What type of hardware are you using: VPS bought online
What YunoHost version are you running: 12.0.17
What app is this about: Mailinglist
Describe your issue
I spend a lot of time to find out that Mailman3 apparently did not work properly, and that is annoying because if I had known, I had not wasted my time (in that way 
).
What seems to be wrong is that Mailman3 is not integrated with ldap according to manifest.toml.
However, according to /etc/postfix/main.cf there are some integration between postfix and mailman3:
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf, hash:/var/lib/mailman3/data/postfix_lmtp,hash:/etc/postfix/app_senders_login_maps
The consequence is apparently that the postfix does not know the mailinglist members and therefore bounces mails from them and do not mails to them unless they are in the ldap due to yunohost registration.
To conclude, users registered through mailman3 are denied by postfix. Thus, mailman3 does not work as a highly developed maillinglist program (which it is upstream).
There also seems to be problems with hyperkitty: it cannot find users registered with postorius.
If someone has ideas of how to fix these problems, it would be nice 
See /usr/share/postfix/main.cf.dist for a commented, more complete version
Debian specific: Specifying a file name will cause the first
line of that file to be used as the name. The Debian default
is /etc/mailname.
#myorigin = /etc/mailname
smtpd_banner = $myhostname Service ready
biff = no
appending .domain is the MUA’s job.
append_dot_mydomain = no
Uncomment the next line to generate “delayed mail” warnings
#delay_warning_time = 4h
readme_directory = no
– TLS for incoming connections
###############################################################################
smtpd_use_tls = yes
smtpd_tls_security_level = may
smtpd_tls_auth_only = yes
smtpd_tls_chain_files =
/etc/yunohost/certs/example.org/key.pem,
/etc/yunohost/certs/example.org/crt.pem
tls_server_sni_maps = hash:/etc/postfix/sni
generated 2023-06-13, Mozilla Guideline v5.7, Postfix 3.7.5, OpenSSL 3.0.9, intermediate configuration
Mozilla SSL Configuration Generator
smtpd_tls_mandatory_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_protocols = !SSLv2, !SSLv3, !TLSv1, !TLSv1.1
smtpd_tls_mandatory_ciphers = medium
curl https://ssl-config.mozilla.org/ffdhe2048.txt > /path/to/dhparam.pem
not actually 1024 bits, this applies to all DHE >= 1024 bits
smtpd_tls_dh1024_param_file = /usr/share/yunohost/ffdhe2048.pem
tls_medium_cipherlist = ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384:DHE-RSA-CHACHA20-POLY1305
tls_preempt_cipherlist = no
###############################################################################
smtpd_tls_session_cache_database = btree:${data_directory}/smtpd_scache
smtpd_tls_loglevel=1
– TLS for outgoing connections
Use TLS if this is supported by the remote SMTP server, otherwise use plaintext.
smtp_tls_security_level = may
smtp_tls_session_cache_database = btree:${data_directory}/smtp_scache
smtp_tls_exclude_ciphers = aNULL, MD5, DES, ADH, RC4, 3DES
smtp_tls_mandatory_ciphers= high
smtp_tls_loglevel=1
Configure Root CA certificates
(for example, avoids getting “Untrusted TLS connection established to” messages in logs)
smtpd_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
smtp_tls_CAfile = /etc/ssl/certs/ca-certificates.crt
See /usr/share/doc/postfix/TLS_README.gz in the postfix-doc package for
information on enabling SSL in the smtp client.
myhostname = example.org
alias_maps = hash:/etc/aliases
alias_database = hash:/etc/aliases
mydomain = example.org
mydestination = localhost
relayhost =
mynetworks = 127.0.0.0/8 [::ffff:127.0.0.0]/104 [::1]/128
mailbox_command = procmail -a “$EXTENSION”
mailbox_size_limit = 0
recipient_delimiter = +
inet_interfaces = all
Fit to the maximum message size to 25mb, more than allowed by GMail or Yahoo
/!\ This size is the size of the attachment in base64.
