Hello. How might one configure Mailman (version 2.1.6) list settings
using PHP scripts? The goal is to configure Mailman list settings such as
domain name of list, non-digest footer, set welcome/goodbye messages, etc.
An approach that comes to mind is to use bin/config_list. This would
require writing/reading files and using bin/config_list to process them.
Is there another recommended or preferred way to accomplish this?
There was a post about "PHP Wrappers" which suggested, "...just use a
setuid mailman wrapper script that does caller-checking to see if it's
called correctly, by the right user, and with 'safe' values"
<http://mail.python.org/pipermail/mailman-developers/2001-March/008421.html>.
This was recommended over simply adding the www user to the mailman group.
I do not completely understand how one creates a setuid mailman wrapper
script. Is this a matter of creating something similar to mail-wrapper.c?
If someone has written a wrapper script or has some good resources further
explaining this to share and is willing to do so, I would appreciate it.
Thank you,
-Adrian
I'm developing a patch to add an XMLRPC-based management interface to
Mailman. Would this be something that you would be interested in trying
to incorporate in the 2.1.x branch? Thanks!
-jag
--
Joshua Ginsberg <jag(a)fsf.org>
Free Software Foundation - Senior Systems Administrator
Jordi Mallach brings up a good point on the rosetta-users mailing list,
in response to my queries there.
Rosetta doesn't really work with non-po files, so the fact that we have
templates that need translating will cause us some grief. Well, even
more grief than it has over the years. ;)
Does anybody have any good ideas for handling this in the Mailman 2
tree? For MM3, it's a top priority that any templating system we use
must support po-ification for i18n. For Mailman 2.2 it's more difficult
because I don't think we should adopt an entirely new template system.
It's even worse for 2.1 because we're not accepting new features,
although if we came up with something simple and minimally disruptive,
I'd consider it for the benefit of improving the translation process.
Ideas are welcome!
-Barry
Note: the basic info of the below feature request has been posted
here:
http://sourceforge.net/tracker/index.php?func=detail&aid=1394592&group_id=1…
I received an weird but interesting weird email the other day that got
me thinking about moderation of GNU mailing lists. Here's a paraphrase
the email:
To: Moderator Slacker
Subject: Bug-slacker-project post from xxx(a)gnu.org requires approval
As list administrator, your authorization is requested ...
[you know rest]
[mail message]
Dear Slacker:
We've rather belatedly realized that a you've been ignoring the
moderation messages of your mailing list which now has hundreds or
thousands of held messages and/or a whole lot of spam in the
archives.
If you would like to volunteer to take out the trash for this or
*any* of the 25 or so lists mentioned below, please email me.
Although somehow I don't think there are going to be too many takers
of this fabulous offer, the email does have I think one useful idea in
it. Basically for any slacker-moderated list, it's probably okay to
let just about anyone do the moderation. After all, just about any
human can easily detect spam from legitimate posts.
As someone who's been doing GPL projects for a long time, things have
been getting tougher. In the good old days, one gave an email address
for support and the email address was used for support on the
project. Nowadays the email address is used to send viruses, spam and
phishing requests, and to use as the return address for viruses, and
spam to others. Okay. So now this moderation thing on mailing lists
was then added. That then gave the person offering support the
additional burden to act as a trash man for the list (in addition to
his/her own personal increased spam/viruses).
The thing that always struck me as wrong about moderated lists is that
for the convenience of the poster --- and often this is someone who is
a novice asking for help (and sometimes in a not even in a very
respectful way) -- burden is usually put on the people who might be
able to help. I think of this as the N to one burden problem: a little
burden (by not having to register to post) is reduced on N people
(often novices), at the expense of adding N times extra burden on the
"moderator(s)" (someone who is often an expert and is 1 in number). It
strikes me as a poor use of the expert's time. Actually, I'm probably
not the only one who feels that way, hence the result cited above.
So it might be nice to have a box or flag for such a mailing list that
allows anyone who is registered in the mailing list have the pleasure
of doing email moderation.
I suppose this could be subject for abuse too (discard valid posts and
accept spam), but I have a feeling that to first order approximaton
this would be a big help. And doesn't mailman already have ways of
watching users or moderators, and revoking moderation by the
administrator or whatnot?
Thanks for considering this.
I'm pleased to announce the release of GNU Mailman 2.1.7. This
is a significant release, which includes security enhancement
fixes, a new language (ia: Interlingua) support, a couple of new
features, and many bug fixes.
Mailman is free software for managing email mailing lists and
e-newsletters.
