From karrageorgiou.giannis at yahoo.com  Mon Jan  2 11:38:22 2017
From: karrageorgiou.giannis at yahoo.com (karrageorgiou.giannis at yahoo.com)
Date: Mon, 2 Jan 2017 16:38:22 +0000 (UTC)
Subject: [Mailman-Users] scrubbed attachments naming pattern: is it
 configurable?
References: <1918001973.5577847.1483375102302.ref@mail.yahoo.com>
Message-ID: <1918001973.5577847.1483375102302@mail.yahoo.com>

dear MM-user list managers,

I have enabled attachment scrubbing, so mail footers
look like this:

-------------- next part --------------
A non-text attachment was scrubbed...
Name: 2016_SON_COSMO-DE.tar.gz
Type: application/x-gzip
Size: 4535 bytes
Desc: 2016_SON_COSMO-DE.tar.gz
URL: <http://[mydomain].org/pipermail/wg5/attachments
/20170102/1066e69c/attachment-0002.bin>

Ok, I understand that mailman cannot have psychic
abilities and rename a application/x-gzip MIME blob
to the full tar.gz or doc.gz or whatever, but what 
about the alien-looking "attachment-NNNN.bin" part? 

Can optionally the Name part be used? even with the 
inevitable(?) auto-increment indexing, it still will be 
more user friendly. Then, even the user-confusing *.bin 
part could be avoided, since the name does indicate the 
encoding and it would be clearer for the downloaders?

thanks beforehand for any advice on parameterizing
this (if it can be configured at all)


have a fine 2017 and many thanks for the work
you put in MM

From patrick-mailinglists at whonix.org  Mon Jan  2 18:36:00 2017
From: patrick-mailinglists at whonix.org (Patrick Schleizer)
Date: Mon, 02 Jan 2017 23:36:00 +0000
Subject: [Mailman-Users] How to enable these hashed mailing list archive
 links? [mailman-rss issue]
Message-ID: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>

Using mailman-rss the following rss feed is created.

https://www.whonix.org/whonix-devel.rss

The rss feed includes links such as.

https://www.whonix.org/pipermail/whonix-devel/5a5185288c92208a5d6cefc2324dba97 at openmailbox.org

Where are these links coming from? mailman-rss bug? Or usual mailman links?

If the latter, how to make these mailman links work?

Alternatively, is there a way to turn a mailman archive into a rss feed?

Best regards,
Patrick

From mark at msapiro.net  Tue Jan  3 13:30:34 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 3 Jan 2017 10:30:34 -0800
Subject: [Mailman-Users] How to enable these hashed mailing list archive
 links? [mailman-rss issue]
In-Reply-To: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>
References: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>
Message-ID: <6ad6a9ba-5d5a-3ae1-3269-fefab4fa2460@msapiro.net>

On 01/02/2017 03:36 PM, Patrick Schleizer wrote:
> Using mailman-rss the following rss feed is created.


What mailman-rss patch? From where?


> https://www.whonix.org/whonix-devel.rss
> 
> The rss feed includes links such as.
> 
> https://www.whonix.org/pipermail/whonix-devel/5a5185288c92208a5d6cefc2324dba97 at openmailbox.org
> 
> Where are these links coming from? mailman-rss bug? Or usual mailman links?


That looks like the base archive URL with a Message-ID appended. This is
not a "usual" mailman link. That would be something like
https://www.whonix.org/pipermail/whonix-devel/yyyy-Month/nnnnnn.html.


> If the latter, how to make these mailman links work?


It may or may not be a bug. Possibly your rss patch is intended to
create links from URLs like the above to the actual message and that
part is missing.

There are a few versions of a patch at
<https://bugs.launchpad.net/mailman/+bug/558014> and this post
<https://mail.python.org/pipermail/mailman-users/2015-March/078572.html>
with this link <http://vnetworx.net/mm_rss.patch> and those patches look
like they generate proper archive URLs.


> Alternatively, is there a way to turn a mailman archive into a rss feed?


Googling mailman-rss finds
<http://jmason.org/software/scripts/mailman-archive-to-rss.txt>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From patrick-mailinglists at whonix.org  Tue Jan  3 14:03:00 2017
From: patrick-mailinglists at whonix.org (Patrick Schleizer)
Date: Tue, 03 Jan 2017 19:03:00 +0000
Subject: [Mailman-Users] How to enable these hashed mailing list archive
 links? [mailman-rss issue]
In-Reply-To: <6ad6a9ba-5d5a-3ae1-3269-fefab4fa2460@msapiro.net>
References: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>
 <6ad6a9ba-5d5a-3ae1-3269-fefab4fa2460@msapiro.net>
Message-ID: <1dc12803-4ffc-bdac-c284-660f2db5f155@riseup.net>

Mark Sapiro:
> On 01/02/2017 03:36 PM, Patrick Schleizer wrote:
>> Using mailman-rss the following rss feed is created.
> 
> 
> What mailman-rss patch? From where?

Not a patch. Standalone script from here:

https://github.com/pteichman/mailman-rss


From adam at agp-llc.com  Tue Jan  3 14:03:51 2017
From: adam at agp-llc.com (Adam Goldberg)
Date: Tue, 3 Jan 2017 19:03:51 +0000
Subject: [Mailman-Users] Envelope address vs. From: header addresses
Message-ID: <0100015965b758c1-1d7b6059-bd50-4bdc-a815-30bf04ba6602-000000@email.amazonses.com>

Hi,

Several organizations I participate in use Kavi as the "collaborative" platform, which includes email reflectors (see www.kavi.com).  Kavi is in the middle of transitioning between two versions (Kavi Workspace 5 (WS5) to Kavi Workspace 6 (WS6)).

WS5 uses a modified version of ezmlm for its reflectors.  Either ezmlm or the modifications done to it use the "envelope address" (the operand of the SMTP MAIL FROM: command) to verify that the sender is a member of the list.  If the envelope address is not a list member, it generates a reject/bounce message which (oddly) uses the operand of the From: header in creating text along the lines of "<so-and-so> is not a member of this list."

WS6 uses mailman.  I believe that mailman doesn't suffer from this problem (that is, mailman checks list membership based on the header From: address, not the envelope from address).

Can someone verify with authority that this is the case?

(and OT for this list, Does anyone have any insight into why Kavi's ezmlm implementation is acting this way?  FYI, email sent via Amazon AWS SES is sent with an envelope address unique per email (it's explicitly different from the From: header address)).

Thanks.


Adam Goldberg
AGP, LLC
+1-202-507-9900


From mark at msapiro.net  Tue Jan  3 15:16:52 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 3 Jan 2017 12:16:52 -0800
Subject: [Mailman-Users] Envelope address vs. From: header addresses
In-Reply-To: <0100015965b758c1-1d7b6059-bd50-4bdc-a815-30bf04ba6602-000000@email.amazonses.com>
References: <0100015965b758c1-1d7b6059-bd50-4bdc-a815-30bf04ba6602-000000@email.amazonses.com>
Message-ID: <fb213d04-a1f8-4805-7815-aea7244639df@msapiro.net>

On 01/03/2017 11:03 AM, Adam Goldberg wrote:
> 
> WS6 uses mailman.  I believe that mailman doesn't suffer from this problem (that is, mailman checks list membership based on the header From: address, not the envelope from address).
> 
> Can someone verify with authority that this is the case?


When Mailman checks list membership, it tests the things listen in the
installation's config (mm_cfg.py) setting for SENDER_HEADERS, the
default for which is

From:
envelope sender
Reply-To:
Sender:

in that order. If one of those contains a list member address, the first
member address found is considered the poster for list
membership/moderation purposes. Otherwise the post is from a non-member.


> (and OT for this list, Does anyone have any insight into why Kavi's ezmlm implementation is acting this way?  FYI, email sent via Amazon AWS SES is sent with an envelope address unique per email (it's explicitly different from the From: header address)).


Some things use envelope sender for verification as it is (or once was)
considered more difficult to spoof.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue Jan  3 15:38:20 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 3 Jan 2017 12:38:20 -0800
Subject: [Mailman-Users] scrubbed attachments naming pattern: is it
 configurable?
In-Reply-To: <1918001973.5577847.1483375102302@mail.yahoo.com>
References: <1918001973.5577847.1483375102302.ref@mail.yahoo.com>
 <1918001973.5577847.1483375102302@mail.yahoo.com>
Message-ID: <54ca1bcc-aa60-8af5-79bd-3756b3d7c8bc@msapiro.net>

On 01/02/2017 08:38 AM, karrageorgiou.giannis--- via Mailman-Users wrote:
> 
> I have enabled attachment scrubbing, so mail footers
> look like this:
> 
> -------------- next part --------------
> A non-text attachment was scrubbed...
> Name: 2016_SON_COSMO-DE.tar.gz
> Type: application/x-gzip
> Size: 4535 bytes
> Desc: 2016_SON_COSMO-DE.tar.gz
> URL: <http://[mydomain].org/pipermail/wg5/attachments
> /20170102/1066e69c/attachment-0002.bin>
> 
> Ok, I understand that mailman cannot have psychic
> abilities and rename a application/x-gzip MIME blob
> to the full tar.gz or doc.gz or whatever, but what 
> about the alien-looking "attachment-NNNN.bin" part? 
> 
> Can optionally the Name part be used? even with the 
> inevitable(?) auto-increment indexing, it still will be 
> more user friendly. Then, even the user-confusing *.bin 
> part could be avoided, since the name does indicate the 
> encoding and it would be clearer for the downloaders?


The information is all there, just not in the URL. There are config
controls on the name in the URL. From Mailman/Defaults.py

> # Control parameter whether Mailman.Handlers.Scrubber should use message
> # attachment's filename as is indicated by the filename parameter or use
> # 'attachement-xxx' instead.  The default is set True because the applications
> # on PC and Mac begin to use longer non-ascii filenames.  Historically, it
> # was set False in 2.1.6 for backward compatiblity but it was reset to True
> # for safer operation in mailman-2.1.7.
> SCRUBBER_DONT_USE_ATTACHMENT_FILENAME = True
> 
> # Use of attachment filename extension per se is may be dangerous because
> # virus fakes it. You can set this True if you filter the attachment by
> # filename extension
> SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION = False

So you can set

SCRUBBER_DONT_USE_ATTACHMENT_FILENAME = False
SCRUBBER_USE_ATTACHMENT_FILENAME_EXTENSION = True

in Mailman/mm_cfg.py, but be sure you understand what those comments
about those settings are saying before you do.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue Jan  3 16:07:44 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 3 Jan 2017 13:07:44 -0800
Subject: [Mailman-Users] How to enable these hashed mailing list archive
 links? [mailman-rss issue]
In-Reply-To: <1dc12803-4ffc-bdac-c284-660f2db5f155@riseup.net>
References: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>
 <6ad6a9ba-5d5a-3ae1-3269-fefab4fa2460@msapiro.net>
 <1dc12803-4ffc-bdac-c284-660f2db5f155@riseup.net>
Message-ID: <822d26ff-dbcc-b39c-25d6-30432ef14209@msapiro.net>

On 01/03/2017 11:03 AM, Patrick Schleizer wrote:
> Mark Sapiro:
>>
>> What mailman-rss patch? From where?
> 
> Not a patch. Standalone script from here:
> 
> https://github.com/pteichman/mailman-rss


I looked briefly at that script and I would have issues if I tried to
use it. Most importantly, it uses the periodic *.txt(.gz) files, which
it finds by screen scraping, as the source and intentionally changes
.txt to .txt.gz which is just backwards as in a standard Mailman
installation, the .txt file will always exist and the .txt.gz file may
be out of date or not exist depending on when cron/nightly-gzip was last
run.

The script also makes those .../message-id URLs, presumably because of
it's using data from the .txt.gz file which doesn't have information
about the actual nnnnnn.html filename.

Anyway, this is a third party script and any questions or issues should
be directed to its author.

To address your question in the subject, each nnnnnn.html file in the
archive has two occurrences of a mailto: link which contains an
In-Reply-To= fragment with the Message-ID (url-encoded) of the message.

So it would be possible to create a script to go through the archive and
for each archives/private/LIST/yyyy-Month/nnnnnn.html, find the
message-id and create a symlink from archives/private/LIST/message-id to
archives/private/LIST/yyyy-Month/nnnnnn.html. This script would need to
run often, although, the existing mailman-rss script will only see
changes when cron/nightly-gzip runs.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From adam at agp-llc.com  Tue Jan  3 16:27:51 2017
From: adam at agp-llc.com (Adam Goldberg)
Date: Tue, 3 Jan 2017 21:27:51 +0000
Subject: [Mailman-Users] Envelope address vs. From: header addresses
In-Reply-To: <fb213d04-a1f8-4805-7815-aea7244639df@msapiro.net>
References: <0100015965b758c1-1d7b6059-bd50-4bdc-a815-30bf04ba6602-000000@email.amazonses.com>
 <fb213d04-a1f8-4805-7815-aea7244639df@msapiro.net>
Message-ID: <01000159663b2cb4-a3293e6a-4134-45ff-b54a-01b7cf62649d-000000@email.amazonses.com>

Mark,

Thanks for the quick response.  From what I can see in Defaults.py in my installation of Mailman, one could 'break' Mailman the same way Kavi's ezmlm installation is broken by merely setting USE_ENVELOPE_SENDER=yes.


(excerpt from Defaults.py)
# When allowing only members to post to a mailing list, how is the sender of
# the message determined?  If this variable is set to Yes, then first the
# message's envelope sender is used, with a fallback to the sender if there is
# no envelope sender.  Set this variable to No to always use the sender.
#
# The envelope sender is set by the SMTP delivery and is thus less easily
# spoofed than the sender, which is typically just taken from the From: header
# and thus easily spoofed by the end-user.  However, sometimes the envelope
# sender isn't set correctly and this will manifest itself by postings being
# held for approval even if they appear to come from a list member.  If you
# are having this problem, set this variable to No, but understand that some
# spoofed messages may get through.
USE_ENVELOPE_SENDER = No

# Membership tests for posting purposes are usually performed by looking at a
# set of headers, passing the test if any of their values match a member of
# the list.  Headers are checked in the order given in this variable.  The
# value None means use the From_ (envelope sender) header.  Field names are
# case insensitive.
SENDER_HEADERS = ('from', None, 'reply-to', 'sender')


(And continuing the OT discussion, in a ezmlm/qmail environment, qmail passes the envelope sender address via $SENDER to ezmlm, and ezmlm uses this to check list membership.  I don't see a way in qmail/ezmlm to emulate USE_ENVELOPE_SENDER = No.  Three cheers for Mailman!)


Adam Goldberg
AGP, LLC
+1-202-507-9900


-----Original Message-----
From: Mailman-Users [mailto:mailman-users-bounces+adam=agp-llc.com at python.org] On Behalf Of Mark Sapiro
Sent: Tuesday, January 03, 2017 3:17 PM
To: mailman-users at python.org
Subject: Re: [Mailman-Users] Envelope address vs. From: header addresses

On 01/03/2017 11:03 AM, Adam Goldberg wrote:
> 
> WS6 uses mailman.  I believe that mailman doesn't suffer from this problem (that is, mailman checks list membership based on the header From: address, not the envelope from address).
> 
> Can someone verify with authority that this is the case?


When Mailman checks list membership, it tests the things listen in the installation's config (mm_cfg.py) setting for SENDER_HEADERS, the default for which is

From:
envelope sender
Reply-To:
Sender:

in that order. If one of those contains a list member address, the first member address found is considered the poster for list membership/moderation purposes. Otherwise the post is from a non-member.


> (and OT for this list, Does anyone have any insight into why Kavi's ezmlm implementation is acting this way?  FYI, email sent via Amazon AWS SES is sent with an envelope address unique per email (it's explicitly different from the From: header address)).


