diff --git a/group_vars/all/vault.yml b/group_vars/all/vault.yml
index a5426fc..2ca67aa 100644
--- a/group_vars/all/vault.yml
+++ b/group_vars/all/vault.yml
@@ -1,77 +1,84 @@
 $ANSIBLE_VAULT;1.1;AES256
-38326239386336656435393633616231336463623565306664336237363264653632363964303666
-3838636566356234623436656132653833326564363732330a343636633734633639363637303265
-62363130633033353131623039323430643632346663616662633636643235353862653431643863
-3633313732306462310a643863353765313233653435363163653466623062306337666131623437
-33326538386264306130376533323437616432623831303139336335336366326463666161623332
-35343166633231636231613265366466616232613066643636383338633832323631373461663662
-66336139643863643732383439343961656331353864613164653037643533333332623639376264
-63313233636236636130353865623630396233633865343737663662353139626261306630646430
-61353134303538393162636264383539323035343931643364633333376334666463356338343565
-64326331313530626130376437356436656237666138643931613234643631333238376532623530
-61366362373737323037373666613039353636316365313036633833623439616239623964303566
-38353834633836613930353134303866633064626232386561336661303838363837393664356362
-34663561613734396533653538313638393563306530373165306133616565373465363531346235
-34386130646564313063303434363533366238346135616165383531653962356364623133386637
-61393939373361373131636366346364386136343635383362633166376362656361313131613137
-36363461656239666131356437613035353837323138336662633133373339613764623434366261
-37333565363532363230306535346439616433663838656333376631616531666638656665346133
-38646463323463386338393733316439616138313065636334336539656132376331353463343637
-63633566303533633137323935343463626133396363333462356364653738346431303738643131
-31633564313938626430616262373935356332333335373066353865383030663066663835343466
-31376361343832356236306565643433373032343766653166353835393966323263626563646133
-33346434353531633839376332383131343364613361393433393064636631383865303935633165
-31303633636536653064613164316638653730613965646233666665663938396234356664326338
-30393930636161653332613431666265643763633234323065363237333235353136643236656632
-64393162363639323464353363393731343132613531356364653330663235336165353166373030
-38633638616437366232326238366461303264323631613564386235616466346133323265316237
-64346132376135326363313764616434646137373832363562393532323665303562316162316637
-35333261353030653435323563373935376637636334633966366437663161366430666334383663
-38306461623730643934343632353034646539386363303535633738666463396462653131653032
-32616566656539323266313637616135353131313230646630653636316333616265653739653964
-65343262366637333366323931383163613435386639663765623066626539646330343164643538
-62653165623965383961363963383536663630323336376430373136316635303934363766303035
-65323164663437623765303765396363663631626536623265353538363966363538386134313664
-37323639356134633863613166666536633533343533646138663035666135333562363539643639
-36616238636636373264616162646433303064336138643137623965616230346332613238326631
-36356465643937376662656536306431303663653039626634393231663433656466616231353731
-35353537313036306263616364346437393066663863346363353463376437356563353937616139
-64303164656136666564383962316666616665636237623832306162616661613331383539326238
-61373263323866643863636362386231643637613232623232393633633761346262636536656566
-63333136336333306435326436326666306432623563666165613732353961373331343138333365
-66306435613066656439323339633363343937353533343463393330323638643863303133633763
-35636466386132656633646238353638373031326138613838363266336533653465323831373336
-35653039656663613964343566383738653137633136656633623532616265613566373264323731
-33353638333265323633386561333531636166376362656164623235326530303334643163303361
-39633732666436393933383164653138376165313864383832633536373132303132643033626465
-34393833306633663462326637376337306166393733383930643639616163643233393763663963
-66363365393864623064643439373135656338303634343262653231363134613330303530336135
-33653564336333663266383063656563333566643935333662303132346537306432373561353438
-35313236623962306361306365306232656363363538326531336332656530663639623766393736
-35326335613563356138656435306432643033376531396232653363373934356539613138303731
-65633331316232313939633930653835376436616463636561373666346537333434333135333866
-34613538333331363136326464633564656632323763643466383533656161396630316535306338
