[Mailman-Users] Another question.. hopefully more interesting :)
Richard Barrett
r.barrett at openinfo.co.uk
Sat Jul 26 10:46:02 CEST 2003
On Saturday, July 26, 2003, at 01:45 AM, Glenn Sieb wrote:
> Hi everyone...
>
> I currently run Mailman (2.1) (which I love.. great job, guys!), and
> use
> it to run a few private lists behind SSL. I have recently been asked
> to do
> some virtual domain hosting for some friends, and would like to provide
> them with their own Mailman lists, should they wish.
>
Before commenting on the detail of what you do I make the observation
that using Secure HTTP and private mail archives are not the same topic.
Mailman's private archive feature is based on a cookie based
authentication scheme and the delivery of private archive pages via one
of Mailman's CGI scripts (while public archive pages are delivered by
the web server without the use of a MM VGI script).
Secure HTTP is a means of:
a. preventing snooping of HTTP request/response content in
communication between the client and server.
b. authenticating the server to the client via the server-side
certificates.
c. much less frequently used: authenticating the client to the server
(and potentially the user) via client-side certificates.
Using HTTPS can prevent user credentials being snooped when using low
security authentication schemes such as HTTP's Basic Authentication or
cookie based authentication.
But MM's list archive privacy does not require HTTPS; use of HTTPS
merely 'hardens' the protection the list privacy scheme offers.
The converse is also true; using HTTPS is not a constraint on reaching
public archive pages.
> In mm_cfg.py I have:
Commenting on this mm_cfg.py:
You should read the comments in $prefix/Mailman/Defaults.py.
> DEFAULT_EMAIL_HOST = 'lists.wingfoot.org'
> DEFAULT_URL_HOST = 'www.wingfoot.org'
> DEFAULT_URL_PATTERN = 'https://%s/mailman/'
DEFAULT_URL is obsolete and only for compatibility reasons, is defined
as None in Defaults.py and should not be defined in mm_cfg.py.
> DEFAULT_URL = 'https://www.wingfoot.org/mailman/'
> PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
There is not such animal as PRIVATE_ARCHIVE_URL in the MM lexicon. This
variable is being completely ignored.
Private archives are served by a Mailman CGI script in file
$prefix/Mailman/Cgi/private.py which is invoked (assuming a default
install) by the URI /mailman/private
The URL for private archive access is formed from the virtual hostname
(the url host that is) using the DEFAULT_URL_PATTERN. The ScriptAlias
you put in your httpd.conf file associates that URL with the Mailman
CGI program.
> PRIVATE_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
>
> VIRTUAL_HOSTS = {'www.wingfoot.org':'lists.wingfoot.org',
> 'www.domain2.org':'lists.domain2.org',
> 'www.domain3.com':'lists.domain3.com',
> 'www.domain4.org':'lists.domain4.org'}
> add_virtualhost(DEFAULT_URL_HOST,DEFAULT_EMAIL_HOST)
> add_virtualhost('www.domain2.org','lists.domain2.org')
> add_virtualhost('www.domain3.com','lists.domain3.com')
> add_virtualhost('www.domain4.org','lists.domain4.org')
>
> Now.. when I create a list under Wingfoot, it has all the
> https://www.wingfoot.org/mailman/listinfo stuff all correct. Since,
> that's
> how I access my listserver, this is the expected behavior... :)
>
> When I create one, say, from domain2, it *also* gets
> https://www.domain2.org/mailman/listinfo stuff... even though the URL
> to
> access that list is in http://www.domain2.org/mailman/listinfo :-/
>
This is no surprise as URLs for all Mailman CGI programs are formed
from DEFAULT_URL_PATTERN
> I have tried commenting out the DEFAULT_URL_PATTERN to no avail. If I
> change it to http://%s/etc that works.. but then lists on Wingfoot
> break.
>
Which is a pretty good hint that you do not want to do this. Again read
the comments in Defaults.py before you mess with this stuff.
btw: I assume you are restarting mailmanctl running fix_url.py after
fixing your mm_cfg.py.
> Is what I'm trying to do possible with one instance of Mailman? Should
> I
> install a 2nd instance? Can I even do that?
>
If you want to use HTTPS for private archives and HTTP for public
archives, the simplest approach is to say:
DEFAULT_URL = None
PUBLIC_ARCHIVE_URL = 'http://%(hostname)s/pipermail/%(listname)s'
DEFAULT_URL_PATTERN = 'https://%s/mailman/'
With this, all access to Mailman CGI scripts, not just
/mailman/private, will go via HTTPS but the links to public list
archives will go via HTTP.
You could do some cute stuff with httpd.conf RewriteRules but it isn't
really necessary to have a working solution.
As a matter of interest, what do you have in your httpd.conf for
handling Mailman related access, thatis what Alias, ScriptAlias and
such did you add to httpd.conf for MM.
> Hopefully this is chewy-good-for-thought stuff and not a "You idjit!
> Read
> the archives!" (I checked, but didn't see anything that screamed
> "Conclusive".)
>
> Thanks guys.. and again, I appreciate all the help you've been over the
> past not-quite-year, and all your hard work and effort into the
> Mailman
> project. :)
>
> Thanks,
> Glenn
> ---
> The original portions of this message are the copyright of the author
> (c)1998-2002 Glenn E. Sieb. ICQ UIN: 300395 IRC Nick: Rainbear
> "All acts of Love and Pleasure are Her rituals"-Charge of the Goddess
More information about the Mailman-Users
mailing list