BASE64_SIZE_IN_BYTE = ORIGINAL_SIZE_IN_MEGABYTE * 1,37 10241024 + 980
See https://serverfault.com/questions/346895/postfix-mail-size-counting
message_size_limit = 35914708
Virtual Domains Control
virtual_mailbox_domains = ldap:/etc/postfix/ldap-domains.cf
virtual_mailbox_maps = ldap:/etc/postfix/ldap-accounts.cf, hash:/var/lib/mailman3/data/postfix_lmtp,hash:/etc/postfix/app_senders_login_maps
virtual_mailbox_base =
virtual_alias_maps = ldap:/etc/postfix/ldap-aliases.cf,ldap:/etc/postfix/ldap-groups.cf
virtual_alias_domains =
virtual_minimum_uid = 100
virtual_uid_maps = static:vmail
virtual_gid_maps = static:mail
smtpd_sender_login_maps = unionmap:{
Regular Yunohost accounts
ldap:/etc/postfix/ldap-accounts.cf,
Extra maps for app system users who need to send emails
hash:/etc/postfix/app_senders_login_maps }
Dovecot LDA
virtual_transport = dovecot
dovecot_destination_recipient_limit = 1
Enable SASL authentication for the smtpd daemon
smtpd_sasl_auth_enable = yes
smtpd_sasl_type = dovecot
smtpd_sasl_path = private/auth
Fix some outlook’s bugs
broken_sasl_auth_clients = yes
Reject anonymous connections
smtpd_sasl_security_options = noanonymous
smtpd_sasl_local_domain =
Wait until the RCPT TO command before evaluating restrictions
smtpd_delay_reject = yes
Basics Restrictions
smtpd_helo_required = yes
strict_rfc821_envelopes = yes
Requirements for the connecting server
smtpd_client_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_rbl_client bl.spamcop.net,
reject_rbl_client cbl.abuseat.org,
reject_rbl_client zen.spamhaus.org,
permit
Requirements for the HELO statement
smtpd_helo_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_hostname,
reject_invalid_hostname,
permit
Requirements for the sender address
smtpd_sender_restrictions =
reject_sender_login_mismatch,
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_sender,
reject_unknown_sender_domain,
permit
Requirement for the recipient address
smtpd_recipient_restrictions =
permit_mynetworks,
permit_sasl_authenticated,
reject_non_fqdn_recipient,
reject_unknown_recipient_domain,
reject_unauth_destination,
permit
SRS
sender_canonical_maps = tcp:localhost:10001
sender_canonical_classes = envelope_sender
recipient_canonical_maps = tcp:localhost:10002
recipient_canonical_classes= envelope_recipient,header_recipient
Ignore some headers
smtp_header_checks = regexp:/etc/postfix/header_checks
smtp_reply_filter = pcre:/etc/postfix/smtp_reply_filter
Rmilter
milter_mail_macros = i {mail_addr} {client_addr} {client_name} {auth_authen} {auth_type}
milter_protocol = 6
smtpd_milters = inet:localhost:8891
non_smtpd_milters = inet:localhost:8891
Skip email without checking if milter has died
milter_default_action = accept
Avoid to send simultaneously too many emails
smtp_destination_concurrency_limit = 2
default_destination_rate_delay = 5s
Avoid to be blacklisted due to too many recipient
smtpd_client_recipient_rate_limit=150
Avoid email adress scanning
By default it’s possible to detect if the email adress exist
So it’s easly possible to scan a server to know which email adress is valid
and after to send spam
disable_vrfy_command = yes
unknown_local_recipient_reject_code = 550
owner_request_special = no
transport_maps =
hash:/var/lib/mailman3/data/postfix_lmtp
local_recipient_maps =
hash:/var/lib/mailman3/data/postfix_lmtp
relay_domains =
hash:/var/lib/mailman3/data/postfix_domains