Mailman 3 April 1999 - Mailman-Developers

automatically generated password too complicated?
by Gerhard Gonter July 7, 1999

July 7, 1999

Some of our users complained about the automatically generated passwords that are sent out when a list is imported or if an admin subscribes someone. Especially the ` and ^ characters are major problem because these may be treated as parts of composite characters in some enviroments (` followed by a might be displayed as the same character as à in HTML) and so on. Also, upper case characters impose an extra mental burden ;) Anyway, I modified our Mailman which now has a function (method?) Utils.GetRandomPassword(length) which generates passwords of the given length with a restricted alphabet, namely: a-x, 2-9, excluding characters o and l as well as digits 0 and 1 which may be confused and y, z (german keyboards swap these, in the past, this cause trouble too ;) I would like to offer this patch unless there are good reasons why this should be avoided. The main concern is certainly a higher risk to crack such passwords (only 30 possibilities instead of 64) but this could easly be matched by using 5 character passwords: possibilities strength --------------------------- 64^4 = 16777216 1 30^4 = 810000 0.05 30^5 = 24300000 1.45 As far as I have seen, this patch involves replacing certain calls to GetRandomSeed in a few places such as: bin/add_members, Mailman/Cgi/admin.py, Mailman/MailCommandHandler.py Any comment? +gg -- Gerhard.Gonter(a)wu-wien.ac.at Fax: +43/1/31336/702 g.gonter(a)ieee.org Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria

3 3

dots in list name -> archive not accessible?
by Gerhard Gonter May 2, 1999

May 2, 1999

Once upon a time, one group of users decided that they need a list called Assistent/Inn/En(a)wu-wien.ac.at and it took me a while to convince them, that the / would not work so they accepted Assistent.Inn.En(a)wu-wien.ac.at which worked quite well on Listproc... Today I moved the list, everything went fine except that the archives were not accessible from the list overview page. I tracked this problem down to Mailman/Cgi/private.py where this function is defined, which strips an extension from the directory name: | def getListName(path): | component = string.split(path, os.sep)[1] | root, ext = os.path.splitext(component) | return root If component is returned instead of root, everything seems to be working fine for this list and the other lists without dots in their name. Why should an extension be stripped? Is this a bug, a feature, or something that was left over from VMS times? P.S.: Yesterday I mailed an message about the problems our users have with automatically generated passwords. Neither my collegue nor I seem to have received the article, also, no flames appeared either ;) The article has been archived as http://www.python.org/pipermail/mailman-developers/1999-April/001040.html Did something go wrong with that? +gg -- Gerhard.Gonter(a)wu-wien.ac.at Fax: +43/1/31336/702 g.gonter(a)ieee.org Zentrum fuer Informatikdienste, Wirtschaftsuniversitaet Wien, Austria

2 1

mailman does not work with exim and python 1.5.2
by Gergely Madarasz May 1, 1999

May 1, 1999

Hello! Mailman does not work with exim and python 1.5.2, probably because of the esmtp support in python 1.5.2's smtplib. Following is a trace from exim. Note that exim gets an ehlo and later a helo which resets it into smtp from esmtp. Please forward this to the appropriate python forums :) set_process_info: 15805 2.11 handling incoming connection from localhost [127.0.0.1] ready for new message smtp_setup_msg entered SMTP<< ehlo darmol.elte.hu sender_fullhost = localhost (darmol.elte.hu) [127.0.0.1] sender_rcvhost = localhost ([127.0.0.1] helo=darmol.elte.hu) set_process_info: 15805 2.11 handling incoming connection from localhost (darmol.elte.hu) [127.0.0.1] 250-darmol.elte.hu Hello localhost [127.0.0.1] 250-SIZE 2000000 250-PIPELINING 250 HELP SMTP<< helo darmol.elte.hu sender_fullhost = localhost (darmol.elte.hu) [127.0.0.1] sender_rcvhost = localhost ([127.0.0.1] helo=darmol.elte.hu) set_process_info: 15805 2.11 handling incoming connection from localhost (darmol.elte.hu) [127.0.0.1] 250 darmol.elte.hu Hello localhost [127.0.0.1] SMTP<< mail FROM:<teszt-admin(a)darmol.elte.hu> size=1335 LOG: 4 MAIN SMTP syntax error in "mail FROM:<teszt-admin(a)darmol.elte.hu> size=1335" H=localhost (darmol.elte.hu) [127.0.0.1]: malformed address: size=1335 may not follow <teszt-admin(a)darmol.elte.hu> 501 <teszt-admin(a)darmol.elte.hu> size=1335: malformed address: size=1335 may not follow <teszt-admin(a)darmol.elte.hu> SMTP<< rset 250 Reset OK 421 darmol.elte.hu lost input connection LOG: 4 MAIN SMTP connection from localhost (darmol.elte.hu) [127.0.0.1] lost child 15805 ended -- Madarasz Gergely gorgo(a)caesar.elte.hu gorgo(a)linux.rulez.org It's practically impossible to look at a penguin and feel angry. Egy pingvinre gyakorlatilag lehetetlen haragosan nezni. HuLUG: http://mlf.linux.rulez.org/

