildir_home:
+      debug_print = "T: maildir_home for $local_part@$domain"
+      driver = appendfile
+      .ifdef MAILDIR_HOME_MAILDIR_LOCATION
+      directory = MAILDIR_HOME_MAILDIR_LOCATION
+      .else
+      directory = $home/Maildir
+      .endif
+      .ifdef MAILDIR_HOME_CREATE_DIRECTORY
+      create_directory
+      .endif
+      .ifdef MAILDIR_HOME_CREATE_FILE
+      create_file = MAILDIR_HOME_CREATE_FILE
+      .endif
+      delivery_date_add
+      envelope_to_add
+      return_path_add
+      maildir_format
+      .ifdef MAILDIR_HOME_DIRECTORY_MODE
+      directory_mode = MAILDIR_HOME_DIRECTORY_MODE
+      .else
+      directory_mode = 0700
+      .endif
+      .ifdef MAILDIR_HOME_MODE
+      mode = MAILDIR_HOME_MODE
+      .else
+      mode = 0600
+      .endif
+      mode_fail_narrower = false
+
+    maildrop_pipe:
+      debug_print = "T: maildrop_pipe for $local_part@$domain"
+      driver = pipe
+      path = "/bin:/usr/bin:/usr/local/bin"
+      command = "/usr/bin/maildrop"
+      message_prefix =
+      message_suffix =
+      return_path_add
+      delivery_date_add
+      envelope_to_add
+
+    procmail_pipe:
+      debug_print = "T: procmail_pipe for $local_part@$domain"
+      driver = pipe
+      path = "/bin:/usr/bin:/usr/local/bin"
+      command = "/usr/bin/procmail"
+      return_path_add
+      delivery_date_add
+      envelope_to_add
+
+    remote_smtp:
+      debug_print = "T: remote_smtp for $local_part@$domain"
+      driver = smtp
+    .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+      message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+    .endif
+    .ifdef REMOTE_SMTP_HOSTS_AVOID_TLS
+      hosts_avoid_tls = REMOTE_SMTP_HOSTS_AVOID_TLS
+    .endif
+    .ifdef REMOTE_SMTP_HEADERS_REWRITE
+      headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+    .endif
+    .ifdef REMOTE_SMTP_RETURN_PATH
+      return_path = REMOTE_SMTP_RETURN_PATH
+    .endif
+    .ifdef REMOTE_SMTP_HELO_DATA
+      helo_data=REMOTE_SMTP_HELO_DATA
+    .endif
+    .ifdef DKIM_DOMAIN
+    dkim_domain = DKIM_DOMAIN
+    .endif
+    .ifdef DKIM_SELECTOR
+    dkim_selector = DKIM_SELECTOR
+    .endif
+    .ifdef DKIM_PRIVATE_KEY
+    dkim_private_key = DKIM_PRIVATE_KEY
+    .endif
+    .ifdef DKIM_CANON
+    dkim_canon = DKIM_CANON
+    .endif
+    .ifdef DKIM_STRICT
+    dkim_strict = DKIM_STRICT
+    .endif
+    .ifdef DKIM_SIGN_HEADERS
+    dkim_sign_headers = DKIM_SIGN_HEADERS
+    .endif
+    .ifdef TLS_DH_MIN_BITS
+    tls_dh_min_bits = TLS_DH_MIN_BITS
+    .endif
+    .ifdef REMOTE_SMTP_TLS_CERTIFICATE
+    tls_certificate = REMOTE_SMTP_TLS_CERTIFICATE
+    .endif
+    .ifdef REMOTE_SMTP_PRIVATEKEY
+    tls_privatekey = REMOTE_SMTP_PRIVATEKEY
+    .endif
+    .ifdef REMOTE_SMTP_HOSTS_REQUIRE_TLS
+      hosts_require_tls = REMOTE_SMTP_HOSTS_REQUIRE_TLS
+    .endif
+    .ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+      headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+    .endif
+
+    remote_smtp_smarthost:
+      debug_print = "T: remote_smtp_smarthost for $local_part@$domain"
+      driver = smtp
+      multi_domain
+    .ifndef IGNORE_SMTP_LINE_LENGTH_LIMIT
+      message_size_limit = ${if > {$max_received_linelength}{998} {1}{0}}
+    .endif
+      hosts_try_auth = <; ${if exists{CONFDIR/passwd.client} \
+            {\
+            ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$host_address}}\
+            }\
+            {} \
+          }
+    .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+      hosts_avoid_tls = REMOTE_SMTP_SMARTHOST_HOSTS_AVOID_TLS
+    .endif
+    .ifdef REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+      hosts_require_tls = REMOTE_SMTP_SMARTHOST_HOSTS_REQUIRE_TLS
+    .endif
+    .ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+      tls_verify_certificates = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_CERTIFICATES
+    .endif
+    .ifdef REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOSTS
+      tls_verify_hosts = REMOTE_SMTP_SMARTHOST_TLS_VERIFY_HOST
+    .endif
+    .ifdef REMOTE_SMTP_HEADERS_REWRITE
