From enseikou at gmail.com  Tue May  1 04:27:55 2018
From: enseikou at gmail.com (=?UTF-8?Q?Rub=c3=a9n_Fern=c3=a1ndez_Asensio?=)
Date: Tue, 1 May 2018 10:27:55 +0200
Subject: [Mailman-Users] Wrong language sent to subscribers
In-Reply-To: <a90244f1-0933-0b0f-721e-66b11b6f08c4@msapiro.net>
References: <8477589.BCy93dUXjQ@fractal>
 <a90244f1-0933-0b0f-721e-66b11b6f08c4@msapiro.net>
Message-ID: <a2fee8a9-b1f7-fff4-b509-ce4ba7522ce6@gmail.com>


Thanks for the hint, it seems I made some mistake during the original 
installation. There was only the 'en' directory at /etc/mailman/.

"debconf-show mailman" confirmed the problem:
* mailman/default_server_language: en
* mailman/used_languages:
* mailman/site_languages: en
   mailman/queue_files_present: abort installation
* mailman/create_site_list:

So I ran "dpkg-reconfigure mailman" and chose the needed languages.
Now everything seems to work fine.

Rubeno

El 30/04/18 a les 17:23, Mark Sapiro ha escrit:
> On 04/29/2018 02:13 PM, Rubeno Fern?ndez wrote:
>> Hello all,
>> I'm using Mailman 2.1.20 on Ubuntu 16, which I installed from their
>> repositories; Python is 2.7. I've set up DEFAULT_SERVER_LANGUAGE  to 'ca' in
>> my /etc/mailman/mm_cfg.py file. All the language files can be found at /usr/
>> share/mailman/ca.
> 
> 
> I'm unclear on how this is configured in your installation. In a
> 'normal' Debian/Ubuntu package, everything is in /var/lib/mailman/. In
> particular, the various templates such as subscribeack.txt are in
> /var/lib/mailman/templates/LC/, possibly overridden by list specific,
> domain specific, or site specific templates. See
> <https://wiki.list.org/x/4030605> for info on the location of these.
> 
> 
>> However, subscription confirmation notices and acknowledgements are sent only
>> in English. Strangely enough, the subjects are in Catalan, though.
>> Is this a bug? How can I fix it?
> 
> 
> You need to verify that the templates in /var/lib/mailman/templates/ca/
> exist and are appropriate and if there are any overrides in
> /var/lib/mailman/lists/LISTNAME/ca/,
> /var/lib/mailman/templates/DOMAIN/ca/ or
> /var/lib/mailman/templates/site/ca/ that they are appropriate.
> 

From beakerboy99 at yahoo.com  Sat May  5 14:08:27 2018
From: beakerboy99 at yahoo.com (Kevin Nowaczyk)
Date: Sat, 5 May 2018 18:08:27 +0000 (UTC)
Subject: [Mailman-Users] mailman is receiving, but not forwarding emails.
References: <880306078.209257.1525543707381.ref@mail.yahoo.com>
Message-ID: <880306078.209257.1525543707381@mail.yahoo.com>

I performed a massive debian update last week, which included a postfix update. Mailman may have updated too (it is currently 2.1.26). All other mail services on my server appear to still work (Drupal password resets, Roundcube webmail send/receive, virtual mailbox forwarding), but mailman is no longer sending out messages. The mailman archives are showing any messages that are sent to the list, but users are not receiving a copy. The mailman log files are suspiciously empty. The vet file does show where I tried to message a list I am not a member to, but nothing about the numerous times posting to a list that I am a member to, which is in the archive.
here is a typical log message:
May? 5 11:55:12 bunsen postfix/smtpd[3101]: 3876038119: client=mail-qt0-f177.google.com[209.85.216.177]

May? 5 11:55:12 bunsen postfix/cleanup[28458]: 3876038119: message-id=<CA+tzkyyHK7apJ6PQ-a-mESt4kWEJ7KcYgd-NyOgG_vLvsJwHfQ at mail.gmail.com>

May? 5 11:55:12 bunsen opendkim[557]: 3876038119: mail-qt0-f177.google.com [209.85.216.177] not internal

May? 5 11:55:12 bunsen opendkim[557]: 3876038119: not authenticated

May? 5 11:55:12 bunsen opendkim[557]: 3876038119: DKIM verification successful

May? 5 11:55:12 bunsen opendkim[557]: 3876038119: s=google d=google-hosted-domain SSL

May? 5 11:55:12 bunsen postfix/qmgr[4308]: 3876038119: from=<my_username at google-hosted-domain.com>, size=2305, nrcpt=1 (queue active)

