Finally got some time set aside to upgrade to mailman 2.1 on my Red Hat 7.3 system. After upgrading Python to 2.2.2 (which was very smooth) and copying /home/mailman to /usr/local/mailman, the upgrade was bumpy. Four mailing lists caused python tracebacks during "make install" - had to chmod 0 the directories to proceed. I can manually recreate these 4 lists, if I can get that far. I did have to set the with-gid to apache.
But the 2.1 system has a cookie problem when subscribing users through the web admin interface. Every mouse click generates a warning about needing cookies enabled and insisting that I enter the password. Once I do, it goes to the next screen but doesn't do any work.
I've tried two browsers to make sure it wasn't the client. Both browsers work fine with the old mailman, which I've backed out to.
My web servers is Apache (nee RH 7.3) and the client is a Red Hat 8.0 system running Mozilla and Galeon as the browsers.
Are there any known cookie issues (the FAQ is silent on the subject) or suggested fixes or workarounds?
Thanks,
Mary Ann
I was nosing around the SpamCop website, because I was trying to report some b*stard that keeps spamming my main address, adn I found the following paragraphs
In order to avoid spamming, mailing lists must implement a secure opt-in procedure. Many so-called "opt-in" lists are nothing of the sort. Beware anyone who wants to sell you lists. You will be disappointed.
I cannot stress strongly enough the need for secure opt-in. Many web-sites now feature "click-through" confirmation, or checkboxes which must be unchecked. However the initial sign up is accomplished, whether on a web site, or by email - the final confirmation phase must include a random code which is emailed to the intended recipient. If that code is not returned by the user, you must not add the address to your list. If you do not follow this procedure, you will inevitably spam somebody, whether or not that is your intent.
If you implement this type of secure opt-in, and one of your subscribers has still reported your mailing as spam, please gather all the data on the incident and report it. If you do not have a working opt-in process, you should clean your list by reconfirming all subscribers using a secure opt-in procedure as described above. The most important part of this confirmation is that if a subscriber takes no action, then that subscriber is de-listed.
The bit that intrested me, was the final part, how can I reconfirm all my subscribers??
On Mon, Jan 20, 2003 at 04:56:58PM -0000, Angel Gabriel wrote:
Send email to each list advising that you'll unsubscribe everybody on xx day and they'll need to re-subscribe. Set up a procmail front-end on each list that saves copies of all list-request mail.
Or ignore Julian Haight and his SpamCop site. He's trying to set himself
up as legislature, judge, jury, and executioner all rolled into one.
Nobody's benevolent and fair enough be allowed to do that. Let him get
his kicks by purchasing an old police car and driving around town in blue
khakis wearing dime-store tin badge, instead.
If spam is troubling you, consider installing SpamAssassin (but configure it not to use SpamCop's lists). SpamAssassin does pretty well all by itself by just looking for patterns, and it calls on several blacklist services in addition. Actively maintained, it is doing a pretty good job here at screening out spam from several very actively-spammed mailboxes: 8:1 incoming spam to substance ratio in two of them. Better, it gets very few false positives.
SpamAssassin uses Vipul's Razor, a blacklisting service also known as SpamNet. Individual spams are quickly cataloged and a cryptographic hash of the body of the spam propogated to numerous Razor servers. Your incoming mail is checked by SpamAssassin against known hashes, and scored as possible spam on a match. If other factors also suggest it is spam, SpamAssassin will add a header which can then be filtered on.
Duplicate incoming mail can be detected and sidelined using a filter I recently published in this forum. I'm testing an updated version whose database doesn't grow without limit. If you're getting a lot of the same spam, you can eliminate all but the first copy with this filter, and eliminate those annoying multiple CCs of other mail, too.
Procmail is your friend with respect to all this. Everybody here uses a procmail recipe to sort incoming mail, calling filters as desired, sidelining mail from particular senders or sites. The manpage is a bit formidable but once you get the hang of it, procmail recipes are quite easy to write and maintain.
There's some interesting work going on with Bayesian filters. These score spam based on word frequencies. I've tried a couple, but so far found the results much inferior to those of SpamAssasssin.