Some things use envelope sender for verification as it is (or once was) considered more difficult to spoof.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/adam%40agp-llc.com

From mark at msapiro.net  Tue Jan  3 18:22:07 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 3 Jan 2017 15:22:07 -0800
Subject: [Mailman-Users] Envelope address vs. From: header addresses
In-Reply-To: <01000159663b2cb4-a3293e6a-4134-45ff-b54a-01b7cf62649d-000000@email.amazonses.com>
References: <0100015965b758c1-1d7b6059-bd50-4bdc-a815-30bf04ba6602-000000@email.amazonses.com>
 <fb213d04-a1f8-4805-7815-aea7244639df@msapiro.net>
 <01000159663b2cb4-a3293e6a-4134-45ff-b54a-01b7cf62649d-000000@email.amazonses.com>
Message-ID: <ffd2dd00-e072-2d25-ead6-875a890c7f32@msapiro.net>

On 01/03/2017 01:27 PM, Adam Goldberg wrote:
> 
> Thanks for the quick response.  From what I can see in Defaults.py in my installation of Mailman, one could 'break' Mailman the same way Kavi's ezmlm installation is broken by merely setting USE_ENVELOPE_SENDER=yes.


Actually no, for two reasons.

USE_ENVELOPE_SENDER is a misnomer in the first place. It is used by the
Mailman.Message.get_sender() method which returns a single address as
the sender of the message. It returns the first address found by looking
in order at

From:
Sender:
envelope sender

if USE_ENVELOPE_SENDER is false and

Sender:
From:
envelope sender

if USE_ENVELOPE_SENDER is true, so in most cases there won't be a
Sender: header and the From: value will be returned. Only if there is a
Sender: header does USE_ENVELOPE_SENDER make a difference and even then
the result is the Sender: header value, not the envelope sender.

The other reason is the get_sender() method is not used to determine
list membership for posts[1]. That uses the get_senders() method (note
senders, not sender) which returns all the addresses from the headers
defined by SENDER_HEADERS.

If you wanted to force Mailman to use the envelope sender only for
membership tests you would put

SENDER_HEADERS = [None]

in mm_cfg.py.


[1] The address returned by get_sender() is used for things like
displaying in the admindb UI the sender of a held post and various other
purposes, but not for membership tests on incoming posts.


> (And continuing the OT discussion, in a ezmlm/qmail environment, qmail passes the envelope sender address via $SENDER to ezmlm, and ezmlm uses this to check list membership.  I don't see a way in qmail/ezmlm to emulate USE_ENVELOPE_SENDER = No.  Three cheers for Mailman!)


MTAs (qmail) for the most part only deal with things defined in SMTP
such as the envelope sender and recipients. With few exceptions, the
message which contains the headers is just a blob of data. Thus if
you're relying on the MTA to tell you who sent the message, you're going
to see the envelope sender.  Mailman actually parses the message and
looks at the headers to determine the sender(s).

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From cmupythia at cmu.edu  Thu Jan  5 15:58:38 2017
From: cmupythia at cmu.edu (Gretchen R Beck)
Date: Thu, 5 Jan 2017 20:58:38 +0000
Subject: [Mailman-Users] accept_these_nonmembers for umbrella lists
Message-ID: <1483649918479.55671@cmu.edu>

I have am trying to figure out why the following happens:


I have an umbrella list.  My address (cmupythia at cmu.edu) is a member of the parent list (list1), and on the accept_these_nonmembers on the second list (list2). It is NOT subscribed to list2


When I post to list2 directly, the post is accepted and delivered. When I post to list1, the post is held for moderation by list2 as a non-member poster.


Default.py has SENDER_HEADERS = ('from', None, 'reply-to', 'sender')  and these are not changed in mm_cfg.py


What am I missing (or what else should I check?)


Thanks!


Gretchen Beck

Carnegie Mellon

From mark at msapiro.net  Thu Jan  5 16:22:32 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 5 Jan 2017 13:22:32 -0800
Subject: [Mailman-Users] accept_these_nonmembers for umbrella lists
In-Reply-To: <1483649918479.55671@cmu.edu>
References: <1483649918479.55671@cmu.edu>
Message-ID: <cbff1390-afbd-ba04-ccdc-386ad365993e@msapiro.net>

On 01/05/2017 12:58 PM, Gretchen R Beck wrote:
> 
> I have an umbrella list.  My address (cmupythia at cmu.edu) is a member of the parent list (list1), and on the accept_these_nonmembers on the second list (list2). It is NOT subscribed to list2
> 
> When I post to list2 directly, the post is accepted and delivered. When I post to list1, the post is held for moderation by list2 as a non-member poster.
> 
> Default.py has SENDER_HEADERS = ('from', None, 'reply-to', 'sender')  and these are not changed in mm_cfg.py


The article at <https://wiki.list.org/x/4030574> may help.

The most likely explanation is that you have

USE_ENVELOPE_SENDER = Yes

in mm_cfg.py. This means that list2 is checking the Sender: header value
against the accept_these_nonmembers list and the Sender: header has the
list1-bounces address, not yours.

There are other possibilities depending on various settings of list1.
Note that cmu.edu publishes DMARC p=none, so it's possible that list1 is
munging the From: header depending on DMARC settings.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From cmsamsi at hotmail.com  Thu Jan  5 16:40:42 2017
From: cmsamsi at hotmail.com (Caesar Samsi)
Date: Thu, 5 Jan 2017 21:40:42 +0000
Subject: [Mailman-Users] How to stop bounce messages globally?
References: <D394DA33-FE69-472D-B83F-1E508EA8F463@astridix.com>
Message-ID: <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>

Hi,

Lately I have found that spammers send using random reply-to?s to my mailman server.

In response mailman sends a helpful ?Your message awaits moderator approval?.

However, it is NDR as the user in the reply to is not in the target bounced mail server.

So ? how can I globally stop bounces and moderator approval messages?

Thanks, Caesar.


From cmupythia at cmu.edu  Thu Jan  5 17:03:48 2017
From: cmupythia at cmu.edu (Gretchen R Beck)
Date: Thu, 5 Jan 2017 22:03:48 +0000
Subject: [Mailman-Users] accept_these_nonmembers for umbrella lists
In-Reply-To: <cbff1390-afbd-ba04-ccdc-386ad365993e@msapiro.net>
References: <1483649918479.55671@cmu.edu>,
 <cbff1390-afbd-ba04-ccdc-386ad365993e@msapiro.net>
Message-ID: <1483653828516.16307@cmu.edu>

Thanks Mark,

USE_ENVELOPE_SENDER=No (we haven't changed it)
For the lists in question both have from_is_list=No and dmarc_moderation_action=1 (the system defaults)

Adding the @list1 to the non-members  on list2 works, but I have admins here who have one or two users (usually faculty) who want to post to the umbrellas but don't want to be subscribed to anything. While subscribe + no-mail works, most of these admins tend to go to accept_these_nonmembers first, so I'm trying to figure out what's preventing it from working in this instance on our site (we're on 2.1.18-1 with some local customization so the usual caveats there). 

--Gretchen
________________________________________
From: Mailman-Users <mailman-users-bounces+cmupythia=cmu.edu at python.org> on behalf of Mark Sapiro <mark at msapiro.net>
Sent: Thursday, January 5, 2017 4:22 PM
To: mailman-users at python.org
Subject: Re: [Mailman-Users] accept_these_nonmembers for umbrella lists

On 01/05/2017 12:58 PM, Gretchen R Beck wrote:
>
> I have an umbrella list.  My address (cmupythia at cmu.edu) is a member of the parent list (list1), and on the accept_these_nonmembers on the second list (list2). It is NOT subscribed to list2
>
> When I post to list2 directly, the post is accepted and delivered. When I post to list1, the post is held for moderation by list2 as a non-member poster.
>
> Default.py has SENDER_HEADERS = ('from', None, 'reply-to', 'sender')  and these are not changed in mm_cfg.py


The article at <https://wiki.list.org/x/4030574> may help.

The most likely explanation is that you have

USE_ENVELOPE_SENDER = Yes

in mm_cfg.py. This means that list2 is checking the Sender: header value
against the accept_these_nonmembers list and the Sender: header has the
list1-bounces address, not yours.

There are other possibilities depending on various settings of list1.
Note that cmu.edu publishes DMARC p=none, so it's possible that list1 is
munging the From: header depending on DMARC settings.

--
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/cmupythia%40cmu.edu

From mark at msapiro.net  Thu Jan  5 17:06:37 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 5 Jan 2017 14:06:37 -0800
Subject: [Mailman-Users] How to stop bounce messages globally?
In-Reply-To: <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
References: <D394DA33-FE69-472D-B83F-1E508EA8F463@astridix.com>
 <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
Message-ID: <ab592c80-21ac-9dc2-6c6d-9105f5f769a6@msapiro.net>

On 01/05/2017 01:40 PM, Caesar Samsi wrote:
> 
> Lately I have found that spammers send using random reply-to?s to my mailman server.
> 
> In response mailman sends a helpful ?Your message awaits moderator approval?.
> 
> However, it is NDR as the user in the reply to is not in the target bounced mail server.


That's the good scenario. The bad scenario is called backscatter and is
when the notice is deliverable to the innocent third party whose address
was spoofed as the sender.


> So ? how can I globally stop bounces and moderator approval messages?


Set respond_to_post_requests to No on each list and set
DEFAULT_RESPOND_TO_POST_REQUESTS = No in mm_cfg.py so that new lists get
created with respond_to_post_requests = No.

Then Mailman won't send the ?Your message awaits moderator approval?
notices.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu Jan  5 17:17:24 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 5 Jan 2017 14:17:24 -0800
Subject: [Mailman-Users] accept_these_nonmembers for umbrella lists
In-Reply-To: <1483653828516.16307@cmu.edu>
References: <1483649918479.55671@cmu.edu>
 <cbff1390-afbd-ba04-ccdc-386ad365993e@msapiro.net>
 <1483653828516.16307@cmu.edu>
Message-ID: <17c246dd-0560-bdaf-5220-65959c746580@msapiro.net>

On 01/05/2017 02:03 PM, Gretchen R Beck wrote:
> 
> USE_ENVELOPE_SENDER=No (we haven't changed it)
> For the lists in question both have from_is_list=No and dmarc_moderation_action=1 (the system defaults)


dmarc_moderation_action=1 is munge_from which means the from will be set
to the list address if dmarc mitigations are applied which will be the
case for cmu.edu addresses if dmarc_quarantine_moderation_action and
dmarc_none_moderation_action are both yes. This will change the From:
which list2 sees to, e.g. in your case)

From: Gretchen R Beck via List 1 <list1 at ...>

list1 at ... is not in list2's accept_these_nonmembers. Putting it there
will help if this is the issue.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From luscheina at yahoo.de  Thu Jan  5 17:05:40 2017
From: luscheina at yahoo.de (Christian F Buser)
Date: Thu, 5 Jan 2017 23:05:40 +0100
Subject: [Mailman-Users] Message waiting for Moderator action
In-Reply-To: <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
References: <D394DA33-FE69-472D-B83F-1E508EA8F463@astridix.com>
 <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
Message-ID: <20170105230540239421.67822122@yahoo.de>

Hi all 

One of my users asked "how long does it take until you moderators either approve or discard my message?" (the message was held because the size exceeded the limit for the list), and he never saw the message in the list but also did not receive a notification about a rejection.  

I checked the open moderation tasks and found that no message was listed there. A quick question to the others doing some moderation if I am away showed that the message was discarded few hours after it has been sent. 

The  message sent to the user says: "Entweder wird Ihre E-Mail in K?rze freigegeben und ?ber die Liste verteilt, oder Sie erhalten eine Mitteilung ?ber eine Ablehnung durch den Moderator." which can be understood in two ways: 
(a) you receive a message _from the moderator_ about his approval or discaring decision, or, 
(b) you receive a message about the moderator's approval or discaring decision (from the list software). 

What is the standard procedure? I did not find a setting for this. 

Using Mailman 2.1.23 on cPanel 60.0.28


-- 
Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland)      
Hilfe fuer Strassenkinder in Ghana: http://www.chance-for-children.org

From minxmertzmomo at gmail.com  Thu Jan  5 19:24:49 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Thu, 5 Jan 2017 19:24:49 -0500
Subject: [Mailman-Users] Can't get into list's admin pages after using
 withlist
Message-ID: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>

I tried to reset the digest volume & issue numbers on one of my lists using
withlist, following these very old instructions:

https://mail.python.org/pipermail/mailman-users/2000-August/006218.html

I tried it on a test list first, and it was fine; but after using it on
this other list, I can't get into that list's admin pages. It's possible
it's stuck in other ways, too, e.g., I tried to email into the -leave
address for the list (from an address that I know is subscribed), and
haven't heard back.

No other list appears to be having trouble.

Any suggestions? Thanks!

From mark at msapiro.net  Thu Jan  5 19:33:03 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 5 Jan 2017 16:33:03 -0800
Subject: [Mailman-Users] Message waiting for Moderator action
In-Reply-To: <20170105230540239421.67822122@yahoo.de>
References: <D394DA33-FE69-472D-B83F-1E508EA8F463@astridix.com>
 <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
 <20170105230540239421.67822122@yahoo.de>
Message-ID: <6f4a0f63-9b61-7bd4-2a12-7b5775b6c3aa@msapiro.net>

On 01/05/2017 02:05 PM, Christian F Buser via Mailman-Users wrote:
> 
> I checked the open moderation tasks and found that no message was listed there. A quick question to the others doing some moderation if I am away showed that the message was discarded few hours after it has been sent. 
> 
> The  message sent to the user says: "Entweder wird Ihre E-Mail in K?rze freigegeben und ?ber die Liste verteilt, oder Sie erhalten eine Mitteilung ?ber eine Ablehnung durch den Moderator." which can be understood in two ways: 
> (a) you receive a message _from the moderator_ about his approval or discaring decision, or, 
> (b) you receive a message about the moderator's approval or discaring decision (from the list software). 
> 
> What is the standard procedure? I did not find a setting for this. 
> 
> Using Mailman 2.1.23 on cPanel 60.0.28
> 


It's misleading in English too.

> Either the message will get posted to the list, or you will receive
> notification of the moderator's decision.  If you would like to cancel
> this posting, please visit the following URL:

The implication in the held message notification is that the message
will be accepted or the user will receive notification, but there is
intentionally no mechanism within Mailman to automatically notify the
user of a discard action. If there were, it would be equivalent to reject.

In Mailman 2.1.23, you can follow the "Edit the public HTML pages and
text files" link in the web admin UI and from there, follow the "User
notice of held post" link and edit the message to be more clear.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu Jan  5 19:50:13 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 5 Jan 2017 16:50:13 -0800
Subject: [Mailman-Users] Can't get into list's admin pages after using
 withlist
In-Reply-To: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>
References: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>
Message-ID: <68f02136-5b50-2bdf-f586-913d10460408@msapiro.net>

On 01/05/2017 04:24 PM, Matt Morgan wrote:
> 
> I tried it on a test list first, and it was fine; but after using it on
> this other list, I can't get into that list's admin pages. It's possible
> it's stuck in other ways, too, e.g., I tried to email into the -leave
> address for the list (from an address that I know is subscribed), and
> haven't heard back.
> 
> No other list appears to be having trouble.


Almost certainly the list is still locked. See
<https://wiki.list.org/x/17891756>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From minxmertzmomo at gmail.com  Thu Jan  5 20:15:41 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Thu, 5 Jan 2017 20:15:41 -0500
Subject: [Mailman-Users] Can't get into list's admin pages after using
 withlist
In-Reply-To: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>
References: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>
Message-ID: <CABTRqU7FR3i7z0CfLaP17B7a3Wko_UFf-NVmoRzkg8w4VLc+7g@mail.gmail.com>

On Thu, Jan 5, 2017 at 7:24 PM, Matt Morgan <minxmertzmomo at gmail.com> wrote:

> I tried to reset the digest volume & issue numbers on one of my lists
> using withlist, following these very old instructions:
>
> https://mail.python.org/pipermail/mailman-users/2000-August/006218.html
>
> I tried it on a test list first, and it was fine; but after using it on
> this other list, I can't get into that list's admin pages. It's possible
> it's stuck in other ways, too, e.g., I tried to email into the -leave
> address for the list (from an address that I know is subscribed), and
> haven't heard back.
>
>
It was stale locks in mailman/locks. This doc page helped:

https://wiki.list.org/DOC/4.76%20I%20can't%20access%20one%20of%20my%20lists%20via%20the%20web%20interface.%20One%20of%20my%20lists%20is%20not%20sending%20mail.%20List%20locked
.