+      headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
+    .endif
+    .ifdef REMOTE_SMTP_RETURN_PATH
+      return_path = REMOTE_SMTP_RETURN_PATH
+    .endif
+    .ifdef REMOTE_SMTP_HELO_DATA
+      helo_data=REMOTE_SMTP_HELO_DATA
+    .endif
+    .ifdef TLS_DH_MIN_BITS
+    tls_dh_min_bits = TLS_DH_MIN_BITS
+    .endif
+    .ifdef REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+    tls_certificate = REMOTE_SMTP_SMARTHOST_TLS_CERTIFICATE
+    .endif
+    .ifdef REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+    tls_privatekey = REMOTE_SMTP_SMARTHOST_PRIVATEKEY
+    .endif
+    .ifdef REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+      headers_remove = REMOTE_SMTP_TRANSPORTS_HEADERS_REMOVE
+    .endif
+
+    address_directory:
+      debug_print = "T: address_directory for $local_part@$domain"
+      driver = appendfile
+      delivery_date_add
+      envelope_to_add
+      return_path_add
+      check_string = ""
+      escape_string = ""
+      maildir_format
+
+    mailman3_transport:
+      debug_print = "Email for mailman"
+      driver = smtp
+      protocol = lmtp
+      allow_localhost
+      hosts = MM3_LMTP_HOST
+      port = MM3_LMTP_PORT
+      rcpt_include_affixes = true
+
+    begin retry
+
+    *                      *           F,2h,15m; G,16h,1h,1.5; F,4d,6h
+
+    begin rewrite
+
+    .ifndef NO_EAA_REWRITE_REWRITE
+    *@+local_domains "${lookup{${local_part}}lsearch{/etc/email-addresses}\
+                      {$value}fail}" Ffrs
+    *@ETC_MAILNAME "${lookup{${local_part}}lsearch{/etc/email-addresses}\
+                      {$value}fail}" Ffrs
+    .endif
+
+    begin authenticators
+
+    plain_server:
+      driver = plaintext
+      public_name = PLAIN
+      server_condition = "${if crypteq{$auth3}{${extract{1}{:}{${lookup{$auth2}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+      server_set_id = $auth2
+      server_prompts = :
+      .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+      server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
+      .endif
+
+    login_server:
+      driver = plaintext
+      public_name = LOGIN
+      server_prompts = "Username:: : Password::"
+      server_condition = "${if crypteq{$auth2}{${extract{1}{:}{${lookup{$auth1}lsearch{CONFDIR/passwd}{$value}{*:*}}}}}{1}{0}}"
+      server_set_id = $auth1
+      .ifndef AUTH_SERVER_ALLOW_NOTLS_PASSWORDS
+      server_advertise_condition = ${if eq{$tls_in_cipher}{}{}{*}}
+      .endif
+
+    cram_md5:
+      driver = cram_md5
+      public_name = CRAM-MD5
+      client_name = ${extract{1}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
+      client_secret = ${extract{2}{:}{${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}}}
+
+    PASSWDLINE=${sg{\
+                    ${lookup{$host}nwildlsearch{CONFDIR/passwd.client}{$value}fail}\
+              }\
+              {\\N[\\^]\\N}\
+              {^^}\
+          }
+
+    plain:
+      driver = plaintext
+      public_name = PLAIN
+    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+      client_send = "<; ${if !eq{$tls_out_cipher}{}\
+                        {^${extract{1}{:}{PASSWDLINE}}\
+            ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}\
+          }fail}"
+    .else
+      client_send = "<; ^${extract{1}{:}{PASSWDLINE}}\
+            ^${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+    .endif
+
+    login:
+      driver = plaintext
+      public_name = LOGIN
+    .ifndef AUTH_CLIENT_ALLOW_NOTLS_PASSWORDS
+      client_send = "<; ${if and{\
+                              {!eq{$tls_out_cipher}{}}\
+                              {!eq{PASSWDLINE}{}}\
+                            }\
+                          {}fail}\
+                    ; ${extract{1}{::}{PASSWDLINE}}\
+        ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+    .else
+      client_send = "<; ${if !eq{PASSWDLINE}{}\
+                          {}fail}\
+                    ; ${extract{1}{::}{PASSWDLINE}}\
+        ; ${sg{PASSWDLINE}{\\N([^:]+:)(.*)\\N}{\\$2}}"
+    .endif
+