May? 5 11:55:12 bunsen postfix/local[27003]: 3876038119: to=<listname at my_primary_domain.com>, orig_to=<listname at lists.my_second_domain.com>, relay=local, delay=0.3, delays=0.16/0/0/0.14, dsn=2.0.0, status=sent (delivered to command: /var/lib/mailman/mail/mailman post listname)

May? 5 11:55:12 bunsen postfix/qmgr[4308]: 3876038119: removed

Thanks for any help,Kevin Nowaczyk

From mark at msapiro.net  Sat May  5 14:22:09 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 5 May 2018 11:22:09 -0700
Subject: [Mailman-Users] mailman is receiving, but not forwarding emails.
In-Reply-To: <880306078.209257.1525543707381@mail.yahoo.com>
References: <880306078.209257.1525543707381.ref@mail.yahoo.com>
 <880306078.209257.1525543707381@mail.yahoo.com>
Message-ID: <67e6ef9b-cbcf-a96a-b13c-03a1c1b45b1c@msapiro.net>

On 5/5/18 11:08 AM, Kevin Nowaczyk via Mailman-Users wrote:
> I performed a massive debian update last week, which included a postfix update. Mailman may have updated too (it is currently 2.1.26). All other mail services on my server appear to still work (Drupal password resets, Roundcube webmail send/receive, virtual mailbox forwarding), but mailman is no longer sending out messages. The mailman archives are showing any messages that are sent to the list, but users are not receiving a copy. The mailman log files are suspiciously empty. The vet file does show where I tried to message a list I am not a member to, but nothing about the numerous times posting to a list that I am a member to, which is in the archive.


The message is archived so IncomingRunner and ArchRunner are running.
Messages aren't being sent and nothing is in Mailman's post or smtp logs
so OutgoingRunner is not processing the messages. Nothing in Mailman's
error log indicates OutgoingRunner just isn't running and the messages
are probably all waiting in Mailman's out queue.

Look in Mailman's qrunner log for messages about OutgoingRunner.
Stopping and starting (not restarting) Mailman may help.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kgordon2006 at frontier.com  Sat May  5 15:44:59 2018
From: kgordon2006 at frontier.com (Kenneth G. Gordon)
Date: Sat, 05 May 2018 12:44:59 -0700
Subject: [Mailman-Users] Still having trouble with an email filter vis-a-vis
 Chinese crap.
Message-ID: <5AEE09BB.11968.1FAAAFB4@kgordon2006.frontier.com>

In my mailman Privacy options/Spam filters/Regexps my expression:

^Subject: =\?utf-8\?B\?

does NOT appear to work to discard all posts with that expression in the subject line.

That traffic always contains this:

Subject =?utf-8?B?

before all the following garbage.

Sometimes that expression beginning with = is contained multiple times in the traffic I want 
to discard.

As you can see above, I have escaped all the ? characters.

Is there something further I need to do to make this work as it should?

Obviously, I am still doing something wrong, but I can't see it.

I thought the escape character was the \, but maybe it is a / . ?

What?

I am, presently, not all that happy, although I have cut down the Chinese garbage by about 
90% since I implemented other filters. There remains the 10% which is still very annoying.

Ken Gordon

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


From mark at msapiro.net  Sat May  5 16:20:26 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 5 May 2018 13:20:26 -0700
Subject: [Mailman-Users] Still having trouble with an email filter
 vis-a-vis Chinese crap.
In-Reply-To: <5AEE09BB.11968.1FAAAFB4@kgordon2006.frontier.com>
References: <5AEE09BB.11968.1FAAAFB4@kgordon2006.frontier.com>
Message-ID: <27e008bb-c584-3b78-a204-c155d5bd93df@msapiro.net>

On 05/05/2018 12:44 PM, Kenneth G. Gordon wrote:
> In my mailman Privacy options/Spam filters/Regexps my expression:
> 
> ^Subject: =\?utf-8\?B\?
> 
> does NOT appear to work to discard all posts with that expression in the subject line.
> 
> That traffic always contains this:
> 
> Subject =?utf-8?B?


Do you really mean it doesn't contain the ':'?

You could try

^Subject:?\s*=\?utf-8\?B\?

which would match Subject followed by a colon or not and any amount of
white space.


> before all the following garbage.
> 
> Sometimes that expression beginning with = is contained multiple times in the traffic I want 
> to discard.


That's because each '=?utf-8?B?...?=' is and RFC 2047 encoded 'word' and
there can be  any number of them in the Subject: header.


> As you can see above, I have escaped all the ? characters.
> 
> Is there something further I need to do to make this work as it should?


What you have will match a line beginning with 'Subject: =?utf-b?B?'
case insensitively, but only if there is a colon followed by exactly one
space.


> Obviously, I am still doing something wrong, but I can't see it.
> 
> I thought the escape character was the \, but maybe it is a / . ?