3 5

Error/crash in admindb - Solved
by Brian Ryner May 1, 1999

May 1, 1999

First of all, the bug I reported earlier happens if you access this URL: http://host/mailman/admindb/ <-- note trailing slash It tries to cause an "Invalid options to CGI script" error, but can't because of the typo in Mailman/Cgi/admindb.py, line 77: doc.AddItem(eader(2, "Invalid options to CGI script.")) where Header is misspelled. That fixed the crash. But I think that this URL (admindb/) should work just like admindb without the slash -- it should say that you must specify a list. -Brian Ryner bryner(a)uiuc.edu

2 1

Error/crash in admindb - 1.0b11
by Brian Ryner May 1, 1999

May 1, 1999

Hi- This crash happened when going to http://host/mailman/admindb. I have not been able to reproduce it since then. The error log is attached. The system is running Slackware 3.5, with Python 1.5.1. Any suggestions or patches? Also, is there a way that I can turn off the extraneous debugging information sent to the WWW client, and have it just be put in the log? The fact that it dumps so much information about the system could be seen as a security risk. Thanks. -Brian Ryner bryner(a)uiuc.edu Apr 29 22:33:41 1999 admin: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin: [----- Mailman Version: 1.0b11 -----] admin: [----- Traceback ------] admin: Traceback (innermost last): admin: File "/admin/mailman/scripts/driver", line 112, in run_main admin: main() admin: File "/admin/mailman/Mailman/Cgi/admindb.py", line 77, in main admin: doc.AddItem(eader(2, "Invalid options to CGI script.")) admin: NameError: eader admin: [----- Environment Variables -----] admin: DOCUMENT_ROOT: /files/admin/httpd/htdocs admin: HTTP_ACCEPT_ENCODING: gzip, deflate admin: SERVER_PORT: 80 admin: PATH_TRANSLATED: /files/admin/httpd/htdocs/ admin: URL_COUNT: 6 admin: GATEWAY_INTERFACE: CGI/1.1 admin: HTTP_ACCEPT_LANGUAGE: en-us admin: HTTP_PROXY_CONNECTION: Keep-Alive admin: REMOTE_ADDR: xxx.yyy.zzz.xxx admin: SERVER_NAME: www.xxxxxxx.org admin: URL_COUNT_DB: /files/admin/httpd/logs/counters/ALL admin: HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 4.01; Windows 95) admin: HTTP_ACCEPT: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */* admin: REQUEST_URI: /mailman/admindb/ admin: PATH: /usr/local/sbin:/usr/local/bin:/sbin:/usr/sbin:/bin:/usr/bin admin: QUERY_STRING: admin: SCRIPT_FILENAME: /files/admin/mailman/cgi-bin/admindb admin: PATH_INFO: / admin: HTTP_HOST: www.xxxxxxx.org admin: REQUEST_METHOD: GET admin: SERVER_SIGNATURE: admin: URL_COUNT_RESET: Thursday, 29-Apr-99 00:19:13 CDT admin: SCRIPT_NAME: /mailman/admindb admin: SERVER_ADMIN: admin(a)xxxxxx.org admin: SERVER_SOFTWARE: Apache/1.3.4 (Unix) admin: PYTHONPATH: /admin/mailman admin: SERVER_PROTOCOL: HTTP/1.0 admin: REMOTE_PORT: 6208