This release enhances the fixes for CAN-2005-0202 and CVE-2005-3573
which were fixed in mailman release 2.1.6, and reduces the chance of
list admin privilege abuse. Because of these and other fixes, it
is highly recommended that all sites update to 2.1.7.
For more information, see:
http://mailman.sourceforge.net/
For links to download the Mailman 2.1.7 source tarball, see:
http://sourceforge.net/project/showfiles.php?group_id=103
Best regards and a happy new year!
--
Tokio Kikuchi
Hello Mailman Developers.
I'm in the process of writing a patch to allow users and site admins to
log in using OpenID, a protocol using browser redirects for delegating
authentication to a special site, using a URL as an identifier. (see
www.openidenabled.com and/or www.openid.net for more info)
I downloaded 2.1.7rc1 and I have been investigating what it will take to
write this patch. I have had trouble connecting to the cvs server,
"cvs [login aborted]: reading from server: Connection reset by peer"
or I would be looking at the latest cvs. Anyhow...
I noticed the two modules MemberAdaptor.py and OldStyleMemberships.py,
the latter of which contains an implementation while the former does
not. It appears that the membership system is in some sort of
transition, and I wondered what the plans were, and how I could help,
especially to make it easier to use OpenID or other similar systems.
Dag Arneson
JanRain Inc.
Hi all,
I've just released Mailman 2.1.7rc1 Release Candidate. I'm sorry for
the violation of file name extension convention because I made a small
mistake when tagging the release number. I will be releasing 2.1.7
final by December 31 if there is no problem.
Please download it from SF or:
http://mm.tkikuchi.net/mailman-2.1.7rc1.tar.gz
Cheers,
Tokio
-------------------------------------------------------
2.1.7rc1 (24-Dec-2005)
Security
- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
message instead of just quietly dropping ./ and ../ from URLs.
- A note on CVE-2005-3573: Although the RFC2231 bug example in the
CVE has been solved in mailman-2.1.6, there may be more cases
where ToDigest.send_digests() can block regular delivery.
We put the send_digests() calling part in try - except clause and
leave a message in the error log if something happened in
send_digests(). Daily call of cron/senddigests will notify more
detail to the site administrator.
- List administrators can no longer change the user's
option/subscription
globally. Site admin can change these only if
mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
- Script tag is disallowd in edithtml script.
- Since probe message for the disabled users may reach unexpected
persons, the password was excluded from sendProbe() and probe.txt.
Note that the default value of VERP_PROBE has been set to `No'
from 2.1.6., thus this change doesn't change the default behavior.
New Features
- Always remove DomainKey (and similar) headers (1287546) from messages
sent to the list.
- List owners can customize content filter behavior as not to collapse
multipart/alternative to its first content. This allows HTML part
to pass through after other content filtering is done.
Internationalization
- New language: Interlingua.
Bug fixes and other patches
- Defaults.py.in: SCRUBBER_DONT_USE_ATTACHMENT_FILENAME is set to True
for safer operation.
- Fix Scrubber.py mungs quoted-printable bug with introducing
'X-Mailman-Scrubbed' header for marking that the payload is
scrubber-munged. The flag is referenced in ToDigest.py,
ToArchive.py,
Decorate.py and Archiver. Similar problem in ToDigest.py where the
plain digest is generated is also fixed.
- Fix Syslog.py to write quopri encoded message when it fail to write
8-bit characters.
- Fix MTA/Postfix.py to check aliases group permission in check_perms
and fix mailman-install document on this matter (1378270).
- Fix private.py to go to the original URL after authorization
(1080943).
- Fix bounce log score messages to be more consistent.
- Fix bin/remove_members to accept no arguments when both --fromall and
--file= options are specified.
- Change cgi-bin and mail wrapper "group not found" error message to be
more descriptive of the actual problem.
- Apply the list's ban_list to address changes and admin mass subscribe
and invite and to confirmations/approvals of address changes,
subscriptions and invitations.
- Decode quoted-printable and base64 encoded parts before passing to
HTML_TO_PLAIN_TEXT_COMMAND (1367783).
- Remove Approve: header from post - treat as Approved: (1355707).
- Stop removing line following Approve(d): line in body of post
(1318883).
- Remove Approve(d): <password> from all text/* parts in addition the
initial text/plain part. It still must be the first non-blank line in
the first text/plain part or it won't be found or removed at all
(1181161).
- Log post in post log with true sender, not listname-bounces
(1287921).
- Correctly initialize and remember the list's
default_member_moderation
attribute in the web list creation page (1263213).