It is '\'.


> I am, presently, not all that happy, although I have cut down the Chinese garbage by about 
> 90% since I implemented other filters. There remains the 10% which is still very annoying.


As has been mentioned before the above pattern will match any Subject:
header which begins with a base-64 RFC 2047 encoded word with a utf-8
encoding. This includes some non-english language subjects (more than
just Chinese) and also some English language subjects that might begin
with an emoji or other non-ascii symbol and doesn't include Chinese
language subjects that might be encoded in gb-2312 or some other
non-utf-8 encoding.

This may work for you, but in general might discard a wanted post.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From kgordon2006 at frontier.com  Sat May  5 17:05:09 2018
From: kgordon2006 at frontier.com (Kenneth G. Gordon)
Date: Sat, 05 May 2018 14:05:09 -0700
Subject: [Mailman-Users] Still having trouble with an email filter
 vis-a-vis Chinese crap.
In-Reply-To: <27e008bb-c584-3b78-a204-c155d5bd93df@msapiro.net>
References: <5AEE09BB.11968.1FAAAFB4@kgordon2006.frontier.com>,
 <27e008bb-c584-3b78-a204-c155d5bd93df@msapiro.net>
Message-ID: <5AEE1C85.7394.1FF4168A@kgordon2006.frontier.com>

On 5 May 2018 at 13:20, Mark Sapiro wrote:

> > Subject =?utf-8?B?
> 
> Do you really mean it doesn't contain the ':'?
 
I am reasonably sure that SOME do not, possibly those few which are getting through, but 
since you brought that up (although I DID suspect as much), I have not been able to check 
on the accuracy of my memory since so far this morning, I have had no more of them show 
up.

> You could try
> 
> ^Subject:?\s*=\?utf-8\?B\?
> 
> which would match Subject followed by a colon or not and any amount of
> white space.

OK. That sounds perfect.

> What you have will match a line beginning with 'Subject: =?utf-b?B?'
> case insensitively, but only if there is a colon followed by exactly one
> space.

Ah. Makes sense.

> > I thought the escape character was the \, but maybe it is a / . ?
> 
> It is '\'.

As I thought....from my years as a Unix SYSAD...but that was a long time ago. I'm 76 now.

> > I am, presently, not all that happy, although I have cut down the Chinese garbage by about 
> > 90% since I implemented other filters. There remains the 10% which is still very annoying.
> 
> 
> As has been mentioned before the above pattern will match any Subject:
> header which begins with a base-64 RFC 2047 encoded word with a utf-8
> encoding. This includes some non-english language subjects (more than
> just Chinese) and also some English language subjects that might begin
> with an emoji or other non-ascii symbol and doesn't include Chinese
> language subjects that might be encoded in gb-2312 or some other
> non-utf-8 encoding.
> 
> This may work for you, but in general might discard a wanted post.

For the two forums I am managing, that is NOT a problem.

Thanks. You are (obviously) a real genius at this stuff with loads of experience.

Much appreciated.

Ken Gordon

---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus


From mark at msapiro.net  Sat May  5 18:14:33 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 5 May 2018 15:14:33 -0700
Subject: [Mailman-Users] Still having trouble with an email filter
 vis-a-vis Chinese crap.
In-Reply-To: <5AEE1C85.7394.1FF4168A@kgordon2006.frontier.com>
References: <5AEE09BB.11968.1FAAAFB4@kgordon2006.frontier.com>
 <27e008bb-c584-3b78-a204-c155d5bd93df@msapiro.net>
 <5AEE1C85.7394.1FF4168A@kgordon2006.frontier.com>
Message-ID: <cf26766d-f9a8-b8c9-fbec-fee856bd0662@msapiro.net>

On 05/05/2018 02:05 PM, Kenneth G. Gordon wrote:
> On 5 May 2018 at 13:20, Mark Sapiro wrote:
> 
>>> Subject =?utf-8?B?
>>
>> Do you really mean it doesn't contain the ':'?
>  
> I am reasonably sure that SOME do not, possibly those few which are getting through, but 
> since you brought that up (although I DID suspect as much), I have not been able to check 
> on the accuracy of my memory since so far this morning, I have had no more of them show 
> up.
> 
>> You could try
>>
>> ^Subject:?\s*=\?utf-8\?B\?
>>
>> which would match Subject followed by a colon or not and any amount of
>> white space.


However, if the colon is missing, the

Subject =?utf-8?B?...

line is not a header and it can't be matched by header_filter_rules.

