From noreply at sourceforge.net Wed Jun 1 00:15:27 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 31 May 2005 15:15:27 -0700 Subject: [ mailman-Bugs-907272 ] URL given in UPGRADING no longer valid Message-ID: Bugs item #907272, was opened at 2004-02-29 23:10 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=907272&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: documentation Group: Out of Date >Status: Closed >Resolution: Out of Date Priority: 5 Submitted By: Nathan Stratton Treadway (nathanst) Assigned to: Nobody/Anonymous (nobody) Summary: URL given in UPGRADING no longer valid Initial Comment: I was just looking at the INSTALL document out of the CSV (both the HEAD version and v2.11.2.1 that was included in Mailman 2.1.4). This document mentions the URL http://mail.python.org/pipermail/mailman-users/2000-September/006826.html which is supposed to be a message about upgrading the list template files -- but the proper message is no longer found at that URL. I believe the intended message is now found at http://mail.python.org/pipermail/mailman-users/2000-September/006822.html If that's the right message, it problably makes sense to give a little info to help people find the correct message if it moves again (i.e. message dated Thu Sep 21 21:59:16 EDT 2000 and having a subject line of "quick note for those ugrading mailman". (Or, just quote the message directly in the INSTALL document; it's not too long...) Thanks. ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-05-31 18:15 Message: Logged In: YES user_id=12800 The INSTALL file was substantially rewritten for Mailman 2.1.6. ---------------------------------------------------------------------- Comment By: Nathan Stratton Treadway (nathanst) Date: 2004-02-29 23:47 Message: Logged In: YES user_id=987478 Sorry, the file I was looking at was "UPGRADING", not "INSTALL". ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=907272&group_id=103 From noreply at sourceforge.net Wed Jun 1 00:34:59 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 31 May 2005 15:34:59 -0700 Subject: [ mailman-Bugs-949117 ] 2.1.5rc2 upgrade dies on corrupt qfiles Message-ID: Bugs item #949117, was opened at 2004-05-06 08:16 Message generated for change (Settings changed) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=949117&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: configuring/installing Group: 2.1 (stable) >Status: Closed >Resolution: Fixed Priority: 5 Submitted By: Brion Vibber (vibber) Assigned to: Nobody/Anonymous (nobody) Summary: 2.1.5rc2 upgrade dies on corrupt qfiles Initial Comment: Upgrading from 2.1.2 to 2.1.5rc2; a couple of the .pck files in qfiles/shunt were zero-length for reasons unknown. This caused the upgrade (make install) to fail with this message: updating old qfiles Traceback (most recent call last): File "bin/update", line 780, in ? errors = main() File "bin/update", line 709, in main update_qfiles() File "bin/update", line 441, in update_qfiles msg, data = dequeue(filebase) File "bin/update", line 497, in dequeue msg = cPickle.load(msgfp) EOFError make: *** [update] Error 1 Removing the zero-length files cleared that up. I did have one other problem; while investigating the first bit I dumped some info to a text file in qfiles, and the next make install failed with this error: updating old qfiles Traceback (most recent call last): File "bin/update", line 780, in ? errors = main() File "bin/update", line 709, in main update_qfiles() File "bin/update", line 434, in update_qfiles for filename in os.listdir(dirpath): OSError: [Errno 20] Not a directory: '/home/mailman/qfiles/blork' make: *** [update] Error 1 At least that had the filename in it. ;) Removed the file, and it installed/upgraded cleanly. So far so good... ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-05-31 18:34 Message: Logged In: YES user_id=12800 Fixed for MM2.1.7 ---------------------------------------------------------------------- Comment By: John Mora (jmoraragweed) Date: 2004-05-25 10:34 Message: Logged In: YES user_id=605434 I have the same problem when trying to update to 2.1.5 release from Mailman version 2.1.4. I have no zero-length files in qfiles/shunt. My error is similar, but I'm not certain the two are related. I'm posting it for lack of knowing better: Updating Usenet watermarks - nothing to update here Nothing to do. updating old qfiles Traceback (most recent call last): File "bin/update", line 780, in ? errors = main() File "bin/update", line 709, in main update_qfiles() File "bin/update", line 441, in update_qfiles msg, data = dequeue(filebase) File "bin/update", line 497, in dequeue msg = cPickle.load(msgfp) EOFError make: *** [update] Error 1 ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=949117&group_id=103 From noreply at sourceforge.net Wed Jun 1 23:03:38 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 01 Jun 2005 14:03:38 -0700 Subject: [ mailman-Feature Requests-1213056 ] list of allowed addresses under privacy options Message-ID: Feature Requests item #1213056, was opened at 2005-06-01 14:03 