Mailman 3 October 2001 - Mailman-Developers

Moving lists from 2.0.x to 2.1a3
by Javier Henderson 31 Oct '01

31 Oct '01

Hi, On machine A I have many lists, and running Mailman 2.0.something. On machine B I have just installed Mailman 2.1a3. I would like to move some lists from A to B, without having to recreate the lists on B, and manually subscribing everyone. What's the best way to accomplish this? -jav

1 0

Yet another mailman weirdness....
by Chuq Von Rospach 31 Oct '01

31 Oct '01

(guess who? Mr. "karma machine") Found another weirdness in mailman this morning. One of our users mailer got sideways, and we showed up to a really, really large requests.db (something like 500 messages or more). We found it almost impossible to get the admin page to display, and even if we did, processing something that large out of a browser is, well, painful at best. I finally blew away the requests.db file to clean up the problem. While this was an accident, it has the side effect of being a pretty good DoS attack against a list, especially moderated ones. You can't limit the number of requests in the request.db, but you can keep things moving if you limit the number that the admin page attempts to display at one time to 20 or so. Yes, you'd still need to grind through discarding them all (hmm. Maybe a "discard all from this address" meta button?), but you could. As it stands, Mailman tries to create a web page that a browser may or may not be able to display because of memory issues, adn the end user may or may not be able to process if it IS displayed.

1 0

Re: [Mailman-Developers] Messing with Defaults.py
by Dan Mick 31 Oct '01

31 Oct '01

> THanks for the reply, but my question was more like Why not mess with Defaults.py? Will it break anything as long as the data is correct? No. As John said: it's just source. The reason for not modifying it, as John said, is because it gets overwritten when you upgrade. You already have your answer. > I ask this because I did modify it, then realized later perhaps I should have followed the docs.. :-) Wondering if that could explain my bounce issue. No.

1 0

Messing with Defaults.py
by Bob Puff＠NLE 31 Oct '01

31 Oct '01

One more question. I realize the docs say never to mess with Defaults.py, but use the mm_cfg.py. What happens if you do mess with Defaults.py? Are modules somehow linked to certain byte offsets in it that, if modified, makes things go boom? Bob

2 2

Bounce handling
by Bob Puff＠NLE 31 Oct '01

31 Oct '01

Hi Gang, What affects bounce handling? I just set up another list with 2.0.6, and while I see in the bounce log that it is catching some bounces, the admin address is getting a TON of bounces, most of them properly-constructed, with the same exact email addresses as those subscribed. I recently did some editing of some of the modules, and might have somehow messed this up. What modules are used, and in what order? Bob

1 0

Oh nooooooooooooo
by Jos� Roberto Kerne 30 Oct '01

30 Oct '01

Here... This Spam no!! no in list!!!!!!!!!!!!!! ---- BCN Web Site About Us BCN builds corporate Intranets and effective Knowledge Management Solutions for small and medium sized organisations. We have delivered solutions to BSI, Unilever, Compaq, Nomura and many small organisations. ______________________________ José Roberto Kerne Network Services Power Consultoria e Informatica Ltda Fones: (47) 433-7595 / 9107-6073 E-Mail: joseroberto(a)pwr.com.br www.pwr.com.br Oracle Alliances Centro Certificado GNU/LINUX Rede Conectiva de Serviços ----------------

1 0

Clueless when it comes to Sendmail
by Claire Airth 30 Oct '01

30 Oct '01

I need a dummies guide to Sendmail. I have set up Mailman on my Linux box (v7.1 ) and installed Sendmail but I guess I haven't configured Sendmail properly because tried to set up a test list and send a message to my email account and did not receive an email. I see the following in the mail logs: Oct 29 14:46:07 www sendmail[754]: alias database /etc/aliases rebuilt by root Oct 29 14:46:07 www sendmail[754]: /etc/aliases: 40 aliases, longest 10 bytes, 395 bytes total Oct 29 14:46:08 www sendmail[764]: starting daemon (8.11.2): SMTP+queueing@01:00:00 Oct 29 15:48:23 www sendmail[8265]: f9TFl3n08265: from=<test-admin@EuroVMS>, size=1935, class=-60, nrcpts=0, msgid=<200110291548.f9TFl3n08265(a)www.eurovms.org.uk>, proto=ESMTP, daemon=MTA, relay=www.eurovms.org.uk [127.0.0.1] Oct 29 15:48:23 www sendmail[8265]: f9TFl3n08265: to=<cra(a)sas-glas.mottmac.com>, delay=00:00:00, mailer=esmtp, pri=109935, dsn=4.4.3, stat=queued I haven't been working with Linux that long so I guess I need a step by step guide to configuring Sendmail. If anyone could take the time out I would be very grateful. Thanks in advance, Claire.

1 0

error in newlist
by Bob Puff＠NLE 30 Oct '01

30 Oct '01

I am getting the following error with 2.1a3 when trying to create a list: Traceback (most recent call last): File "./newlist", line 188, in ? main() File "./newlist", line 163, in main sys.modules[modname].create(mlist) File "/home/csc/mailman/Mailman/MTA/Postfix.py", line 122, in create db = dbhash.open(DBFILE, 'c') File "/usr/local/lib/python2.2/dbhash.py", line 16, in open return bsddb.hashopen(file, flag, mode) bsddb.error: (22, 'Invalid argument') I am using Postfix, and have (had) the alias create thing turned on. If I turn it off, everything works fine. Another FWIW... in order to create the list aliases for servers that are running more than one domain, you also need to create the appropriate entries in the /etc/postfix/virtual file. Yeah, I know, why don't you contribute that, Bob? I just might, when things settle down here! <g> Bob