Thanks!

From minxmertzmomo at gmail.com  Thu Jan  5 20:16:25 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Thu, 5 Jan 2017 20:16:25 -0500
Subject: [Mailman-Users] Can't get into list's admin pages after using
 withlist
In-Reply-To: <68f02136-5b50-2bdf-f586-913d10460408@msapiro.net>
References: <CABTRqU5wCn9UfJiLD+RHf4XU9P7y8Mu6Hp44JXdREg-HBeTgcA@mail.gmail.com>
 <68f02136-5b50-2bdf-f586-913d10460408@msapiro.net>
Message-ID: <CABTRqU5bYKdggnFGUdzV7QsQ-V7zMXqC=N-oo8sDFwC9q8C_YA@mail.gmail.com>

On Thu, Jan 5, 2017 at 7:50 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 01/05/2017 04:24 PM, Matt Morgan wrote:
> >
> > I tried it on a test list first, and it was fine; but after using it on
> > this other list, I can't get into that list's admin pages. It's possible
> > it's stuck in other ways, too, e.g., I tried to email into the -leave
> > address for the list (from an address that I know is subscribed), and
> > haven't heard back.
> >
> > No other list appears to be having trouble.
>
>
> Almost certainly the list is still locked. See
> <https://wiki.list.org/x/17891756>.
>

Thanks! Somehow I didn't see your reply until just a second ago.

From cmsamsi at hotmail.com  Thu Jan  5 21:00:31 2017
From: cmsamsi at hotmail.com (Caesar Samsi)
Date: Fri, 6 Jan 2017 02:00:31 +0000
Subject: [Mailman-Users] How to stop bounce messages globally?
In-Reply-To: <ab592c80-21ac-9dc2-6c6d-9105f5f769a6@msapiro.net>
References: <D394DA33-FE69-472D-B83F-1E508EA8F463@astridix.com>
 <51DA8B58-FF80-4E46-A7DA-C49104CD2594@hotmail.com>
 <ab592c80-21ac-9dc2-6c6d-9105f5f769a6@msapiro.net>
Message-ID: <066C6976-B526-4541-8AAB-9FC161FE24BA@hotmail.com>

Got it, done!

Many Thanks, Caesar.

> On Jan 5, 2017, at 2:06 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
> On 01/05/2017 01:40 PM, Caesar Samsi wrote:
>> 
>> Lately I have found that spammers send using random reply-to?s to my mailman server.
>> 
>> In response mailman sends a helpful ?Your message awaits moderator approval?.
>> 
>> However, it is NDR as the user in the reply to is not in the target bounced mail server.
> 
> 
> That's the good scenario. The bad scenario is called backscatter and is
> when the notice is deliverable to the innocent third party whose address
> was spoofed as the sender.
> 
> 
>> So ? how can I globally stop bounces and moderator approval messages?
> 
> 
> Set respond_to_post_requests to No on each list and set
> DEFAULT_RESPOND_TO_POST_REQUESTS = No in mm_cfg.py so that new lists get
> created with respond_to_post_requests = No.
> 
> Then Mailman won't send the ?Your message awaits moderator approval?
> notices.
> 
> -- 
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/cmsamsi%40hotmail.com


From geek at uniserve.com  Mon Jan  9 16:40:06 2017
From: geek at uniserve.com (Dave Stevens)
Date: Mon, 9 Jan 2017 13:40:06 -0800
Subject: [Mailman-Users] failure to send message to list
Message-ID: <20170109134006.6eca6ac2@uniserve.com>

This morning PST I sent a message to a mailman list called amsmembers, syslog output here:


Jan  9 11:44:13 web5 postfix/local[7403]: 749618E4CAF:
to=<amsmembers-cleanairplan.ca at web5.bcenclave.ca>,
orig_to=<amsmembers at cleanairplan.ca>, relay=local, delay=0.44,
delays=0.18/0.01/0/0.25, dsn=2.0.0, status=sent (delivered to
command: /usr/lib/mailman/mail/mailman post amsmembers)

This message has not been delivered as far as I can see (I'm a subscriber). I've tested another list on that server to which I'm the only subscriber and no luck there either. The /var/log/mailman/post logfile shows no posts after Jan 8th, yesterday. I've restarted postfix and checked the pending admin tasks in mailman web interface with no pending work. Where should I look for further info? 

Dave

From mark at msapiro.net  Mon Jan  9 18:11:54 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 9 Jan 2017 15:11:54 -0800
Subject: [Mailman-Users] failure to send message to list
In-Reply-To: <20170109134006.6eca6ac2@uniserve.com>
References: <20170109134006.6eca6ac2@uniserve.com>
Message-ID: <1a15d34c-c582-01be-d37a-25422bee26e1@msapiro.net>

On 01/09/2017 01:40 PM, Dave Stevens wrote:
> This morning PST I sent a message to a mailman list called amsmembers, syslog output here:
> 
> 
> Jan  9 11:44:13 web5 postfix/local[7403]: 749618E4CAF:
> to=<amsmembers-cleanairplan.ca at web5.bcenclave.ca>,
> orig_to=<amsmembers at cleanairplan.ca>, relay=local, delay=0.44,
> delays=0.18/0.01/0/0.25, dsn=2.0.0, status=sent (delivered to
> command: /usr/lib/mailman/mail/mailman post amsmembers)
> 
> This message has not been delivered as far as I can see (I'm a subscriber). I've tested another list on that server to which I'm the only subscriber and no luck there either. The /var/log/mailman/post logfile shows no posts after Jan 8th, yesterday. I've restarted postfix and checked the pending admin tasks in mailman web interface with no pending work. Where should I look for further info? 


The message was delivered and presumably got as far as Mailman's in/
queue. Is it still there? Is Mailman running? What's in Mailman's error,
vette and qrunner logs.

See <https://wiki.list.org/x/4030723>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kippels at hhu.de  Wed Jan 11 07:56:24 2017
From: kippels at hhu.de (Julian Kippels)
Date: Wed, 11 Jan 2017 13:56:24 +0100
Subject: [Mailman-Users] Multiple list owners at creation
Message-ID: <20170111135624.1ec242aa@kriemhild>

Hi,

is it possible to create a new list with more than one owner? Or do I
have to create the list with one owner and add the others later?

I'm thinking about doing something like:
newlist testlist owner1 at domain owner2 at domain supersecretpassphrase

Thanks
Julian

From bsfinkel at att.net  Wed Jan 11 12:59:40 2017
From: bsfinkel at att.net (Barry S. Finkel)
Date: Wed, 11 Jan 2017 11:59:40 -0600
Subject: [Mailman-Users] Multiple list owners at creation
In-Reply-To: <20170111135624.1ec242aa@kriemhild>
References: <20170111135624.1ec242aa@kriemhild>
Message-ID: <00ffc8f9-f457-c34f-04b8-80dcdd74b368@att.net>

On 1/11/2017 6:56 AM, Julian Kippels wrote:
> Hi,
>
> is it possible to create a new list with more than one owner? Or do I
> have to create the list with one owner and add the others later?
>
> I'm thinking about doing something like:
> newlist testlist owner1 at domain owner2 at domain supersecretpassphrase
>
> Thanks
> Julian


Here is a patch that I got from Mark Sapiro many years ago;
I assume that it is in the list archives.  Note that I cannot
ensure that this cut-and-paste will survive line wrap.
This is a piece of the "script" output when I last built a
Mailman package for Debian/Ubuntu.  Also note that any
owner addresses after the first are not checked for syntax.

-----
vm20# cat ~b19141/newlist.owners.patch.13
--- newlist     2009-09-14 11:47:56.046875000 -0700
+++ newlistx    2009-10-02 12:51:16.671875000 -0700
@@ -47,6 +47,8 @@
  You can specify as many of the arguments as you want on the command line
  you will be prompted for the missing ones.

+Note that listadmin-addr can be a comma separated list of addresses.
+
  Every Mailman list has two parameters which define the default host name
  outgoing email, and the default URL for all web interfaces.  When you
  configured Mailman, certain defaults were calculated, but if you are run
@@ -173,7 +175,9 @@
          owner_mail = args[1]
      else:
          owner_mail = raw_input(
-            _('Enter the email of the person running the list: '))
+            _('Enter the email(s) of the person running the list: '))
+    owner_emails = owner_mail.split(',')
+    owner_mail = owner_emails[0]

      if len(args) > 2:
          listpasswd = args[2]
@@ -208,6 +212,9 @@
          except Errors.MMListAlreadyExistsError:
              usage(1, _('List already exists: %(listname)s'))

+        # assign the owners
+        mlist.owner = owner_emails
+
          # Assign domain-specific attributes
          mlist.host_name = host_name
          mlist.web_page_url = web_page_url
@@ -246,7 +253,7 @@
          i18n.set_language(mlist.preferred_language)
          try:
              msg = Message.UserNotification(
-                owner_mail, siteowner,
+                owner_emails, siteowner,
                  _('Your new mailing list: %(listname)s'),
                  text, mlist.preferred_language)
              msg.send(mlist)
vm20# patch -p0 < ~b19141/newlist.owners.patch.13
patching file newlist
vm20# diff newlist newlist.original
50,51d49
< Note that listadmin-addr can be a comma separated list of addresses.
<
178,180c176
<             _('Enter the email(s) of the person running the list: '))
<     owner_emails = owner_mail.split(',')
<     owner_mail = owner_emails[0]
---
 >             _('Enter the email of the person running the list: '))
215,217d210
<         # assign the owners
<         mlist.owner = owner_emails
<
256c249
<                 owner_emails, siteowner,
---
 >                 owner_mail, siteowner,
vm20# pwd

-----

--Barry Finkel

From minxmertzmomo at gmail.com  Wed Jan 11 13:22:01 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Wed, 11 Jan 2017 13:22:01 -0500
Subject: [Mailman-Users] from_is_list Wrap Message: what does that look like?
Message-ID: <CABTRqU4H2Rv=nodniVQVuhZkd4chOiKNxUbnSEUsCCE6Vu_cew@mail.gmail.com>

If I use from_is_list "Wrap Message," what will users see? The help page
says "This is effectively a one message MIME format digest." Does that mean
that the original message is going to show up as an attachment in some mail
readers?

What about in Digests? I have to imagine that wrapping is unnecessary on a
digest, so the messages would just look like any other message. Is that
accurate?

I'm trying to advise my list moderators on choosing between "Wrap Message"
and "Reject." And considering whether to give them a choice. "Reject" is
clear and understandable, but will annoy some of our users, none
(approximately) of whom will understand at first why we're doing it. But
"Wrap Message" may confuse everybody else, if those messages look funny or
take an extra step to read.

Anybody who has experience with how list subscribers respond to these
changes, please let me know!

Thanks,
Matt

From mark at msapiro.net  Wed Jan 11 14:09:47 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 11 Jan 2017 11:09:47 -0800
Subject: [Mailman-Users] from_is_list Wrap Message: what does that look
 like?
In-Reply-To: <CABTRqU4H2Rv=nodniVQVuhZkd4chOiKNxUbnSEUsCCE6Vu_cew@mail.gmail.com>
References: <CABTRqU4H2Rv=nodniVQVuhZkd4chOiKNxUbnSEUsCCE6Vu_cew@mail.gmail.com>
Message-ID: <be82b1c1-bc86-5313-15ec-6061f26b4869@msapiro.net>

On 01/11/2017 10:22 AM, Matt Morgan wrote:
> If I use from_is_list "Wrap Message," what will users see? The help page
> says "This is effectively a one message MIME format digest." Does that mean
> that the original message is going to show up as an attachment in some mail
> readers?


Yes.


> What about in Digests? I have to imagine that wrapping is unnecessary on a
> digest, so the messages would just look like any other message. Is that
> accurate?


Yes. DMARC mitigations are not applied to messages in digests or archives.


> I'm trying to advise my list moderators on choosing between "Wrap Message"
> and "Reject." And considering whether to give them a choice. "Reject" is
> clear and understandable, but will annoy some of our users, none
> (approximately) of whom will understand at first why we're doing it. But
> "Wrap Message" may confuse everybody else, if those messages look funny or
> take an extra step to read.


Yes, that's the dilemma. Note that from_is_list does not have a 'reject'
option. That applies only to dmarc_moderation_action, and setting it to
'reject' is only appropriate in limited situations when it is possible
and appropriate to force list members to not post from Yahoo, AOL or
other domains that publish DMARC p=reject or p=quarantine. You are
basically punishing users based on the policy of their ESPs which they
can control only by switching providers. For some lists in some
situations, this can be appropriate, but in general, it is not. And your
users won't understand and if they complain to Yahoo, AOL, etc., they
will be lied to and told the list is the problem.

For most lists, dmarc_moderation_action = Munge From turns out to be the
best (or least harmful/disruptive) choice. Munge From does not change
the MIME structure and with compliant mail readers at least does not
change the results of 'reply', 'reply all' and 'reply list'.

The big negative of Munge From is the message's From: header no longer
contains the address of the author of the message so the message is no
longer strictly compliant with RFCs 822, 2822 and 5322.


> Anybody who has experience with how list subscribers respond to these
> changes, please let me know!


List subscribers with iThings do not like Wrap Message. At least some
other mobile clients also have issues with this format. As I said, Munge
From, despite it's non-compliance, is usually the better option.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From minxmertzmomo at gmail.com  Wed Jan 11 17:42:44 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Wed, 11 Jan 2017 17:42:44 -0500
Subject: [Mailman-Users] from_is_list Wrap Message: what does that look
 like?
In-Reply-To: <be82b1c1-bc86-5313-15ec-6061f26b4869@msapiro.net>
References: <CABTRqU4H2Rv=nodniVQVuhZkd4chOiKNxUbnSEUsCCE6Vu_cew@mail.gmail.com>
 <be82b1c1-bc86-5313-15ec-6061f26b4869@msapiro.net>
Message-ID: <CABTRqU5-xAtweZxpbDrMvcreFHpTqQe00PzNEZcy0W_EbuNOoQ@mail.gmail.com>

On Wed, Jan 11, 2017 at 2:09 PM, Mark Sapiro <mark at msapiro.net> wrote:

>
> Yes, that's the dilemma. Note that from_is_list does not have a 'reject'
> option.


Right, thanks. I was misremembering from when I looked at this last month.


> For most lists, dmarc_moderation_action = Munge From turns out to be the
> best (or least harmful/disruptive) choice.

...
>
> The big negative of Munge From is the message's From: header no longer
> contains the address of the author of the message so the message is no
> longer strictly compliant with RFCs 822, 2822 and 5322.
>

Isn't it also an issue that the message doesn't say who it's from,
potentially, or how to contact the sender? My biggest list has a lot of job
postings, conference announcements, etc.--things where you don't
necessarily mention yourself in what you send in (even if you may include
other contact info). In that case won't we risk confusing all the readers
of the list? It'll look like the list itself (or rather its sponsoring
organization) is promoting the job announcement.

Or, I would guess on any list, someone will often say "contact me for more
info" with the assumption that their email address is up above. Am I
misunderstanding Munge From?


> List subscribers with iThings do not like Wrap Message. At least some
> other mobile clients also have issues with this format.


Thanks, that's really good to know.