--
Dan Wilder <dan@ssc.com> Technical Manager SSC, Inc. P.O. Box 55549 Phone: 206-782-8808 Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
"Angel Gabriel" <badmangabriel@lycos.co.uk> wrote in message news:NHBBLHLGKLGFMDNCJJENOEOFCAAA.badmangabriel@lycos.co.uk...
The bit that intrested me, was the final part, how can I reconfirm all my subscribers??
Simply sending the monthly password reminder should be sufficient.
david
On Mon, Jan 20, 2003 at 12:04:16PM -0600, David Gibbs wrote:
Which confirms that the recipient email address exists. It does not confirm that each subscriber wanted to be on your list.
I believe the latter is what the website Angel mentions urges, and would require of all of us, had they means to do so.
--
Dan Wilder <dan@ssc.com> Technical Manager SSC, Inc. P.O. Box 55549 Phone: 206-782-8808 Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
"Dan Wilder" <dan@ssc.com> wrote in message news:20030120102827.A27822@ssc.com...
The password reminder informs someone how they can unsubscribe ... so what difference does it make? If they don't want to be on the list anymore, they should just unsubscribe.
As long as the list policy is 'confirm' on subscribe, you know they wanted to be subscribed in the first place.
JMHO, of course.
david
OH OKAY! **duh** I've never got a password reminder, because I run the lists! But I'll set up a test list and see what it looks like! I understand now!
-----Original Message----- From: mailman-users-bounces+badmangabriel=lycos.co.uk@python.org [mailto:mailman-users-bounces+badmangabriel=lycos.co.uk@python.org]On Behalf Of David Gibbs Sent: Monday, January 20, 2003 7:17 PM To: mailman-users@python.org Subject: [Mailman-Users] Re: Re: Cleaning my mailing lists
"Dan Wilder" <dan@ssc.com> wrote in message news:20030120102827.A27822@ssc.com..
The password reminder informs someone how they can unsubscribe ... so what difference does it make? If they don't want to be on the list anymore, they should just unsubscribe
As long as the list policy is 'confirm' on subscribe, you know they wanted to be subscribed in the first place
JMHO, of course
david
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: badmangabriel@lycos.co.uk Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/badmangabriel%40lycos.c o.uk
I'm thinking of adding a DNS to my network, it currently doesn't have it, some when mail outs go out they take a bit of time. What I would like to do, is add a DNS server to the same subnet as mine, and have my DHCP server make reference to it as the DNS server.
My question is, would it be quicker to have the DNS on the same machine as mailman, I'm using Postfix by the way, *go postfix!*
On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:
Yes, sometimes very significantly.
-- Chuq Von Rospach, Architech chuqui@plaidworks.com -- http://www.plaidworks.com/chuqui/blog/
Yes, I am an agent of Satan, but my duties are largely ceremonial.
Damn, this posses a problem! I'm going to have to make do with having a DNS server on the same subnet, and when I get the chance, I'll link the two via secondary network cards, and a seperate hub. That way, it should be as fast as it can go.
-----Original Message----- From: Chuq Von Rospach [mailto:chuqui@plaidworks.com] Sent: Monday, January 20, 2003 10:16 PM To: Angel Gabriel Cc: mailman-users@python.org Subject: Re: [Mailman-Users] Local DNS vs. DNS on the same subnet
On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:
Yes, sometimes very significantly
-- Chuq Von Rospach, Architech chuqui@plaidworks.com -- http://www.plaidworks.com/chuqui/blog/
Yes, I am an agent of Satan, but my duties are largely ceremonial
.
On Saturday, January 18, 2003, at 08:45 PM, Mary Ann Horton wrote:
Are there any known cookie issues (the FAQ is silent on the subject)
or suggested fixes or workarounds?
Yes. Mailman 2.0 cookies contain a :, which breaks Mailman 2.1 web auth
(because it breaks Python's cookie handling).
https://sourceforge.net/tracker/ index.php?func=detail&aid=664466&group_id=103&atid=100103
The workaround is to not have Mailman 2.0 cookies with the same URI (ie
/mailman) as your 2.1 lists for your host in your browser.
If you're using a sane browser (anything other than IE), you should be
able to delete your cookies using your browser's cookie manager and
have it work. In theory Mailman cookies (both 2.0 and 2.1) should be
removed when you exit the browser as well, but I've found this may not
be the case with IE - it may require a reboot, probably because IE
doesn't actually exit when you close the app.