-30383964663561393639376131633262353537656663626133383664616431363631633837613037
-63306632623239326336313831363165626562323233643639356662383730643138353032303661
-63363233346330323164656439323734653032356231353238653662396532633436333566653565
-38346630383965353162306231366339623764396634343338613563656536363337613565373162
-30643334336238303232386264363238323930646265643731656566623237326234616532656338
-38653231353130633562346532346265613133616135383335653234393138623538313362353032
-61326537303463303836666634363831323935383631383430303263333430653131633362333139
-38383764653437343431356530336564626164373931333939393861326537636363363862356639
-36323732313531303035366136366438623861636231323962343862346465393064383630323462
-61636663356434636461646664373662383564643136623661616435613361323638646131643966
-31376130383132313065316137373737616530653330373366396161663635616262316632373063
-63316638313163633363633435326131646262396166666531323439616131323634313932333330
-61653933306331643433343564353164376663316237353439383361303331626630383264316230
-32356237326661353565313663613665323661303535663032396530653464323939376132386566
-61343737303762373062303862623062343434653632653364633163623763343061343330656463
-66313030336139356533313131656362636163323733653737633035366263383736643233633134
-38636536656532313165383364383230363635613230656134393639666530316338633835633761
-61323263623532376430623636356234656561333835326439633764373939376530636465653365
-36363465333135386462323365623162383230643737666437333631303639363937653931343862
-64633564656666376534376232623337343033666636316232363462393362373638326466383635
-30313438333661313936313238343931633861633965343038626664616130633736333135633831
-65366163343133303261393038376338663135356364316662386566313562373566383263646464
-38353236353238623135336163303635363031653564323866333235626366396261626138633633
-62353931663561623830
+35323963326634353430373361636231303663373264616131356530663738306563303332363762
+3436613664633530623163353436323035346463623737390a383665663266313338356361626161
+39643939393939333361663434353237633861303032323730336661633663373636326432663135
+3430313238313836610a343432396536316462313230656236366363343034383732646163626231
+30643132316365613664333834356630666336633635373037326162646538333062363237363465
+30303632303339616166323932303865313766316436623232633335613263323437633331346133
+64633161383236346536616231333634626466373232366265333062306635663631663565666531
+30653633643430356164386364386336323162383164663639323430343239333366306161336365
+39663663343037396566366363353461656330353636306162626639663137666136306235656165
+66613338623232316336323830303830383364396537633161373032323739316131336431313035
+63346662366562656638363961613263363134646131623436316463326265646138323238303437
+31363734376333343961356137373764656534363437316633656665616430323231383563633766
+30653565373563376664303133653665356264363735333939646339653735633765306261633836
+31313465323238316263343166646132356333373033616361333532623564336338373838303536
+65333962636161633038353135303466353839663833626530616635666337346161623635383963
+66636230393331316239616434613265343139636632396630656630623662306464633162366139
+35646332623137643130373738336265623930376165343238626233356235613434636564313939
+34636266383536383936313263373538666165633163396635313365616339303264663566316234
+65353262313062653061326239363266333637316362366539616136373062313764316330663138
+64343337356133643163383864343962623237316230343763653838613738393739343131323835
+38623063626531613764356265376230336530326364643635383438363463333931333461393563
+37343231366165616666376664653633616332346661383935393435653934336562343531323664
+38396233306266623361636566663262393336343434383532393336343533653364666264306463
+66393234376137643761396635626337656465383066303863383535636363336463343234363361
+61626365633639643237336464653666396131343535636431636438343265663138346631316335
+63343136656131653039396539323231663730316134306432613034363635343230353361616338
+34303931343866343831623333386533313733613663363565313666353139356265333461336237
+34643265623739376565663039343638343839633362303035386562333264333438313835393039
+39376266643831343561653832353266313461363738663533383935376234636338343734353731
+36396634316561336363633339653566323134306430373536613763303763653764336237633465
+39313562373062666566663437386538663733643261656361346364393935613638393464663062
+31643035356630363630363532353137626431643366383437663437333761613062363663633832
