T256536: Puppetize mailman3 is almost done and we basically can have a puppetized mailman in the ☁️ but for production, it needs more work. This is to track and handle it.
- certificates - https://gerrit.wikimedia.org/r/c/operations/puppet/+/673641/2
- rewrite rules for exim4
- monitoring (maybe a dedicated subticket?) including Prometheus, mtail, etc.
- Protect "/admin" (https://lists.wmcloud.org/admin) so it would be only accessible internally.