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1213056&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Aaron Martin (aaronmartin) Assigned to: Nobody/Anonymous (nobody) Summary: list of allowed addresses under privacy options Initial Comment: Under "Privacy options" it would be have more options for banning/ allowing subscribers. The ban_list is good, but if a list admin is looking to restrict membership to a handful of domains, the regular expression gets cumbersome (trying to invert certain portions of the regular expression). I implemented a regex example that I found on the web and thought that I had it working, only to check it once more and find out that nobody could subscribe. One system would be to have an admin configureable setting to have either a ban_list or an allow_only_list (maybe even just one flag that changes the usage of the ban_list to be more of a ban except from list). That is, if an address is not in the list, ban it. A more elaborate setup could be something more like the sender filters (ie: take one action if the address is specifically allowed to subscribe, take another if the address is specifically banned and take yet another action if the address falls through both conditions). This more elaborate configuration would require more additional config entries (??? allow_list, allow_list_action, ban_list_action, other_action). ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1213056&group_id=103 From noreply at sourceforge.net Tue Jun 7 19:20:21 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 07 Jun 2005 10:20:21 -0700 Subject: [ mailman-Bugs-1216556 ] purge all pending administration requests Message-ID: Bugs item #1216556, was opened at 2005-06-07 17:20 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1216556&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Ken Yee (kenyee) Assigned to: Nobody/Anonymous (nobody) Summary: purge all pending administration requests Initial Comment: Ever have a list get targetted by spammers? A list I moderate is on Mailman 2.1.5 and when you click on the "tend to pending moderator requests", it just sits there trying to load the page w/ a gazillion spammer attempts to send to the list (which only allows posting by approved members). We need a way to purge requests after N days or have a "catch up" button that purges everything... ken ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1216556&group_id=103 From noreply at sourceforge.net Tue Jun 7 19:40:22 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 07 Jun 2005 10:40:22 -0700 Subject: [ mailman-Bugs-1216556 ] purge all pending administration requests Message-ID: Bugs item #1216556, was opened at 2005-06-07 13:20 Message generated for change (Settings changed) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1216556&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 2.1 (stable) >Status: Closed >Resolution: Out of Date Priority: 5 Submitted By: Ken Yee (kenyee) Assigned to: Nobody/Anonymous (nobody) Summary: purge all pending administration requests Initial Comment: Ever have a list get targetted by spammers? A list I moderate is on Mailman 2.1.5 and when you click on the "tend to pending moderator requests", it just sits there trying to load the page w/ a gazillion spammer attempts to send to the list (which only allows posting by approved members). We need a way to purge requests after N days or have a "catch up" button that purges everything... ken ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-06-07 13:40 Message: Logged In: YES user_id=12800 Mailman 2.1.6 can be set up to auto-discard pending messages after a certain period of time. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1216556&group_id=103 From noreply at sourceforge.net Sat Jun 11 18:27:38 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 11 Jun 2005 09:27:38 -0700 Subject: [ mailman-Bugs-1218827 ] please do not put the list footer in attachment if possible Message-ID: Bugs item #1218827, was opened at 2005-06-11 18:27 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1218827&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Nagy G?bor P?ter (bagoy) Assigned to: Nobody/Anonymous (nobody) Summary: please do not put the list footer in attachment if possible Initial Comment: I manage a list, for a long time it was running on mailman 2.0.11, now it was upgraded to 2.1.5 I was happy to see that I could set the list language to our language, but soon people started to complain because of the list footer. The old version has just added the footer at the bottom of every message, and we never had a problem with that. The new one tries to be smart, and from time to time it puts the footer in another mime part, with different encoding. While I realize that this is good in certain cases, most of the time it is useless. Our list footer contains ascii characters only. Those ascii characters could be simply added at the end of any latin1, latin2, or utf8 messages without any problem. Now it seems that even though I did not put any 8 bit characters in the footer, mailman always kept the footer latin2. (because of the list language). Now