Apache ScriptAlias and POST
All,
I'm trying to get mailman up and running, using Apache as the web server, and I appear to have run into a fundamental and insoluble problem.
Now, please be gentle with me, it's a good 15 years since I last used Linux servers in anger, and I am very far from being an expert with Apache configuration, so there may be a very dumb question coming up.
I have the mailman lists working correctly, I can subscribe to lists, send messages, and so on. However, I have the apparently widespread problem that the admin web pages just silently ignore commands.
Reading through this list, I see that this is apparently due to the ScriptAlias redirection just silently dumping the data content of HTTP POST requests. Which seems a bit odd to me, but what do I know?
The standard installation of mailman uses the following httpd conf directives:
ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/ <Directory /usr/lib/mailman/cgi-bin/> AllowOverride None Options ExecCGI Require all granted </Directory>
This makes sense to me, redirecting calls to /mailman/<cgiscript> through to the directory in which those scripts are installed. But if the standard package setup uses HTTP POST, and ScriptAlias dumps HTTP POST data, how could this ever work?
The documentation says that the Exec directive can be used as an alternative, which would seem to side-step this problem, but I cannot find the Exec directive anywhere in the Apache documentation.
Can anyone provide a sample config that works, please? I'm thoroughly confused, and none of the threads I've found on this list show any kind of full solution.
Regards, Geoff
On 12/9/19 3:42 AM, Geoff Campbell wrote:
Reading through this list, I see that this is apparently due to the ScriptAlias redirection just silently dumping the data content of HTTP POST requests. Which seems a bit odd to me, but what do I know?
It is due to redirection losing POST data, but the culprit is not ScriptAlias. It is whatever you have in your Apache config that redirects http to https.
Can anyone provide a sample config that works, please? I'm thoroughly confused, and none of the threads I've found on this list show any kind of full solution.
I don't know why you couldn't find the answer in the archives. I'm suere it's there many times. The solution is in Mailman. You need to arange for form action URLs to be https, not http.
See the FAQ article at <https://wiki.list.org/x/4030602> for links to more info. In particular, see steps 2. and 3. at <https://wiki.list.org/x/17892007>.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Apologies in advance for the noobness, but I've searched the archives and googled this issue, but I'm hoping some experience can maybe see what I'm missing. This is the first Mailman list I've set up, but since I've already gone live I'm struggling to find a solution so I figured I better reach out...
Backstory: Migrating a list from yahoogroups to Mailman 2.1.23. List is up and running and tested great with 2-3 people, but found that I had to have it set to Wrap Message or it went into my spam folder. (I assume it's this setting that appends messages as attachments on some mail systems?) Toggling this back to "Munge to" setting sends it to spam. Selecting No sends it to spam folder. But when set to "Wrap message" it does not send it to spam, which leads me to think it's got to be something else in the settings I don't have correct. (Rather than it coming from a blacklisted source?)
E-mails from this list are arriving fine as well so I'm hoping to figure out what would be a known good list of general settings, as well as digest and non-digest settings so that I can at least eliminate them.
I've been searching for a known good Mailman settings to start off with, but to no avail. If anyone knows of some known good documentation so that I can at least eliminate how I've set the list up I'd be very grateful. My google-fu is usually pretty good, but I've not had any luck so far.
Usergroup I'm migrating has just over 1500 members and only some of us were seeing messages as attachments when I had it set to wrap message, but I'm hoping to find that sweet spot so that it works properly for all.
Thanks,
Rabin http://list.canam-peugeot.com/listinfo.cgi/peugeot-l-canam-peugeot.com
As per usual I find the issue AFTER I send in the e-mail for help. Turns out my ISP webmail client had a setting that ignored the safe sender list unless the bypass was checked off. So now I can at least get messages and advise others on what to look for to resolve if they run into similar issues.
I would still be interested in seeing and documentation on a known good list configuration to ensure there isn't anything that makes e-mails more susceptible to spam filters.
I'm still noodling around with set up, but at least my immediate issues appear to be resolved.
Thanks,
Rabin
On Mon, 09 Dec 2019 12:33:53 -0500, rabin505@sasktel.net wrote:
Apologies in advance for the noobness, but I've searched the archives and googled this issue, but I'm hoping some experience can maybe see what I'm missing. This is the first Mailman list I've set up, but since I've already gone live I'm struggling to find a solution so I figured I better reach out...
