Some of our users complained about the automatically generated
passwords that are sent out when a list is imported or if an admin
subscribes someone. Especially the ` and ^ characters are major
problem because these may be treated as parts of composite characters
in some enviroments (` followed by a might be displayed as the same
character as à in HTML) and so on. Also, upper case characters
impose an extra mental burden ;)
Anyway, I modified our Mailman which now has a function (method?)
Utils.GetRandomPassword(length)
which generates passwords of the given length with a restricted
alphabet, namely: a-x, 2-9, excluding characters o and l as well
as digits 0 and 1 which may be confused and y, z (german keyboards
swap these, in the past, this cause trouble too ;)
I would like to offer this patch unless there are good reasons why this
should be avoided. The main concern is certainly a higher risk to
crack such passwords (only 30 possibilities instead of 64) but this
could easly be matched by using 5 character passwords:
possibilities strength
---------------------------
64^4 = 16777216 1
30^4 = 810000 0.05
30^5 = 24300000 1.45
As far as I have seen, this patch involves replacing certain calls to
GetRandomSeed in a few places such as:
bin/add_members, Mailman/Cgi/admin.py, Mailman/MailCommandHandler.py
Any comment?
+gg
--
Gerhard.Gonter(a)wu-wien.ac.at Fax: +43/1/31336/702 g.gonter(a)ieee.org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
Once upon a time, one group of users decided that they need a list
called Assistent/Inn/En(a)wu-wien.ac.at and it took me a while to
convince them, that the / would not work so they accepted
Assistent.Inn.En(a)wu-wien.ac.at which worked quite well on Listproc...
Today I moved the list, everything went fine except that the
archives were not accessible from the list overview page.
I tracked this problem down to Mailman/Cgi/private.py where this
function is defined, which strips an extension from the directory
name:
| def getListName(path):
| component = string.split(path, os.sep)[1]
| root, ext = os.path.splitext(component)
| return root
If component is returned instead of root, everything seems to
be working fine for this list and the other lists without dots
in their name.
Why should an extension be stripped? Is this a bug, a feature, or
something that was left over from VMS times?
P.S.: Yesterday I mailed an message about the problems our users
have with automatically generated passwords. Neither my collegue
nor I seem to have received the article, also, no flames appeared
either ;) The article has been archived as
http://www.python.org/pipermail/mailman-developers/1999-April/001040.html
Did something go wrong with that?
+gg
--
Gerhard.Gonter(a)wu-wien.ac.at Fax: +43/1/31336/702 g.gonter(a)ieee.org
Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria
Hello!
Mailman does not work with exim and python 1.5.2, probably because of the
esmtp support in python 1.5.2's smtplib. Following is a trace from exim.
Note that exim gets an ehlo and later a helo which resets it into smtp
from esmtp. Please forward this to the appropriate python forums :)
set_process_info: 15805 2.11 handling incoming connection from
localhost [127.0.0.1]
ready for new message
smtp_setup_msg entered
SMTP<< ehlo darmol.elte.hu
sender_fullhost = localhost (darmol.elte.hu) [127.0.0.1]
sender_rcvhost = localhost ([127.0.0.1] helo=darmol.elte.hu)
set_process_info: 15805 2.11 handling incoming connection from
localhost (darmol.elte.hu) [127.0.0.1]
250-darmol.elte.hu Hello localhost [127.0.0.1]
250-SIZE 2000000
250-PIPELINING
250 HELP
SMTP<< helo darmol.elte.hu
sender_fullhost = localhost (darmol.elte.hu) [127.0.0.1]
sender_rcvhost = localhost ([127.0.0.1] helo=darmol.elte.hu)
set_process_info: 15805 2.11 handling incoming connection from
localhost (darmol.elte.hu) [127.0.0.1]
250 darmol.elte.hu Hello localhost [127.0.0.1]
SMTP<< mail FROM:<teszt-admin(a)darmol.elte.hu> size=1335
LOG: 4 MAIN
SMTP syntax error in "mail FROM:<teszt-admin(a)darmol.elte.hu>
size=1335" H=localhost (darmol.elte.hu) [127.0.0.1]: malformed
address: size=1335 may not follow <teszt-admin(a)darmol.elte.hu>
501 <teszt-admin(a)darmol.elte.hu> size=1335: malformed address:
size=1335 may not follow <teszt-admin(a)darmol.elte.hu>
SMTP<< rset
250 Reset OK
421 darmol.elte.hu lost input connection
LOG: 4 MAIN
SMTP connection from localhost (darmol.elte.hu) [127.0.0.1] lost
child 15805 ended
--
Madarasz Gergely gorgo(a)caesar.elte.hu gorgo(a)linux.rulez.org
It's practically impossible to look at a penguin and feel angry.