From mark at msapiro.net  Wed Jan 11 18:19:17 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 11 Jan 2017 15:19:17 -0800
Subject: [Mailman-Users] from_is_list Wrap Message: what does that look
 like?
In-Reply-To: <CABTRqU5-xAtweZxpbDrMvcreFHpTqQe00PzNEZcy0W_EbuNOoQ@mail.gmail.com>
References: <CABTRqU4H2Rv=nodniVQVuhZkd4chOiKNxUbnSEUsCCE6Vu_cew@mail.gmail.com>
 <be82b1c1-bc86-5313-15ec-6061f26b4869@msapiro.net>
 <CABTRqU5-xAtweZxpbDrMvcreFHpTqQe00PzNEZcy0W_EbuNOoQ@mail.gmail.com>
Message-ID: <10691854-6362-e6eb-5f60-e2a4d6819e7d@msapiro.net>

On 01/11/2017 02:42 PM, Matt Morgan wrote:
> On Wed, Jan 11, 2017 at 2:09 PM, Mark Sapiro <mark at msapiro.net> wrote:
>>
>> The big negative of Munge From is the message's From: header no longer
>> contains the address of the author of the message so the message is no
>> longer strictly compliant with RFCs 822, 2822 and 5322.
>>
> 
> Isn't it also an issue that the message doesn't say who it's from,
> potentially, or how to contact the sender?


That should not be the case. The original From: is always put in
Reply-To: or in some cases Cc: with the intent that a compliant MUAs
'reply' and 'reply all' function will address the reply the same whether
or not the message is Munged. Also, the sender's display name in the
original From: is preserved. In a simple case with no Reply-To: munging,
a message

From: Joe Poster <joe at example.com>

will be sent from the list with

From: Joe Poster via AList <alist at example.net>
Reply-To: Joe Poster <joe at example.com>


> Or, I would guess on any list, someone will often say "contact me for more
> info" with the assumption that their email address is up above. Am I
> misunderstanding Munge From?


Yes. I think so. This is what the code says

>     # MAS: We need to do some things with the original From: if we've munged
>     # it for DMARC mitigation.  We have goals for this process which are
>     # not completely compatible, so we do the best we can.  Our goals are:
>     # 1) as long as the list is not anonymous, the original From: address
>     #    should be obviously exposed, i.e. not just in a header that MUAs
>     #    don't display.
>     # 2) the original From: address should not be in a comment or display
>     #    name in the new From: because it is claimed that multiple domains
>     #    in any fields in From: are indicative of spamminess.  This means
>     #    it should be in Reply-To: or Cc:.
>     # 3) the behavior of an MUA doing a 'reply' or 'reply all' should be
>     #    consistent regardless of whether or not the From: is munged.
>     # Goal 3) implies sometimes the original From: should be in Reply-To:
>     # and sometimes in Cc:, and even so, this goal won't be achieved in
>     # all cases with all MUAs.  In cases of conflict, the above ordering of
>     # goals is priority order.


We think all Mailman versions 2.1.19 and later do a good job of meeting
those goals.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kippels at hhu.de  Thu Jan 12 11:21:45 2017
From: kippels at hhu.de (Julian Kippels)
Date: Thu, 12 Jan 2017 17:21:45 +0100
Subject: [Mailman-Users] Multiple list owners at creation
In-Reply-To: <00ffc8f9-f457-c34f-04b8-80dcdd74b368@att.net>
References: <20170111135624.1ec242aa@kriemhild>
 <00ffc8f9-f457-c34f-04b8-80dcdd74b368@att.net>
Message-ID: <20170112172145.5a950f7a@siegfried>

Am Wed, 11 Jan 2017 11:59:40 -0600
schrieb "Barry S. Finkel" <bsfinkel at att.net>:

> On 1/11/2017 6:56 AM, Julian Kippels wrote:
> > Hi,
> >
> > is it possible to create a new list with more than one owner? Or do
> > I have to create the list with one owner and add the others later?
> >
> > I'm thinking about doing something like:
> > newlist testlist owner1 at domain owner2 at domain supersecretpassphrase
> >
> > Thanks
> > Julian  
> 
> 
> Here is a patch that I got from Mark Sapiro many years ago;
> I assume that it is in the list archives.  Note that I cannot
> ensure that this cut-and-paste will survive line wrap.
> This is a piece of the "script" output when I last built a
> Mailman package for Debian/Ubuntu.  Also note that any
> owner addresses after the first are not checked for syntax.
> 
> -----
> vm20# cat ~b19141/newlist.owners.patch.13
> --- newlist     2009-09-14 11:47:56.046875000 -0700
> +++ newlistx    2009-10-02 12:51:16.671875000 -0700
> @@ -47,6 +47,8 @@
>   You can specify as many of the arguments as you want on the command
> line you will be prompted for the missing ones.
> 
> +Note that listadmin-addr can be a comma separated list of addresses.
> +
>   Every Mailman list has two parameters which define the default host
> name outgoing email, and the default URL for all web interfaces.
> When you configured Mailman, certain defaults were calculated, but if
> you are run @@ -173,7 +175,9 @@
>           owner_mail = args[1]
>       else:
>           owner_mail = raw_input(
> -            _('Enter the email of the person running the list: '))
> +            _('Enter the email(s) of the person running the list: '))
> +    owner_emails = owner_mail.split(',')
> +    owner_mail = owner_emails[0]
> 
>       if len(args) > 2:
>           listpasswd = args[2]
> @@ -208,6 +212,9 @@
>           except Errors.MMListAlreadyExistsError:
>               usage(1, _('List already exists: %(listname)s'))
> 
> +        # assign the owners
> +        mlist.owner = owner_emails
> +
>           # Assign domain-specific attributes
>           mlist.host_name = host_name
>           mlist.web_page_url = web_page_url
> @@ -246,7 +253,7 @@
>           i18n.set_language(mlist.preferred_language)
>           try:
>               msg = Message.UserNotification(
> -                owner_mail, siteowner,
> +                owner_emails, siteowner,
>                   _('Your new mailing list: %(listname)s'),
>                   text, mlist.preferred_language)
>               msg.send(mlist)
> vm20# patch -p0 < ~b19141/newlist.owners.patch.13
> patching file newlist
> vm20# diff newlist newlist.original
> 50,51d49
> < Note that listadmin-addr can be a comma separated list of addresses.
> <
> 178,180c176
> <             _('Enter the email(s) of the person running the list:
> ')) <     owner_emails = owner_mail.split(',')
> <     owner_mail = owner_emails[0]
> ---
>  >             _('Enter the email of the person running the list:
>  > '))  
> 215,217d210
> <         # assign the owners
> <         mlist.owner = owner_emails
> <
> 256c249
> <                 owner_emails, siteowner,
> ---
>  >                 owner_mail, siteowner,  
> vm20# pwd
> 
> -----
> 
> --Barry Finkel
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives:
> http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe:
> https://mail.python.org/mailman/options/mailman-users/kippels%40hhu.de

Great! I applied the changes by hand (some line numbers were a bit off
in my version of MM) and it worked as intendet.

Thank you!

Julian

From scott at qth.com  Sun Jan 15 23:58:04 2017
From: scott at qth.com (Scott Neader)
Date: Sun, 15 Jan 2017 22:58:04 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
Message-ID: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>

I'm using Mailman version 2.1.23.  Since late 2014, I've been successfully
using the "Munge From" option under Privacy Options > Sender filters >
"Action to take when anyone posts to the list from a domain with a DMARC
Reject/Quarantine Policy."  Mail from users using AOL, Yahoo and others
with a DMARC policy of quarantine or reject had the FROM field munged:

FROM: John Doe <someuser at yahoo.com>

becomes

FROM: John Doe via Listname <listname at ourdomain.com>

Again, this has been working GREAT for over two years.  Now, mysteriously,
this has stopped working. When yahoo.com or AOL.com users post to our
lists, the Munging is not working.  When I query for a DMARC record from
the mail server, it can see the record, so I think it's not a resolver
issue.

I'm really stumped... any pointers/ideas on where to look would be greatly
appreciated!

- Scott

From mark at msapiro.net  Mon Jan 16 13:23:47 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 16 Jan 2017 10:23:47 -0800
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
Message-ID: <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>

On 01/15/2017 08:58 PM, Scott Neader wrote:
> 
> When yahoo.com or AOL.com users post to our
> lists, the Munging is not working.  When I query for a DMARC record from
> the mail server, it can see the record, so I think it's not a resolver
> issue.
> 
> I'm really stumped... any pointers/ideas on where to look would be greatly
> appreciated!


It seems you have access to the Mailman server, so look in Mailman's
error log. If you see messages like

DNS lookup for dmarc_moderation_action for list <listname> not available

it means at the time Mailman was last (re)started, the import of
dns.resolver failed. This is unlikely as it had been working.

Also look for messages beginning

DNSException: Unable to query DMARC policy for ...

These should be self explanitory.

Also look in Mailman's vette log. There should be messages like

<listname>: DMARC lookup for <email> (_dmarc.<domain>) found p=reject ...

for each post from AOL, Yahoo, etc. Presumably, there will be none of
these since munging stopped.

Let us know what you find. Note that if you are seeing the

DNS lookup for dmarc_moderation_action for list <listname> not available

messages, restarting Mailman may fix it. Also, in this case try

python -c "import dns.resolver"

to see if it reports any error.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Mon Jan 16 13:51:10 2017
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 16 Jan 2017 12:51:10 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
Message-ID: <1484592670.3671.36.camel@fmp.com>

On Mon, 2017-01-16 at 10:23 -0800, Mark Sapiro wrote:
> Note that if you are seeing the
> 
> DNS lookup for dmarc_moderation_action for list <listname> not
> available
> 
> messages, restarting Mailman may fix it. Also, in this case try
> 
> python -c "import dns.resolver"
> 
> to see if it reports any error.

I don't believe that the python DNS resolver module is a stock part of
the python distribution. I may be wrong about this, but I recall
explicitly installing it here. If, for any reason, the working version
of python on which Mailman depends was upgraded or up-versioned, this
package may need to be manually re-installed for the new version.

If the symbolic link /usr/bin/python shows a creation/modification date
that coincides with the failure of your DMARC lookups then this is a
possibility, albeit an unlikely one, but it's easy to check ("ls -l
/usr/bin/python")

Mark's tests should help you narrow the problem down.

-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson


From brian at emwd.com  Mon Jan 16 15:05:15 2017
From: brian at emwd.com (Brian Carpenter)
Date: Mon, 16 Jan 2017 15:05:15 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
Message-ID: <737501d27033$da857cb0$8f907610$@emwd.com>

> I'm using Mailman version 2.1.23.  Since late 2014, I've been successfully
> using the "Munge From" option under Privacy Options > Sender filters >
> "Action to take when anyone posts to the list from a domain with a DMARC
> Reject/Quarantine Policy."  Mail from users using AOL, Yahoo and others
> with a DMARC policy of quarantine or reject had the FROM field munged:
> 
> FROM: John Doe <someuser at yahoo.com>
> 
> becomes
> 
> FROM: John Doe via Listname <listname at ourdomain.com>
> 
> Again, this has been working GREAT for over two years.  Now, mysteriously,
> this has stopped working. When yahoo.com or AOL.com users post to our
> lists, the Munging is not working.  When I query for a DMARC record from
> the mail server, it can see the record, so I think it's not a resolver
> issue.
> 
> I'm really stumped... any pointers/ideas on where to look would be greatly
> appreciated!
> 
> - Scott

I would also be interested if anyone has any answers or suggestions to this
as we have seen the same issue on our mailman servers. Enabling the DMARC
option on the general options page seems to fix it however but I am not sure
in why this has suddenly become a problem with just using the privacy
options -- sender filters settings.


Brian Carpenter
EMWD.com, Owner

Providing Cloud Services and Mailman hosting for over 15 years.

T: 336.755.0685
E: brian at emwd.com
www.emwd.com

?






From mark at msapiro.net  Mon Jan 16 16:20:26 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 16 Jan 2017 13:20:26 -0800
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <737501d27033$da857cb0$8f907610$@emwd.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <737501d27033$da857cb0$8f907610$@emwd.com>
Message-ID: <c6478c9e-b443-e164-3304-13f1964cc3fb@msapiro.net>

On 01/16/2017 12:05 PM, Brian Carpenter wrote:
> 
> I would also be interested if anyone has any answers or suggestions to this
> as we have seen the same issue on our mailman servers.


See
<https://mail.python.org/pipermail/mailman-users/2017-January/081821.html>.
Follow the suggestions there and report what you find.

Is this issue coincident with a cPanel update?


> Enabling the DMARC
> option on the general options page seems to fix it however but I am not sure
> in why this has suddenly become a problem with just using the privacy
> options -- sender filters settings.


The General Options from_is_list setting applies to all posts without
checking the policy of the From: domain. It is something in the DMARC
policy lookup that isn't working.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From brian at emwd.com  Mon Jan 16 19:24:29 2017
From: brian at emwd.com (Brian Carpenter)
Date: Mon, 16 Jan 2017 19:24:29 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <c6478c9e-b443-e164-3304-13f1964cc3fb@msapiro.net>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <737501d27033$da857cb0$8f907610$@emwd.com>
 <c6478c9e-b443-e164-3304-13f1964cc3fb@msapiro.net>
Message-ID: <77c301d27058$11ac6770$35053650$@emwd.com>

> On 01/16/2017 12:05 PM, Brian Carpenter wrote:
> >
> > I would also be interested if anyone has any answers or suggestions to
this
> > as we have seen the same issue on our mailman servers.
> 
> 
> See
> <https://mail.python.org/pipermail/mailman-users/2017-
> January/081821.html>.
> Follow the suggestions there and report what you find.
> 
> Is this issue coincident with a cPanel update?
> 
> 
> > Enabling the DMARC
> > option on the general options page seems to fix it however but I am not
> sure
> > in why this has suddenly become a problem with just using the privacy
> > options -- sender filters settings.
> 
> 
> The General Options from_is_list setting applies to all posts without
> checking the policy of the From: domain. It is something in the DMARC
> policy lookup that isn't working.

Thanks Mark. I am definitely seeing:

DNS lookup for dmarc_moderation_action for list <listname> not available

in the error logs. I am thinking it is an issue with a cPanel update but I
do know if it was an update, it was a minor one. I have restarted Mailman to
see if that fixes the issues. I am currently awaiting the results from our
logs to see. Meanwhile I get the following when I run " python -c "import
dns.resolver":

Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named dns.resolver

Do I need to run that command in a certain directory?

Brian Carpenter
EMWD.com, Owner

Providing Cloud Services and Mailman hosting for over 15 years.
E: brian at emwd.com
www.emwd.com

?



Thanks,


From mark at msapiro.net  Mon Jan 16 19:49:51 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 16 Jan 2017 16:49:51 -0800
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <77c301d27058$11ac6770$35053650$@emwd.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <737501d27033$da857cb0$8f907610$@emwd.com>
 <c6478c9e-b443-e164-3304-13f1964cc3fb@msapiro.net>
 <77c301d27058$11ac6770$35053650$@emwd.com>
Message-ID: <a3a5cfb1-9794-3361-e84c-c9d601a59869@msapiro.net>

On 01/16/2017 04:24 PM, Brian Carpenter wrote:
> 
> Meanwhile I get the following when I run " python -c "import
> dns.resolver":
> 
> Traceback (most recent call last):
>   File "<string>", line 1, in <module>
> ImportError: No module named dns.resolver
> 
> Do I need to run that command in a certain directory?


This is the problem. Assuming 'python' invokes the same python
interpreter that Mailman is using, the required dnspython module is not
installed, at least not where it is accessible to Mailman's python.

This is almost certainly a cPanel issue. I.e. they released an update
which neglected to include that. It was there previously.