diff --git a/deploy/mail/ingress.yaml b/deploy/mail/ingress.yaml
new file mode 100644
index 00000000..85a4373e
--- /dev/null
+++ b/deploy/mail/ingress.yaml
@@ -0,0 +1,26 @@
+apiVersion: extensions/v1beta1
+kind: Ingress
+metadata:
+  annotations:
+    kubernetes.io/ingress.class: nginx
+    cert-manager.io/cluster-issuer: letsencrypt-prod
+    nginx.ingress.kubernetes.io/server-snippet: |
+      rewrite ^/$ https://mailweb.opengauss.org/postorius/lists/;
+      location ^~ /admin {
+        deny all;
+      }
+    nginx.ingress.kubernetes.io/custom-http-errors: "500"
+  name: mailweb-ingress
+spec:
+  tls:
+    - hosts:
+        - mailweb.opengauss.org
+      secretName: opengauss-mailweb-tls
+  rules:
+    - host: mailweb.opengauss.org
+      http:
+        paths:
+          - backend:
+              serviceName: mailman-web-service
+              servicePort: 80
+            path: /
\ No newline at end of file
diff --git a/deploy/mail/kustomization.yaml b/deploy/mail/kustomization.yaml
new file mode 100644
index 00000000..41a81096
--- /dev/null
+++ b/deploy/mail/kustomization.yaml
@@ -0,0 +1,14 @@
+resources:
+- exim-configmap.yaml
+- ingress.yaml
+- mailcore.yaml
+- mtaservice.yaml
+- namespace.yaml
+- nginx-config.yaml
+- secrets.yaml
+- storage.yaml
+- suiteservice.yaml
+- webservice.yaml
+namespace: mail
+apiVersion: kustomize.config.k8s.io/v1beta1
+kind: Kustomization
diff --git a/deploy/mail/mailcore-utils.yaml b/deploy/mail/mailcore-utils.yaml
deleted file mode 100644
index cb73c847..00000000
--- a/deploy/mail/mailcore-utils.yaml
+++ /dev/null
@@ -1,82 +0,0 @@
----
-kind: Deployment
-apiVersion: apps/v1
-metadata:
-  name: mailman-core-utils
-  namespace: mail
-  labels:
-    component: mail-core-utils
-    app: mail-suit-service
-  annotations:
-    flux.weave.works/tag.mail-git-tools: semver:~1.0
-    flux.weave.works/tag.mailman-core-utils: semver:~1.0
-    flux.weave.works/automated: 'true'
-spec:
-  replicas: 1
-  selector:
-    matchLabels:
-      component: mail-core-utils
-      app: mail-suit-service
-  template:
-    metadata:
-      labels:
-        component: mail-core-utils
-        app: mail-suit-service
-    spec:
-      # init container used to clone the repo and move it into the dir that core-utils will use.
-      initContainers:
-      - name: mail-git-tools
-          # Please ensure the image exists
-        image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/git-tools:v1.0.20220426
-        imagePullPolicy: "IfNotPresent"
-        volumeMounts:
-        - mountPath: /opt/mailman-utils/data_source
-          name: mailman-core-utils
-        env:
-            # the repo which contains the templates folder
-        - name: TEMPLATE_REPO
-          value: https://gitee.com/opengauss/infra.git
-        command:
-        - /bin/sh
-        - -c
-        - |
-          cd /opt/mailman-utils/data_source;
-          rm -rf templates;
-          git clone ${TEMPLATE_REPO}
-      containers:
-      - name: mailman-core-utils
-          # Please ensure the image exists
-        image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/mailman-core-utils:v1.0.20220426
-        imagePullPolicy: "IfNotPresent"
-        volumeMounts:
-        - mountPath: /opt/mailman-utils/data_source
-          name: mailman-core-utils
-        env:
-            # the mailman core API used to handling creating list and replace templates
-        - name: MAILMAN_CORE_ENDPOINT
-          value: http://mailman-core-0.mail-suit-service.mail.svc.cluster.local:8001/3.1
-            # the credential for mailman core API
-        - name: MAILMAN_CORE_USER
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: mailman_core_user
-        - name: MAILMAN_CORE_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: mailman_core_password
-            # default domain name that will be created when starts up
-        - name: TEMPLATE_FOLDER_PATH
-          value: templates
-        command:
-        - /bin/sh
-        - -c
-        - |
-          cp -r /opt/mailman-utils/data_source/infra/src/mail/templates  .;
