Mailman 3 May 2005 - Mailman-Developers

PGP and Mailman
by Joost van Baal 22 Jul '05

22 Jul '05

Hi, I will write and publish a patch which integrates PGP signature validation and re-encryption of encrypted posts to mailman. Specs are: - A post will be distributed only if the PGP signature on the post is from one of the list members. - For sending encrypted email, a list member encrypts to the public key of the list. The post will be decrypted and re-encrypted to the public keys of all list members. (Later, the patch will handle RFC 2633 (S/MIME) messages too, next to RFC 2440 (OpenPGP)). I've taken a look at the NAH6 secure list patch #646989 at http://sourceforge.net/tracker/index.php?func=detail&aid=646989&group_id=10… and at Ben Laurie's patch #645297 at http://sourceforge.net/tracker/index.php?func=detail&aid=645297&group_id=10… , but I believe none of these completely implements the listed requirements (although these will help me implementing, of course). I am asking you to take a look at my plan for implementation. Am I on the right track? So, the plan: I think one way to implement it would be to add two modules to GLOBAL_PIPELINE: in front, before SpamDetect, there would be 'PGPCheck'. PGPCheck would check wether the message is encrypted, and, if so, make a temporary decrypted copy in order to verify with which key is was signed. If the message is unencrypted, it would check the signature. It would store this information in new properties of the Mailman Message object. A second new module in GLOBAL_PIPELINE would be 'PGPRecrypt', to be called after CookHeaders' and before 'ToDigest'. This would, if needed, decrypt the message and reencrypt it to all recipients, and would sign it. If for instance a list member erroneously signs a post with a wrong public key, and encrypts the message, this message should be handled carefully. I believe the Hold module should be adapted for this. A copy of the original encrypted message should be kept. The message should be decrypted, signed with the listkey, encrypted to the list moderator key, and sent for acknowledgement. If the moderator chooses to deny the message, the poster should get her original message back. (I guess.) For all PGP handling, I plan to use Frank J. Tobin's GnuPGInterface ( http://py-gnupg.sourceforge.net/ ). I plan to write the patch against current stable Mailman. Any insight to share on this? Thanks! Bye, Joost -- Joost van Baal http://abramowitz.uvt.nl/ Tilburg University j.e.vanbaal(a)uvt.nl The Netherlands

4 12

Suspending subscribers on vacation?
by Bjørn Vermo 31 May '05

31 May '05

It is a problem that some people think it is cool to automatically generate "out of office" messages when they are away, especially when they are subscribed to high-volume lists. Is there an easy way to have Mailman temporarily unsubscribe them when it receives one of those messages? -- Using M2, Opera's revolutionary e-mail client: http://www.opera.com/m2/

2 1

RE: [Mailman-Developers] Min requirements for running Mailman?
by John.Airey＠rnib.org.uk 31 May '05

31 May '05

> -----Original Message----- > From: mailman-developers-bounces+john.airey=rnib.org.uk(a)python.org > [mailto:mailman-developers-bounces+john.airey=rnib.org.uk@pyth > on.org]On > Behalf Of Tollef Fog Heen > Sent: Monday, 06 September 2004 16:47 > To: mailman-developers(a)python.org > Subject: Re: [Mailman-Developers] Min requirements for > running Mailman? > > > * Nigel Metheringham > > | I'd tend to take this as:- > | * Mailman is a bitch to package > > Not really. It's fairly well-behaved in my experience. It's a > semi-large web application with some requirements, but nothing > unreasonable. > > | * RH have packaged it for a while > | * RH found a good few of the gotchas in packaging Mailman > | * RH have subsequently learnt from their mistakes and recently > | have produced good packages. > | * Other distros may do better, or may yet have to > learn from their > | mistakes :-) > > Mailman has been in Debian since June 1998 (1.0b4), so we've been > working on it for a while as well. I think our packages are of good > quality (far from perfect, but making perfect packages is _a lot_ of > work. ;) > Just to throw my tuppence worth in... I've used mailman since Red Hat 7.2. I found that the version that came with Red Hat 9.0 wouldn't work for me (ie I couldn't upgrade to it) so I stuck with the 7.2 version (2.0.13) till the end of Red Hat 9 support. We are now running the 2.1.5 version that comes with Fedora but running it on Red Hat Enterprise Linux (RHEL). I did however have to recreate all the lists by hand in an overnight shift (what fun that was...) a few days before leaving the country (hence the rush). At that time I didn't know I could export the configuration (Doh!). Red Hat have taken some packages out of RHEL eg arpwatch and mysql-server (although this is in the "extras" channel) even though these are in the source RPM. Mailman is currently not included but might be being put back in to RHEL 4.0. I would like to hope so, as I find 2.1.5 far superior to 2.0.13. -- John Airey, BSc (Jt Hons), CNA, RHCE Internet systems support officer, ITCSD, Royal National Institute of the Blind, Bakewell Road, Peterborough PE2 6XU, Tel.: +44 (0) 1733 375299 Fax: +44 (0) 1733 370848 John.Airey(a)rnib.org.uk To truly believe in Evolution requires complete faith that life has no meaning. Fortunately there are billions of people who aren't that stupid. -- DISCLAIMER: NOTICE: The information contained in this email and any attachments is confidential and may be privileged. If you are not the intended recipient you should not use, disclose, distribute or copy any of the content of it or of any attachment; you are requested to notify the sender immediately of your receipt of the email and then to delete it and any attachments from your system. RNIB endeavours to ensure that emails and any attachments generated by its staff are free from viruses or other contaminants. However, it cannot accept any responsibility for any such which are transmitted. We therefore recommend you scan all attachments. Please note that the statements and views expressed in this email and any attachments are those of the author and do not necessarily represent those of RNIB. RNIB Registered Charity Number: 226227 Website: http://www.rnib.org.uk

