Mailman-Users December 2021

mailman-users@python.org

24 participants
18 discussions

Problem with outlook.com
by nikos 15 Jun '22

15 Jun '22

Hello list. For some reason none of hotmail or outlook users don't receive any of our newsletter. Finally all of them auto unsubscribe. The following is an error received form protection.outlook.com: Remote Server returned '550 5.6.0 CAT.InvalidContent.Exception: ExchangeDataException, Decoding of header Subject failed+ADs- raw value: +AFs-Ps+AF0- +AD0-?iso8859-7?b?wer98fnz5yDF8OX05enh6t7yIOXq5N7r+-fPn8iDz9Oft?+AD0-; cannot handle content of message That happened since September 10th this year. Before, all received without problem. Any suggestions? Thank you in advance. Nikos.

5 9

Re: [Mailman-Users] Automate Moderator Functions
by Andre de Azevedo Cunha 18 Apr '22

18 Apr '22

Hi, i`m trying to reject messages bigger then MAX_MESSAGE_SIZE. I configured my Hold.py was described bellow: replaced hold_for_approval(mlist, msg, msgdata, _ MessageTooBig(bodylen,_mlist.max_message_size)) with rej = MessageTooBig(bodylen, mlist.max_message_size) _ raise Errors.RejectMessage, rej.reason_notice_ The message was rejected, but the sender dont receive any notify about that. The mailman vette log too. How can i solve this? Thanks, André Dennis Putnam wrote: > >I am getting back to this and I have a question about maintenance. What >is the correct way to modify this so that it will not get destroyed by >updates? There are two ways to proceed. You can modify Mailman/Handlers/Hold.py itself, but before overwriting it, make a "diff -u" between the base Hold.py and your modified version to use as a patch to apply after any upgrade. A better way is to leave Hold.py unchanged and make your own edited version as say Mailman/Handlers/MyHold.py. Then you can replace the base Hold.py Module with your MyHold.py by putting GLOBAL_PIPELINE[GLOBAL_PIPELINE.index('Hold')] = 'MyHold' in mm_cfg.py. Note that if you are going to do this, and you want also to move MimeDel before Hold, you must either put the above line after the lines GLOBAL_PIPELINE.remove('MimeDel') GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') in mm_cfg.py or put it before, but then also change GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') to GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('MyHold'), 'MimeDel') I recommend the former as in # # Put MimeDel ahead of Hold so "too big" is based on content filtered # message. # GLOBAL_PIPELINE.remove('MimeDel') GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') # # Replace Hold with local version # GLOBAL_PIPELINE[GLOBAL_PIPELINE.index('Hold')] = 'MyHold' Since mm_cfg.py survives upgrades, this should survive. >Also does this same procedure apply to other automatic rejections such >as implicit destination? >On 9/24/2012 8:43 PM, Mark Sapiro wrote: >> >> To automatically reject or discard messages that exceed the list's size >> limit, find the section of the Mailman/Handlers/Hold.py that ends with >> the lines >> >> >> if bodylen/1024.0 > mlist.max_message_size: >> hold_for_approval(mlist, msg, msgdata, >> MessageTooBig(bodylen, >> mlist.max_message_size)) >> # no return >> >> (there is one wrapped line in the above) and replace >> >> hold_for_approval(mlist, msg, msgdata, >> MessageTooBig(bodylen, >> mlist.max_message_size)) >> >> with >> >> rej = MessageTooBig(bodylen, mlist.max_message_size)) >> raise Errors.RejectMessage, rej.reason_notice >> >> to reject the message or with >> >> raise Errors.DiscardMessage >> >> to discard the message. Note that this will not honor the list's >> forward_auto_discards setting. to do that you would need to put >> >> from Mailman.Handlers.Moderate import do_discard >> >> with the other imports near the beginning of the >> Mailman.Handlers.hold.py module and then replace the lines with >> >> do_discard(mlist, msg) Yes, similar changes would apply to other holds in Hold.py. -- Mark Sapiro <mark at msapiro.net [1]> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan -- Links: ------ [1] http://mail.python.org/mailman/listinfo/mailman-users

2 11

Newbie User
by David Elliott 17 Mar '22

17 Mar '22

Hi, I am a newbie to Mailman and cpanel and I need some help, please. I have set up a mailing list for my tennis club (about 300 on list) and it seems to work ok BUT each recipient only sees the mailing list name rather than his own email name in the 'to' box. One of the recipients recently did a 'reply to all' and consequently sent his reply to the whole mailing list. I'm sure there must be a way to prevent this but I can't find it! David Elliott

5 6

Munge without CC or Reply-To
by Diez 22 Feb '22

22 Feb '22

Hello. I'm new at this list. I'm trying to setup a list (I'm not the site admin), and I'd like to use Munge From setting, but I'd like not have Reply-To field or CC field, but I suspect is not possible. I was testing with anonymous_list, but the problem is that only a certain member should send some kind of calls, but with anonymous_list anyone could send it. I'm setting up with 2.1.23 version. Regards and thanks in advanced and sorry for my bad english

6 10

reject on require_explicit_destination max_num_recipients
by Russell Clemings 18 Dec '21

18 Dec '21

Just to confirm I'm not missing something, am I correct that there is no way (other than patching) in Mailman 2.1.37 to automatically reject posts that trigger the require_explicit_destination or max_num_recipients limits?

