[Mailman-Users] Options page bombing out on a security violation

Hank van Cleef vancleef at lostwells.net
Tue Jan 2 22:47:47 CET 2007

I'm attaching a user's description of something about 20 of my users are
reporting on a fresh install of Mailman 2.1.9  I've edited the user 
identity, and am including configuration info following the forwarded
mail.  I'm baffled, because I cannot get this problem to happen from 
any of the systems at my site, and some users (unfortunately, all of 
the computer-literate types who might be able to help) aren't getting it

> I too am suffering from the
> "High security alert!!!
> You are not permitted to download the file "user at userdomain.com".
> URL = http://bronze.lostwells.net/mailman/options/mercedes/user@userdomain.com"
> when trying to switch off the mail
> path followed is as follows:-
> 1, http://www.lostwells.net/mailman/listinfo/mercedes
> 2, click on "unsubscribe or edit options" button
> 3, http://bronze.lostwells.net/mailman/options/mercedes
> 4, sign in with normal login details, the page refreshes with all the
> parameters viewable
> 5, disable mail delivery and click "submit my changes"
> 6, High Security message at the url
> http://bronze.lostwells.net/mailman/options/mercedes/user@userdomain.com
> ===================================================

Configuration details: Solaris 9 on Sun Ultra 10
Python 2.5
Mailman 2.1.9

Since I am taking over hosting for a list that was running on a Mailman
2.1.4 installation, I built a local 2.1.4 tree, created the list, then
copied the old site config.pck over the newly-created one.  Then built
2.1.9 and upgraded the 2.1.4 tree.

# cd /usr/local/mailman
# ./bin/check_perms
No problems found


Hank van Cleef (vancleef at lostwells.net, hvanclee at nyx.net)
1986 420SEL "A stranger in paradise" (Fremont Co. Wyoming)
1986 GMC 1500 6.2 diesel pickup "Seen one, seen them all"

More information about the Mailman-Users mailing list