+30663331333036653362646164313134316136663839386464353731303065376634313138656337
+34306234303233613136353661643436666538623634323137343861346165333730303430386237
+39313762313339356430303934343837336230303231613266643231376634333739353366333139
+39393436366339616166393530313862303961353131646163306633386637376634363534363461
+31363634653638633334346334613061333234633061343732363330363636656333316366383838
+39343234616461656432653836623233343965636432616630313037366535366131393033383063
+31343038646162616666613264363738366434613939333536656534336339326537366435383263
+66376638376133303136346663386561336239643465376336633665656563666133666165323633
+30613032343735653231356663333033653436393331653133646162333531613930316635356533
+38663830383463663366393034656638643136383261373332383636333331396639346361376334
+32333633316433616664643662636634323038306664663538386330356261323461396264323635
+66376133666434363932353762663461333861376139323439653431663638343362326166336133
+37396532306135386661353665356562363135656338333261386437376431363663383662303339
+30343534393965646231303037366435333238343931393036616364643631333163336331396364
+39303766363938383831316531303265383236646334616365613732643134366338366438623266
+61346132623333343933373666363937376332653766313463333132626466373763346330613433
+37383631656662386164633566376235366465663531383134613139656330313561633030643139
+31646264316533303638303939656539663936306465656366303761343335383562366238316332
+36623265383739376332393565386436653934316438313631626333343234656564623335386133
+64363538396631363538653361373138393637326533386239353532316531376166313265303463
+66306637383237303236306264373831636636643766383565326230313165356337633662663832
+39666464646365313536633539366330333938643431633136643166336566343137653066343735
+38653037346332373139356439656436366339323431626331636538346639303034323231663034
+36626536343236326439653665323563326431386462666331386163623232333661613437313865
+65363237643266393866363761316534666537616633393863366562666539633761613465616436
+30346435363431393261336361333564313537353564333136633866643466353261666430376130
+66333765306162666361393133636661393766333733363033663739646633303561623662316231
+61653332346361363565343466363339323064313537343537396637343730653563653734313337
+38316334376136636365373338313362313836613666643034343964353236313433303330366332
+66356562643636353465343133323462313465653434383835636535666135363438653833623836
+32636638313635326537336633656162346166303262386232613366366639326338316638656230
+65613763353031386537333332363736636236623561323036623864313830316661633362613164
+64356161376234666535393961376138656632653266306434343335373734663265383537326234
+35636131303133666366326434323832633865626538333864653236343135383636373437303864
+38663339666262373063643162343037343537383235326633623165396539633161303862623938
+32663433396637643765363837316439363863386162316363633136633232643635363166646534
+61366665356238653764623237613861323139366638633432343137336438316237333030613431
+37323463636162333231303234383831333138306163643630633335383465313737383832646161
+33643637373037666562366536383662663737373962373937633839633933323738366236323361
+63663330346436343232616364353261613635646339333062643038363634623561623163643932
+65306466363464376336353965633535356437333237666161383465393631333963393030316663
+62343564383838383938646338383466383533646539336239323064383565333834396535396634
+30616131643463663235636334613165343133646562656537396334623234383734396131643930
+66373765333538643661386435666166633438383035663563333339663536663137393162343865
+39326463316133343331633137363365653366643439613062633665633132633036333337323935
+31393665623938316230653936353966396539353730353364346434646434616636663563336666
+32623861363864383430356236396366616361326334656639613061636239306663626435636435
+36316135633739313364336634376635303131616239666262613230666165636533613935643664
+35356538613062646635336332613635643135396665376439323331386163356631383531376230
+36386661326362633833333133356366633264353061356665353131323737303339396333613763
+386531643264353562356563663961626139
diff --git a/roles/mail/defaults/main.yml b/roles/mail/defaults/main.yml
index e270e8b..e0667da 100644
--- a/roles/mail/defaults/main.yml
+++ b/roles/mail/defaults/main.yml
@@ -4,6 +4,9 @@ mail_srs_domain: "srs.{{ mail_domain }}"
 
 mailman3_site_owner: "mailman3@binary-kitchen.de"
 mailman3_dbname: "mailman3"
+mailman3web_dbname: "mailman3web"