I have set the list language to english, so we have the same footer, but this time it is (correctly) us-ascii. Still, sometimes I receive emails, where the us-ascii footer was not added at the end of an email. Today for example there was a utf8 mail on the list, and the footer came as an attachment. Please try to find a way to recognize the possible combinations, and try to avoid creating a new attachment. It seems that most of the list members use some microsoft email clients, and all but one m$ clients don't show the footer inline. And all the clients (opera and netscape too, I was told) shows the attachment sign for all these messages, and people don't know which mails have "real" attachments, and which ones have only the footer attached. Cheers, Gabor ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1218827&group_id=103 From noreply at sourceforge.net Sun Jun 12 15:33:53 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Sun, 12 Jun 2005 06:33:53 -0700 Subject: [ mailman-Patches-1160353 ] XHTML Compliant Web UI Message-ID: Patches item #1160353, was opened at 2005-03-09 21:40 Message generated for change (Comment added) made by carbonnb You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1160353&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Web UI Group: Mailman 2.1 Status: Open Resolution: None Priority: 5 Submitted By: Bryan Carbonnell (carbonnb) Assigned to: Nobody/Anonymous (nobody) Summary: XHTML Compliant Web UI Initial Comment: This is a patch that will make the Web UI XHTML 1.0 Strict compliant. Currently I only have the listinfo pages XHTML compliant, but as time goes by I'm going to make the entire UI compliant. This also allows some small amount of CSS formatting as well. Hopefully this will be of use to somebody. ---------------------------------------------------------------------- >Comment By: Bryan Carbonnell (carbonnb) Date: 2005-06-12 09:33 Message: Logged In: YES user_id=449953 This latest patch makes the entire web UI XHTML 1.0 strict compliant including the archive. To use this patch, unzip it, switch to your source directory and issue the command patch -p1 Bugs item #1219449, was opened at 2005-06-12 21:59 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1219449&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: Pipermail Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Matthew England (mengland) Assigned to: Nobody/Anonymous (nobody) Summary: Virtual domain link not working on pipermail "blank" list Initial Comment: The "more information about this list" link for 2.1.6rc4, when generated from pipermail link for a list that has yet to receive an email, points to the domain's default Mailman web host domain instead of the "virtual" domain that that is supporting said list. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1219449&group_id=103 From noreply at sourceforge.net Mon Jun 13 14:59:47 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 13 Jun 2005 05:59:47 -0700 Subject: [ mailman-Bugs-1219686 ] qmail-to-mailman.py virtual domains requires manual changes Message-ID: Bugs item #1219686, was opened at 2005-06-13 07:59 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1219686&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: command line scripts Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Matthew England (mengland) Assigned to: Nobody/Anonymous (nobody) Summary: qmail-to-mailman.py virtual domains requires manual changes Initial Comment: I find that if I want to support qmail-to-mailman.py for multiple virtual domains I must add a: local = re.sub("^lists.newdomain.tld-","",local) line for every virtual domain. Could qmail-to-mailman.py be changed to support all virtual domains with the same general code without manual changes? -Matt ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1219686&group_id=103 From noreply at sourceforge.net Mon Jun 13 18:42:39 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 13 Jun 2005 09:42:39 -0700 Subject: [ mailman-Feature Requests-748370 ] Would like alternate actions for anti-spam filters Message-ID: Feature Requests item #748370, was opened at 2003-06-03 11:46 Message generated for change (Comment added) made by msapiro You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=748370&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: John DuBois (jhdiii) Assigned to: Nobody/Anonymous (nobody) Summary: Would like alternate actions for anti-spam filters Initial Comment: Currently, the only option for spam processing is to hold it for approval. Would like the options of reject & discard. It would also be nice if the spam filter could be configured to take place before sender filtering, so that a members-only list could be configured to hold posts by non-members, but only in the case of messages that get past the spam filtering. ---------------------------------------------------------------------- Comment By: Mark Sapiro (msapiro) Date: 2005-06-13 09:42 Message: Logged In: YES user_id=1123998 In recent Mailman versions, Privacy options...->Spam filters->header_filter_rules does all you ask. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=748370&group_id=103 From noreply at sourceforge.net Mon Jun 13 20:47:37 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 13 Jun 2005 11:47:37 -0700 Subject: [ mailman-Feature Requests-1219887 ] switch to not send body of spam to owner Message-ID: Feature Requests item #1219887, was opened at 2005-06-13 18:47 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1219887&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: hiawatha (h-iawatha) Assigned to: Nobody/Anonymous (nobody) Summary: switch to not send body of spam to owner Initial Comment: Suppose there is a spam filter that has an action of hold. The system response is to send a mail to list-owner to tigger moderation. The offending mail is included in that response. It seems crazy that having received spam it is again posted out (thus increasing its distribution). Also, its the case that its likely to not arrive at a list owner because it may be stopped at the gate (because other filters will see it as spam also) or after arriving it may go straight in the spam box and be unseen. So, when a filter identifies spam and the action is to hold then the email sent to list-owner should either be just a notification to trigger action or there should be an extra switch such as hold-andnotify-only as an action. Another possible approach is to have list-owners able to configure what they receive in owner notifications. I personally prefer such a switch to be on actions but the other would be a more flexible scheme. andy ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1219887&group_id=103 From noreply at sourceforge.net Tue Jun 14 08:29:25 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 13 Jun 2005 23:29:25 -0700 Subject: [ mailman-Patches-1220144 ] allow specifying another list in accept_these_nonmembers Message-ID: Patches item #1220144, was opened at 2005-06-14 15:29 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1220144&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: list administration Group: Mailman 2.1 Status: Open Resolution: None Priority: 5 Submitted By: Jim Tittsler (jtittsler) Assigned to: Nobody/Anonymous (nobody) Summary: allow specifying another list in accept_these_nonmembers Initial Comment: Add the capability to logically include the addresses all of the members of another list in the same Mailman installation to accept_these_nonmembers. '@listname' checks the poster's address against the membership of listname. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=300103&aid=1220144&group_id=103 From noreply at sourceforge.net Wed Jun 15 01:00:50 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Tue, 14 Jun 2005 16:00:50 -0700 Subject: [ mailman-Feature Requests-1220821 ] Option to move "cruft" ("boilerplate") to bottom of digest Message-ID: Feature Requests item #1220821, was opened at 2005-06-14 16:00 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1220821&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: None Status: Open Resolution: None Priority: 5 Submitted By: Folsom EV (folsomev) Assigned to: Nobody/Anonymous (nobody) Summary: Option to move "cruft" ("boilerplate") to bottom of digest Initial Comment: Mailman now inserts instructions about changing the subject, etc., at the top of each digest e-mail sent. This is annoying to regular readers who must page down past it every time. Please add an option to move this "cruft" or "boilerplate" from the top of the digest e-mail to the bottom. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=350103&aid=1220821&group_id=103 From noreply at sourceforge.net Wed Jun 15 21:00:31 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 15 Jun 2005 12:00:31 -0700 Subject: [ mailman-Bugs-1221451 ] privacy issue with subscribers on deferred status Message-ID: Bugs item #1221451, was opened at 2005-06-15 15:00 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: wheeltrish (wheeltrish) Assigned to: Nobody/Anonymous (nobody) Summary: privacy issue with subscribers on deferred status Initial Comment: I own a mailman listserver which is hosted on Dreamhost and they are currently running ver. 2.1.5 of mailman. My list is set to require approval of membership requests, which sends the requesters into a "deferred" status in the "Tend to Pending Moderator Requests" area. I've discovered recently that individuals on "Deferred" status CAN in fact post to my list, and their postings are seen by all approved members. The individuals on "Deferred" status do not receive the postings themselves, however. Is this right? Shouldn't an individual who is marked "Deferred" not be able to post until being approved? This prevents me from ever stopping individuals who would send malicious posts to my list from allowing them to do so. My list is a high volume list and increasing the level of moderation would be cumbersome. Is there a way to ensure that members can't post to a list until they are approved, or is this problem an actual bug in the software? Thanks. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 From noreply at sourceforge.net Wed Jun 15 21:39:50 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 15 Jun 2005 12:39:50 -0700 Subject: [ mailman-Bugs-1221451 ] privacy issue with subscribers on deferred status Message-ID: Bugs item #1221451, was opened at 2005-06-15 15:00 Message generated for change (Comment added) made by bwarsaw You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: wheeltrish (wheeltrish) Assigned to: Nobody/Anonymous (nobody) Summary: privacy issue with subscribers on deferred status Initial Comment: I own a mailman listserver which is hosted on Dreamhost and they are currently running ver. 2.1.5 of mailman. My list is set to require approval of membership requests, which sends the requesters into a "deferred" status in the "Tend to Pending Moderator Requests" area. I've discovered recently that individuals on "Deferred" status CAN in fact post to my list, and their postings are seen by all approved members. The individuals on "Deferred" status do not receive the postings themselves, however. Is this right? Shouldn't an individual who is marked "Deferred" not be able to post until being approved? This prevents me from ever stopping individuals who would send malicious posts to my list from allowing them to do so. My list is a high volume list and increasing the level of moderation would be cumbersome. Is there a way to ensure that members can't post to a list until they are approved, or is this problem an actual bug in the software? Thanks. ---------------------------------------------------------------------- >Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-06-15 15:39 Message: Logged In: YES user_id=12800 People waiting to be approved are not members, so the non-member posting policy is what applies to them. They become members only when approved. Perhaps you are not holding non-member posting for approval? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 From noreply at sourceforge.net Thu Jun 16 02:03:08 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Wed, 15 Jun 2005 17:03:08 -0700 Subject: [ mailman-Bugs-1221451 ] privacy issue with subscribers on deferred status Message-ID: Bugs item #1221451, was opened at 2005-06-15 15:00 Message generated for change (Comment added) made by wheeltrish You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: security/privacy Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: wheeltrish (wheeltrish) Assigned to: Nobody/Anonymous (nobody) Summary: privacy issue with subscribers on deferred status Initial Comment: I own a mailman listserver which is hosted on Dreamhost and they are currently running ver. 2.1.5 of mailman. My list is set to require approval of membership requests, which sends the requesters into a "deferred" status in the "Tend to Pending Moderator Requests" area. I've discovered recently that individuals on "Deferred" status CAN in fact post to my list, and their postings are seen by all approved members. The individuals on "Deferred" status do not receive the postings themselves, however. Is this right? Shouldn't an individual who is marked "Deferred" not be able to post until being approved? This prevents me from ever stopping individuals who would send malicious posts to my list from allowing them to do so. My list is a high volume list and increasing the level of moderation would be cumbersome. Is there a way to ensure that members can't post to a list until they are approved, or is this problem an actual bug in the software? Thanks. ---------------------------------------------------------------------- >Comment By: wheeltrish (wheeltrish) Date: 2005-06-15 20:03 Message: Logged In: YES user_id=1297461 When a person requests to subscribe to my list, they go on "deferred" status and are not approved until I click approved in the administrative interface. SINCE posting this message I had another individual post to my list without even trying to subscribe. All she needed was the e-mail address for posting to my list and she was able to post. (Incidentally, my list is not listed in the directory of mailman lists either, so how she even found the information page with the "post to list" address on it is still a mystery, and WHY THE POST WAS NOT REJECTED is baffling me even further. I'm growing concerned about protecting the privacy of my members and I've done what I can to do that, but apparently there are holes in the system somewhere. ideas? Thanks. ---------------------------------------------------------------------- Comment By: Barry A. Warsaw (bwarsaw) Date: 2005-06-15 15:39 Message: Logged In: YES user_id=12800 People waiting to be approved are not members, so the non-member posting policy is what applies to them. They become members only when approved. Perhaps you are not holding non-member posting for approval? ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221451&group_id=103 From noreply at sourceforge.net Thu Jun 16 13:17:39 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 16 Jun 2005 04:17:39 -0700 Subject: [ mailman-Bugs-1221840 ] superonline.com mail bounce message Message-ID: Bugs item #1221840, was opened at 2005-06-16 14:17 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221840&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: bounce detection Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Sub Zero (subzero5) Assigned to: Nobody/Anonymous (nobody) Summary: superonline.com mail bounce message Initial Comment: Here is the original bounce message: From: MAILER-DAEMON at superonline.com Subject: Mesajiniz iletilemedi / Delivery failure -------------------------------- Bu mesaj superonline.com posta sunucusu tarafından g?nderilen otomatik bilgilendirme mesajıdır. Ekli mesajınız alıcıya ulaşmamıştır.Ulaşmama sebebini aşağıda bulabilirsiniz. English: This is the qmail-send program at superonline.com. I'm afraid I wasn't able to deliver your message to the following addresses. : The users mailfolder is over the allowed quota (size). --- Below this line is a copy of the message. Return-Path: Received: (qmail 8414 invoked from network); 16 Jun 2005 11:04:03 -0000 Received: from unknown ([212.252.122.207]) (envelope-sender <>) by qsol03.superonline.com (qmail-ldap-1.03) with QMQP for <>; 16 Jun 2005 11:04:03 -0000 Delivered-To: CLUSTERHOST virus03.superonline.com HIDDENRCPT at superonline.com Received: (qmail 15483 invoked from network); 16 Jun 2005 11:04:02 -0000 Received: from HIDDENSENDER (HELO HIDDENSENDER) ([HIDDENIP]) (envelope-sender ) by vfep07.superonline.com (qmail-ldap-1.03) with SMTP for ; 16 Jun 2005 11:04:02 -0000 Received: from localhost ([127.0.0.1]:40102 helo=HIDDENIP) by HIDDENIP with esmtp (Exim 4.51) id 1DirUt-00077g-U6 for HIDDENRCPT at superonline.com; Thu, 16 Jun 2005 13:21:19 +0300 Received: from [85.101.173.26] (port=1769 helo=HIDDENSENDER) by HIDDENSENDER with esmtp (Exim 4.51) id 1DirFx-00030q-DU for LISTNAME at LISTDOMAIN; Thu, 16 Jun 2005 13:05:54 +0300 Message-ID: <20050616130549.82FFA3F7AD2F8429 at LISTDOMAIN> From: =?ISO-8859-9?B?RUdFTUVO?= Subject: =?ISO-8859-9?B?SGFuZ2kgS/1ybf16/T8=?= Date: 16 Jun 2005 13:05:49 +0300 MIME-Version: 1.0 X-Message-Flag: =?ISO-8859-9?B?Rm9sbG93IHVw?= Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_829326A3.E6C7D5C3" X-Antivirus: Kaspersky AV V5.0.5.13/R (hourly updates) X-Mailman-Approved-At: Thu, 16 Jun 2005 13:14:18 +0300 X-BeenThere: LISTNAME at LISTDOMAIN X-Mailman-Version: 2.1.6 Precedence: list Reply-To: sales at LISTDOMAIN -------------------------------- ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221840&group_id=103 From noreply at sourceforge.net Thu Jun 16 13:19:15 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 16 Jun 2005 04:19:15 -0700 Subject: [ mailman-Bugs-1221840 ] superonline.com mail bounce message Message-ID: Bugs item #1221840, was opened at 2005-06-16 14:17 Message generated for change (Comment added) made by subzero5 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221840&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: bounce detection Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Sub Zero (subzero5) Assigned to: Nobody/Anonymous (nobody) Summary: superonline.com mail bounce message Initial Comment: Here is the original bounce message: From: MAILER-DAEMON at superonline.com Subject: Mesajiniz iletilemedi / Delivery failure -------------------------------- Bu mesaj superonline.com posta sunucusu tarafından g?nderilen otomatik bilgilendirme mesajıdır. Ekli mesajınız alıcıya ulaşmamıştır.Ulaşmama sebebini aşağıda bulabilirsiniz. English: This is the qmail-send program at superonline.com. I'm afraid I wasn't able to deliver your message to the following addresses. : The users mailfolder is over the allowed quota (size). --- Below this line is a copy of the message. Return-Path: Received: (qmail 8414 invoked from network); 16 Jun 2005 11:04:03 -0000 Received: from unknown ([212.252.122.207]) (envelope-sender <>) by qsol03.superonline.com (qmail-ldap-1.03) with QMQP for <>; 16 Jun 2005 11:04:03 -0000 Delivered-To: CLUSTERHOST virus03.superonline.com HIDDENRCPT at superonline.com Received: (qmail 15483 invoked from network); 16 Jun 2005 11:04:02 -0000 Received: from HIDDENSENDER (HELO HIDDENSENDER) ([HIDDENIP]) (envelope-sender ) by vfep07.superonline.com (qmail-ldap-1.03) with SMTP for ; 16 Jun 2005 11:04:02 -0000 Received: from localhost ([127.0.0.1]:40102 helo=HIDDENIP) by HIDDENIP with esmtp (Exim 4.51) id 1DirUt-00077g-U6 for HIDDENRCPT at superonline.com; Thu, 16 Jun 2005 13:21:19 +0300 Received: from [85.101.173.26] (port=1769 helo=HIDDENSENDER) by HIDDENSENDER with esmtp (Exim 4.51) id 1DirFx-00030q-DU for LISTNAME at LISTDOMAIN; Thu, 16 Jun 2005 13:05:54 +0300 Message-ID: <20050616130549.82FFA3F7AD2F8429 at LISTDOMAIN> From: =?ISO-8859-9?B?RUdFTUVO?= Subject: =?ISO-8859-9?B?SGFuZ2kgS/1ybf16/T8=?= Date: 16 Jun 2005 13:05:49 +0300 MIME-Version: 1.0 X-Message-Flag: =?ISO-8859-9?B?Rm9sbG93IHVw?= Content-Type: multipart/alternative; boundary="----=_NextPart_000_0012_829326A3.E6C7D5C3" X-Antivirus: Kaspersky AV V5.0.5.13/R (hourly updates) X-Mailman-Approved-At: Thu, 16 Jun 2005 13:14:18 +0300 X-BeenThere: LISTNAME at LISTDOMAIN X-Mailman-Version: 2.1.6 Precedence: list Reply-To: sales at LISTDOMAIN -------------------------------- ---------------------------------------------------------------------- >Comment By: Sub Zero (subzero5) Date: 2005-06-16 14:19 Message: Logged In: YES user_id=564695 PS: ı and ş are single characters in iso-8859-9. the sf.net just wrote them wrong. FYI... ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1221840&group_id=103 From noreply at sourceforge.net Thu Jun 16 19:41:52 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 16 Jun 2005 10:41:52 -0700 Subject: [ mailman-Bugs-1222089 ] atlas.net.tr mail bounce message Message-ID: Bugs item #1222089, was opened at 2005-06-16 20:41 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222089&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: bounce detection Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Sub Zero (subzero5) Assigned to: Nobody/Anonymous (nobody) Summary: atlas.net.tr mail bounce message Initial Comment: Here is the original bounce message: From: Mail Delivery Subsystem [MAILER-DAEMON at mailhost2.atlas.net.tr] Subject: Delivery unsuccessful: Mailbox has exceeded the limit --------------------START-------------------- Delivery unsuccessful: Mailbox has exceeded the limit ----- The following addresses had permanent fatal errors ----- The size of this mailbox has exceeded the mailbox limit ---------------------END--------------------- ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222089&group_id=103 From noreply at sourceforge.net Thu Jun 16 19:42:46 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 16 Jun 2005 10:42:46 -0700 Subject: [ mailman-Bugs-1222089 ] atlas.net.tr mail bounce message Message-ID: Bugs item #1222089, was opened at 2005-06-16 20:41 Message generated for change (Comment added) made by subzero5 You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222089&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: bounce detection Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Sub Zero (subzero5) Assigned to: Nobody/Anonymous (nobody) Summary: atlas.net.tr mail bounce message Initial Comment: Here is the original bounce message: From: Mail Delivery Subsystem [MAILER-DAEMON at mailhost2.atlas.net.tr] Subject: Delivery unsuccessful: Mailbox has exceeded the limit --------------------START-------------------- Delivery unsuccessful: Mailbox has exceeded the limit ----- The following addresses had permanent fatal errors ----- The size of this mailbox has exceeded the mailbox limit ---------------------END--------------------- ---------------------------------------------------------------------- >Comment By: Sub Zero (subzero5) Date: 2005-06-16 20:42 Message: Logged In: YES user_id=564695 ...t fatal errors -... this was a single-line text :( ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222089&group_id=103 From noreply at sourceforge.net Thu Jun 16 19:46:10 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Thu, 16 Jun 2005 10:46:10 -0700 Subject: [ mailman-Bugs-1222090 ] InterScan Messaging Security Suite bounce message Message-ID: Bugs item #1222090, was opened at 2005-06-16 20:46 Message generated for change (Tracker Item Submitted) made by Item Submitter You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222090&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: bounce detection Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Sub Zero (subzero5) Assigned to: Nobody/Anonymous (nobody) Summary: InterScan Messaging Security Suite bounce message Initial Comment: Here is the original bounce message: From: InterScan MSS Notification [sseri at HIDDENDOMAIN] Subject: Mail could not be delivered --------------------START-------------------- ****** Message from InterScan Messaging Security Suite ****** Sent <<< RCPT TO: Received >>> 554 mail for HIDDENRCPT at HIDDENDOMAIN rejected for policy reasons. Unable to deliver message to . ************************ End of message ********************** ---------------------END--------------------- ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1222090&group_id=103 From noreply at sourceforge.net Sun Jun 26 07:33:46 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Sat, 25 Jun 2005 22:33:46 -0700 Subject: [ mailman-Bugs-1179487 ] denial of service security bug Message-ID: Bugs item #1179487, was opened at 2005-04-08 21:46 Message generated for change (Comment added) made by tkikuchi You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: mail delivery Group: 2.1 (stable) Status: Open Resolution: None Priority: 5 Submitted By: Mark Crispin (mrcrispin) Assigned to: Tokio Kikuchi (tkikuchi) Summary: denial of service security bug Initial Comment: We've had multiple incidents of this problem. If a digest gets a message containing an attachment using an RFC 2231 encoded parameter has a character set that is unknown to Python (in this case, "X- UNKNOWN"), then routine get_filename() in email/Message.py (not to be confused with Mailman/Message.py) calls unicode() without any error trap. The result is that digest delivery for that entire mailing list is suspended until that message is manually removed. It appears that passing an "ignore" as the errors