1 0

Re: [Mailman-Developers] New Pipermail hacks (was Re: Ok, it works! ...)
by Donal Hunt 28 Oct '01

28 Oct '01

hey everyone... I was thinking of the security issues behind HTML encoded mail and one of the things that you could do is strip out all "<SCRIPT>" stuff automatically. Normal HTML mail shouldn't generate it and it's one of the main ways of doing malicious things when a user opens a mail. Thoughts? Donal mailman-developers-request(a)python.org wrote: > Message: 1 > Date: Fri, 26 Oct 2001 17:22:07 -0400 > To: mailman-developers(a)python.org > Subject: Re: [Mailman-Developers] New Pipermail hacks (was Re: Ok, it works! > ...) > From: barry(a)zope.com (Barry A. Warsaw) > > Folks, > > Thanks for the really great feedback. I'm about to check in a new > version of Scrubber.py that addresses the many issues brought up. > Apologies for not quoting everything. > > - permission problems: fixed > > - problems with multipart/mixed containing gif, html, and jpeg parts: > fixed. > > - text/html decoding: there's now a new global variable > ARCHIVE_HTML_SANITIZER which can be 0, 1, or a string. > > # This variable defines what happens to text/html subparts. They can be > # stripped completely, escaped, or filtered through an external program. The > # legal values are: > # 0 - Strip out text/html parts completely, leaving a notice of the removal in > # the message. If the outer part is text/html, the entire message is > # discarded. > # 1 - Remove any embedded text/html parts, leaving them as HTML-escaped > # attachments which can be separately viewed. Outer text/html parts are > # simply HTML-escaped. > # > # The value can also be a string, in which case it is the name of a command to > # filter the HTML page through. The resulting output is left in an attachment > # or as the entirety of the message when the outer part is text/html. The > # format of the string must include a "%(filename)s" which will contain the > # name of the temporary file that the program should operate on. It should > # write the processed message to stdout. > ARCHIVE_HTML_SANITIZER = '/usr/bin/lynx -dump %(filename)s' > > This seems to work pretty well (will provide examples shortly). As > with the rest of Scrubber, it's a bit of a kludge, but perhaps not > horrible. It could definitely use more testing by you guys. > > It's actually rather difficult to get Pipermail to /not/ HTML-escape > attachments, so I'm punting on that for now. Plus, I just feel it's > way too dangerous to support. > > - storing in get_filename() if available: fixed, and I've also > implemented the idea of sticking each message's attachments in a > separate subdir off of archives/private/mylist/attachments. The > subdir is based on the Message-ID: and files inside there are > uniquified if necessary. > > - problems with the attachment url: what we really needed was a more > elaborate PUBLIC_ARCHIVE_URL format string. It now accepts > %(hostname)s as well as %(listname)s, and the former gets > interpolated with the list's web host name (as looked up in the > inverted VIRTUAL_HOSTS dictionary, and defaulting to > DEFAULT_URL_HOST). > > Watch for checkins shortly. > -Barry

2 1

Re: [Mailman-Developers] Using pre-existing passwords along with mailman passwords?
by Donal Hunt 28 Oct '01

28 Oct '01

Jerry, I wrote some patches for Mailman 2.0.2 that do roughly what you want, though they still need some tidying up. I was using LDAP to authenticate users in my university, and falling back to Mailman subscriber info (python marshals) if it was a non-local user. The 2 main places to hook into (from memory) are SecurityManager.py and another module. I'm hoping to release an alpha of Mailman 2.0.2 with LDAP authentication in the next 2 weeks (Mailman-LDAP), and an authenticator module for Mailman 2.1 by next year. Are your UNet accounts stored in LDAP or NDS by any chance?? Cos that makes things nice and easy... Give us a shout if there's anything I can help with. Regards Donal Hunt Dublin City University mailman-developers-request(a)python.org wrote: > Message: 3 > Date: Fri, 26 Oct 2001 08:32:29 -0700 > To: mailman-developers(a)python.org > From: Jerry Stratton <jerry(a)sandiego.edu> > Subject: [Mailman-Developers] Using pre-existing passwords along with mailman passwords? > > I posted this to the users group, and they suggested I post it here; > I've looked into what might need to be done, and it looks like it > will be a lot easier for list members than for list administrators; > since list members have 'usernames' (their e-mail address), but list > administrators just have their password? > > Is there a best place to apply such a patch? > > At our University, we use a special username/password (called a > "UNet" account) for all web-related items. We can match the UNet > username directly to the user's University e-mail address. > > I would like to use this username/password for all list members and > list owners who have a UNet account, but fall through to the > mailman-generated password for those who do not. We do not have > access to the actual password--it is stored only as a Unix hash so we > can't simply insert it into the mailman password database (and we > wouldn't want to send it out via e-mail on a monthly basis in any > case). Has anyone else implemented something like this? > > What I'm looking at as a possibility is setting up an Apache > =2Ehtaccess file so that all of the mailman directories are password > protected, but allow guest access (Apache has a special module that > will do this). If a user logs in using their UNet account, map it to > their e-mail address and bypass mailman's login process. If the user > logs in as a guest, do not bypass mailman's login process. > > Has anyone already done this? If so, are there already any > instructions somewhere for how to do this? Any foreseeable problems > with this method? > > Jerry > -- > jerry(a)sandiego.edu > http://www.sandiego.edu/~jerry/ > -- > The more restrictions there are, the poorer the people become. The > greater the government=B9s power, the more chaotic the nation would > become. The more the ruler imposes laws and prohibitions on his > people, the more frequently evil deeds would occur. > --The Silence of the Wise: The Sayings of Lao Zi

1 0