-          cp /opt/mailman-utils/data_source/infra/src/mail/dockerfile/core_utils/mailman-core-utils.py ./mailman-core-utils.py
-          docker-entrypoint.sh python -u mailman-core-utils.py
-          sleep 3600
-      volumes:
-      - name: mailman-core-utils
-        emptyDir: {}
diff --git a/deploy/mail/mailcore.yaml b/deploy/mail/mailcore.yaml
index 27c94b5f..ba6d612c 100644
--- a/deploy/mail/mailcore.yaml
+++ b/deploy/mail/mailcore.yaml
@@ -22,59 +22,22 @@ spec:
     spec:
       containers:
       - name: mailman-core
-        image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/mail-core:v1.0.2020031900
+        image: swr.cn-north-4.myhuaweicloud.com/opensourceway/app-mailman/mailman-core-new-build:291336826605a3042b214075bb9037a52f97058c1673253323
         imagePullPolicy: "IfNotPresent"
         volumeMounts:
         - mountPath: /opt/mailman/
           name: mailman-core-volume
-        - mountPath: /usr/lib/python3.6/site-packages/mailman/runners/command.py
-          name: mailman-core-config-volume
-          subPath: command.py
-        - mountPath: /usr/lib/python3.6/email/base64mime.py
-          subPath: base64mime.py
-          name: mailman-core-config-volume
-        - mountPath: /usr/lib/python3.6/site-packages/mailman/app/subscriptions.py
-          subPath: subscriptions.py
-          name: mailman-core-config-volume
-        - mountPath: /usr/lib/python3.6/email/quoprimime.py
-          subPath: quoprimime.py
-          name: mailman-core-config-volume
-        - mountPath: /usr/lib/python3.6/site-packages/mailman/mta/base.py
-          name: mailman-core-base-py
-          subPath: base.py
-        - mountPath: /opt/core-debug/docker-entrypoint.sh
-          subPath: docker-entrypoint.sh
-          name: entry-point-config
         env:
         - name: DATABASE_TYPE
-          value: postgres
-        - name: DATABASE_CLASS
-          value: mailman.database.postgresql.PostgreSQLDatabase
-        - name: HYPERKITTY_API_KEY
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: hyperkitty_api_key
-        - name: POSTGRES_USER
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_user
-        - name: POSTGRES_PASSWORD
           valueFrom:
             secretKeyRef:
               name: mailman-secrets
-              key: postgres_password
-        - name: POSTGRES_IP
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_ip
-        - name: POSTGRES_PORT
+              key: database_type
+        - name: DATABASE_CLASS
           valueFrom:
             secretKeyRef:
               name: mailman-secrets
-              key: postgres_port
+              key: database_class
         - name: MAILMAN_REST_USER
           valueFrom:
             secretKeyRef:
@@ -85,8 +48,12 @@ spec:
             secretKeyRef:
               name: mailman-secrets
               key: mailman_core_password
+        - name: HYPERKITTY_API_KEY
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: hyperkitty_api_key
         - name: HYPERKITTY_URL
-            # NOTE: Please update the HYPERKITTY_URL
           value: http://mailman-web-service.mail.svc.cluster.local:8000/hyperkitty
         - name: SMTP_HOST
           value: mailman-exim4-service.mail.svc.cluster.local
@@ -100,28 +67,32 @@ spec:
             secretKeyRef:
               name: mailman-secrets
               key: exim4_credential_password
-          # Sed command is used here to force change default charsets to UTF-8
-          # related issue: https://gitlab.com/mailman/postorius/issues/325
-        command:
-        - /bin/sh
-        - -c
-        - |
-          export DATABASE_URL=postgres://${POSTGRES_USER}:${POSTGRES_PASSWORD}@${POSTGRES_IP}:${POSTGRES_PORT}/mailmandb
-          sed -i "s/charset: us-ascii/charset: utf-8/g" /usr/lib/python3.6/site-packages/mailman/config/schema.cfg;
-          cp /opt/core-debug/docker-entrypoint.sh /usr/local/bin/docker-entrypoint.sh;
-          chmod +x /usr/local/bin/docker-entrypoint.sh;
-          exec docker-entrypoint.sh master --force
-      #NOTE: Empty dir can't be used in a production dir. Please upgrade it before using.
