[Mailman-Users] New Mailman user - Contribs.Org (SME/E-Smith) addon - 2.1.3 Bug?
Jim Danvers
jim at bikeguy.myip.org
Tue Nov 23 05:12:38 CET 2004
Hey all...
Long story short. Friend of mine has been dealing with cancer for the
past 5 years (two distinct types / diagnosis) He has been chronicling
his story to fellow cyclists and friends via self built distribution
lists using the built in mail client that comes with his windows
machine. Needless to say, he has spent quite a bit of time in and out
of hospitals for various surgeries, treatments, etc... mail is
something that he has come to value. Cutting to the chase - I built him
a server (contribs.org - formerly known as mitel / e-smith) that is imap
capable. Centralized mail down - with a web interface. He can get to
his mail when he doesn't have access to his laptop and his isp
connection at home. Now... I mention to him that I ~believe~ that I
can turn this same machine into a private list server as the folks that
maintain the server (contribs.org) also maintain a fine collection of
user contributed (hence the name) of rpm's for use as add-on packages.
It is quite nice.
Fast forwarding... Indeed I do find a contrib - mailman - cool! I get
it setup and installed per some documentaton that I found, get a list
all configured and ready to roll. I e-mail Dave (my friend) to let him
know that I feel that we are 'ready' to go live with this thing after
having been testing / playing with it for a week or so to ensure that it
is behaving the way that we want it to. It's private, reply to address
has been altered to someone else other than the list, no-one can post to
the list except the list owner and delegated moderators, list is kept
private - only list owner can view subscribers, etc... it appears to be
working perfectly. ;)
Then I find out that there was, at some point in the past, some bug that
was discovered that would allow for e-mail addresses to be viewed /
obtained in some fashion. Something about v2.1.3? Anyway... I start
googling (quite a bit)... I do see information (although not much)
about the purported issue and how it was patched with some back level
patches or something to that effect. I discovered this list via
aformention googling, and sure enough, I even came across another sme
user who posted with a question back on the 4th of this month (Nov. '04
-- link here:
http://mail.python.org/pipermail/mailman-users/2004-November/040616.html)
Kind of panicky, and by no means any kind of *nix "guru" I ssh into the
box running the list and 'locate' the mailman binaries (I had no idea
where it installed itself to). Turns out to be /opt/mailman/bin - don't
know if this is typical or not. I find a "version" fle in there, that
judging by its "green" color is executable. I run it and it tells me
that the version that I have is this:
[root at gateway bin]# ./version
Using Mailman version: 2.1.3
2.1.3 - ;( Do I have an issue?
Privacy on this list is something that Dave holds very dear due to the
personal nature of the illness that I suspect many of his recipients are
also dealing with. (he currently uses "bcc" for the bulk of the people
that he posts to) Is there a means of testing this box to see if the
existing list of addresses can be "harvested" There are only three
addresses in it @present - mine as builder, Dave's as site owner and my
wife ( we needed a guinea pig tester to ensure that she could not post
back to the list, reveal e-mail address, etc... lol ) I don't care if
those addresses get "harvested" as they are well known anyway.
Ok - so this wasn't so short. Sorry. Again - I'm no *nix guy. I'm
just a guy who rides and races a bike (as in pedal variety) and happens
to know a ~little~ bit about computers. I offered to help out a good
friend of mine, and the local cycling club in general, and I would just
like to make sure that this thing will be "ok" (ie; secure). ((
realizing that secure and a forward facing gizmo on the public internet
is kind of an oxymoron - but ya gotta at least do the best ya can, 'eh? ))
Thanks all.
-=- jd -=-
ps - Dave's site that another cyclist from the Syracuse, NY area put up
for him is here (if anyone curious):
http://www.veloweb.org/davepanella
More information about the Mailman-Users
mailing list