Egy pingvinre gyakorlatilag lehetetlen haragosan nezni.
HuLUG: http://mlf.linux.rulez.org/
First of all, the bug I reported earlier happens if you access this URL:
http://host/mailman/admindb/ <-- note trailing slash
It tries to cause an "Invalid options to CGI script" error, but can't
because of the typo in Mailman/Cgi/admindb.py, line 77:
doc.AddItem(eader(2, "Invalid options to CGI script."))
where Header is misspelled. That fixed the crash. But I think that
this URL (admindb/) should work just like admindb without the slash --
it should say that you must specify a list.
-Brian Ryner
bryner(a)uiuc.edu
Hi-
This crash happened when going to http://host/mailman/admindb. I have
not been able to reproduce it since then. The error log is attached.
The system is running Slackware 3.5, with Python 1.5.1. Any suggestions
or patches?
Also, is there a way that I can turn off the extraneous debugging
information sent to the WWW client, and have it just be put in the log?
The fact that it dumps so much information about the system could be
seen as a security risk.
Thanks.
-Brian Ryner
bryner(a)uiuc.edu
Apr 29 22:33:41 1999 admin: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
admin: [----- Mailman Version: 1.0b11 -----]
admin: [----- Traceback ------]
admin: Traceback (innermost last):
admin: File "/admin/mailman/scripts/driver", line 112, in run_main
admin: main()
admin: File "/admin/mailman/Mailman/Cgi/admindb.py", line 77, in main
admin: doc.AddItem(eader(2, "Invalid options to CGI script."))
admin: NameError: eader
admin: [----- Environment Variables -----]
admin: DOCUMENT_ROOT: /files/admin/httpd/htdocs
admin: HTTP_ACCEPT_ENCODING: gzip, deflate
admin: SERVER_PORT: 80
admin: PATH_TRANSLATED: /files/admin/httpd/htdocs/
admin: URL_COUNT: 6
admin: GATEWAY_INTERFACE: CGI/1.1
admin: HTTP_ACCEPT_LANGUAGE: en-us
admin: HTTP_PROXY_CONNECTION: Keep-Alive
admin: REMOTE_ADDR: xxx.yyy.zzz.xxx
admin: SERVER_NAME: www.xxxxxxx.org
admin: URL_COUNT_DB: /files/admin/httpd/logs/counters/ALL
admin: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95)
admin: HTTP_ACCEPT: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */*
admin: REQUEST_URI: /mailman/admindb/
admin: PATH: /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin
admin: QUERY_STRING:
admin: SCRIPT_FILENAME: /files/admin/mailman/cgi-bin/admindb
admin: PATH_INFO: /
admin: HTTP_HOST: www.xxxxxxx.org
admin: REQUEST_METHOD: GET
admin: SERVER_SIGNATURE:
admin: URL_COUNT_RESET: Thursday, 29-Apr-99 00:19:13 CDT
admin: SCRIPT_NAME: /mailman/admindb
admin: SERVER_ADMIN: admin(a)xxxxxx.org
admin: SERVER_SOFTWARE: Apache/1.3.4 (Unix)
admin: PYTHONPATH: /admin/mailman
admin: SERVER_PROTOCOL: HTTP/1.0
admin: REMOTE_PORT: 6208
>>>>> "NJD" == Nicholson James D <James.Nicholson(a)amedd.army.mil> writes:
NJD> I have been trying to fix the mailman code for some time now,
NJD> and I would really appreciate any help. The basic problem is
NJD> that the anonymous_list is broken on my machine, I don't know
NJD> why, but, I can't even debug.
James, here's another situation that I can't reproduce. If I set
"Hide the sender" to yes, I get the expected header. Note that
sendmail gets partly in the way here (and this may be your problem?).
For me, sendmail munges the From header to not include my host name.
This sucks because our mailhost knows nothing about my list. Oh well,
sendmail's evil anyway. :-)
BTW, on your previous message on the subject, I think From: should
still come from the GetAdminEmail(), however I think maybe Reply-To:
for anonymous lists should be set to GetListEmail().
And note further that turning on anonymous_list is probably a false
comfort. Lots of other headers get through that /could/ be used to
identify the user (e.g. my X-Face header gets through). We'd probably
want to do a lot more stripping of headers to have a really effective
anonymizer.
NJD> So, if you find the code:
| del msg['reply-to']
| del msg['sender']
NJD> I then add the following code:
| msg.SetHeader('From', 'listname@machinename')
| msg.SetHeader('To', 'listname@machinename')
NJD> and comment out the following code beginning with 'if
NJD> self.anonymous_list:' And what happens is nothing. Nothing I
NJD> do here seems to affect the header of reflected mail. Is
NJD> this the wrong place to make these changes or is the mail
NJD> being postprocessed somewhere else that undoes my changes?
