Mailman-Developers June 2009

mailman-developers@python.org

19 participants
9 discussions

before next release: disable backscatter in default installation
by Jo Rhett 08 Nov '22

08 Nov '22

Hi. There's a fairly simple problem here that needs to be addressed. And it's mostly a documentation/install problem. I'm hoping we can get this resolved before the next release. PROBLEM: Mailman comes out of the box ready to backscatter spam people. Yes, it's easy enough to fix. But because it comes stock this way, and is documented to install this way, most people install it to do this. Those of us who work in abuse departments are tired of hearing "well that's how Mailman works". We also object to having to teach people how to fix their mailman installations because it's not documented in the current manual. This is *exactly* like Sendmail 14 years ago. We didn't accept it then, and Sendmail fixed the problem. RESOLUTION: Mailman default installation should not backscatter in a default configuration. 1. Don't create backscatter aliases for subscribe/unsubscribe/etc by default. Nearly everyone uses web based signup. 2. Discard or hold messages from non-subscribers by default. I would think that it would be perfectly reasonable to have documentation on how to enable the 1980s-style -request / -subscribe etc aliases. However this documentation should have a note that this is against the AUP of nearly every network provider, and enabling it will likely cause them to get listed in various blacklists as a backscatter source. FYI: I know that this goes against the instincts of many old-time mailing list advocates here. But after dealing with a 10k/hour backscatter DoS my tolerance for this problem is understandably limited. Yes, it was a sweet day back in the 1980s. I was running a mailing list server and several UUCP gateways at the time, so I remember them well. But those days are past, and we need to deal with the reality of today. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness

21 168

connecting F*EX and mailman
by Ulli Horlacher 28 Jun '09

28 Jun '09

Perhaps you are interested: I have written a mailman authentification CGI for F*EX (Frams' Fast File Exchange http://fex.rus.uni-stuttgart.de/) The F*EX adminstrator can enable mailman mailing lists for using F*EX. The mailing list user then can use F*EX for sending arbitrary big files to any other user. You can see such a F*EX mailman authentification on http://fex.rus.uni-stuttgart.de:8080/mma -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlacher(a)rus.uni-stuttgart.de Universitaet Stuttgart Tel: ++49-711-685-65868 Allmandring 30 Fax: ++49-711-682357 70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/

1 0

should i be able to set a default accept_these_nonmembers?
by Kenneth Raffenetti 22 Jun '09

22 Jun '09

-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recently had a request to make it so a Mailman domain I had setup would include a default set of email addresses in the accept_these_nonmembers field of each list. I thought it was a reasonable request as these people are responsible essentially all things in that domain. Default.py and mm_cfg.py are not currently setup to allow this. Does anyone think this is a reasonable feature request? Thanks, Ken Raffenetti -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko6juQACgkQvRJB9CBtvwhDlgCdFPxxSTrh8On2u+xo4u1dhtOU 6+IAnirHyuwxaiHlDKDnDGp595/iRUQM =m5JJ -----END PGP SIGNATURE-----

2 2

openID enabled mailman
by Malveeka Tewari 17 Jun '09

17 Jun '09

Hi I am working on implementing openID server for the mailman setup I am running. I have started using mailman only recently and need help/feedback on my approach. We want to provide the list users an option whether or not to have enable openID. On the "" page, the users will see an option for 1. Enable/Disable openID login for your subscription 2. Sign in with existing openID login for your subscription *1. Enable/Disable openID login for your subscription* *account* For enabling and diabling the openID feature, the users login their subscribed accounts as they do now for changing any of the subcription options. On this page if they enable the openID feature, they recieve an automated reply with their openID identifier. The password for the openID identifier is the same as that for the subscription accounts. If they change their subscription passwords, their openID password gets changed too. *2. Sign in with existing openID login* The user gets redirected to a page where it enters it's openID identifer and the password and can now manage its account settings with the openID identifier. This authentication and further logging, modification of subscription configurations will be handled by the openID server. As I understand, the *changes that need to be made to the existing mailman code* include the following: Changing the MemberAdaptor.py and UserDesc.py for including information whether or not openID identifier is enabled for a paricular user. Propogating changes made to openID-identified-accounts to the subscription configurations. Changing the webpage interfaces for provinding and allowing users to access these options I want to know if there's already an openID enabled version of mailman available And what files would I need to make changes to include openID support in mailman Thanks Malveeka

4 7

Global accept_these_nonmembers?
by Andrew Davidoff 13 Jun '09

13 Jun '09

Hello All, Is there any reason something like DEFAULT_ACCEPT_THESE_NONMEMBERS hasn't been pushed up into MailList.py? It would be handy for me to apply such a default, though I realize I may be in the minority. I am considering applying a small patch to support this, but would like to know if something like this might be implemented in the future by your team. I communicated briefly with msapiro in #mailman on freenode and it sounded like some work on mailman 3 (styles / templates) might be an area this would fall into. This email is mostly a follow up to see if any one else has any thoughts on this. Thanks. Andrew Davidoff

2 1

monthly password reminder bounce reaction
by Patrick Ben Koetter 05 Jun '09

05 Jun '09

We, the Python.org postmasters, received about 2.200 bounces at Mailman day from monthly password reminders that did not reach the recipient. Ralf said such bounces do not increase a mailing list members bounce score. Is this correct? If it is, can we add such behaviour to the MM3 feature list? Any objections? p@rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstraße 15 Telefon +49 89 3090 4664 81669 München Telefax +49 89 3090 4666 Amtsgericht München Partnerschaftsregister PR 563

7 18

very large lists
by Bob Puff 03 Jun '09

03 Jun '09

Hi gang, I have a customer who wants a one-way distribution list set up that will handle millions of recipients... like 10 million. It is a double opt-in, and its not spam.. <g> I'm thinking this is probably too much for MM 2 to handle. Will MM3 be able to scale to this size? If anyone has suggestions for me for current software that can do this, feel free to email me off-list. Bounce processing is important, as is user management. Bob

3 4

Creating a new mailing list - Bug in Mailman version 2.1.5
by Piet Delaney 03 Jun '09

03 Jun '09

Hi Christian: I tried creating a new mailing list for xocd and got the error shown below. You recently created new mailing list, so I thought you might know about this land mine that I just stepped on while using the std gui interface: --------------------------------------------------------------- http://lists.linux-xtensa.org/mailman/create --------------------------------------------------------------- Bug in Mailman version 2.1.5 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs. --------------------------------------------------------------- The admin web page mentions having proper authority. Is it possibly that I just don't know the List creators (authentication) password? BTW, any thoughts on the openembedded effort we discussed earlier? I'm wrapping up some work on AES and hope to get back to submitting xtensa kernel patches for xtensa as a part time project. -piet

3 2

a question about documentation
by Kārlis Repsons 03 Jun '09

03 Jun '09

Hello, could someone let me know about how was mailman-install.pdf manual generated? CC to me... K.

4 3

2022

2021

2020

2019

2018

2017

2016

2015

2014

2013

2012

2011

2010

2009

2008

2007

2006

2005

2004

2003

2002

2001

2000

1999

1998

1997

Mailman-Developers June 2009