2 1

Re: [Mailman-Users] Error/crash in admindb - 1.0b11
by Brian Ryner April 30, 1999

April 30, 1999

Is that line (admindb.py, line 77) supposed to say Header instead of eader ? > Apr 29 22:33:41 1999 admin: @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > admin: [----- Mailman Version: 1.0b11 -----] > admin: [----- Traceback ------] > admin: Traceback (innermost last): > admin: File "/admin/mailman/scripts/driver", line 112, in run_main > admin: main() > admin: File "/admin/mailman/Mailman/Cgi/admindb.py", line 77, in main > admin: doc.AddItem(eader(2, "Invalid options to CGI script.")) > admin: NameError: eader

1 0

Re: [Mailman-Developers] Having kittens with the code
by Barry A. Warsaw April 27, 1999

April 27, 1999

>>>>> "NJD" == Nicholson James D <James.Nicholson(a)amedd.army.mil> writes: NJD> I have been trying to fix the mailman code for some time now, NJD> and I would really appreciate any help. The basic problem is NJD> that the anonymous_list is broken on my machine, I don't know NJD> why, but, I can't even debug. James, here's another situation that I can't reproduce. If I set "Hide the sender" to yes, I get the expected header. Note that sendmail gets partly in the way here (and this may be your problem?). For me, sendmail munges the From header to not include my host name. This sucks because our mailhost knows nothing about my list. Oh well, sendmail's evil anyway. :-) BTW, on your previous message on the subject, I think From: should still come from the GetAdminEmail(), however I think maybe Reply-To: for anonymous lists should be set to GetListEmail(). And note further that turning on anonymous_list is probably a false comfort. Lots of other headers get through that /could/ be used to identify the user (e.g. my X-Face header gets through). We'd probably want to do a lot more stripping of headers to have a really effective anonymizer. NJD> So, if you find the code: | del msg['reply-to'] | del msg['sender'] NJD> I then add the following code: | msg.SetHeader('From', 'listname@machinename') | msg.SetHeader('To', 'listname@machinename') NJD> and comment out the following code beginning with 'if NJD> self.anonymous_list:' And what happens is nothing. Nothing I NJD> do here seems to affect the header of reflected mail. Is NJD> this the wrong place to make these changes or is the mail NJD> being postprocessed somewhere else that undoes my changes? Okay, apologies for the following "did-you-plug-it-in" suggestion. You're sure that you're either making the change to the installed version of the files, or that you're doing a make install after making the changes. In other words, you're absolutely positive that Mailman's running your modified version? Try also blowing away the .pyc files and see if they get regenerated. Finally, you can just do something like: fp = open('/tmp/rawlog.txt', 'w') fp.write('I know you are in there!\n') fp.close() right at the point in question. If that file doesn't show up with the message in it, you've got deeper problems. If that works, but LogMsg() still doesn't, it /could/ be a permission problem, but I don't think so. You might just want to use your rawlog.txt file to do your logging directly. -Barry