- Add PEP263 charset in config_list output (1343100).
- header_filter_rules get lost if accessed directly and needed
authenti-
cation by login page (1230865).
- Obscure email when the poster doesn't set full name in 'From:'
header.
- Take preambles and epilogues into account when calculating
message sizes
for holding purposes (Mark Sapiro).
- Logging/Logger.py unicode transform option (1235567).
- bin/update crashes with bogus files (949117).
- Bugs and patches: 1212066/1301983 (Date header in create/remove
notice)
Hi Michael,
You can set Scrubber.py not to use the orginal filename in the message
by adding followin line in mm_cfg.py (mailman-2.1.6 and above).
SCRUBBER_DONT_USE_ATTACHMENT_FILENAME = True
Developers,
May be we should set this default in Defaults.py.in in the next release
of 2.1.7. Thoughts?
Michael Rasmussen wrote:
> Resolved. The digest keeps a seperate mbox file at
> {MMDIR}lists/LISTNAME/digest.mbox removing the email from that location
> was the solution to my immediate problem.
>
> This does expose a DOS attack potential for MM lists. The too long
> attachment name needs to be handled in a more graceful manner.
>
> Michael Rasmussen wrote:
>
>>Update:
>>
>>I've found the offending message and purged it from the list archives,
>>purged it from the shunt files, and purged it from everywhere I could
>>find it.
>>
>>Yet the problem persists. So I'm looking for the temp file/mail area
>>where the file that contains this attachment may be found.
>>
>>
>>Michael Rasmussen wrote:
>>
>>>I have a list that was sent a file with an attachement with too long a
>>>name. (See error below) now all mail to the list is being shunted.
>>>
>>>the filename listed does not exist on my system. There is no file on my system with that name.
>>>The directory /var/lib/mailman/archives/private/rca-l/attachments/20051207/3d04c3a4 is empty.
>>>
>>>What do I need to do to resolve this problem?
>>>
>>>========== Error message =====================
>>>Dec 22 06:08:46 2005 (2233) Uncaught runner exception: [Errno 36] File name too long: '/var/lib/mailman/archives/private/rca-l/attachments/20051207/3d04c3a4/iso-8859-1QThe_surface_of_the_SunA0_The_sun_has_a_rigid_iron_surfaceiso-8859-1Q_located_under_the_photosphere_that_is_revealed_by_satelliiso-8859-1Qte_imagery.A0_The_solar_surface_sits_beneath_the_suns_viiso-8859-1Qsible_photosphere_and_is_electrically_active..obj'
>>>Dec 22 06:08:46 2005 (2233) Traceback (most recent call last):
>>> File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 111, in _oneloop
>>> self._onefile(msg, msgdata)
>>> File "/usr/lib/mailman/Mailman/Queue/Runner.py", line 167, in _onefile
>>> keepqueued = self._dispose(mlist, msg, msgdata)
>>> File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 130, in _dispose
>>> more = self._dopipeline(mlist, msg, msgdata, pipeline)
>>> File "/usr/lib/mailman/Mailman/Queue/IncomingRunner.py", line 153, in _dopipeline
>>> sys.modules[modname].process(mlist, msg, msgdata)
>>> File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 91, in process
>>> send_digests(mlist, mboxfp)
>>> File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 132, in send_digests
>>> send_i18n_digests(mlist, mboxfp)
>>> File "/var/lib/mailman/Mailman/Handlers/ToDigest.py", line 306, in send_i18n_digests
>>> msg = scrubber(mlist, msg)
>>> File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 265, in process
>>> url = save_attachment(mlist, part, dir)
>>> File "/var/lib/mailman/Mailman/Handlers/Scrubber.py", line 447, in save_attachment
>>> fp = open(path, 'w')
>>>IOError: [Errno 36] File name too long: '/var/lib/mailman/archives/private/rca-l/attachments/20051207/3d04c3a4/iso-8859-1QThe_surface_of_the_SunA0_The_sun_has_a_rigid_iron_surfaceiso-8859-1Q_located_under_the_photosphere_that_is_revealed_by_satelliiso-8859-1Qte_imagery.A0_The_solar_surface_sits_beneath_the_suns_viiso-8859-1Qsible_photosphere_and_is_electrically_active..obj'
>>>
>>>Dec 22 06:08:46 2005 (2233) SHUNTING: 1135258825.4376719+99568bcc1187c910d48aae8b9ae8f68ed3aa643b
>>>
>>>========== Error message =====================
>>>--
>>> Michael Rasmussen, Portland Oregon
--
Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp
http://weather.is.kochi-u.ac.jp/
Hi,
thanks for the comments/tips upon a solution for a "One-Click Unsubscribe".