+        - name: MM_HOSTNAME
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailcore_mm_hostname
+        - name: MAILMAN_REST_PORT
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailcore_rest_port
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailcore_database_url
+        - name: MTA
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailcore_mta
+        - name: SMTP_PORT
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailcore_smtp_port
       volumes:
-      - name: mailman-core-config-volume
-        configMap:
-          name: mailman-core-configmap
-      - name: mailman-core-base-py
-        configMap:
-          name: mailman-core-base-py-configmap
-      - name: entry-point-config
-        configMap:
-          name: core-entrypoint-configmap
       - name: mailman-core-volume
         persistentVolumeClaim:
           claimName: config-vol
diff --git a/deploy/mail/mtaservice.yaml b/deploy/mail/mtaservice.yaml
index c941ea63..be1417d4 100644
--- a/deploy/mail/mtaservice.yaml
+++ b/deploy/mail/mtaservice.yaml
@@ -51,54 +51,39 @@ spec:
         app: mail-suit-service
         component: mail-exim4-service
     spec:
+      nodeSelector:
+        exim4: "true"
       containers:
       - name: mailman-exim4
           #NOTE: This image is directly built from our dockerfile located in exim4 folder
-        image: swr.cn-north-4.myhuaweicloud.com/opensourceway/app-mailman/mailman-exim4-build:20985c29f3070ef5875b0d49bbb17672a73aced41668766284
+        image: swr.cn-north-4.myhuaweicloud.com/opensourceway/app-mailman/mailman-exim-new-build:3d97dff8206e4262c0fa2e218cdacb40e168c56a1672141405
         imagePullPolicy: "IfNotPresent"
         volumeMounts:
-        - mountPath: /etc/exim4/conf.d/main/25_mm3_macros
-          name: mailman-exim4-configmap-volume
-          subPath: 25_mm3_macros
-        - mountPath: /etc/exim4/conf.d/main/01_exim4-config_listmacrosdefs
-          name: mailman-exim4-configmap-volume
-          subPath: 01_exim4-config_listmacrosdefs
-        - mountPath: /etc/exim4/conf.d/auth/30_exim4-config_examples
-          name: mailman-exim4-configmap-volume
-          subPath: 30_exim4-config_examples
-        - mountPath: /etc/exim4/conf.d/main/00_local_macros
-          name: mailman-exim4-configmap-volume
-          subPath: 00_local_macros
-        - mountPath: /etc/exim4/conf.d/transport/55_mm3_transport
-          name: mailman-exim4-configmap-volume
-          subPath: 55_mm3_transport
-        - mountPath: /etc/exim4/conf.d/router/455_mm3_router
-          name: mailman-exim4-configmap-volume
-          subPath: 455_mm3_router
-        - mountPath: /etc/exim4/update-exim4.conf.conf
-          name: mailman-exim4-configmap-volume
-          subPath: update-exim4-conf.conf
-              # This file path also used in command option that used as a exim4 log path
         - mountPath: /opt/mailman/
           name: mailman-core-data
+        - mountPath: /var/log/exim/
+          name: mailman-exim4-log
         - name: mailman-secrets
-          mountPath: /etc/exim4/passwd
+          mountPath: /etc/exim/passwd.ro
           subPath: exim4_credential
         - name: mailman-cert-secrets
-          mountPath: /etc/exim4/exim.crt
+          mountPath: /etc/exim/exim.crt.ro
           subPath: server.crt
         - name: mailman-cert-secrets
-          mountPath: /etc/exim4/exim.key
+          mountPath: /etc/exim/exim.key.ro
           subPath: server.key
         - name: mailman-secrets
-          mountPath: /etc/exim4/dkim/opengauss.key
+          mountPath: /etc/exim/dkim/opengauss.key.ro
           subPath: dkim_key
         - name: exim4-tls-secret
-          mountPath: /etc/exim4/ssl_pool/opengauss.org.crt
+          mountPath: /etc/exim/ssl_pool/opengauss.org.crt
           subPath: opengauss_org_crt
         - name: exim4-tls-secret
-          mountPath: /etc/exim4/ssl_pool/opengauss.org.key
+          mountPath: /etc/exim/ssl_pool/opengauss.org.key
           subPath: opengauss_org_key
+        - name: exim-config
+          mountPath: /etc/exim/exim.conf
+          subPath: exim_conf
           # NOTE: since we added new configuration files we need reload exim4 and start up
           # 1. update password  and key file mode
           # 2. update the log folder permission
@@ -108,22 +93,22 @@ spec:
         - /bin/sh
         - -c
         - |
-          mkdir -p /var/log/exim4
-          chown -R Debian-exim:Debian-exim /var/log/exim4
-          chown root:Debian-exim /etc/exim4/passwd /etc/exim4/exim.crt /etc/exim4/exim.key /etc/exim4/dkim/opengauss.key
-          chmod 640 /etc/exim4/passwd /etc/exim4/exim.crt /etc/exim4/exim.key /etc/exim4/dkim/opengauss.key
-          mkdir -p /opt/mailman/exim_log
-          chown Debian-exim:Debian-exim -R /opt/mailman/exim_log
-          update-exim4.conf
+          cp /etc/exim/passwd.ro /etc/exim/passwd
+          cp /etc/exim/exim.crt.ro /etc/exim/exim.crt
+          cp /etc/exim/exim.key.ro /etc/exim/exim.key
+          cp /etc/exim/dkim/opengauss.key.ro /etc/exim/dkim/opengauss.key
+          chown root:exim /etc/exim/passwd /etc/exim/exim.crt /etc/exim/exim.key /etc/exim/dkim/opengauss.key
+          chmod 755       /etc/exim/passwd /etc/exim/exim.crt /etc/exim/exim.key /etc/exim/dkim/opengauss.key
+          mkdir -p /var/log/exim
           exec tini -- exim -bd -v;
       #NOTE: Empty dir can't be used in a production dir. Please upgrade it before using.
