Mailman 3 April 2014 - Mailman-Developers

before next release: disable backscatter in default installation
by Jo Rhett Nov. 7, 2022

Nov. 7, 2022

Hi. There's a fairly simple problem here that needs to be addressed. And it's mostly a documentation/install problem. I'm hoping we can get this resolved before the next release. PROBLEM: Mailman comes out of the box ready to backscatter spam people. Yes, it's easy enough to fix. But because it comes stock this way, and is documented to install this way, most people install it to do this. Those of us who work in abuse departments are tired of hearing "well that's how Mailman works". We also object to having to teach people how to fix their mailman installations because it's not documented in the current manual. This is *exactly* like Sendmail 14 years ago. We didn't accept it then, and Sendmail fixed the problem. RESOLUTION: Mailman default installation should not backscatter in a default configuration. 1. Don't create backscatter aliases for subscribe/unsubscribe/etc by default. Nearly everyone uses web based signup. 2. Discard or hold messages from non-subscribers by default. I would think that it would be perfectly reasonable to have documentation on how to enable the 1980s-style -request / -subscribe etc aliases. However this documentation should have a note that this is against the AUP of nearly every network provider, and enabling it will likely cause them to get listed in various blacklists as a backscatter source. FYI: I know that this goes against the instincts of many old-time mailing list advocates here. But after dealing with a 10k/hour backscatter DoS my tolerance for this problem is understandably limited. Yes, it was a sweet day back in the 1980s. I was running a mailing list server and several UUCP gateways at the time, so I remember them well. But those days are past, and we need to deal with the reality of today. -- Jo Rhett Net Consonance : consonant endings by net philanthropy, open source and other randomness

21 168

Re: [Mailman-Developers] [Bug 1130957] Re: Unicode errors in mailman3
by Barry Warsaw May 5, 2014

May 5, 2014

On Apr 30, 2014, at 09:38 PM, Tim Marx wrote: >I'm using mailman 3.0.0b4 (with mailman-bundler) and ran into the same >problem as described above. Luckily I found this bug report and could manage >to fix it with the patches above. > >May I ask anybody (with more bazar-knowledge than me) to merge this two >patches into the mailman 3 branch? Thank you! I think we just need some test cases. Tim, can you provide any details on how you it the bug?

2 1

ANNOUNCE: The GNU Mailman 3 suite, beta 1 preview
by Barry Warsaw May 3, 2014

May 3, 2014

Hello Mailman enthusiasts! Time and motion Wind and sun and rain Days connect like boxcars in a train Another Pycon has come and gone and with it, another fantastic sprint among the core developers. We accomplished quite a bit, and now we'd like to share the results with you. On behalf of the Mailman development team, I am happy to announce the first beta release of the full Mailman 3 suite. This release includes: * Postorius 1.0.0b1 (Year of the Parrot), our new Django-based web user interface for list owners and list members. * HyperKitty 1.0.0b1, the fantastic new Django-based archiver. * Mailman Core 3.0b4 (Time and Motion), the mailing list engine and administrative REST API. * The mailman-bundler package 3.0b1, a helpful buildout-based tool for putting it all together. We're very excited to finally be able to announce this preview of the entire suite of tools, and we hope you'll give it a try. As with any beta software, we give a word of caution should you be adventurous enough to want to try it in production. There are surely bugs and missing features, but we feel confident enough to encourage you to play with the system and provide us with feedback, bug reports, suggestions, and above all, contributions! Each project is separately downloadable from the Python Cheeseshop, and links are provided below. Perhaps the best way to begin is to grab the bundler, unpack it and, follow the directions included in the bundle. It should work on most modern *nixes with Python 2.7. You can download the bundler tarball from: https://pypi.python.org/pypi/mailman-bundler/3.0b1 See below for links to the individual project pages, bug report packages, and package documentation. The best place to discuss Mailman 3 is on the mailman-developers mailing list, or on IRC via the freenode #mailman channel. Enjoy! -Barry (On behalf of the entire GNU Mailman development team) P.S. My personal, deepest thanks to Florian, Terri, Aurélien, Mark, John, and Piotr for coming to Pycon, working hard and joyfully at the sprints, sharing friendly meals and tea shop excursions, and to Steve who wasn't able to make it in person, and also to all the contributors to the project who make the code better and the community an honor to be a part of. Postorius project - https://launchpad.net/postorius bugs - https://bugs.launchpad.net/postorius download - https://pypi.python.org/pypi/postorius/1.0.0b1 docs - http://pythonhosted.org//postorius/ HyperKitty project - https://fedorahosted.org/hyperkitty/ bugs - https://fedorahosted.org/hyperkitty/report download - https://pypi.python.org/pypi/HyperKitty/1.0 docs - https://hyperkitty.readthedocs.org/en/latest/ Core project - https://launchpad.net/mailman bugs - https://bugs.launchpad.net/mailman/+bugs?field.tag=mailman3 download - https://pypi.python.org/pypi/mailman/3.0.0b4 docs - http://pythonhosted.org/mailman/ Bundler project - https://launchpad.net/mailman-bundler bugs - https://bugs.launchpad.net/mailman-bundler download - https://pypi.python.org/pypi/mailman-bundler/3.0b1 docs - README.rst (in the unpacked tarball)