If you've moved *all* your Mailman 2.0 lists to 2.1, this should be a
one-time thing - once you have the 2.0 cookies removed, they shouldn't
come back. If you've only moved some of your lists and are running both
in the same URI on your site, this is a huge pain in the ass.
Bryan
I was nosing around the SpamCop website, because I was trying to report some b*stard that keeps spamming my main address, adn I found the following paragraphs
In order to avoid spamming, mailing lists must implement a secure opt-in procedure. Many so-called "opt-in" lists are nothing of the sort. Beware anyone who wants to sell you lists. You will be disappointed.
I cannot stress strongly enough the need for secure opt-in. Many web-sites now feature "click-through" confirmation, or checkboxes which must be unchecked. However the initial sign up is accomplished, whether on a web site, or by email - the final confirmation phase must include a random code which is emailed to the intended recipient. If that code is not returned by the user, you must not add the address to your list. If you do not follow this procedure, you will inevitably spam somebody, whether or not that is your intent.
If you implement this type of secure opt-in, and one of your subscribers has still reported your mailing as spam, please gather all the data on the incident and report it. If you do not have a working opt-in process, you should clean your list by reconfirming all subscribers using a secure opt-in procedure as described above. The most important part of this confirmation is that if a subscriber takes no action, then that subscriber is de-listed.
The bit that intrested me, was the final part, how can I reconfirm all my subscribers??
On Mon, Jan 20, 2003 at 04:56:58PM -0000, Angel Gabriel wrote:
Send email to each list advising that you'll unsubscribe everybody on xx day and they'll need to re-subscribe. Set up a procmail front-end on each list that saves copies of all list-request mail.
Or ignore Julian Haight and his SpamCop site. He's trying to set himself
up as legislature, judge, jury, and executioner all rolled into one.
Nobody's benevolent and fair enough be allowed to do that. Let him get
his kicks by purchasing an old police car and driving around town in blue
khakis wearing dime-store tin badge, instead.
If spam is troubling you, consider installing SpamAssassin (but configure it not to use SpamCop's lists). SpamAssassin does pretty well all by itself by just looking for patterns, and it calls on several blacklist services in addition. Actively maintained, it is doing a pretty good job here at screening out spam from several very actively-spammed mailboxes: 8:1 incoming spam to substance ratio in two of them. Better, it gets very few false positives.
SpamAssassin uses Vipul's Razor, a blacklisting service also known as SpamNet. Individual spams are quickly cataloged and a cryptographic hash of the body of the spam propogated to numerous Razor servers. Your incoming mail is checked by SpamAssassin against known hashes, and scored as possible spam on a match. If other factors also suggest it is spam, SpamAssassin will add a header which can then be filtered on.
Duplicate incoming mail can be detected and sidelined using a filter I recently published in this forum. I'm testing an updated version whose database doesn't grow without limit. If you're getting a lot of the same spam, you can eliminate all but the first copy with this filter, and eliminate those annoying multiple CCs of other mail, too.
Procmail is your friend with respect to all this. Everybody here uses a procmail recipe to sort incoming mail, calling filters as desired, sidelining mail from particular senders or sites. The manpage is a bit formidable but once you get the hang of it, procmail recipes are quite easy to write and maintain.
There's some interesting work going on with Bayesian filters. These score spam based on word frequencies. I've tried a couple, but so far found the results much inferior to those of SpamAssasssin.
--
Dan Wilder <dan@ssc.com> Technical Manager SSC, Inc. P.O. Box 55549 Phone: 206-782-8808 Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
"Angel Gabriel" <badmangabriel@lycos.co.uk> wrote in message news:NHBBLHLGKLGFMDNCJJENOEOFCAAA.badmangabriel@lycos.co.uk...
The bit that intrested me, was the final part, how can I reconfirm all my subscribers??
Simply sending the monthly password reminder should be sufficient.
david
On Mon, Jan 20, 2003 at 12:04:16PM -0600, David Gibbs wrote:
Which confirms that the recipient email address exists. It does not confirm that each subscriber wanted to be on your list.