       volumes:
-      - name: mailman-exim4-configmap-volume
-        configMap:
-          name: mailman-exim4-configmap
       - name: mailman-core-data
         persistentVolumeClaim:
           claimName: config-vol
+      - name: mailman-exim4-log
+        persistentVolumeClaim:
+          claimName: exim-log-data
       - name: mailman-secrets
         secret:
           secretName: mailman-secrets
@@ -133,4 +118,7 @@ spec:
       - name: exim4-tls-secret
         secret:
           secretName: mailman-tls-secrets
+      - name: exim-config
+        configMap:
+          name: exim-configmap
 
diff --git a/deploy/mail/nginx-config.yaml b/deploy/mail/nginx-config.yaml
new file mode 100644
index 00000000..e549e172
--- /dev/null
+++ b/deploy/mail/nginx-config.yaml
@@ -0,0 +1,60 @@
+# configmap for mailman web nginx config
+---
+apiVersion: v1
+kind: ConfigMap
+metadata:
+  name: mailman-nginx-configmap
+  namespace: mail
+data:
+  default.conf: |
+    server {
+        listen 80 default_server;
+
+        root /opt/mailman-web-static;
+        index index.html;
+
+        location /static {
+        alias /opt/mailman-web-static/static;
+        }
+
+        location / {
+        uwsgi_pass 0.0.0.0:8080;
+        include uwsgi_params;
+        uwsgi_read_timeout 300;
+        }
+        location /accounts/signup {
+        rewrite ^/accounts/signup(.*)$ /postorius/lists/;
+        }
+    }
+  nginx.conf : |
+    user  nginx;
+    worker_processes  auto;
+
+    error_log  /var/log/nginx/error.log warn;
+    pid        /var/run/nginx.pid;
+
+
+    events {
+        worker_connections  2048;
+    }
+
+
+    http {
+        include       /etc/nginx/mime.types;
+        default_type  application/octet-stream;
+
+        log_format  main  '$remote_addr - $remote_user [$time_local] "$request" '
+                          '$status $body_bytes_sent "$http_referer" '
+                          '"$http_user_agent" "$http_x_forwarded_for"';
+
+        access_log  /var/log/nginx/access.log  main;
+
+        sendfile        on;
+
+        keepalive_timeout  65;
+
+        gzip  on;
+
+        server_tokens off;
+        include /etc/nginx/conf.d/*.conf;
+    }
\ No newline at end of file
diff --git a/deploy/mail/secrets.yaml b/deploy/mail/secrets.yaml
index e239dacc..02886317 100644
--- a/deploy/mail/secrets.yaml
+++ b/deploy/mail/secrets.yaml
@@ -19,15 +19,6 @@ spec:
     secret_key:
       path: secrets/data/opengauss/mail_secrets
       key: secret_key
-    postgres_ip:
-      path: secrets/data/opengauss/mail_secrets
-      key: postgres_ip
-    postgres_url:
-      path: secrets/data/opengauss/mail_secrets
-      key: postgres_url
-    postgres_port:
-      path: secrets/data/opengauss/mail_secrets
-      key: postgres_port
     postgres_user:
       path: secrets/data/opengauss/mail_secrets
       key: postgres_user
@@ -40,12 +31,6 @@ spec:
     exim4_credential:
       path: secrets/data/opengauss/mail_secrets
       key: exim4_credential
-    exim4_credential_splitted_username:
-      path: secrets/data/opengauss/mail_secrets
-      key: exim4_credential_splitted_username
-    exim4_credential_splitted_password:
-      path: secrets/data/opengauss/mail_secrets
-      key: exim4_credential_splitted_password
     exim4_credential_username:
       path: secrets/data/opengauss/mail_secrets
       key: exim4_credential_splitted_username
@@ -55,6 +40,42 @@ spec:
     dkim_key:
       path: secrets/data/opengauss/mail_secrets
       key: dkim_key
+    mailweb_smtp_host:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_smtp_host
+    mailweb_smtp_port:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_smtp_port
+    mailweb_django_allowed_hosts:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_django_allowed_hosts
+    mailweb_postorius_template_base_url:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_postorius_template_base_url
+    mailweb_database_url:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_database_url
+    mailcore_mm_hostname:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailcore_mm_hostname
+    mailcore_rest_port:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailcore_rest_port
+    mailcore_database_url:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_database_url