Okay, apologies for the following "did-you-plug-it-in" suggestion.
You're sure that you're either making the change to the installed
version of the files, or that you're doing a make install after making
the changes. In other words, you're absolutely positive that
Mailman's running your modified version? Try also blowing away the
.pyc files and see if they get regenerated. Finally, you can just do
something like:
fp = open('/tmp/rawlog.txt', 'w')
fp.write('I know you are in there!\n')
fp.close()
right at the point in question. If that file doesn't show up with the
message in it, you've got deeper problems. If that works, but
LogMsg() still doesn't, it /could/ be a permission problem, but I
don't think so. You might just want to use your rawlog.txt file to do
your logging directly.
-Barry
I have been trying to fix the mailman code for some time now, and I would
really appreciate any help. The basic problem is that the anonymous_list is
broken on my machine, I don't know why, but, I can't even debug.
My Problem:
I turn on the anonymous_list option so that all mail appears to the
recipient as if it emanates from the listname@machine.
However, it doesn't work. Everything sent out to the test list still
appears to come from an individual user.
My Attempt at a solution:
Someone told me that the anonymizing of the list is done in the Post()
routine in MailList.py. So, I go in there and hardwire a change to the
'From' and 'To' fields, with no luck.
So, if you find the code:
del msg['reply-to']
del msg['sender']
I then add the following code:
msg.SetHeader('From', 'listname@machinename')
msg.SetHeader('To', 'listname@machinename')
and comment out the following code beginning with 'if self.anonymous_list:'
And what happens is nothing. Nothing I do here seems to affect the header
of reflected mail. Is this the wrong place to make these changes or is the
mail being postprocessed somewhere else that undoes my changes?
So, now I really want to debug. So, I use the handy self.LogMsg() function.
But, I get nothing in the logs. Here's the code I added right after the
hardwired changes above:
subj = msg.getheader('from')
self.LogMsg("error", "initially from %s ", subj )
NADA for output. Can someone please send me a clue here? I've been working
on it for weeks and can't get anywhere. If I can't solve the problem, I
just won't have a mailing list.
-Jim
I have read some messages about future Mailman NT release. Since I have
appreciated Mailman on a IBM AIX system I tried a porting test on NT
with following steps:
- installed Cygwin 2.0 (www.cygnus.com)
- installed Python for Windows with all Windows specific extension
- installed Mailman 1.0 b11
- made some minor changes in Mailmal files configure and src/Makefile.in
- after some fighting with permissions (I was forced to comment tests on
these matters in configuration script and C source code) succeded to
./configure --with-cgi-ext=.exe
make install (no errors reported)
- configured IIS to create a virtual site on /home/mailman named
mailman
- called: http://localhost/mailman/cgi-bin/admin.exe
Got an error (reported below). It seems Python is not able to locate
Mailman modules in /home/mailman/Mailman. However modules are there (in
py and pyc format). I tried to go up in erorrs chain but every time the
'driver' script try to import something from Mailman I got the same
error. Since I know very little about Python I wonder if anybody can
help me.
Thanks.
-------------------------------------------
Bug in Mailman version <undetermined>
We're sorry, we hit a bug!
If you would like to help us identify the problem, please email a copy
of this page to the webmaster for this site with a description of what
happened. Thanks!
Traceback:
Traceback (innermost last):
File "/home/mailman/scripts/driver", line 135, in print_traceback
from Mailman.mm_cfg import VERSION
ImportError: No module named Mailman.mm_cfg
--------------------------------------------------------------------------------
Environment variables:
Variable Value
USERPROFILE C:\WINNT\Profiles\Default User
HTTP_ACCEPT_ENCODING gzip, deflate
REMOTE_HOST 127.0.0.1
HTTPS off
OS2LIBPATH C:\WINNT\system32\os2\dll;
SERVER_PORT_SECURE 0
SERVER_PORT 80
PATH_TRANSLATED C:\Inetpub\wwwroot
PROCESSOR_LEVEL 6
GATEWAY_INTERFACE CGI/1.1
INSTANCE_ID 1
NUMBER_OF_PROCESSORS 1
HTTP_ACCEPT_LANGUAGE en-us
PATH
