diff --git a/inventory/group_vars/mailman-stg b/inventory/group_vars/mailman-stg
index a7baab22ab..27cdcf9852 100644
--- a/inventory/group_vars/mailman-stg
+++ b/inventory/group_vars/mailman-stg
@@ -9,6 +9,15 @@ num_cpus: 2
 tcp_ports: [ 25, 80, 443 ]
 fas_client_groups: sysadmin-tools,sysadmin-main
 
+# These are consumed by a task in roles/fedmsg_base/main.yml
+fedmsg_certs:
+- service: shell
+  owner: root
+  group: sysadmin
+- service: mailman
+  owner: mailman
+  group: mailman
+
 # default virt install command is for a single nic-device
 # define in another group file for more nics (see buildvm)
 virt_install_command: /usr/sbin/virt-install -n ${inventory_hostname} -r ${mem_size}
diff --git a/roles/fedmsg_base/tasks/main.yml b/roles/fedmsg_base/tasks/main.yml
index 67693e75c6..dfb9e1c3ff 100644
--- a/roles/fedmsg_base/tasks/main.yml
+++ b/roles/fedmsg_base/tasks/main.yml
@@ -21,6 +21,7 @@
   - endpoints.py
   - endpoints-fedbadges.py
   - endpoints-nuancier.py
+  - endpoints-mailman.py
   - relay.py
   - pkgdb.py
   - logging.py
diff --git a/roles/fedmsg_base/templates/endpoints-mailman.py.j2 b/roles/fedmsg_base/templates/endpoints-mailman.py.j2
new file mode 100644
index 0000000000..7e1236ddc8
--- /dev/null
+++ b/roles/fedmsg_base/templates/endpoints-mailman.py.j2
@@ -0,0 +1,15 @@
+{% if env == 'staging' %}
+suffix  = 'stg.phx2.fedoraproject.org'
+{% else %}
+suffix = 'phx2.fedoraproject.org'
+{% endif %}
+
+config = dict(
+    endpoints={
+        # We are running only a single mailman archive runner, so we only
+        # need a single endpoint.
+        "mailman.mailman01": [
+            "tcp://mailman01.%s:3000" % (suffix, i)
+        ],
+    },
+)
diff --git a/roles/fedmsg_base/templates/ssl.py.j2 b/roles/fedmsg_base/templates/ssl.py.j2
index 47a05a30d6..f4713fd30c 100644
--- a/roles/fedmsg_base/templates/ssl.py.j2
+++ b/roles/fedmsg_base/templates/ssl.py.j2
@@ -129,6 +129,9 @@ config = dict(
         ("shell.nuancier02", "shell-nuancier02.%s" % suffix),
         ("nuancier.nuancier01", "nuancier-nuancier01.%s" % suffix),
         ("nuancier.nuancier02", "nuancier-nuancier02.%s" % suffix),
+
+        ("shell.mailman01", "shell-mailman01.%s" % suffix),
+        ("mailman.mailman01", "mailman-mailman01.%s" % suffix),
     ]),
     routing_policy={
         # The gist here is that only messages signed by the
diff --git a/roles/mailman/tasks/main.yml b/roles/mailman/tasks/main.yml
index e898259b11..61b82c9ed3 100644
--- a/roles/mailman/tasks/main.yml
+++ b/roles/mailman/tasks/main.yml
@@ -12,6 +12,7 @@
   - hyperkitty
   - postorius
   - yum-plugin-post-transaction-actions
+  - mailman3-fedmsg-plugin
   tags:
   - packages
 
diff --git a/roles/mailman/templates/mailman.cfg.j2 b/roles/mailman/templates/mailman.cfg.j2
index 054b52e35a..3937dd3712 100644
--- a/roles/mailman/templates/mailman.cfg.j2
+++ b/roles/mailman/templates/mailman.cfg.j2
@@ -28,6 +28,10 @@ class: hyperkitty.archiver.Archiver
 enable: yes
 configuration: /etc/mailman3.d/hyperkitty.cfg
 
+[archiver.fedmsg]
+class: mailman3_fedmsg_plugin.Archiver
+enable: yes
+
 [archiver.prototype]
 enable: yes