I don't know enough about cPanel to know if this will work, but assuming
you have pip,

sudo pip install dnspython

should fix it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From fmouse at fmp.com  Mon Jan 16 20:49:53 2017
From: fmouse at fmp.com (Lindsay Haisley)
Date: Mon, 16 Jan 2017 19:49:53 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <77c301d27058$11ac6770$35053650$@emwd.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <737501d27033$da857cb0$8f907610$@emwd.com>
 <c6478c9e-b443-e164-3304-13f1964cc3fb@msapiro.net>
 <77c301d27058$11ac6770$35053650$@emwd.com>
Message-ID: <1484617793.60815.15.camel@fmp.com>

On Mon, 2017-01-16 at 19:24 -0500, Brian Carpenter wrote:
> Meanwhile I get the following when I run " python -c "import
> dns.resolver":
> 
> Traceback (most recent call last):
> ? File "<string>", line 1, in <module>
> ImportError: No module named dns.resolver
> 
> Do I need to run that command in a certain directory?

It looks as if my previous post on this was relevant. Python was
updated, and the dnspython module wasn't installed for the upgraded
version. Mark's solution is basically the correct one:

? ? sudo pip install dnspython

This does, however, make two assumptions.

1. You have sudo (root) access on the system

2. You have pip (the Python Package Installer) on the system

If either of these is NOT satisfied, you'll have additional work to do.
Assuming you have sudo access, but pip is NOT installed, you'll need to
to install it from the distribution. On Ubuntu systems:

? ? sudo apt-get install python-pip

Other distributions will have different package management tools, and
the command will vary accordingly.

Once pip is installed, depending on the distribution, you may need to
upgrade pip before you can use it.

? ? sudo -H pip install --upgrade pip

Then, to install dnspython, you'll use:

? ? sudo -H pip install dnspython

the -H option may be advisable for pip's cache handling.

-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson


From scott at qth.com  Mon Jan 16 22:29:02 2017
From: scott at qth.com (Scott Neader)
Date: Mon, 16 Jan 2017 21:29:02 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
Message-ID: <CAPLm_7CX122ASMXkEyJjDgONb82GF+qG+ya0ecA9NHsVXr9qnA@mail.gmail.com>

On Mon, Jan 16, 2017 at 12:23 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 01/15/2017 08:58 PM, Scott Neader wrote:
> > When yahoo.com or AOL.com users post to our
> > lists, the Munging is not working.  When I query for a DMARC record from
> > the mail server, it can see the record, so I think it's not a resolver
> > issue.
> >
> > I'm really stumped... any pointers/ideas on where to look would be
> greatly
> > appreciated!
>
> It seems you have access to the Mailman server, so look in Mailman's
> error log. If you see messages like
>
> DNS lookup for dmarc_moderation_action for list <listname> not available
>
> it means at the time Mailman was last (re)started, the import of
> dns.resolver failed. This is unlikely as it had been working.
>

Nice catch!  Sure enough, the log is flooded with lines like...

Jan 16 15:25:19 2017 (78452) DNS lookup for dmarc_moderation_action for
list REDACTED not available

Note that if you are seeing the
>
> DNS lookup for dmarc_moderation_action for list <listname> not available
>
> messages, restarting Mailman may fix it.


Tried a restart, then a test, but no changes.


> Also, in this case try
>
> python -c "import dns.resolver"
>
> to see if it reports any error.
>

Yes... not good results:

# python -c "import dns.resolver"
Traceback (most recent call last):
  File "<string>", line 1, in <module>
ImportError: No module named dns.resolver

I've got some digging to do... but if you have any other ideas at this
point, I'll take them!  Thank you!

- Scott

From mark at msapiro.net  Mon Jan 16 22:37:31 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 16 Jan 2017 19:37:31 -0800
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7CX122ASMXkEyJjDgONb82GF+qG+ya0ecA9NHsVXr9qnA@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <CAPLm_7CX122ASMXkEyJjDgONb82GF+qG+ya0ecA9NHsVXr9qnA@mail.gmail.com>
Message-ID: <ee00135f-6f29-53b5-2b9f-561207ecc0d7@msapiro.net>

On 01/16/2017 07:29 PM, Scott Neader wrote:
> On Mon, Jan 16, 2017 at 12:23 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
>> Also, in this case try
>>
>> python -c "import dns.resolver"
>>
>> to see if it reports any error.
>>
> 
> Yes... not good results:
> 
> # python -c "import dns.resolver"
> Traceback (most recent call last):
>   File "<string>", line 1, in <module>
> ImportError: No module named dns.resolver


If this is cPanel, it is almost certainly a bad cPanel update, but see
the posts at
<https://mail.python.org/pipermail/mailman-users/2017-January/081826.html>
and
<https://mail.python.org/pipermail/mailman-users/2017-January/081827.html>.

Basically, your installation lost the dnspython module
<https://pypi.python.org/pypi/dnspython/1.15.0> and you need to
reinstall it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From scott at qth.com  Mon Jan 16 22:42:02 2017
From: scott at qth.com (Scott Neader)
Date: Mon, 16 Jan 2017 21:42:02 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <ee00135f-6f29-53b5-2b9f-561207ecc0d7@msapiro.net>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <CAPLm_7CX122ASMXkEyJjDgONb82GF+qG+ya0ecA9NHsVXr9qnA@mail.gmail.com>
 <ee00135f-6f29-53b5-2b9f-561207ecc0d7@msapiro.net>
Message-ID: <CAPLm_7DHtTfnNcn947st2-j1_7z+9nmuTKk9_69S73cYK-KoWg@mail.gmail.com>

On Mon, Jan 16, 2017 at 9:37 PM, Mark Sapiro <mark at msapiro.net> wrote:

> On 01/16/2017 07:29 PM, Scott Neader wrote:
> > On Mon, Jan 16, 2017 at 12:23 PM, Mark Sapiro <mark at msapiro.net> wrote:
> >
> >> Also, in this case try
> >>
> >> python -c "import dns.resolver"
> >>
> >> to see if it reports any error.
> >>
> >
> > Yes... not good results:
> >
> > # python -c "import dns.resolver"
> > Traceback (most recent call last):
> >   File "<string>", line 1, in <module>
> > ImportError: No module named dns.resolver
>
>
> If this is cPanel, it is almost certainly a bad cPanel update, but see
> the posts at
> <https://mail.python.org/pipermail/mailman-users/2017-January/081826.html>
> and
> <https://mail.python.org/pipermail/mailman-users/2017-January/081827.html
> >.
>
> Basically, your installation lost the dnspython module
> <https://pypi.python.org/pypi/dnspython/1.15.0> and you need to
> reinstall it.


Thanks, Mark.  I'm opening a ticket with cPanel and will share the results
with the group.  I appreciate you narrowing down the problem!

- Scott

From brian at emwd.com  Mon Jan 16 22:50:23 2017
From: brian at emwd.com (Brian Carpenter)
Date: Mon, 16 Jan 2017 22:50:23 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7DHtTfnNcn947st2-j1_7z+9nmuTKk9_69S73cYK-KoWg@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <CAPLm_7CX122ASMXkEyJjDgONb82GF+qG+ya0ecA9NHsVXr9qnA@mail.gmail.com>
 <ee00135f-6f29-53b5-2b9f-561207ecc0d7@msapiro.net>
 <CAPLm_7DHtTfnNcn947st2-j1_7z+9nmuTKk9_69S73cYK-KoWg@mail.gmail.com>
Message-ID: <025101d27074$d562b9a0$80282ce0$@emwd.com>

> Thanks, Mark.  I'm opening a ticket with cPanel and will share the results
> with the group.  I appreciate you narrowing down the problem!
> 
> - Scott
> ------------------------------------------------------

I opened a ticket a few hours ago. I also posted about this on the cPanel
forums as I am sure this has affected quite a bit of cPanel servers. 

FYI, cPanel is installed on Centos servers.


Brian Carpenter
www.emwd.com


From fgont at si6networks.com  Tue Jan 17 02:21:52 2017
From: fgont at si6networks.com (Fernando Gont)
Date: Tue, 17 Jan 2017 04:21:52 -0300
Subject: [Mailman-Users] Searchable archive for mailman mailing-lists?
Message-ID: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>

Folks,

I was meaning to provide some option for searching our mailman mailing
lists.

Two questions:

1) Any open source recommendations for this?

2) In the past, we were providing this feature by mirroring the
mailing-lists with google-groups, and thus using the googlegroups
interface for searching our lists. However, it seems such option is gone
from googlegroups. Has anyone been able to do this recently?

Thanks!

Best regards,
-- 
Fernando Gont
SI6 Networks
e-mail: fgont at si6networks.com
PGP Fingerprint: 6666 31C6 D484 63B2 8FB1 E3C4 AE25 0D55 1D4E 7492





From turnbull.stephen.fw at u.tsukuba.ac.jp  Tue Jan 17 02:59:43 2017
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Tue, 17 Jan 2017 16:59:43 +0900
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <1484592670.3671.36.camel@fmp.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
Message-ID: <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>

Lindsay Haisley writes:

 > I don't believe that the python DNS resolver module is a stock part of
 > the python distribution.

It is not, as of 3.6.


From brian at emwd.com  Tue Jan 17 07:40:19 2017
From: brian at emwd.com (Brian Carpenter)
Date: Tue, 17 Jan 2017 07:40:19 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
Message-ID: <092001d270be$dd169eb0$9743dc10$@emwd.com>

> Lindsay Haisley writes:
> 
>  > I don't believe that the python DNS resolver module is a stock part of
>  > the python distribution.
> 
> It is not, as of 3.6.
> 
> ------------------------------------------------------

cPanel has confirmed the bug and they are currently working on providing a
fix that will be pushed out in an update. Meanwhile they did provide me a
workaround that fixes the issue. Here is what they said related to the
reported bug:


######################################
Indeed, I've replicated this concern on our test servers and I see that the
location has changed in the latest RPM from python 2.6 to python 2.7.

As Cent7 provides python-dns, there is not a need to provide this package
for python 2.7 as the system provided python-dns library can be used. 

We provide cpanel-dnspython on Cent 6 systems as python-dns  is not
available. It appears that in the recent package, the installation has been
moved to /usr/lib64/python2.7 rather then the previous location of
/usr/lib/python2.6  or the expected location of /usr/lib64/python2.6. 

I've downgraded the installed cpanel-dnspython on a test server which then
allowed for the module to be located without issues
######################################

Hats off to Mark Sapiro and to his pinpoint super human laser accuracy to
identify the source of these problems that come up from time to time. 

Brian Carpenter
EMWD.com, Owner

Providing Cloud Services and Mailman Hosting for over 15 years.


From fmouse at fmp.com  Tue Jan 17 11:57:01 2017
From: fmouse at fmp.com (Lindsay Haisley)
Date: Tue, 17 Jan 2017 10:57:01 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <092001d270be$dd169eb0$9743dc10$@emwd.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
Message-ID: <1484672221.88693.60.camel@fmp.com>

On Tue, 2017-01-17 at 07:40 -0500, Brian Carpenter wrote:
> > 
> > Lindsay Haisley writes:
> > 
> > ?> I don't believe that the python DNS resolver module is a stock part of
> > ?> the python distribution.
> > 
> > It is not, as of 3.6.

Nor was it part of 2.6 or 2.7.

Scott's original issue apparently was (exactly as I suggested in an
earlier post in this thread) that python, on his problem system, was
upgraded from v2.6 to v2.7, sans dnspython, which is neither part of
the python standard library nor part of the accessory packages
installed by cPanel or by the distribution's suggested dependencies
map.

> > ------------------------------------------------------
> cPanel has confirmed the bug and they are currently working on providing a
> fix that will be pushed out in an update. Meanwhile they did provide me a
> workaround that fixes the issue. Here is what they said related to the
> reported bug:

So inquiring minds want to know. Why is this a cPanel bug? Mark's
solution suggesting the use of pip to remedy the problem seems to
satisfy the KISS principle, Ockam's Razor, and whatever other system
admin guidelines teach the virtue of simplicity and the power of a
little knowledge of how things work "under the hood".

As I recall, as well, there were, at one point, not one but at least
two DNS resolution modules available for python - dnspython, PyDNS, and
now perhaps python-dns, which are similar but differ with regard to
such trivia as the case of the module name in import directives, but
which will surely cause exceptions if the calling conventions aren't
strictly followed.

This all underscores the problems of relying on other people's
organization, and the resulting dependency on other people's confusion
that comes from blind reliance on??ber-packages (especially proprietary
?ber-packages) such as cPanel which obfuscate and complicate solutions
to simple problems. The following quoted "explanation", presumably from
cPanel, is a perfect example. Exactly _which_ python DNS module are we
talking about here? It's clear as mud!

Hrrumph!!

> 
> ######################################
> Indeed, I've replicated this concern on our test servers and I see
> that the
> location has changed in the latest RPM from python 2.6 to python 2.7.
> 
> As Cent7 provides python-dns, there is not a need to provide this
> package
> for python 2.7 as the system provided python-dns library can be
> used.?
> 
> We provide cpanel-dnspython on Cent 6 systems as python-dns??is not
> available. It appears that in the recent package, the installation
> has been
> moved to /usr/lib64/python2.7 rather then the previous location of
> /usr/lib/python2.6??or the expected location of
> /usr/lib64/python2.6.?
> 
> I've downgraded the installed cpanel-dnspython on a test server which
> then
> allowed for the module to be located without issues
> ######################################
> 
> Hats off to Mark Sapiro and to his pinpoint super human laser
> accuracy to
> identify the source of these problems that come up from time to
> time.?

-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson


From mark at msapiro.net  Tue Jan 17 12:29:32 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 17 Jan 2017 09:29:32 -0800
Subject: [Mailman-Users] Searchable archive for mailman mailing-lists?
In-Reply-To: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
References: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
Message-ID: <3e362a53-5d98-14c5-d0be-40e415d6d967@msapiro.net>

On 01/16/2017 11:21 PM, Fernando Gont wrote:
> 
> I was meaning to provide some option for searching our mailman mailing
> lists.


For Mailman 2.1 see <https://wiki.list.org/x/4030514>.

The HyperKitty archiver for Mailman 3 has search capability built in.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue Jan 17 14:04:09 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 17 Jan 2017 11:04:09 -0800
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <1484672221.88693.60.camel@fmp.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
Message-ID: <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>

On 01/17/2017 08:57 AM, Lindsay Haisley wrote:
> 
> So inquiring minds want to know. Why is this a cPanel bug?


Because cPanel provides Mailman and Python as part of their
distribution. When they first upgraded to a Mailman that included DMARC
mitigations based on DNS policy lookups, they included dnspython in
their Python package.

They have apparently shipped a recent update that upgraded their Python
2.6 package with dnspython to Python 2.7 without it, thus breaking their
Mailman package.


...
> As I recall, as well, there were, at one point, not one but at least
> two DNS resolution modules available for python - dnspython, PyDNS, and
> now perhaps python-dns, which are similar but differ with regard to
> such trivia as the case of the module name in import directives, but
> which will surely cause exceptions if the calling conventions aren't
> strictly followed.


You are correct. Mailman as distributed by us requires dnspython and
won't work with PyDNS. python-dns is the RedHat/Centos name for PyDNS.


> This all underscores the problems of relying on other people's
> organization, and the resulting dependency on other people's confusion
> that comes from blind reliance on ?ber-packages (especially proprietary
> ?ber-packages) such as cPanel which obfuscate and complicate solutions
> to simple problems. The following quoted "explanation", presumably from
> cPanel, is a perfect example. Exactly _which_ python DNS module are we
> talking about here? It's clear as mud!


Agreed, but such packaged solutions have a place. I don't know what
Scott's situation is or his reasons for using cPanel, but I know Brian
operates a shared hosting service, and I know from his participation on
this list that he is conscientious in providing good service to his
customers, and without something like cPanel, his business might not be
viable.