1 0

Having kittens with the code
by Nicholson James D April 27, 1999

April 27, 1999

I have been trying to fix the mailman code for some time now, and I would really appreciate any help. The basic problem is that the anonymous_list is broken on my machine, I don't know why, but, I can't even debug. My Problem: I turn on the anonymous_list option so that all mail appears to the recipient as if it emanates from the listname@machine. However, it doesn't work. Everything sent out to the test list still appears to come from an individual user. My Attempt at a solution: Someone told me that the anonymizing of the list is done in the Post() routine in MailList.py. So, I go in there and hardwire a change to the 'From' and 'To' fields, with no luck. So, if you find the code: del msg['reply-to'] del msg['sender'] I then add the following code: msg.SetHeader('From', 'listname@machinename') msg.SetHeader('To', 'listname@machinename') and comment out the following code beginning with 'if self.anonymous_list:' And what happens is nothing. Nothing I do here seems to affect the header of reflected mail. Is this the wrong place to make these changes or is the mail being postprocessed somewhere else that undoes my changes? So, now I really want to debug. So, I use the handy self.LogMsg() function. But, I get nothing in the logs. Here's the code I added right after the hardwired changes above: subj = msg.getheader('from') self.LogMsg("error", "initially from %s ", subj ) NADA for output. Can someone please send me a clue here? I've been working on it for weeks and can't get anywhere. If I can't solve the problem, I just won't have a mailing list. -Jim

1 0

Mailman on NT
by Gianni Sandrucci April 22, 1999

April 22, 1999

I have read some messages about future Mailman NT release. Since I have appreciated Mailman on a IBM AIX system I tried a porting test on NT with following steps: - installed Cygwin 2.0 (www.cygnus.com) - installed Python for Windows with all Windows specific extension - installed Mailman 1.0 b11 - made some minor changes in Mailmal files configure and src/Makefile.in - after some fighting with permissions (I was forced to comment tests on these matters in configuration script and C source code) succeded to ./configure --with-cgi-ext=.exe make install (no errors reported) - configured IIS to create a virtual site on /home/mailman named mailman - called: http://localhost/mailman/cgi-bin/admin.exe Got an error (reported below). It seems Python is not able to locate Mailman modules in /home/mailman/Mailman. However modules are there (in py and pyc format). I tried to go up in erorrs chain but every time the 'driver' script try to import something from Mailman I got the same error. Since I know very little about Python I wonder if anybody can help me. Thanks. ------------------------------------------- Bug in Mailman version <undetermined> We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (innermost last): File "/home/mailman/scripts/driver", line 135, in print_traceback from Mailman.mm_cfg import VERSION ImportError: No module named Mailman.mm_cfg -------------------------------------------------------------------------------- Environment variables: Variable Value USERPROFILE C:\WINNT\Profiles\Default User HTTP_ACCEPT_ENCODING gzip, deflate REMOTE_HOST 127.0.0.1 HTTPS off OS2LIBPATH C:\WINNT\system32\os2\dll; SERVER_PORT_SECURE 0 SERVER_PORT 80 PATH_TRANSLATED C:\Inetpub\wwwroot PROCESSOR_LEVEL 6 GATEWAY_INTERFACE CGI/1.1 INSTANCE_ID 1 NUMBER_OF_PROCESSORS 1 HTTP_ACCEPT_LANGUAGE en-us PATH c:\agora\servletmanager\jrun\bin;c:\agora\servletmanager\jrun\jre\115\bin;C:\WINNT\system32;C:\WINNT;C:\Program Files\Mts SYSTEMDRIVE C: PATHEXT .COM;.EXE;.BAT;.CMD;.VBS;.JS SERVER_NAME localhost HTTP_CONNECTION Keep-Alive PROCESSOR_ARCHITECTURE x86 TERM cygwin WINDIR C:\WINNT HTTP_ACCEPT image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */* COMPUTERNAME SVIL4 INCLUDE C:\Program Files\Mts\Include SYSTEMROOT C:\WINNT SERVER_PROTOCOL HTTP/1.1 PROCESSOR_REVISION 0502 CONTENT_LENGTH 0 HTTP_HOST localhost REQUEST_METHOD GET PROCESSOR_IDENTIFIER x86 Family 6 Model 5 Stepping 2, GenuineIntel PYTHONPATH /home/mailman LOCAL_ADDR 127.0.0.1 SCRIPT_NAME /mailman/cgi-bin/admin.exe SERVER_SOFTWARE Microsoft-IIS/4.0 HTTP_USER_AGENT Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) OS Windows_NT LIB C:\Program Files\Mts\Lib COMSPEC C:\WINNT\system32\cmd.exe REMOTE_ADDR 127.0.0.1 @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ [----- Mailman Version: <undetermined> -----] [----- Traceback ------] Traceback (innermost last): File "/home/mailman/scripts/driver", line 135, in print_traceback from Mailman.mm_cfg import VERSION ImportError: No module named Mailman.mm_cfg [----- Environment Variables -----] USERPROFILE: C:\WINNT\Profiles\Default User HTTP_ACCEPT_ENCODING: gzip, deflate REMOTE_HOST: 127.0.0.1 HTTPS: off OS2LIBPATH: C:\WINNT\system32\os2\dll; SERVER_PORT_SECURE: 0 SERVER_PORT: 80 PATH_TRANSLATED: C:\Inetpub\wwwroot PROCESSOR_LEVEL: 6 GATEWAY_INTERFACE: CGI/1.1 INSTANCE_ID: 1 NUMBER_OF_PROCESSORS: 1 HTTP_ACCEPT_LANGUAGE: en-us PATH: c:\agora\servletmanager\jrun\bin;c:\agora\servletmanager\jrun\jre\115\bin;C:\WINNT\system32;C:\WINNT;C:\Program Files\Mts SYSTEMDRIVE: C: PATHEXT: .COM;.EXE;.BAT;.CMD;.VBS;.JS SERVER_NAME: localhost HTTP_CONNECTION: Keep-Alive PROCESSOR_ARCHITECTURE: x86 TERM: cygwin WINDIR: C:\WINNT HTTP_ACCEPT: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, */* COMPUTERNAME: SVIL4 INCLUDE: C:\Program Files\Mts\Include SYSTEMROOT: C:\WINNT SERVER_PROTOCOL: HTTP/1.1 PROCESSOR_REVISION: 0502 CONTENT_LENGTH: 0 HTTP_HOST: localhost REQUEST_METHOD: GET PROCESSOR_IDENTIFIER: x86 Family 6 Model 5 Stepping 2, GenuineIntel PYTHONPATH: /home/mailman LOCAL_ADDR: 127.0.0.1 SCRIPT_NAME: /mailman/cgi-bin/admin.exe SERVER_SOFTWARE: Microsoft-IIS/4.0 HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 4.01; Windows NT) OS: Windows_NT LIB: C:\Program Files\Mts\Lib COMSPEC: C:\WINNT\system32\cmd.exe REMOTE_ADDR: 127.0.0.1