c:\agora\servletmanager\jrun\bin;c:\agora\servletmanager\jrun\jre\115\bin;C:\WINNT\system32;C:\WINNT;C:\Program
Files\Mts
SYSTEMDRIVE C:
PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.JS
SERVER_NAME localhost
HTTP_CONNECTION Keep-Alive
PROCESSOR_ARCHITECTURE x86
TERM cygwin
WINDIR C:\WINNT
HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */*
COMPUTERNAME SVIL4
INCLUDE C:\Program Files\Mts\Include
SYSTEMROOT C:\WINNT
SERVER_PROTOCOL HTTP/1.1
PROCESSOR_REVISION 0502
CONTENT_LENGTH 0
HTTP_HOST localhost
REQUEST_METHOD GET
PROCESSOR_IDENTIFIER x86 Family 6 Model 5 Stepping 2, GenuineIntel
PYTHONPATH /home/mailman
LOCAL_ADDR 127.0.0.1
SCRIPT_NAME /mailman/cgi-bin/admin.exe
SERVER_SOFTWARE Microsoft-IIS/4.0
HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 4.01; Windows NT)
OS Windows_NT
LIB C:\Program Files\Mts\Lib
COMSPEC C:\WINNT\system32\cmd.exe
REMOTE_ADDR 127.0.0.1
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [----- Mailman Version:
<undetermined> -----] [----- Traceback ------] Traceback (innermost
last): File "/home/mailman/scripts/driver", line 135, in print_traceback
from Mailman.mm_cfg import VERSION ImportError: No module named
Mailman.mm_cfg [----- Environment Variables -----] USERPROFILE:
C:\WINNT\Profiles\Default User HTTP_ACCEPT_ENCODING: gzip, deflate
REMOTE_HOST: 127.0.0.1 HTTPS: off OS2LIBPATH: C:\WINNT\system32\os2\dll;
SERVER_PORT_SECURE: 0 SERVER_PORT: 80 PATH_TRANSLATED:
C:\Inetpub\wwwroot PROCESSOR_LEVEL: 6 GATEWAY_INTERFACE: CGI/1.1
INSTANCE_ID: 1 NUMBER_OF_PROCESSORS: 1 HTTP_ACCEPT_LANGUAGE: en-us PATH:
c:\agora\servletmanager\jrun\bin;c:\agora\servletmanager\jrun\jre\115\bin;C:\WINNT\system32;C:\WINNT;C:\Program
Files\Mts SYSTEMDRIVE: C: PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.JS
SERVER_NAME: localhost HTTP_CONNECTION: Keep-Alive
PROCESSOR_ARCHITECTURE: x86 TERM: cygwin WINDIR: C:\WINNT HTTP_ACCEPT:
image/gif, image/x-xbitmap, image/jpeg, image/pjpeg,
application/vnd.ms-excel, application/msword,
application/vnd.ms-powerpoint, */* COMPUTERNAME: SVIL4 INCLUDE:
C:\Program Files\Mts\Include SYSTEMROOT: C:\WINNT SERVER_PROTOCOL:
HTTP/1.1 PROCESSOR_REVISION: 0502 CONTENT_LENGTH: 0 HTTP_HOST: localhost
REQUEST_METHOD: GET PROCESSOR_IDENTIFIER: x86 Family 6 Model 5 Stepping
2, GenuineIntel PYTHONPATH: /home/mailman LOCAL_ADDR: 127.0.0.1
SCRIPT_NAME: /mailman/cgi-bin/admin.exe SERVER_SOFTWARE:
Microsoft-IIS/4.0 HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 4.01;
Windows NT) OS: Windows_NT LIB: C:\Program Files\Mts\Lib COMSPEC:
C:\WINNT\system32\cmd.exe REMOTE_ADDR: 127.0.0.1
I'm sorry i can't help more with this, no time - but mailman-developers
is a more appropriate venue for the question, maybe you'll get some
other attention there.
Context for mailman-developers - setting the "hide the message sender"
privacy option doesn't seem to be working, and the code (in
MailList.MailList.Post()) doesn't seem to be right - the reply-to is
deleted, but the code is setting the address to the list admin, not the
list proper. And it's not working anyway - as james d mentions below,
wiring it to set the from to something else is not working...
Ken Manheimer
klm(a)digicool.com
-----Original Message-----
From: Nicholson James D [mailto:James.Nicholson@amedd.army.mil]
Sent: Tuesday, April 20, 1999 5:17 PM
To: Ken Manheimer
Cc: mailman-users(a)python.org
Subject: RE: [Mailman-Users] Still need code info for privacy option
[Nicholson James D]
I found the problem with the list not remailing anonymously. In routine
Post(), it deletes the sender and reply-to fields and then sets the from
field. However, it set the From field to self.GetAdminEmail. What I
needed
it to do (and what I believe it should be doing) is setting the From
field
to self.GetListEmail, which will return the list address.
However, I can't get the damned thing to change the From field for
anything.
I've even done a
msg.setheader( 'From', 'listname@machine' ). That's hardwired
in
the Post() routine just for testing, and it isn't bloody changing the
header... at all. I altered the MailList.py file, moved the
MailList.pyc to
oldMailList.pyc, and it still does the same damned thing. It sets the
From
field to whoever sent the message. Was I supposed to recompile the
package
or something to get my changes to take effect? I just don't know python
or
mailman well enough to know even this. Sorry.
-Jim