For anyone interested, here is a short summary of what we did:
* we decided to implement our own frontends to mailman, as we feel
everything about mailman is great - everything but the frontends :-)
* we integrated the MySQL MemberAdaptor from
http://www.orenet.co.uk/opensource/MailmanMysql/
* we wrote frontends in php as an extension to the open source cms "papaya
CMS" (www.papaya-cms.com - note: the page is only available in german until
spring '06)
* papaya now has a complete double-opt-in / opt-out system to manage
subscriptions und unsubscriptions and keeps track of all relevant dates,
due to requirements of the german laws
* papaya syncs this database with the mailman maysql-database
* and everything is fine ;-)
Again, thanks for any comments upon our problem - and thanks to the
developers for mailman and the MySQL MemberAdaptor...
Best regards!
André
Hi all,
I've just released Mailman 2.1.7b1 for beta test and i18n translations.
I'm tempted to jump into RC because the 2.1-maint branch is so stable
and 2.1.7 is mainly for bug fixes, but we need more translations before
the final release. Please download it from SF or:
http://mm.tkikuchi.net/mailman-2.1.7b1.tgz
Cheers,
Tokio
-------------------------------------------------------
Here is a history of user visible changes to Mailman.
2.1.7b1 (20-Dec-2005)
Security
- The fix for CAN-2005-0202 has been enhanced to issue an appropriate
message instead of just quietly dropping ./ and ../ from URLs.
- A note on CVE-2005-3573: Although the RFC2231 bug example in the
CVE has been solved in mailman-2.1.6, there may be more cases
where ToDigest.send_digests() can block regular delivery.
We put the send_digests() calling part in try - except clause and
leave a message in the error log if something happened in
send_digests(). Daily call of cron/senddigests will notify more
detail to the site administrator.
- List administrators can no longer change the user's
option/subscription
globally. Site admin can change these only if
mm_cfg.ALLOW_SITE_ADMIN_COOKIES is set to Yes.
- Script tag is disallowd in edithtml script.
- Since probe message for the disabled users may reach unexpected
persons, the password was excluded from sendProbe() and probe.txt.
Note that the default value of VERP_PROBE has been set to `No'
from 2.1.6., thus this change doesn't change the default behavior.
New Features
- Always remove DomainKey (and similar) headers (1287546) from messages
sent to the list.
- List owners can customize content filter behavior as not to collapse
multipart/alternative to its first content. This allows HTML part
to pass through after other content filtering is done.
Internationalization
- New language: Interlingua.
Bug fixes and other patches
- Fix Scrubber.py mungs quoted-printable bug with introducing
'X-Mailman-Scrubbed' header for marking that the payload is
scrubber-munged. The flag is referenced in ToDigest.py, ToArchive.py,
Decorate.py and Archiver. Similar problem in ToDigest.py where the
plain digest is generated is also fixed.
- Fix Syslog.py to write quopri encoded message when it fail to write
8-bit characters.
- Fix MTA/Postfix.py to check aliases group permission in check_perms
and fix mailman-install document on this matter (1378270).
- Fix private.py to go to the original URL after authorization
(1080943).
- Fix bounce log score messages to be more consistent.
- Fix bin/remove_members to accept no arguments when both --fromall and
--file= options are specified.
- Change cgi-bin and mail wrapper "group not found" error message to be
more descriptive of the actual problem.
- Apply the list's ban_list to address changes and admin mass subscribe
and invite and to confirmations/approvals of address changes,
subscriptions and invitations.
- Decode quoted-printable and base64 encoded parts before passing to
HTML_TO_PLAIN_TEXT_COMMAND (1367783).
- Remove Approve: header from post - treat as Approved: (1355707).
- Stop removing line following Approve(d): line in body of post
(1318883).
- Log post in post log with true sender, not listname-bounces (1287921).
- Correctly initialize and remember the list's default_member_moderation
attribute in the web list creation page (1263213).
- Add PEP263 charset in config_list output (1343100).
- header_filter_rules get lost if accessed directly and needed authenti-
cation by login page (1230865).
- Obscure email when the poster doesn't set full name in 'From:' header.
- Take preambles and epilogues into account when calculating message
sizes
for holding purposes (Mark Sapiro).
- Logging/Logger.py unicode transform option (1235567).
- bin/update crashes with bogus files (949117).
- Bugs and patches: 1212066/1301983 (Date header in create/remove
notice)