2 1

Re: [Mailman-Developers] GSOC 2014: CI tool for the Mailman suite and postorius improvements
by Barry Warsaw May 1, 2014

May 1, 2014

Hi Varun, welcome to Mailman GSoC! On Apr 30, 2014, at 12:24 PM, varun sharma wrote: >Thanks for giving me opportunity to work with mailman community this >summer. I'm an undergraduate student from Manipal Institute Of Technology, >India and i'll be working on project "CI tool for the Mailman suite and >postorius improvements". >I would love to get feedback and suggestions from the community regarding >my project which involves: >1. CI tool for Mailman Suite (mailman core, postorius, hyperkitty) >2. The UI Testing Framework for Postorius >I am in process of discussing the best possible implementation for this >project with my mentors and advice from the community for the same will be >very helpful. One of the things I think is critical for the core, is testing it against supported the two supported db backends, SQLite and PostgreSQL. Eventually others if/when we get some contributions. I'd also love to see some testing against the major MTAs, and on other *nix platforms other than Ubuntu and Debian. Cheers, -Barry

2 2

Re: [Mailman-Developers] GSOC 2014: CI tool for the Mailman suite and postorius improvements
by Abhilash Raj April 30, 2014

April 30, 2014

Hi Varun, Welcome to mailman community, we look forward to a great summer with you. On Wed, Apr 30, 2014 at 12:24 PM, varun sharma <varunsharmalive(a)gmail.com>wrote: > Hi everyone, > Thanks for giving me opportunity to work with mailman community this > summer. I'm an undergraduate student from Manipal Institute Of Technology, > India and i'll be working on project "CI tool for the Mailman suite and > postorius improvements". > I would love to get feedback and suggestions from the community regarding > my project which involves: > 1. CI tool for Mailman Suite (mailman core, postorius, hyperkitty) > 2. The UI Testing Framework for Postorius > I think you should give something more to comment on rather than just asking to give suggestions and feedback. I can't tell you each and every step of your project only based on above two points. Maybe you can be more specific on ideas that you want suggestions on? Also not everyone on this list has read your proposal, so if you want to discuss on whether your proposal is enough to go though the summer or you need more details lined out(which I am sure you do ;-), it would be best if you either blog about your proposal(which I guess PSF wants you to do before coding period starts) or post about your proposal here in mm-dev and then ask for suggestions or feedback based on that. thanks, Abhilash

1 0

GSOC 2014: CI tool for the Mailman suite and postorius improvements
by varun sharma April 30, 2014

April 30, 2014

Hi everyone, Thanks for giving me opportunity to work with mailman community this summer. I'm an undergraduate student from Manipal Institute Of Technology, India and i'll be working on project "CI tool for the Mailman suite and postorius improvements". I would love to get feedback and suggestions from the community regarding my project which involves: 1. CI tool for Mailman Suite (mailman core, postorius, hyperkitty) 2. The UI Testing Framework for Postorius I am in process of discussing the best possible implementation for this project with my mentors and advice from the community for the same will be very helpful. Regards Varun

1 0

Re: [Mailman-Developers] Deploying postorius and mailman-bundle
by Aurelien Bompard April 28, 2014

April 28, 2014

OK, fixed and pushed. I've added instructions for running via Gunicorn in the README, can you check them? Thanks! Aurélien

1 0

Re: [Mailman-Developers] Deploying postorius and mailman-bundle
by Aurelien Bompard April 28, 2014

April 28, 2014

> While I was trying to deploy using nginx and > uwsgi/gunicorn I found that they expect the script to have .py extension > and not .wsgi. All new django versions currently create a wsgi.py file along > with the project itself. So I was thinking we should change that in our code too. OK, this file is actually generated by the djangorecipe Buildout recipe, but fortunately there's a configuration option for the script name. I'll fix it. Aurélien

1 0

Re: [Mailman-Developers] Bug in mailman-bundler
by Aurelien Bompard April 28, 2014

April 28, 2014

Hey Abhilash! > I was trying out mailman-bundler and have setup a demo here [1]. I notice > that with 'USE_SSL=True' in development.py deployment settings, there is a > redirect loop while logging in[2]. I had to disable it to deploy. Hmm, this parameter should be ignored if DEBUG is True. But you're right, I had already seen this happen on Florian's install, so I'll just disable it in deployment.py just to be sure. > (The demo server still needs to be hooked up with postfix). Yes, and the bundler generates configuration examples for Postfix, so it should be rather easy. > Also maybe you can configure your launchpad repo of mailman-bundler to > handle bug reporting? I saw that it needs to be enabled for individual > repositories. Right, I missed that. Done now, thanks. Aurélien

1 0

Bug in mailman-bundler
by Abhilash Raj April 28, 2014

April 28, 2014

Hi Aurelien, I was trying out mailman-bundler and have setup a demo here [1]. I notice that with 'USE_SSL=True' in development.py deployment settings, there is a redirect loop while logging in[2]. I had to disable it to deploy. (The demo server still needs to be hooked up with postfix). Also maybe you can configure your launchpad repo of mailman-bundler to handle bug reporting? I saw that it needs to be enabled for individual repositories. thanks, Abhilash [1]: http://mailman.asynchronous.in [2]: https://mailman.asynchronous.in/archives/accounts/login/?next=/archives/

1 0