+    mailcore_mta:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailcore_mta
+    mailcore_smtp_port:
+      path: secrets/data/opengauss/mail_secrets
+      key: mailweb_smtp_port
+    database_type:
+      path: secrets/data/opengauss/mail_secrets
+      key: database_type
+    database_class:
+      path: secrets/data/opengauss/mail_secrets
+      key: database_class
 ---
 apiVersion: secrets-manager.tuenti.io/v1alpha1
 kind: SecretDefinition
diff --git a/deploy/mail/storage.yaml b/deploy/mail/storage.yaml
index 2473e4c1..129da7ff 100644
--- a/deploy/mail/storage.yaml
+++ b/deploy/mail/storage.yaml
@@ -14,6 +14,20 @@ spec:
   storageClassName: nfs-rw
   volumeMode: Filesystem
 
+---
+apiVersion: v1
+kind: PersistentVolumeClaim
+metadata:
+  name: exim-log-data
+  namespace: mail
+spec:
+  accessModes:
+  - ReadWriteOnce
+  resources:
+    requests:
+      storage: 100Gi
+  storageClassName: csi-disk-sas
+
 ---
 apiVersion: v1
 kind: PersistentVolumeClaim
diff --git a/deploy/mail/webservice.yaml b/deploy/mail/webservice.yaml
index 0aad4daa..8936929d 100644
--- a/deploy/mail/webservice.yaml
+++ b/deploy/mail/webservice.yaml
@@ -20,10 +20,6 @@ spec:
     name: website-port-http
     targetPort: 80
     protocol: TCP
-  - port: 443
-    name: website-port-https
-    targetPort: 443
-    protocol: TCP
   selector:
     component: mail-web-service
   type: LoadBalancer
@@ -56,54 +52,34 @@ spec:
       hostname: mailman-web
       containers:
       - name: mailman-web
-          # We modified the mail-web image to add static folder.
-        image: swr.ap-southeast-1.myhuaweicloud.com/opengauss/mail-web:v1.0.2020042802
-        imagePullPolicy: "IfNotPresent"
-        volumeMounts:
-        - mountPath: /opt/mailman-web-config
-          name: mailman-web-configmap-volume
-        - mountPath: /etc/nginx/ssl
-          name: mailman-secret-volume
-        - mountPath: /opt/mailman-web-data
-          name: mailman-web-volume
-        - mountPath: /usr/lib/python3.6/site-packages/postorius/templates/postorius/lists/summary.html
-          name: mailman-webpage-hack-volume
-          subPath: summary.html
-        - mountPath: /usr/lib/python3.6/site-packages/postorius/forms/list_forms.py
-          name: mailman-webpage-hack-volume
-          subPath: list_forms.py
+        image: swr.cn-north-4.myhuaweicloud.com/opensourceway/app-mailman/mailman-web-new-build:291336826605a3042b214075bb9037a52f97058c1673252910
+        imagePullPolicy: "Always"
+        livenessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 8000
+          timeoutSeconds: 1
+        readinessProbe:
+          failureThreshold: 3
+          initialDelaySeconds: 10
+          periodSeconds: 5
+          successThreshold: 1
+          tcpSocket:
+            port: 8000
+          timeoutSeconds: 1
         env:
         - name: PRIVACY_LINK
-          value: https://opengauss.org/en/privacyPolicy.html
+          value: https://opengauss.org/en/privacyPolicy/
         - name: CONDUCT_LINK
           value: https://gitee.com/opengauss/community/blob/master/code-of-conduct.en.md
-        - name: POSTGRES_USER
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_user
-        - name: POSTGRES_PASSWORD
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_password
-        - name: POSTGRES_IP
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_ip
-        - name: POSTGRES_PORT
-          valueFrom:
-            secretKeyRef:
-              name: mailman-secrets
-              key: postgres_port
         - name: DATABASE_TYPE
-          value: postgres
-        - name: DATABASE_URL
           valueFrom:
             secretKeyRef:
               name: mailman-secrets
-              key: postgres_url
+              key: database_type
         - name: HYPERKITTY_API_KEY
           valueFrom:
             secretKeyRef:
@@ -114,15 +90,22 @@ spec:
             secretKeyRef:
               name: mailman-secrets
               key: secret_key
-        - name: UWSGI_STATIC_MAP
-            # NOTE: This static folder has been added into docker image located at /opt/mailman-web/static
-          value: /static=/opt/mailman-web-data/static
         - name: MAILMAN_REST_URL