2 1

Should CSRF check disregard case of addresses?
by Sebastian Hagedorn 14 Dec '21

14 Dec '21

Hi, thanks for the recent security fixes regarding potential CSRF attacks! I checked our mischief logs for relevant messages today and the only one I found was this: Nov 24 19:33:24 2021 (117276) Form for user xxx(a)smail.uni-koeln.de submitted with CSRF token issued for xxx(a)smail.Uni-Koeln.de. The only difference is in the case of the email address. I’m no expert on CSRF attacks, but to me it seems as though the comparison should perhaps disregard differences in case only? Thanks, Sebastian -- .:.Sebastian Hagedorn - Weyertal 121 (Gebäude 133), Zimmer 2.02.:. .:.Regionales Rechenzentrum (RRZK).:. .:.Universität zu Köln / Cologne University - ✆ +49-221-470-89578.:.

5 7

Mailman 2.1.39 Release
by Mark Sapiro 13 Dec '21

13 Dec '21

I am pleased to announce the release of Mailman 2.1.39. This is a bug fix release. It fixes https://bugs.launchpad.net/mailman/+bug/1954694 This addresses two issues. The fix for CVE-2021-42097 was case sensitive and should not be. The fix for CVE-2021-44227 introduced a potential NameError in logging. This could cause a user's changes to the option's page to not be accepted and perhaps cause a `We hit a bug` response if the user visited the page with a mixed- or upper-case email address For those who just want a patch one is attached to the bug report. As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1 branch from the GNU Mailman project. There has been some discussion as to what this means. It means there will be no more releases from the GNU Mailman project containing any new features. There may be future patch releases to address the following: i18n updates. security issues. bugs affecting operation for which no satisfactory workaround exists. Mailman 2.1.39 is the ninth such patch release. Mailman is free software for managing email mailing lists and e-newsletters. Mailman is used for all the python.org and SourceForge.net mailing lists, as well as at hundreds of other sites. For more information, please see our web site at one of: http://www.list.org https://www.gnu.org/software/mailman http://mailman.sourceforge.net/ Mailman 2.1.39 can be downloaded from https://launchpad.net/mailman/2.1/ https://ftp.gnu.org/gnu/mailman/ https://sourceforge.net/projects/mailman/ -- Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan

1 0

is log4j2 leveraged in Mailman version 2.1.14-1?
by John Lake 12 Dec '21

12 Dec '21

Good morning and Happy Friday! You may have seen this exploit announcement today, our IT department at the university is in triage mode: https://www.lunasec.io/docs/blog/log4j-zero-day/#affected-apache-log4j2-ver… Does Mailman version 2.1.14-1 utilize Java logging library log4j2 and if so, what version does it use? These are the affected versions: Affected Apache log4j2 Versions<https://www.lunasec.io/docs/blog/log4j-zero-day/#affected-apache-log4j2-ver…> 2.0 <= Apache log4j <= 2.14.1 Thanks in advance for your input! John

4 6

{Spam?} in subject lines.
by Adam Morris 10 Dec '21

10 Dec '21

Hi all, I realised I asked about this recently. on lists I run I don't have this appearing in subject lines where messages are sent from g mail and other domains. For a list I don't run messages sent from g mail and other providers have this in the subject line. Wondering what settings need changing on the list this is happening with? TIA. -- Adam Morris Mobile: 0414 431105 Email, iMessage & FaceTime adam(a)damorris.com

5 4

OFF-TOPIC: Free Tickets for InboxExpo
by Kevin A. McGrail 10 Dec '21

10 Dec '21

Hello All, I'm giving the keynote at the 3rd SparkPost InboxExpo�on Dec 14th in Valencia Spain at 9AM Central European Time.�This event is perhaps the largest scale event for the email industry AND the first 30 people can register at https://inboxexpo.com/KAM/ or PM me for a free online promo code. I hope you can make it, heckle me, and share this event dedicated to Ray Tomlinson and 50 years of email! #QWERTYUIOP <https://www.linkedin.com/feed/hashtag/?keywords=qwertyuiop&highlightedUpdat…> Free tickets too good to be tree?�InboxExpo could use your support.�I donated $100 and hope you might donate a few bucks and attend the hybrid event. https://lnkd.in/d27B96Tw & https://lnkd.in/dEKwZ3vr P.S.: Spammers Suck #KAM <https://www.linkedin.com/feed/hashtag/?keywords=kam&highlightedUpdateUrns=u…> #INBOXEXPO <https://www.linkedin.com/feed/hashtag/?keywords=inboxexpo&highlightedUpdate…> Regards, KAM

1 0