 mailman3_dbuser: "mailman3"
 mailman3_dbpass: "{{ vault_mail_mailman3_dbpass }}"
 mailman3_restadminpass: "{{ vault_mail_mailman3_restadminpass }}"
+mailman3_archiverkey: "{{ vault_mail_mailman3_archiverkey }}"
+mailman3_secretkey: "{{ vault_mail_mailman3_secretkey }}"
diff --git a/roles/mail/handlers/main.yml b/roles/mail/handlers/main.yml
index 466418f..93014ef 100644
--- a/roles/mail/handlers/main.yml
+++ b/roles/mail/handlers/main.yml
@@ -20,6 +20,9 @@
 - name: Restart mailman3
   service: name=mailman3 state=restarted
 
+- name: Restart mailman3web
+  service: name=mailman3-web state=restarted
+
 - name: Run acertmgr
   command: /usr/bin/acertmgr
 
diff --git a/roles/mail/tasks/main.yml b/roles/mail/tasks/main.yml
index d440b6b..7eead6c 100644
--- a/roles/mail/tasks/main.yml
+++ b/roles/mail/tasks/main.yml
@@ -123,7 +123,7 @@
   file: path=/etc/nginx/ssl/{{ mailman_domain }}.key owner=root mode=0400
   notify: Restart nginx
 
-- name: Configure PostgreSQL database
+- name: Configure PostgreSQL database for mailman3
   postgresql_db: name={{ mailman3_dbname }}
   become: true
   become_user: postgres
@@ -133,10 +133,19 @@
   become: true
   become_user: postgres
 
+- name: Configure PostgreSQL database for mailman3-web
+  postgresql_db: name={{ mailman3web_dbname }} owner={{ mailman3_db_user }}
+  become: true
+  become_user: postgres
+
 - name: Configure mailman3
   template: src=mailman/mailman.cfg.j2 dest=/etc/mailman3/mailman.cfg
   notify: Restart mailman3
 
+- name: Configure mailman3-web
+  template: src=mailman/mailman-web.py.j2 dest=/etc/mailman3/mailman-web.py
+  notify: Restart mailman3web
+
 - name: Create postfix ssl directory
   file: path=/etc/postfix/ssl state=directory mode=0750 owner=postfix group=postfix
 
diff --git a/roles/mail/templates/mailman/mailman-web.py.j2 b/roles/mail/templates/mailman/mailman-web.py.j2
new file mode 100644
index 0000000..a5b0c0e
--- /dev/null
+++ b/roles/mail/templates/mailman/mailman-web.py.j2
@@ -0,0 +1,191 @@
+# This file is imported by the Mailman Suite. It is used to override
+# the default settings from /usr/share/mailman3-web/settings.py.
+
+# SECURITY WARNING: keep the secret key used in production secret!
+SECRET_KEY = '{{ mailman3_secretkey }}'
+
+ADMINS = (
+     ('Mailman Suite Admin', 'root@localhost'),
+)
+
+# Hosts/domain names that are valid for this site; required if DEBUG is False
+# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
+# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
+# is meant to run behind a webserver reverse proxy anyway.
+ALLOWED_HOSTS = [
+    #"localhost",  # Archiving API from Mailman, keep it.
+    # "lists.your-domain.org",
+    # Add here all production URLs you may have.
+    '*'
+]
+
+# Mailman API credentials
+MAILMAN_REST_API_URL = 'http://localhost:8001'
+MAILMAN_REST_API_USER = 'restadmin'
+MAILMAN_REST_API_PASS = '{{ mailman3_restadminpass }}'
+MAILMAN_ARCHIVER_KEY = '{{ mailman3_archiverkey }}'
+MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
+
+# Application definition
+
+INSTALLED_APPS = (
+    'hyperkitty',
+    'postorius',
+    'django_mailman3',
+    # Uncomment the next line to enable the admin:
+    'django.contrib.admin',
+    # Uncomment the next line to enable admin documentation:
+    # 'django.contrib.admindocs',
+    'django.contrib.auth',
+    'django.contrib.contenttypes',
+    'django.contrib.sessions',
+    'django.contrib.sites',
+    'django.contrib.messages',
+    'django.contrib.staticfiles',
+    'rest_framework',
+    'django_gravatar',
+    'compressor',
+    'haystack',
+    'django_extensions',
+    'django_q',
+    'allauth',
+    'allauth.account',
+    'allauth.socialaccount',
+    'django_mailman3.lib.auth.fedora',
+    #'allauth.socialaccount.providers.openid',
+    #'allauth.socialaccount.providers.github',
+    #'allauth.socialaccount.providers.gitlab',
+    #'allauth.socialaccount.providers.google',
+    #'allauth.socialaccount.providers.facebook',
+    #'allauth.socialaccount.providers.twitter',
+    #'allauth.socialaccount.providers.stackexchange',
+)
+
+
+# Database
+# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
+
+DATABASES = {
+    'default': {
+        # Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
+        #'ENGINE': 'django.db.backends.sqlite3',
+        'ENGINE': 'django.db.backends.postgresql_psycopg2',
+        #'ENGINE': 'django.db.backends.mysql',
+        # DB name or path to database file if using sqlite3.