           value: http://mailman-core-0.mail-suit-service.mail.svc.cluster.local:8001
         - name: MAILMAN_HOST_IP
           value: mailman-core-0.mail-suit-service.mail.svc.cluster.local
         - name: MAILMAN_ADMIN_USER
           value: opengauss
+        - name: MAILMAN_REST_USER
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailman_core_user
+        - name: MAILMAN_REST_PASSWORD
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailman_core_password
         - name: MAILMAN_ADMIN_EMAIL
           valueFrom:
             secretKeyRef:
@@ -138,52 +121,59 @@ spec:
             secretKeyRef:
               name: mailman-secrets
               key: exim4_credential_password
-        - name: MAILMAN_REST_USER
+            #NOTE: this is the domain name that mailman web will serve
+        - name: SERVE_FROM_DOMAIN
+          value: mailweb.opengauss.org
+        - name: SMTP_HOST
           valueFrom:
             secretKeyRef:
               name: mailman-secrets
-              key: mailman_core_user
-        - name: MAILMAN_REST_PASSWORD
+              key: mailweb_smtp_host
+        - name: SMTP_PORT
           valueFrom:
             secretKeyRef:
               name: mailman-secrets
-              key: mailman_core_password
-            #NOTE: this is the domain name that mailman web will serve
-        - name: SERVE_FROM_DOMAIN
-          value: mailweb.opengauss.org
-          #NOTE: Command is overwritten for the purpose of copy config file into dest folder
-        command:
-        - /bin/sh
-        - -c
-        - |
-          cp /opt/mailman-web-config/settings_local.py /opt/mailman-web-data;
-          cp /opt/mailman-web-config/base.html /usr/lib/python3.6/site-packages/postorius/templates/postorius;
-          #disable signup page for mailman web hyperkitty
-          cp /opt/mailman-web-config/base2.html /usr/lib/python3.6/site-packages/hyperkitty/templates/hyperkitty/base.html
-          cp /opt/mailman-web-config/email.py /usr/lib/python3.6/site-packages/hyperkitty/models/email.py
-          exec docker-entrypoint.sh uwsgi --ini /opt/mailman-web/uwsgi.ini;
-      #NOTE: Empty dir can't be used in a production dir. Please upgrade it before using.
-      - image: swr.ap-southeast-1.myhuaweicloud.com/opensourceway/nginx:1.20.0
+              key: mailweb_smtp_port
+        - name: DJANGO_ALLOWED_HOSTS
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailweb_django_allowed_hosts
+        - name: POSTORIUS_TEMPLATE_BASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailweb_postorius_template_base_url
+        - name: DATABASE_URL
+          valueFrom:
+            secretKeyRef:
+              name: mailman-secrets
+              key: mailweb_database_url
+        resources:
+          requests:
+            cpu: 1000m
+            memory: 2000Mi
+          limits:
+            cpu: 2000m
+            memory: 4000Mi
+        volumeMounts:
+        - mountPath: /opt/mailman-web-static
+          name: mailman-web-volume
+      - image: swr.cn-north-4.myhuaweicloud.com/opensourceway/common/nginx:latest
         imagePullPolicy: IfNotPresent
         name: nginx-web
         volumeMounts:
+        - mountPath: /etc/nginx/nginx.conf
+          name: mailman-nginx-configmap-volume
+          subPath: nginx.conf
         - mountPath: /etc/nginx/conf.d/default.conf
-          name: mailman-web-configmap-volume
+          name: mailman-nginx-configmap-volume
           subPath: default.conf
-        - mountPath: /opt/mailman-web-data
+        - mountPath: /opt/mailman-web-static
           name: mailman-web-volume
-        - mountPath: /etc/nginx/ssl
-          name: mailman-secret-volume
       volumes:
       - name: mailman-web-volume
-        persistentVolumeClaim:
-          claimName: pvc-mailweb-static-vol
-      - name: mailman-web-configmap-volume
-        configMap:
-          name: mailman-web-configmap
-      - name: mailman-secret-volume
-        secret:
-          secretName: mailman-cert-secrets
-      - name: mailman-webpage-hack-volume
+        emptyDir: {}
+      - name: mailman-nginx-configmap-volume
         configMap:
-          name: mailman-webpage-hack
+          name: mailman-nginx-configmap
-- 
Gitee