>From my point of view, I think everyone should install Mailman from my
source. Then I wouldn't ever have to deal with issues caused by
downstream packagers, but that's unrealistic in the real world.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From scott at qth.com  Tue Jan 17 14:27:17 2017
From: scott at qth.com (Scott Neader)
Date: Tue, 17 Jan 2017 13:27:17 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
Message-ID: <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>

On 01/17/2017 08:57 AM, Lindsay Haisley wrote:

> > This all underscores the problems of relying on other people's
> > organization, and the resulting dependency on other people's confusion
> > that comes from blind reliance on ?ber-packages (especially proprietary
> > ?ber-packages) such as cPanel which obfuscate and complicate solutions
> > to simple problems. The following quoted "explanation", presumably from
> > cPanel, is a perfect example. Exactly _which_ python DNS module are we
> > talking about here? It's clear as mud!
>

On Tue, Jan 17, 2017 at 1:04 PM, Mark Sapiro <mark at msapiro.net> wrote:

> Agreed, but such packaged solutions have a place. I don't know what
> Scott's situation is or his reasons for using cPanel, but I know Brian
> operates a shared hosting service, and I know from his participation on
> this list that he is conscientious in providing good service to his
> customers, and without something like cPanel, his business might not be
> viable.


Same situation as Brian... we are a provider of shared hosting services
(since 1996).  Like Brian's business, we also strive to provide excellent
service to our customers, which drove me to dig into this situation.

You are correct that we'd have no business, without a "control panel" for
our hosting customers to use.  cPanel does an outstanding job, considering
all the piece-parts that come together... their 'eco-system' is normally
very reliable and well tested.  I also am a list owner of several lists,
and was personally seeing the effects of the lack of munging.

Thanks for your support and understanding, Mark, and especially for not
making us feel bad or looking down upon us for utilizing such a control
panel system to support our customers and their myriad needs.

- Scott

From fmouse at fmp.com  Tue Jan 17 14:49:34 2017
From: fmouse at fmp.com (Lindsay Haisley)
Date: Tue, 17 Jan 2017 13:49:34 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
 <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
Message-ID: <1484682574.88693.93.camel@fmp.com>

On Tue, 2017-01-17 at 13:27 -0600, Scott Neader wrote:
> Thanks for your support and understanding, Mark, and especially for not
> making us feel bad or looking down upon us for utilizing such a control
> panel system to support our customers and their myriad needs.

Scott, I apologize to you, and to anyone else, if you feel that I was
looking down on you. It was not my intent. I have my opinions about
Linux and system administration, and they're not shared by everyone.
FMP Computer Services is a very small hosting service, one might even
call it "boutique", and we don't use cPanel, or any other control panel
system. Customers do fine without it, and can call on me, personally,
if they need any configuration set-up or services other than those
presented at account setup.

It does seem, though, that as we rely more heavily on complex packaging
and management systems, simple solutions to simple problems get lost in
the shuffle.

Again, I'm sorry for any insult or offense to anyone on this list.

Can I have some barbecue sauce on my crow ;)

-- 
Lindsay Haisley       |  "Humor will get you through times of no humor
FMP Computer Services |      better than no humor will get you through
512-259-1190          |         times of humor."
http://www.fmp.com    |            - Butch Hancock


From scott at qth.com  Tue Jan 17 15:03:46 2017
From: scott at qth.com (Scott Neader)
Date: Tue, 17 Jan 2017 14:03:46 -0600
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <1484682574.88693.93.camel@fmp.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
 <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
 <1484682574.88693.93.camel@fmp.com>
Message-ID: <CAPLm_7CW6PWhGfSg3OkoyEmw9gnqeLP864bxGbqEf6j=u6w9ZA@mail.gmail.com>

On Tue, Jan 17, 2017 at 1:49 PM, Lindsay Haisley <fmouse at fmp.com> wrote:

> Scott, I apologize to you, and to anyone else, if you feel that I was
> looking down on you. It was not my intent. I have my opinions about
> Linux and system administration, and they're not shared by everyone.
> ...
> Again, I'm sorry for any insult or offense to anyone on this list.
>

...and I didn't intend to pin that on you... was more thanking Mark for
being patient and understanding on this situation.   But... apology
certainly accepted, since you offered.  Thanks!


> Can I have some barbecue sauce on my crow ;)
>

Only if you'll share. I eat plenty of that fine cuisine myself.

- Scott

From mark at mailmanlists.net  Tue Jan 17 15:09:10 2017
From: mark at mailmanlists.net (Mark Dale)
Date: Wed, 18 Jan 2017 07:09:10 +1100
Subject: [Mailman-Users] Searchable archive for mailman mailing-lists?
In-Reply-To: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
References: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
Message-ID: <20dc7a39-2331-831e-d290-dacef4314fdb@mailmanlists.net>

Hi Fernando

For installing the Namazu search on Mailman 2.1.*, there is a good "how
to" (with a working example) at:

http://bakacsin.ki.iif.hu/~kissg/project/mailman+namazu/

We've had great success using the guide over the years. It might be
worth noting that on a recent installation on Debian Stretch I did have
to get the required Namazu packages from the Jessie repository.

Regards,
Mark

========================================



On 17/01/17 18:21, Fernando Gont wrote:
> Folks,
> 
> I was meaning to provide some option for searching our mailman mailing
> lists.
> 
> Two questions:
> 
> 1) Any open source recommendations for this?
> 
> 2) In the past, we were providing this feature by mirroring the
> mailing-lists with google-groups, and thus using the googlegroups
> interface for searching our lists. However, it seems such option is gone
> from googlegroups. Has anyone been able to do this recently?
> 
> Thanks!
> 
> Best regards,
> 

From fmouse at fmp.com  Tue Jan 17 15:45:27 2017
From: fmouse at fmp.com (Lindsay Haisley)
Date: Tue, 17 Jan 2017 14:45:27 -0600
Subject: [Mailman-Users] Searchable archive for mailman mailing-lists?
In-Reply-To: <20dc7a39-2331-831e-d290-dacef4314fdb@mailmanlists.net>
References: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
 <20dc7a39-2331-831e-d290-dacef4314fdb@mailmanlists.net>
Message-ID: <1484685927.88693.104.camel@fmp.com>

On Wed, 2017-01-18 at 07:09 +1100, Mark Dale wrote:
> Hi Fernando
> 
> For installing the Namazu search on Mailman 2.1.*, there is a good "how
> to" (with a working example) at:
> 
> http://bakacsin.ki.iif.hu/~kissg/project/mailman+namazu/

Some years ago I developed a set of patches and instructions to
integrate namazu with Mailman 2.1, generally collected under the name
nmzproc. See:

http://linode.fmp.com/namazu/

This works well, and has been in use here on some lists for several
years, but there are probably easier ways to get this capability. Some
Mailman sites I host use have used off-site services such as?
mail-archive.com.

> We've had great success using the guide over the years. It might be
> worth noting that on a recent installation on Debian Stretch I did have
> to get the required Namazu packages from the Jessie repository.
> 
> Regards,
> Mark
> 
> ========================================
> 
> 
> 
> On 17/01/17 18:21, Fernando Gont wrote:
> > 
> > Folks,
> > 
> > I was meaning to provide some option for searching our mailman
> > mailing
> > lists.
> > 
> > Two questions:
> > 
> > 1) Any open source recommendations for this?
> > 
> > 2) In the past, we were providing this feature by mirroring the
> > mailing-lists with google-groups, and thus using the googlegroups
> > interface for searching our lists. However, it seems such option is
> > gone
> > from googlegroups. Has anyone been able to do this recently?
> > 
> > Thanks!
> > 
> > Best regards,
> > 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40pyth
> on.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/fm
> ouse%40fmp.com
-- 
Lindsay Haisley       | "The first casualty when
FMP Computer Services |         war comes is truth."
512-259-1190          |            
http://www.fmp.com    |     -- Hiram W Johnson


From turnbull.stephen.fw at u.tsukuba.ac.jp  Wed Jan 18 19:17:58 2017
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 19 Jan 2017 09:17:58 +0900
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
 <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
Message-ID: <22656.1462.405458.986845@turnbull.sk.tsukuba.ac.jp>

Scott Neader writes:

 > Thanks for your support and understanding, Mark, and especially for
 > not making us feel bad or looking down upon us for utilizing such a
 > control panel system to support our customers and their myriad
 > needs.

As far as I can tell nobody in the Mailman crew has ever had a problem
with hosting services that support their customers using cPanel.  It's
a great idea for that!

The issues that have ired us are hosting services that appear to push
customer service off on cPanel or (worse ;-) us, and perceived lack of
cooperation from cPanel (I'm happy to say that era is long since past)
when hosting services and end users were coming to us for cPanel issues.

I'm very happy to see providers like you and Brian[1] posting here,
and cPanel responding to hosting service issues so fast, and I wish
them -- and you! --

   a cost-reducing, profit-increasing, service-improving New Year!

Steve


Footnotes: 
[1]  Nothing new about Brian posting, he's an old friend here!


From barry at list.org  Wed Jan 18 19:23:35 2017
From: barry at list.org (Barry Warsaw)
Date: Wed, 18 Jan 2017 19:23:35 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <22656.1462.405458.986845@turnbull.sk.tsukuba.ac.jp>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
 <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
 <22656.1462.405458.986845@turnbull.sk.tsukuba.ac.jp>
Message-ID: <20170118192335.32d5bf82@subdivisions.wooz.org>

On Jan 19, 2017, at 09:17 AM, Stephen J. Turnbull wrote:

>As far as I can tell nobody in the Mailman crew has ever had a problem
>with hosting services that support their customers using cPanel.  It's
>a great idea for that!

cPanel also donated a VM for us to use in our CI process on GitLab, and we're
very grateful for that too!

Cheers,
-Barry

From brian at emwd.com  Wed Jan 18 19:28:47 2017
From: brian at emwd.com (Brian Carpenter)
Date: Wed, 18 Jan 2017 19:28:47 -0500
Subject: [Mailman-Users] Recent trouble with DMARC Munging
In-Reply-To: <22656.1462.405458.986845@turnbull.sk.tsukuba.ac.jp>
References: <CAPLm_7CuMDL2V9Qc9kc+z7tUiw+DWi6epho8TkQ7cy6cJ_UNiA@mail.gmail.com>
 <ad31c752-06f1-9fa2-ed04-47d33cf94fcb@msapiro.net>
 <1484592670.3671.36.camel@fmp.com>
 <22653.52975.233827.89275@turnbull.sk.tsukuba.ac.jp>
 <092001d270be$dd169eb0$9743dc10$@emwd.com>
 <1484672221.88693.60.camel@fmp.com>
 <760413fa-c953-694c-45da-42697d7579bf@msapiro.net>
 <CAPLm_7AGR2Qb_U5QkWAi9r+XE1Uicp+XA5Qjx3_Zs9jg=k3==Q@mail.gmail.com>
 <22656.1462.405458.986845@turnbull.sk.tsukuba.ac.jp>
Message-ID: <39ae01d271eb$00535440$00f9fcc0$@emwd.com>

> The issues that have ired us are hosting services that appear to push
> customer service off on cPanel or (worse ;-) us, and perceived lack of
> cooperation from cPanel (I'm happy to say that era is long since past)
> when hosting services and end users were coming to us for cPanel issues.
> 
> I'm very happy to see providers like you and Brian[1] posting here,
> and cPanel responding to hosting service issues so fast, and I wish
> them -- and you! --
> 
>    a cost-reducing, profit-increasing, service-improving New Year!
> 
> Steve

Amen!!!

In my experience, I have found cPanel to be very supportive of Mailman and
very responsive to their infrequent introduction of bugs, mistakes, breaking
things, and other errors common to men. 

Brian Carpenter
EMWD.com Owner

Providing Cloud Services and Mailman Hosting for over 18 years.


From ddewey at cyberthugs.com  Thu Jan 19 09:11:01 2017
From: ddewey at cyberthugs.com (ddewey at cyberthugs.com)
Date: Thu, 19 Jan 2017 09:11:01 -0500
Subject: [Mailman-Users] Searchable archive for mailman mailing-lists?
In-Reply-To: <3e362a53-5d98-14c5-d0be-40e415d6d967@msapiro.net>
References: <b8386802-ce2c-273f-c6fe-ad67e99ca7f9@si6networks.com>
 <3e362a53-5d98-14c5-d0be-40e415d6d967@msapiro.net>
Message-ID: <20170119141101.GA9544@bianchi.cyberthugs.com>

Quoting Mark Sapiro (mark at msapiro.net):

> On 01/16/2017 11:21 PM, Fernando Gont wrote:
> > 
> > I was meaning to provide some option for searching our mailman mailing
> > lists.
> 
> 
> For Mailman 2.1 see <https://wiki.list.org/x/4030514>.
> 
> The HyperKitty archiver for Mailman 3 has search capability built in.

I've had good luck over the years with the MHonarc project:
https://www.mhonarc.org/

Converts emails to html and integrates Namazu for search. 

From odhiambo at gmail.com  Thu Jan 19 10:41:41 2017
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Thu, 19 Jan 2017 18:41:41 +0300
Subject: [Mailman-Users] Mailman Security
Message-ID: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>

Okay, maybe the subject is inflammatory/misleading :-)

I have a situation which is a little confusing on a server where I run
Mailman. The subscription model is "confirm & approve"

When I check the MTA's queue, I find hundreds of mail destined to certain
addresses, and one address could have 10 or more same mail destined to it.
I cleared the queue before checking the contents of these e-mails, but I
assume they were those 'confirm your subscription' ones to these addresses,
because I can see the addresses in in Mailman's subscribe logfile.

Now this got me thinking: Once one has submitted a subscription request and
Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
further subscription requests from the same address if they decide to
submit such, and as such shouldn't send any other confirm/verification
requests as long as there is one still pending??

I am talking about a situation leading to a subscribe logfile like the one
at: http://bit.ly/2iFv5vi

Might I be missing something in my list configuration???


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

From brian at emwd.com  Thu Jan 19 10:55:42 2017
From: brian at emwd.com (Brian Carpenter)
Date: Thu, 19 Jan 2017 10:55:42 -0500
Subject: [Mailman-Users] Mailman Security
In-Reply-To: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
References: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
Message-ID: <498b01d2726c$7d615190$7823f4b0$@emwd.com>

> I have a situation which is a little confusing on a server where I run
> Mailman. The subscription model is "confirm & approve"
> 
> When I check the MTA's queue, I find hundreds of mail destined to certain
> addresses, and one address could have 10 or more same mail destined to it.
> I cleared the queue before checking the contents of these e-mails, but I
> assume they were those 'confirm your subscription' ones to these
addresses,
> because I can see the addresses in in Mailman's subscribe logfile.
> 
> Now this got me thinking: Once one has submitted a subscription request
and
> Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
> further subscription requests from the same address if they decide to
> submit such, and as such shouldn't send any other confirm/verification
> requests as long as there is one still pending??
> 
> I am talking about a situation leading to a subscribe logfile like the one
> at: http://bit.ly/2iFv5vi
> 
> Might I be missing something in my list configuration???

Subscription spam which is what I think you are experiencing has been dealt
with to a certain degree by recent versions of mailman. The following two
functions I believe would be of assistance are:

SUBSCRIBE_FORM_SECRET
GLOBAL_BAN_LIST

There is some detail information about them in Defaults.py I believe. 

Brian Carpenter
EMWD, Owner

Providing Cloud Services and Mailman hosting for over 18 years.