1 0

FW: [Mailman-Users] Still need code info for privacy option
by Ken Manheimer April 21, 1999

April 21, 1999

I'm sorry i can't help more with this, no time - but mailman-developers is a more appropriate venue for the question, maybe you'll get some other attention there. Context for mailman-developers - setting the "hide the message sender" privacy option doesn't seem to be working, and the code (in MailList.MailList.Post()) doesn't seem to be right - the reply-to is deleted, but the code is setting the address to the list admin, not the list proper. And it's not working anyway - as james d mentions below, wiring it to set the from to something else is not working... Ken Manheimer klm(a)digicool.com -----Original Message----- From: Nicholson James D [mailto:James.Nicholson@amedd.army.mil] Sent: Tuesday, April 20, 1999 5:17 PM To: Ken Manheimer Cc: mailman-users(a)python.org Subject: RE: [Mailman-Users] Still need code info for privacy option [Nicholson James D] I found the problem with the list not remailing anonymously. In routine Post(), it deletes the sender and reply-to fields and then sets the from field. However, it set the From field to self.GetAdminEmail. What I needed it to do (and what I believe it should be doing) is setting the From field to self.GetListEmail, which will return the list address. However, I can't get the damned thing to change the From field for anything. I've even done a msg.setheader( 'From', 'listname@machine' ). That's hardwired in the Post() routine just for testing, and it isn't bloody changing the header... at all. I altered the MailList.py file, moved the MailList.pyc to oldMailList.pyc, and it still does the same damned thing. It sets the From field to whoever sent the message. Was I supposed to recompile the package or something to get my changes to take effect? I just don't know python or mailman well enough to know even this. Sorry. -Jim

1 0