6 11

RELEASED Mailman 2.1.6
by Barry Warsaw 31 May '05

31 May '05

On behalf of the development team, I'm pleased to announce the release of GNU Mailman 2.1.6. This is a significant release, which includes three important security patches, updated Chinese (zh_TW and zh_CN) support, better compatibility with Python 2.4, a few new features, and many bug fixes. Mailman is free software for managing email mailing lists and e-newsletters. This release fixes CAN-2005-0202, a reported vulnerability in path traversal in the private archive script. This release also provides an option for sites to produce more cryptographically secure auto-generated passwords, and it closes a potential cross-site scripting hole. Because of the security (and other) fixes, it is highly recommended that all sites upgrade to 2.1.6. For more information, please see: http://www.list.org http://mailman.sf.net http://www.gnu.org/software/mailman On a personal note, I owe a debt of gratitude to Tokio Kikuchi, who served as release manager for 2.1.6, integrated countless patches, and coordinated the Chinese language updates for this release. Please join me in thanking him for helping out so much. For links to download the Mailman 2.1.6 source tarball, see: http://sourceforge.net/project/showfiles.php?group_id=103 Enjoy, -Barry

1 0

mbox archive
by Jean-Philippe GIOLA 25 May '05

25 May '05

Hi all! I want to know when the mbox archive is created for a list (in archives/private/listname.mbox/listname.mbox) /I have still ask this question in the mailman-users list but noboby has answer me... /reguards./ / -- Jean-Philippe Giola - 6577

3 2

Plugin architecture? If not, suggestions on extending functionality?
by Carl Fink 20 May '05

20 May '05

Hi. I'm running mailing lists for a nonprofit organization. We'd like to create a customized newsletter. The idea is that subscribers would visit a configuration page, and check off the topics that they're interested in. Then, monthly or so, a customized newsletter would be generated for each subscriber and mailed out. Since I'm already administering a Mailman server, it struck me that extending Mailman was the way to go. I'm only slightly familiar with Python, but it would be my seventh or eighth language, so that doesn't intimidate me. What I'd like to do is write a plugin. However, I have been unable to find a description of a Mailman plugin API in dozens of web searches using multiple engines. I find *references* to such an API going back four years, but no actual documentation of one. So: does the current Mailman support plugins? If not, what do you, the Mailman developers, think of extending the package to support custom newsletters? Any suggestions on where to start? Thanks for reading. -- Carl Fink postmaster(a)iconsf.org I-Con System Administrator and Postmaster <http://www.iconsf.org/>

3 2

Storing other data in the list object
by Matthew Newton 19 May '05

19 May '05

Hi, The Mailman system I'm putting together has lists automatically created/deleted depending on another database (i.e. the university database defines what lists exist, and who owns them, and Mailman should then match this). I need to be able to store information about when the list was created (this is used in the synchronization procedure). I could save this in another text file, but that is something else to go wrong / get out of synch. Therefore, is the following safe to do, (assuming I use a variable that is unlikely to be used by Mailman itself)? Is there a place I should be using instead of this (i.e. a dictionary in the object called "localdata")? m = MailList.MailList(listname, lock=1) m.uol_createddate = "something" m.Save() m.Unlock() Thanks! Matthew -- Matthew Newton <mcn4(a)le.ac.uk> UNIX and e-mail Systems Administrator, Network Support Section, Computer Centre, University of Leicester, Leicester LE1 7RH, United Kingdom

2 1

Re: [Mailman-Developers] [Fwd: [ mailman-Bugs-1188133 ] CGI group id not properly tested]
by Barry Warsaw 18 May '05

18 May '05

On Wed, 2005-05-18 at 09:49, Graham Klyne wrote: > This comment surprises me a little, as I am using postfix and I was > experiencing access-related problems. However, following my initial > installation, I did find that I had to change the file protection on the > alias files [*], otherwise I was unable to use Mailman to create new > mailing lists, so maybe that was my problem all along? (This being after > encountering the previous problem and applying the "patch".) Yes, you need to have both the aliases and the aliases.db file writable by group mailman, and group owned by mailman. However, additionally, the aliases.db file must be /user/ owned by mailman in order for Postfix to execute the scripts with the proper permissions. If that's not clear in the documentation (and enforced by check_perms) then you should file a bug report so we can make sure those issues are addressed. -Barry

1 0

(no subject)
by loisbert1＠aol.com 17 May '05

17 May '05

Please get more off of this list server!!!!!!! NOW

1 0

Search members bug?
by Jimmy Svensson 15 May '05

15 May '05

I'm using the latest release candidate of Mailman and have a problem with the search function. When the result from the search is more than could be viewed on one page the result is divided into several pages depending on the beginning character of the email address... but when I want to view the results from the search beginning with anything other than A (for example B) the search is forgotten and all members beginning with B is shown instead of the ones I searched for. The problem is that the links for the different characters only contain the get variable "letter" and not "findmember" which is the variable posted by the search form. Have anyone else had the same problem? Would be nice with a fix for this. /Jimmy Svensson

5 7