From odhiambo at gmail.com  Thu Jan 19 11:32:26 2017
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Thu, 19 Jan 2017 19:32:26 +0300
Subject: [Mailman-Users] Mailman Security
In-Reply-To: <498b01d2726c$7d615190$7823f4b0$@emwd.com>
References: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
 <498b01d2726c$7d615190$7823f4b0$@emwd.com>
Message-ID: <CAAdA2WOYvQU3tUv5dEnLmcmzyWb-9sdxZ+pDHYUbQvcvyAzQHQ@mail.gmail.com>

On 19 January 2017 at 18:55, Brian Carpenter <brian at emwd.com> wrote:

> > I have a situation which is a little confusing on a server where I run
> > Mailman. The subscription model is "confirm & approve"
> >
> > When I check the MTA's queue, I find hundreds of mail destined to certain
> > addresses, and one address could have 10 or more same mail destined to
> it.
> > I cleared the queue before checking the contents of these e-mails, but I
> > assume they were those 'confirm your subscription' ones to these
> addresses,
> > because I can see the addresses in in Mailman's subscribe logfile.
> >
> > Now this got me thinking: Once one has submitted a subscription request
> and
> > Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
> > further subscription requests from the same address if they decide to
> > submit such, and as such shouldn't send any other confirm/verification
> > requests as long as there is one still pending??
> >
> > I am talking about a situation leading to a subscribe logfile like the
> one
> > at: http://bit.ly/2iFv5vi
> >
> > Might I be missing something in my list configuration???
>
> Subscription spam which is what I think you are experiencing has been dealt
> with to a certain degree by recent versions of mailman. The following two
> functions I believe would be of assistance are:
>
> SUBSCRIBE_FORM_SECRET
> GLOBAL_BAN_LIST
>
>

> There is some detail information about them in Defaults.py I believe.
>
> Brian Carpenter
> EMWD, Owner
>
> Providing Cloud Services and Mailman hosting for over 18 years.
>
>

Awesome.

So is it enough to add

SUBSCRIBE_FORM_SECRET = 'L1feSuX'

to mm_cfg.py and restarting Mailman without doing any other thing??


The GLOBAL_BAN_LIST is self-explanatory when I read it.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

From mark at msapiro.net  Thu Jan 19 13:22:45 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 19 Jan 2017 10:22:45 -0800
Subject: [Mailman-Users] Mailman Security
In-Reply-To: <CAAdA2WOYvQU3tUv5dEnLmcmzyWb-9sdxZ+pDHYUbQvcvyAzQHQ@mail.gmail.com>
References: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
 <498b01d2726c$7d615190$7823f4b0$@emwd.com>
 <CAAdA2WOYvQU3tUv5dEnLmcmzyWb-9sdxZ+pDHYUbQvcvyAzQHQ@mail.gmail.com>
Message-ID: <27af0857-566c-d137-b85a-01bbbb5b83e7@msapiro.net>

On 01/19/2017 08:32 AM, Odhiambo Washington wrote:
> On 19 January 2017 at 18:55, Brian Carpenter <brian at emwd.com> wrote:
>

Odhiambo Washington wrote:
>>>
>>> Now this got me thinking: Once one has submitted a subscription request
>> and
>>> Mailman has dispatched the 'confirm' email, shouldn't mailman decline any
>>> further subscription requests from the same address if they decide to
>>> submit such, and as such shouldn't send any other confirm/verification
>>> requests as long as there is one still pending??


Perhaps there should be a limit, but not an outright refusal because the
original confirmation email could have been lost.

In any case, I'm not interested in implementing this.



>> Subscription spam which is what I think you are experiencing has been dealt
>> with to a certain degree by recent versions of mailman. The following two
>> functions I believe would be of assistance are:
>>
>> SUBSCRIBE_FORM_SECRET
>> GLOBAL_BAN_LIST
>>
...
> So is it enough to add
> 
> SUBSCRIBE_FORM_SECRET = 'L1feSuX'
> 
> to mm_cfg.py and restarting Mailman without doing any other thing??


That is sufficient to enable that feature and it will help block robotic
web subscribes, but there are bots now that are smart enough to mimic
human behavior in first getting the listinfo page and then waiting
before posting the subscribe form.


> The GLOBAL_BAN_LIST is self-explanatory when I read it.


There are various, widespread attacks of this nature, but none that I've
seen with the addresses you're seeing. There are several threads on this
in the archives of this list.

Look at some of the hits from searching at
<http://www.mail-archive.com/mailman-users%40python.org/> for
global_ban_list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From odhiambo at gmail.com  Thu Jan 19 14:35:43 2017
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Thu, 19 Jan 2017 22:35:43 +0300
Subject: [Mailman-Users] Mailman Security
In-Reply-To: <27af0857-566c-d137-b85a-01bbbb5b83e7@msapiro.net>
References: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
 <498b01d2726c$7d615190$7823f4b0$@emwd.com>
 <CAAdA2WOYvQU3tUv5dEnLmcmzyWb-9sdxZ+pDHYUbQvcvyAzQHQ@mail.gmail.com>
 <27af0857-566c-d137-b85a-01bbbb5b83e7@msapiro.net>
Message-ID: <CAAdA2WNdVqoNZqz3Apjggvq2u537gC=_oXVKsgGyED_=RW+MLg@mail.gmail.com>

On 19 January 2017 at 21:22, Mark Sapiro <mark at msapiro.net> wrote:

> On 01/19/2017 08:32 AM, Odhiambo Washington wrote:
> > On 19 January 2017 at 18:55, Brian Carpenter <brian at emwd.com> wrote:
> >
>
> Odhiambo Washington wrote:
> >>>
> >>> Now this got me thinking: Once one has submitted a subscription request
> >> and
> >>> Mailman has dispatched the 'confirm' email, shouldn't mailman decline
> any
> >>> further subscription requests from the same address if they decide to
> >>> submit such, and as such shouldn't send any other confirm/verification
> >>> requests as long as there is one still pending??
>
>
> Perhaps there should be a limit, but not an outright refusal because the
> original confirmation email could have been lost.
>
> In any case, I'm not interested in implementing this.
>
>
>
> >> Subscription spam which is what I think you are experiencing has been
> dealt
> >> with to a certain degree by recent versions of mailman. The following
> two
> >> functions I believe would be of assistance are:
> >>
> >> SUBSCRIBE_FORM_SECRET
> >> GLOBAL_BAN_LIST
> >>
> ...
> > So is it enough to add
> >
> > SUBSCRIBE_FORM_SECRET = 'L1feSuX'
> >
> > to mm_cfg.py and restarting Mailman without doing any other thing??
>
>
> That is sufficient to enable that feature and it will help block robotic
> web subscribes, but there are bots now that are smart enough to mimic
> human behavior in first getting the listinfo page and then waiting
> before posting the subscribe form.
>
>
Thanks for the clarification. Now I'll just wait and see if the smart bots
are involved.



>
> > The GLOBAL_BAN_LIST is self-explanatory when I read it.
>
>
> There are various, widespread attacks of this nature, but none that I've
> seen with the addresses you're seeing. There are several threads on this
> in the archives of this list.
>
> Look at some of the hits from searching at
> <http://www.mail-archive.com/mailman-users%40python.org/> for
> global_ban_list.
>


Seen that. Usable, but not everything, given that some addresses on my list
are well-known free mail providers.


-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

From mark at msapiro.net  Thu Jan 19 16:30:29 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 19 Jan 2017 13:30:29 -0800
Subject: [Mailman-Users] Mailman Security
In-Reply-To: <CAAdA2WNdVqoNZqz3Apjggvq2u537gC=_oXVKsgGyED_=RW+MLg@mail.gmail.com>
References: <CAAdA2WM4aKvvhxqSBSQ54hhcJJvwKCdRwkVHubiDfYNqOnU5FA@mail.gmail.com>
 <498b01d2726c$7d615190$7823f4b0$@emwd.com>
 <CAAdA2WOYvQU3tUv5dEnLmcmzyWb-9sdxZ+pDHYUbQvcvyAzQHQ@mail.gmail.com>
 <27af0857-566c-d137-b85a-01bbbb5b83e7@msapiro.net>
 <CAAdA2WNdVqoNZqz3Apjggvq2u537gC=_oXVKsgGyED_=RW+MLg@mail.gmail.com>
Message-ID: <c3ba773d-69bd-1993-57ea-12154d1b5898@msapiro.net>

On 01/19/2017 11:35 AM, Odhiambo Washington wrote:
> On 19 January 2017 at 21:22, Mark Sapiro <mark at msapiro.net> wrote:
>>
>> Look at some of the hits from searching at
>> <http://www.mail-archive.com/mailman-users%40python.org/> for
>> global_ban_list.
>>
> 
> 
> Seen that. Usable, but not everything, given that some addresses on my list
> are well-known free mail providers.


You don't want to block entire domains. You want to use regexps that are
tailored to the attacks you are seeing. This means you can't be
proactive in blocking attacks in advance, but if you run some kind of
Mailman log summary such as the mmdsr program distributed with Mailman
in the contrib/ directory, you'll see attacks within a day of when they
start and can react. Some patterns I have used that have been effective
against past attacks are:

  '^[a-z0-9.]{8,}\+[a-z0-9]{4,}@gmail\.com$',
  '^.*k\.*e\.*m\.*o\.*m\.*a\.*r\.*t.*@gmail\.com',
  '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com',
  '^.*k\.*e\.*z\.*u\.*k\.*a\.*y\.*a.*@gmail\.com',

Also, there is a script at <https://www.msapiro.net/scripts/erase>
(mirrored at <https://fog.ccsf.edu/~msapiro/scripts/erase>) that is
described as:

Remove an address or all addresses matching a regexp from the
installation. I.e. for every list, if the address is a member, it is
removed. If there are any held posts or (un)subscription requests from
the address, they are removed too. Optionally, any subscription requests
from the address waiting user confirmation are also removed.

that can be used to remove the successful ones.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From patrick-mailinglists at whonix.org  Fri Jan 20 09:52:00 2017
From: patrick-mailinglists at whonix.org (Patrick Schleizer)
Date: Fri, 20 Jan 2017 14:52:00 +0000
Subject: [Mailman-Users] How to enable these hashed mailing list archive
 links? [mailman-rss issue]
In-Reply-To: <1dc12803-4ffc-bdac-c284-660f2db5f155@riseup.net>
References: <44fb7ed9-4957-403e-c8b6-ec24c8754cbf@riseup.net>
 <6ad6a9ba-5d5a-3ae1-3269-fefab4fa2460@msapiro.net>
 <1dc12803-4ffc-bdac-c284-660f2db5f155@riseup.net>
Message-ID: <6c88e6ee-e2bd-55bf-c481-89410e4a5e37@riseup.net>

Patrick Schleizer:
> Mark Sapiro:
>> On 01/02/2017 03:36 PM, Patrick Schleizer wrote:
>>> Using mailman-rss the following rss feed is created.
>>
>>
>> What mailman-rss patch? From where?
> 
> Not a patch. Standalone script from here:
> 
> https://github.com/pteichman/mailman-rss

That's actually I've been using an having issues with.

https://github.com/pteichman/mailman-rss/issues/4

Cheers,
Patrick


From minxmertzmomo at gmail.com  Mon Jan 23 14:38:45 2017
From: minxmertzmomo at gmail.com (Matt Morgan)
Date: Mon, 23 Jan 2017 14:38:45 -0500
Subject: [Mailman-Users] a way for mods to review rejection messages?
Message-ID: <CABTRqU4QkDkCpSjqfBKxDTnty1_QzJP5+Q=vv7wEWmq4akewZQ@mail.gmail.com>

Is there a way for non-shell users to review rejection messages they've
sent to posters?

I have a request from a mod. For whatever reasons (spam filters,
inattentiveness) some posters don't see his rejection messages, and then
ask much later what happened to their posts. By that time, he has forgotten
what was wrong.

I can see the "Refused posting:" message text in logs/vette, but that takes
logging in, grepping etc., and of course I can see everything from every
list in there. Is there somewhere that the mods for each list can see prior
moderation actions on their lists?

Thanks!

From mark at msapiro.net  Mon Jan 23 16:19:22 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 23 Jan 2017 13:19:22 -0800
Subject: [Mailman-Users] a way for mods to review rejection messages?
In-Reply-To: <CABTRqU4QkDkCpSjqfBKxDTnty1_QzJP5+Q=vv7wEWmq4akewZQ@mail.gmail.com>
References: <CABTRqU4QkDkCpSjqfBKxDTnty1_QzJP5+Q=vv7wEWmq4akewZQ@mail.gmail.com>
Message-ID: <fb9cea9e-7c1a-9841-89a9-eb3aa2243664@msapiro.net>

On 01/23/2017 11:38 AM, Matt Morgan wrote:
> 
> I can see the "Refused posting:" message text in logs/vette, but that takes
> logging in, grepping etc., and of course I can see everything from every
> list in there. Is there somewhere that the mods for each list can see prior
> moderation actions on their lists?


The information is only in the vette log(s), and there is nothing in
Mailman 2.1 currently to display that information.

On my production site, I have a couple of symlinks from a more or less
private place on the web site to the current and one prior generations
of the vette log.

v.txt -> /var/lib/mailman/logs/vette
v1.txt -> /var/lib/mailman/logs/vette.1

This is just for my convenience so if I see another moderator has
disposed of a held post, I can look at the logged disposition without
opening a 'terminal' to the server.

You could do a similar thing, with or without access controls, to make
the logs available to anyone with access to the URL, but, of course,
that exposes the whole log.

If you want something that requires authentication as a list moderator
and only shows the entries for that list, it wouldn't be to difficult to
add a link or form to the admindb page that would display log entries
for a range of dates for the specific list.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From magill at icloud.com  Mon Jan 23 18:37:53 2017
From: magill at icloud.com (William H. Magill)
Date: Mon, 23 Jan 2017 18:37:53 -0500
Subject: [Mailman-Users] Implementing mailman on Apple OS X Sierra via
 macPorts
Message-ID: <6F3D444E-3749-456D-B6F7-9AF95EC33DCC@icloud.com>

Ive been retired for over 10 years now since I was supporting Mailman on DEC Alpha systems Ultrix/OSF-1 with sendmail.

I now find that my retirement community has need of a mailing list system for about 2k addresses - Mailman seems the solution, especially since I have a Mac-mini with more than enough horsepower to do the job.

Needless to say my Unix skills are a bit out of date. However I have kept up with OSX and MacPorts.

So, my question is basically - I have installed Mailman using the MacPorts installation with basically no problems but one - What do I do for transport and therefore how do I configure Mailman to use it? I am not using OSX server. Do I need to install postfix? Or is there a buried implementation I can turn on?


T.T.F.N.
William H. Magill
# iMac11,3 Core i7 [2.93GHz - 8 GB 1067MHz] OS X 10.12
# Macmini6,1 Intel Core i5 [2.5 Ghz - 4GB 1600MHz] OS X 10.12

magill at icloud.com
magill at mac.com
whmagill at gmail.com









From Hagedorn at uni-koeln.de  Tue Jan 24 12:57:01 2017
From: Hagedorn at uni-koeln.de (Sebastian Hagedorn)
Date: Tue, 24 Jan 2017 18:57:01 +0100
Subject: [Mailman-Users] Implementing mailman on Apple OS X Sierra via
 macPorts
In-Reply-To: <6F3D444E-3749-456D-B6F7-9AF95EC33DCC@icloud.com>
References: <6F3D444E-3749-456D-B6F7-9AF95EC33DCC@icloud.com>
Message-ID: <796AAFF7F17552D5E4A74461@tyrion.rrz.uni-koeln.de>

This should help:

<https://gist.github.com/ryanjbonnell/836715fd3e6be8cc81e786ee498e34a4>

--On 23. Januar 2017 um 18:37:53 -0500 "William H. Magill" 
<magill at icloud.com> wrote:

> So, my question is basically - I have installed Mailman using the
> MacPorts installation with basically no problems but one - What do I do
> for transport and therefore how do I configure Mailman to use it? I am
> not using OSX server. Do I need to install postfix? Or is there a buried
> implementation I can turn on?



Mit freundlichen Gr??en

Sebastian Hagedorn
-- 
    .:.Sebastian Hagedorn - Weyertal 121 (Geb?ude 133), Zimmer 2.02.:.
                 .:.Regionales Rechenzentrum (RRZK).:.
   .:.Universit?t zu K?ln / Cologne University - ? +49-221-470-89578.:.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 191 bytes
Desc: not available
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20170124/f24db323/attachment.sig>

From rstasel at uoregon.edu  Tue Jan 24 16:32:54 2017
From: rstasel at uoregon.edu (Ryan C Stasel)
Date: Tue, 24 Jan 2017 21:32:54 +0000
Subject: [Mailman-Users] Change date sent to date held message was released?
Message-ID: <E725D113-6AC9-41F9-B851-85DC9AE497BF@uoregon.edu>

Hi All, 

Is it possible to change the date sent on an email sent to a moderated list to be the date that the message was ?released? from hold? 