I believe the latter is what the website Angel mentions urges, and would require of all of us, had they means to do so.
--
Dan Wilder <dan@ssc.com> Technical Manager SSC, Inc. P.O. Box 55549 Phone: 206-782-8808 Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
"Dan Wilder" <dan@ssc.com> wrote in message news:20030120102827.A27822@ssc.com...
The password reminder informs someone how they can unsubscribe ... so what difference does it make? If they don't want to be on the list anymore, they should just unsubscribe.
As long as the list policy is 'confirm' on subscribe, you know they wanted to be subscribed in the first place.
JMHO, of course.
david
OH OKAY! **duh** I've never got a password reminder, because I run the lists! But I'll set up a test list and see what it looks like! I understand now!
-----Original Message----- From: mailman-users-bounces+badmangabriel=lycos.co.uk@python.org [mailto:mailman-users-bounces+badmangabriel=lycos.co.uk@python.org]On Behalf Of David Gibbs Sent: Monday, January 20, 2003 7:17 PM To: mailman-users@python.org Subject: [Mailman-Users] Re: Re: Cleaning my mailing lists
"Dan Wilder" <dan@ssc.com> wrote in message news:20030120102827.A27822@ssc.com..
The password reminder informs someone how they can unsubscribe ... so what difference does it make? If they don't want to be on the list anymore, they should just unsubscribe
As long as the list policy is 'confirm' on subscribe, you know they wanted to be subscribed in the first place
JMHO, of course
david
Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: badmangabriel@lycos.co.uk Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/badmangabriel%40lycos.c o.uk
I'm thinking of adding a DNS to my network, it currently doesn't have it, some when mail outs go out they take a bit of time. What I would like to do, is add a DNS server to the same subnet as mine, and have my DHCP server make reference to it as the DNS server.
My question is, would it be quicker to have the DNS on the same machine as mailman, I'm using Postfix by the way, *go postfix!*
On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:
Yes, sometimes very significantly.
-- Chuq Von Rospach, Architech chuqui@plaidworks.com -- http://www.plaidworks.com/chuqui/blog/
Yes, I am an agent of Satan, but my duties are largely ceremonial.
Damn, this posses a problem! I'm going to have to make do with having a DNS server on the same subnet, and when I get the chance, I'll link the two via secondary network cards, and a seperate hub. That way, it should be as fast as it can go.
-----Original Message----- From: Chuq Von Rospach [mailto:chuqui@plaidworks.com] Sent: Monday, January 20, 2003 10:16 PM To: Angel Gabriel Cc: mailman-users@python.org Subject: Re: [Mailman-Users] Local DNS vs. DNS on the same subnet
On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:
Yes, sometimes very significantly
-- Chuq Von Rospach, Architech chuqui@plaidworks.com -- http://www.plaidworks.com/chuqui/blog/
Yes, I am an agent of Satan, but my duties are largely ceremonial
.
On Saturday, January 18, 2003, at 08:45 PM, Mary Ann Horton wrote:
Are there any known cookie issues (the FAQ is silent on the subject)
or suggested fixes or workarounds?
Yes. Mailman 2.0 cookies contain a :, which breaks Mailman 2.1 web auth
(because it breaks Python's cookie handling).
https://sourceforge.net/tracker/ index.php?func=detail&aid=664466&group_id=103&atid=100103
The workaround is to not have Mailman 2.0 cookies with the same URI (ie
/mailman) as your 2.1 lists for your host in your browser.
If you're using a sane browser (anything other than IE), you should be
able to delete your cookies using your browser's cookie manager and
have it work. In theory Mailman cookies (both 2.0 and 2.1) should be
removed when you exit the browser as well, but I've found this may not
be the case with IE - it may require a reboot, probably because IE
doesn't actually exit when you close the app.
If you've moved *all* your Mailman 2.0 lists to 2.1, this should be a
one-time thing - once you have the 2.0 cookies removed, they shouldn't
come back. If you've only moved some of your lists and are running both
in the same URI on your site, this is a huge pain in the ass.
Bryan
participants (6)
-
Angel Gabriel -
Bryan Fullerton -
Chuq Von Rospach -
Dan Wilder -
David Gibbs -
Mary Ann Horton