parameter to unicode() won't stop Python from generating this error. I'm not sure as to the best way to fix this. I haven't worked much with Python at all, and Mailman support was just dumped on my lap. I can see that there are lots of unicode() calls throughout the Mailman source that don't have any error protection. I don't know which ones are also vulnerable to this attack. Traceback (most recent call last): File "/usr/local/mailman/cron/senddigests", line 94, in ? main() File "/usr/local/mailman/cron/senddigests", line 86, in main mlist.send_digest_now() File "/usr/local/mailman/Mailman/Digester.py", line 60, in send_digest_n ow ToDigest.send_digests(self, mboxfp) File "/usr/local/mailman/Mailman/Handlers/ToDigest.py", line 132, in sen d_digests send_i18n_digests(mlist, mboxfp) File "/usr/local/mailman/Mailman/Handlers/ToDigest.py", line 306, in sen d_i18n_digests msg = scrubber(mlist, msg) File "/usr/local/mailman/Mailman/Handlers/Scrubber.py", line 268, in pro cess url = save_attachment(mlist, part, dir) File "/usr/local/mailman/Mailman/Handlers/Scrubber.py", line 362, in sav e_attachment fnext = os.path.splitext(msg.get_filename(''))[1] File "/usr/local/mailman/pythonlib/email/Message.py", line 731, in get_f ilename return unicode(newvalue[2], newvalue[0] or 'us-ascii') LookupError: unknown encoding: X-UNKNOWN ---------------------------------------------------------------------- >Comment By: Tokio Kikuchi (tkikuchi) Date: 2005-06-26 05:33 Message: Logged In: YES user_id=67709 It looks like the current scheme of sending digest during the course of regular delivery was a bad idea. Workaround may be to enclose the send_digest part in try - except clause. Please try the latest CVS code. ---------------------------------------------------------------------- Comment By: Mark Crispin (mrcrispin) Date: 2005-04-10 01:48 Message: Logged In: YES user_id=1255784 Our version of mailman is 2.1.5, the current release version, along with customizations made at UW by my predecessor for use with our web pubcookie authentication system. However, the fault occurs in unmodified Mailman code, and he insists that nothing he did would affect this. I call it a security issue because anyone can send a message to a mailman mailing list that will cause digests to fail and be stuck, just by using a bogus character set name in an attachment filename. Not only isn't the message in question sent, but all subsequent messages are also held because of the trap. A denial of service problem *is* a security problem. I don't know how extensive the problem is in Mailman, but I see numerous unicode() calls in the Mailman source that have no protection from error traps. So maybe more than just digests are affected. If you can't reproduce the problem, I'll be happy to provide some of the messages which hung our digests. The problem definitely happens with charset names in encoded- parameters in MIME (attachment filenames). Thank you in advance for your rapid attention. ---------------------------------------------------------------------- Comment By: Tokio Kikuchi (tkikuchi) Date: 2005-04-09 20:57 Message: Logged In: YES user_id=67709 What is your mailman version? I believe i18n charset issues are greatly improved in 2.1.6 beta. BTW, I don't like to call this a security issue. ---------------------------------------------------------------------- Comment By: Mark Crispin (mrcrispin) Date: 2005-04-09 16:38 Message: Logged In: YES user_id=1255784 We've kept copies of the messages which caused the problem in the most recent incident, so if you need help in reproducing/testing we'll be happy to supply them as test data. ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=1179487&group_id=103 From noreply at sourceforge.net Tue Jun 28 08:48:44 2005 From: noreply at sourceforge.net (SourceForge.net) Date: Mon, 27 Jun 2005 23:48:44 -0700 Subject: [ mailman-Bugs-698609 ] qrunner infinitely queries name server Message-ID: Bugs item #698609, was opened at 2003-03-06 11:31 Message generated for change (Settings changed) made by skaus You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=698609&group_id=103 Please note that this message will contain a full copy of the comment thread, including the initial issue submission, for this request, not just the latest update. Category: None Group: 2.1 (stable) >Status: Deleted Resolution: None Priority: 5 Submitted By: Steffen Kaiser (skaus) Assigned to: Nobody/Anonymous (nobody) Summary: qrunner infinitely queries name server Initial Comment: Hi, on a test machine I installed mailman to run locally; sendmail didn't start up however. In result, qrunner caused approx. 300Kbit/s downstream and 150Kbit/s upstream during communication with the name server for at least 10 minutes (seen via sniffer). Eventually I started sendmail and the I/O transfer dropped down to zero almost immediately. Environment: + Linux 2.4.20 + Mailman v2.1.1 + Python 2.2.1 Bye, ---------------------------------------------------------------------- You can respond by visiting: https://sourceforge.net/tracker/?func=detail&atid=100103&aid=698609&group_id=103