+        #'NAME': '/var/lib/mailman3/web/mailman3web.db',
+        'NAME': '{{ mailman3web_dbname }}',
+	# The following settings are not used with sqlite3:
+        'USER': '{{ mailman3_dbuser }}',
+        'PASSWORD': '{{{ mailman3_dbpass }}',
+        # HOST: empty for localhost through domain sockets or '127.0.0.1' for
+        # localhost through TCP.
+        'HOST': 'localhost',
+        # PORT: set to empty string for default.
+        'PORT': '5432',
+        # OPTIONS: Extra parameters to use when connecting to the database.
+        'OPTIONS': {
+            # Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
+            # https://docs.djangoproject.com/en/1.11/ref/
+            #     databases/#setting-sql-mode
+            #'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
+        },
+    }
+}
+
+
+# If you're behind a proxy, use the X-Forwarded-Host header
+# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
+USE_X_FORWARDED_HOST = True
+
+# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
+# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
+# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
+
+# Other security settings
+# SECURE_SSL_REDIRECT = True
+# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
+# contains at least this line:
+# SECURE_REDIRECT_EXEMPT = [
+#     "archives/api/mailman/.*",  # Request from Mailman.
+#     ]
+# SESSION_COOKIE_SECURE = True
+# SECURE_CONTENT_TYPE_NOSNIFF = True
+# SECURE_BROWSER_XSS_FILTER = True
+# CSRF_COOKIE_SECURE = True
+# CSRF_COOKIE_HTTPONLY = True
+# X_FRAME_OPTIONS = 'DENY'
+
+
+# Internationalization
+# https://docs.djangoproject.com/en/1.8/topics/i18n/
+
+LANGUAGE_CODE = 'en-us'
+
+TIME_ZONE = 'UTC'
+
+USE_I18N = True
+USE_L10N = True
+USE_TZ = True
+
+
+# Set default domain for email addresses.
+EMAILNAME = 'localhost.local'
+
+# If you enable internal authentication, this is the address that the emails
+# will appear to be coming from. Make sure you set a valid domain name,
+# otherwise the emails may get rejected.
+# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
+# DEFAULT_FROM_EMAIL = "mailing-lists@you-domain.org"
+DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
+
+# If you enable email reporting for error messages, this is where those emails
+# will appear to be coming from. Make sure you set a valid domain name,
+# otherwise the emails may get rejected.
+# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
+# SERVER_EMAIL = 'root@your-domain.org'
+SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
+
+
+# Django Allauth
+ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
+
+
+#
+# Social auth
+#
+SOCIALACCOUNT_PROVIDERS = {
+    #'openid': {
+    #    'SERVERS': [
+    #        dict(id='yahoo',
+    #             name='Yahoo',
+    #             openid_url='http://me.yahoo.com'),
+    #    ],
+    #},
+    #'google': {
+    #    'SCOPE': ['profile', 'email'],
+    #    'AUTH_PARAMS': {'access_type': 'online'},
+    #},
+    #'facebook': {
+    #   'METHOD': 'oauth2',
+    #   'SCOPE': ['email'],
+    #   'FIELDS': [
+    #       'email',
+    #       'name',
+    #       'first_name',
+    #       'last_name',
+    #       'locale',
+    #       'timezone',
+    #       ],
+    #   'VERSION': 'v2.4',
+    #},
+}
+
+# On a production setup, setting COMPRESS_OFFLINE to True will bring a
+# significant performance improvement, as CSS files will not need to be
+# recompiled on each requests. It means running an additional "compress"
+# management command after each code upgrade.
+# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
+COMPRESS_OFFLINE = True
+
+POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'