Thanks! 

-Ryan Stasel

From mark at msapiro.net  Wed Jan 25 11:19:56 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 25 Jan 2017 08:19:56 -0800
Subject: [Mailman-Users] Change date sent to date held message was
 released?
In-Reply-To: <E725D113-6AC9-41F9-B851-85DC9AE497BF@uoregon.edu>
References: <E725D113-6AC9-41F9-B851-85DC9AE497BF@uoregon.edu>
Message-ID: <1a3c03bb-35e7-81ca-0991-a07ffaf60274@msapiro.net>

On 01/24/2017 01:32 PM, Ryan C Stasel wrote:
> 
> Is it possible to change the date sent on an email sent to a moderated list to be the date that the message was ?released? from hold? 


Not without modifying the code, but Mailman does add an
X-Mailman-Approved-At: header to the message with the date and time of
"release".

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From adam at agp-llc.com  Wed Jan 25 11:11:59 2017
From: adam at agp-llc.com (Adam Goldberg)
Date: Wed, 25 Jan 2017 16:11:59 +0000
Subject: [Mailman-Users] Create mailman archive from the gz files downloaded
 from the archive web page?
Message-ID: <01000159d665e680-55847089-4734-4005-a766-1b0432a42476-000000@email.amazonses.com>

Is there an easy (well, automated) way to import the .txt.gz files that are downloadable from a list's archive?  I've done a bit of searching, and it seems that all assume that the filesystem is available (to just copy archives over).

I suspect the answer will be something in terms of bin/arch, but ...

Thanks.


Adam Goldberg
AGP, LLC
+1-202-507-9900


From mark at msapiro.net  Wed Jan 25 19:23:44 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 25 Jan 2017 16:23:44 -0800
Subject: [Mailman-Users] Create mailman archive from the gz files
 downloaded from the archive web page?
In-Reply-To: <01000159d665e680-55847089-4734-4005-a766-1b0432a42476-000000@email.amazonses.com>
References: <01000159d665e680-55847089-4734-4005-a766-1b0432a42476-000000@email.amazonses.com>
Message-ID: <1db62b4b-7eeb-bb9c-7131-7e21a0ce43d1@msapiro.net>

On 01/25/2017 08:11 AM, Adam Goldberg wrote:
> Is there an easy (well, automated) way to import the .txt.gz files that are downloadable from a list's archive?  I've done a bit of searching, and it seems that all assume that the filesystem is available (to just copy archives over).


I am not sure what you are ultimately wanting to do, but you don't want
the periodic .txt or .txt.gz files. The file you want is the cumulative
archives/private/listname.mbox/listname.mbox file which contains
unscrubbed (at least if the list's scrub_nondigest is No) messages with
complete headers, not scrubbed messages with only selected headers.

Any list member can download this via the web.

If the site has set

PUBLIC_MBOX = Yes

There will be a link to "download the full raw archive" on the lists
archive contents page.

If not you can still get it via a private archive url of the form
http://example.com/mailman/private/listname.mbox/listname.mbox where
listname is the actual list name, and yes, it appears twice. This does
require authentication as a list member or admin/moderator, even if the
archives are public, and may require using something like curl or wget
if the archive is large to avoid browser time outs.

Once you have the mbox, you use bin/arch to import it into another
Mailman instance. There is no "web" way to do that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From adam at agp-llc.com  Wed Jan 25 19:39:21 2017
From: adam at agp-llc.com (Adam Goldberg)
Date: Thu, 26 Jan 2017 00:39:21 +0000
Subject: [Mailman-Users] Create mailman archive from the gz files
 downloaded from the archive web page?
In-Reply-To: <1db62b4b-7eeb-bb9c-7131-7e21a0ce43d1@msapiro.net>
References: <01000159d665e680-55847089-4734-4005-a766-1b0432a42476-000000@email.amazonses.com>
 <1db62b4b-7eeb-bb9c-7131-7e21a0ce43d1@msapiro.net>
Message-ID: <01000159d8366783-03bf7512-9b0b-4e6f-b89c-e349fadaefda-000000@email.amazonses.com>

Yea, nope, that doesn't seem to work ("Private archive not found").  It might be disabled or something.

Ultimately, I want to make the archives available on a new server via the normal methods.


Adam Goldberg
AGP, LLC
+1-202-507-9900


-----Original Message-----
From: Mailman-Users [mailto:mailman-users-bounces+adam=agp-llc.com at python.org] On Behalf Of Mark Sapiro
Sent: Wednesday, January 25, 2017 7:24 PM
To: mailman-users at python.org
Subject: Re: [Mailman-Users] Create mailman archive from the gz files downloaded from the archive web page?

On 01/25/2017 08:11 AM, Adam Goldberg wrote:
> Is there an easy (well, automated) way to import the .txt.gz files that are downloadable from a list's archive?  I've done a bit of searching, and it seems that all assume that the filesystem is available (to just copy archives over).


I am not sure what you are ultimately wanting to do, but you don't want the periodic .txt or .txt.gz files. The file you want is the cumulative archives/private/listname.mbox/listname.mbox file which contains unscrubbed (at least if the list's scrub_nondigest is No) messages with complete headers, not scrubbed messages with only selected headers.

Any list member can download this via the web.

If the site has set

PUBLIC_MBOX = Yes

There will be a link to "download the full raw archive" on the lists archive contents page.

If not you can still get it via a private archive url of the form http://example.com/mailman/private/listname.mbox/listname.mbox where listname is the actual list name, and yes, it appears twice. This does require authentication as a list member or admin/moderator, even if the archives are public, and may require using something like curl or wget if the archive is large to avoid browser time outs.

Once you have the mbox, you use bin/arch to import it into another Mailman instance. There is no "web" way to do that.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/adam%40agp-llc.com

From mark at msapiro.net  Wed Jan 25 20:23:22 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 25 Jan 2017 17:23:22 -0800
Subject: [Mailman-Users] Create mailman archive from the gz files
 downloaded from the archive web page?
In-Reply-To: <01000159d8366783-03bf7512-9b0b-4e6f-b89c-e349fadaefda-000000@email.amazonses.com>
References: <01000159d665e680-55847089-4734-4005-a766-1b0432a42476-000000@email.amazonses.com>
 <1db62b4b-7eeb-bb9c-7131-7e21a0ce43d1@msapiro.net>
 <01000159d8366783-03bf7512-9b0b-4e6f-b89c-e349fadaefda-000000@email.amazonses.com>
Message-ID: <b2f6f7b1-78f7-a804-fa10-f8409bf7bfcf@msapiro.net>

On 01/25/2017 04:39 PM, Adam Goldberg wrote:
> Yea, nope, that doesn't seem to work ("Private archive not found").  It might be disabled or something.


What is the URL you normally use to access the lists archive? If it is a
private url, just change the listname at the end to
listname.mbox/listname.mbox. Note that if this is cPanel or something
similar, you have to use the fully qualified name of the form
listname_domain.

If the archive is public, the URL will be like the one for the listinfo
page with 'listinfo' replaced by 'private' and the listname replaced by
listname.mbox/listname.mbox

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From turnbull.stephen.fw at u.tsukuba.ac.jp  Wed Jan 25 23:19:50 2017
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 26 Jan 2017 13:19:50 +0900
Subject: [Mailman-Users] Change date sent to date held message was
 released?
In-Reply-To: <1a3c03bb-35e7-81ca-0991-a07ffaf60274@msapiro.net>
References: <E725D113-6AC9-41F9-B851-85DC9AE497BF@uoregon.edu>
 <1a3c03bb-35e7-81ca-0991-a07ffaf60274@msapiro.net>
Message-ID: <22665.30950.259275.415173@turnbull.sk.tsukuba.ac.jp>

Mark Sapiro writes:
 > On 01/24/2017 01:32 PM, Ryan C Stasel wrote:

 > > Is it possible to change the date sent on an email sent to a
 > > moderated list to be the date that the message was ?released? 
 > > from hold?
 > 
 > 
 > Not without modifying the code, but Mailman does add an
 > X-Mailman-Approved-At: header to the message with the date and time of
 > "release".

I strongly recommend against changing "Date".  To non-technical
readers, it will make posters look wilfully ignorant (or at least
careless).  That is, their posts will sometimes appear to ignore
information they would have known if they were reading the list, when
in fact they posted before that information was available.

Also, from Mailman's POV, doing this would make Mailman non-conformant
to the RFCs, as Date is an originator field.  Besides Mailman's own
fields, there is plenty of evidence of when a message was delivered
(Received and often other trace fields will show when it arrived at
the Mailman host and when it was received by the next hop, which is
normally a pretty good approximation), and all but the absolutely most
broken mail clients can display the original, including the full
header.  So there's no real need to do it for forensics.

Steve

From rstasel at uoregon.edu  Fri Jan 27 14:51:59 2017
From: rstasel at uoregon.edu (Ryan C Stasel)
Date: Fri, 27 Jan 2017 19:51:59 +0000
Subject: [Mailman-Users] Change date sent to date held message was
 released?
In-Reply-To: <22665.30950.259275.415173@turnbull.sk.tsukuba.ac.jp>
References: <E725D113-6AC9-41F9-B851-85DC9AE497BF@uoregon.edu>
 <1a3c03bb-35e7-81ca-0991-a07ffaf60274@msapiro.net>
 <22665.30950.259275.415173@turnbull.sk.tsukuba.ac.jp>
Message-ID: <B0D45F27-5584-4054-8A47-4A36BEFBFEA0@uoregon.edu>


> On Jan 25, 2017, at 20:19 , Stephen J. Turnbull <turnbull.stephen.fw at u.tsukuba.ac.jp> wrote:
> 
> Mark Sapiro writes:
>> On 01/24/2017 01:32 PM, Ryan C Stasel wrote:
> 
>>> Is it possible to change the date sent on an email sent to a
>>> moderated list to be the date that the message was ?released? 
>>> from hold?
>> 
>> 
>> Not without modifying the code, but Mailman does add an
>> X-Mailman-Approved-At: header to the message with the date and time of
>> "release".
> 
> I strongly recommend against changing "Date".  To non-technical
> readers, it will make posters look wilfully ignorant (or at least
> careless).  That is, their posts will sometimes appear to ignore
> information they would have known if they were reading the list, when
> in fact they posted before that information was available.
> 
> Also, from Mailman's POV, doing this would make Mailman non-conformant
> to the RFCs, as Date is an originator field.  Besides Mailman's own
> fields, there is plenty of evidence of when a message was delivered
> (Received and often other trace fields will show when it arrived at
> the Mailman host and when it was received by the next hop, which is
> normally a pretty good approximation), and all but the absolutely most
> broken mail clients can display the original, including the full
> header.  So there's no real need to do it for forensics.

Thanks all! That?s kinda what I figured. I asked mainly because we have some approval only lists, and if the person waits a day or two to approve, the message will end up ?down? in someones inbox. Obviously, this would be less of an issue if they didn?t have hundreds/thousands of unread messages? but that?s a people issue, not Mailman?s fault. =)

Thanks! 

-Ryan Stasel


From dandrews at visi.com  Sat Jan 28 13:26:02 2017
From: dandrews at visi.com (David Andrews)
Date: Sat, 28 Jan 2017 12:26:02 -0600
Subject: [Mailman-Users] Non-Delivery of Mail
Message-ID: <auto-000075928119@mailfront1.g2host.com>

I run a cPanel system that, among other things, supports about 300 
Mailman lists. We have about 20,000 users. I am getting lots of 
bounced messages from roadrunner.com and various XXX.rr.com domains. 
It looks like they may be blocking my domain nfbnet.org although I am 
not sure how you tell.

When I look at a mail delivery report via cPanel, I see messages that 
say 421 too many concurrent connections, connection refused.  What 
can I change to fix this problem!

Thanks!

  


From mark at msapiro.net  Sat Jan 28 14:00:33 2017
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 28 Jan 2017 11:00:33 -0800
Subject: [Mailman-Users] Non-Delivery of Mail
In-Reply-To: <auto-000075928119@mailfront1.g2host.com>
References: <auto-000075928119@mailfront1.g2host.com>
Message-ID: <d9ea4ed1-44e4-da15-3f0b-3b376ec6294d@msapiro.net>

On 01/28/2017 10:26 AM, David Andrews wrote:
> 
> When I look at a mail delivery report via cPanel, I see messages that
> say 421 too many concurrent connections, connection refused.  What can I
> change to fix this problem!


That's a retryable error and may or may not eventually be successfully
retried depending on what's actually causing it.

The recipient MX is saying your IP already has the maximum number of
concurrent connections open and it won't accept this additional one.

The connections in question are presumably those from Exim on the cPanel
host to the recipient MX since Mailman will never open more concurrent
delivery SMTP sessions to Exim than there are OutgoingRunner slices
(default 1).

You might be able to tell from the Exim logs how many other deliveries
to that MX have been started and not completed when the error occurs.

I'm not an Exim expert by any means, but it looks like Exim's
queue_run_max setting might affect this. The default is 5 which should
be small enough, but if you have it set to a large number or to 0 ->
unlimited, this could be the issue.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bsfinkel at att.net  Sun Jan 29 16:52:49 2017
From: bsfinkel at att.net (Barry S. Finkel)
Date: Sun, 29 Jan 2017 15:52:49 -0600
Subject: [Mailman-Users] Non-Delivery of Mail
In-Reply-To: <auto-000075928119@mailfront1.g2host.com>
References: <auto-000075928119@mailfront1.g2host.com>
Message-ID: <6224e8ba-1ae3-6c01-2eb2-f89cbbf3c3e8@att.net>

On 1/28/2017 12:26 PM, David Andrews wrote:
> I run a cPanel system that, among other things, supports about 300
> Mailman lists. We have about 20,000 users. I am getting lots of bounced
> messages from roadrunner.com and various XXX.rr.com domains. It looks
> like they may be blocking my domain nfbnet.org although I am not sure
> how you tell.
>
> When I look at a mail delivery report via cPanel, I see messages that
> say 421 too many concurrent connections, connection refused.  What can I
> change to fix this problem!
>
> Thanks!

I have had the same problem sending to some XX.rr.com addresses,
buy not from a Mailman system.  I am sending from a system that
hosts many mailing lists; that system has 661 outbound IP addresses.
Obviously, I have no control when other organizations send e-mail,
and I have no control over what outbound address is used for the
SMTP connection.  And I do not know what the connection limits
are set by RoadRunner.  As Mark replied, I believe that this should
be a retryable error, but RR does not think so.  RR expects the sender
to re-send the mail at a later time.  I have had no problems sending
later (I have to re-compose the mail message); but again I do not know
if the re-send happens to be sent over a "good" (in RR terms) IP address
to the RR inbound mail servers.

--Barry Finkel


From jason at fayre.me  Tue Jan 31 11:17:23 2017
From: jason at fayre.me (Jason Fayre)
Date: Tue, 31 Jan 2017 11:17:23 -0500
Subject: [Mailman-Users] running Mailman for multiple domains inside docker
 containers
Message-ID: <001401d27bdd$8186ce10$84946a30$@fayre.me>

Hi,

I'm looking to move my server to a new provider. In the process, I'm
considering moving my mailman installation into docker containers. I have a
few questions for anyone who is doing this:

1. Which docker container did you use? I've seen a few different mailman
containers.

2. Right now, my mailing lists are all off of one domain. When I move, I'm
considering having one or two lists on different domains. Is this possible
with Docker? If so, can anyone give me any pointers?

Thanks much!