Backstory: Migrating a list from yahoogroups to Mailman 2.1.23. List is up and running and tested great with 2-3 people, but found that I had to have it set to Wrap Message or it went into my spam folder. (I assume it's this setting that appends messages as attachments on some mail systems?) Toggling this back to "Munge to" setting sends it to spam. Selecting No sends it to spam folder. But when set to "Wrap message" it does not send it to spam, which leads me to think it's got to be something else in the settings I don't have correct. (Rather than it coming from a blacklisted source?)
E-mails from this list are arriving fine as well so I'm hoping to figure out what would be a known good list of general settings, as well as digest and non-digest settings so that I can at least eliminate them.
I've been searching for a known good Mailman settings to start off with, but to no avail. If anyone knows of some known good documentation so that I can at least eliminate how I've set the list up I'd be very grateful. My google-fu is usually pretty good, but I've not had any luck so far.
Usergroup I'm migrating has just over 1500 members and only some of us were seeing messages as attachments when I had it set to wrap message, but I'm hoping to find that sweet spot so that it works properly for all.
Thanks,
Rabin http://list.canam-peugeot.com/listinfo.cgi/peugeot-l-canam-peugeot.com
rabin505@sasktel.net writes:
I would still be interested in seeing and documentation on a known good list configuration to ensure
That doesn't exist. Spam fighters generally believe their users would rather lose mail than receive spam, and act aggressively on that belief. Some sites have worse problems, like leaking over 100 million user address books, and they act even more aggressively.
Also, in general it's not the list configuration that triggers spam filters. It's general site reputation and message content. I don't know why your webmail likes Wrapped messages so much.
What you can do to protect your site's reputation:
- Check that your IP address is not in any DNS block lists. If it is, sometimes you can request a new allocation.
- Spam filter mail incoming to Mailman aggressively.
- If you have human mail users on the host, or lots of services running, you might want to filter on outgoing mail as well.
- Use DKIM (and optionally SPF) to authenticate your outgoing messages.
- (Optionally) participate in DMARC (not terribly useful for a Mailman site usually).
- Use the ARC protocol to placate some sites (ARC usage is not universal yet, and AFAIK there are as yet no best practices for when to trust ARC-based claims of verified authentication). ARC, like most of these protocols, is best implemented in the MTA. However, Mailman 3 does have an option to implement ARC in Mailman. (This will probably not ever be backported to Mailman 2; for Mailman 2 ARC can only be implemented by your MTA.)
I'm not sure what to say about content. My own site has obnoxiously high rates for both false positives and false negatives, and I have not been able to detect a pattern for these errors. :-(
Steve
Mark,
It is due to redirection losing POST data, but the culprit is not ScriptAlias. It is whatever you have in your Apache config that redirects http to https.
Ah, interesting.
I don't know why you couldn't find the answer in the archives.
Well, I think the answer there is that there are many different answers, all giving multiple paths to a solution, and I got routed off down the incorrect little rat-hole.
Thanks for the pointers, I'll work through them in the morning but I suspect the configuration I want is easily available from them now that I have your pointers, having had a quick glance through.
Regards, Geoff
Mark,
Thanks very much for your pointer, the addition of a DEFAULT_URL_PATTERN as per the article you linked to solved my problem immediately.
Regards, Geoff
On Mon, 9 Dec 2019 at 21:25, Geoff Campbell <geoff.campbell@internetworking.co.uk> wrote:
Mark,
It is due to redirection losing POST data, but the culprit is not ScriptAlias. It is whatever you have in your Apache config that redirects http to https.
Ah, interesting.
I don't know why you couldn't find the answer in the archives.
Well, I think the answer there is that there are many different answers, all giving multiple paths to a solution, and I got routed off down the incorrect little rat-hole.
Thanks for the pointers, I'll work through them in the morning but I suspect the configuration I want is easily available from them now that I have your pointers, having had a quick glance through.
Regards, Geoff
participants (4)
-
Geoff Campbell -
Mark Sapiro -
rabin505@sasktel.net -
Stephen J. Turnbull