I.e., a message like

   To: someone
   From: someone
   Message-ID: <aaa at b.c>
   Subject hi there
   Date: some date

   body

will be parsed as headers

   To: someone
   From: someone
   Message-ID: <aaa at b.c>

and body

   Subject hi there
   Date: some date

   body

so there's no way you can match that 'Subject' with header_filter_rules
because it isn't a header. If that's really what you're looking at, you
would have to implement a custom handler to match that. See
<https://wiki.list.org/x/4030615>.

On the other hand, if some MUA actually displays the decoded line as the
message subject, it almost certainly does have the colon.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jaybird at bluegrasspals.com  Sun May  6 22:16:16 2018
From: jaybird at bluegrasspals.com (Jayson Smith)
Date: Sun, 6 May 2018 22:16:16 -0400
Subject: [Mailman-Users] Installing Mailman on a Debian system with Apache
 2.4.2, CGI error!
Message-ID: <3e937abe-40ae-fab0-dd72-6e358b49c379@bluegrasspals.com>

Hi,


This is a weird one. I think of myself as knowing my way around Mailman 
pretty well for a user/admin/installer/upgrader. I'm upgrading to a 
Debian 9 system from CentOS 6.5. Debian's Apache configs took a bit of 
getting used to, but I actually like them better. It uses Apache 2.4.2.

I wanted to install Mailman from source, since the latest version is 
2.1.26, Debian has 2.1.23, and IIRC that's too old to have some screen 
reader optimizations I want. So I built, installed, all working well. I 
copied over the Mailman config from my CentOS system to use in Apache, 
making some changes so it'd work under 2.4.2. Here it is:


--------------------


#
#? httpd configuration settings for use with mailman.
#

ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
<Directory /usr/lib/mailman/cgi-bin/>
 ??? AllowOverride None
 ??? Options ExecCGI
 ??? Require all granted
</Directory>


Alias /pipermail/ /var/lib/mailman/archives/public/
<Directory /var/lib/mailman/archives/public>
 ??? Options Indexes MultiViews FollowSymLinks
 ??? AllowOverride None
 ??? Require all granted
 ??? AddDefaultCharset Off
</Directory>

# Uncomment the following line, to redirect queries to /mailman to the
# listinfo page (recommended).

# RedirectMatch ^/mailman[/]*$ /mailman/listinfo

--------------------


The problem is that the CGI isn't working. If I go to 
http://temphostname/mailman/listinfo/mailman for example, Apache says 
/usr/lib/mailman/cgi-bin/listinfo/mailman doesn't exist. If I just go to 
/mailman/listinfo I get an Elf binary thrown at me, rather than the page 
saying there are no advertised lists. If I do the same thing from the 
server using the Lynx web browser, I get the same binary thrown at me, 
with a page title, "Mailman CGI error!" It sounds to me like Apache 
2.4.2 isn't seeing that /usr/lib/mailman/cgi-bin is, in fact, CGI 
scripts, and is trying to treat them like regular files. Has something 
else changed between Apache versions?


Thanks,


Jayson



From mark at msapiro.net  Sun May  6 23:10:23 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 6 May 2018 20:10:23 -0700
Subject: [Mailman-Users] Installing Mailman on a Debian system with
 Apache 2.4.2, CGI error!
In-Reply-To: <3e937abe-40ae-fab0-dd72-6e358b49c379@bluegrasspals.com>
References: <3e937abe-40ae-fab0-dd72-6e358b49c379@bluegrasspals.com>
Message-ID: <e7f186b3-ef51-d551-047f-94821dd6a941@msapiro.net>

On 05/06/2018 07:16 PM, Jayson Smith wrote:
> 
> ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
> <Directory /usr/lib/mailman/cgi-bin/>
> ??? AllowOverride None
> ??? Options ExecCGI
> ??? Require all granted
> </Directory>


This looks correct.


> The problem is that the CGI isn't working. If I go to
> http://temphostname/mailman/listinfo/mailman for example, Apache says
> /usr/lib/mailman/cgi-bin/listinfo/mailman doesn't exist. If I just go to
> /mailman/listinfo I get an Elf binary thrown at me, rather than the page
> saying there are no advertised lists. If I do the same thing from the
> server using the Lynx web browser, I get the same binary thrown at me,
> with a page title, "Mailman CGI error!" It sounds to me like Apache
> 2.4.2 isn't seeing that /usr/lib/mailman/cgi-bin is, in fact, CGI
> scripts, and is trying to treat them like regular files. Has something
> else changed between Apache versions?


Is Suexec enabled? That could explain it. If that isn't it, are the
various compiled wrappers in /usr/lib/mailman/cgi-bin/ all in Mailman's
group (probably 'mailman' if you installed from source, but Debian likes
'list') and permissions like -rwxr-sr-x (o+x is I think the important
one here).

And are there any other Directory blocks in the apache config for /,
/usr, /usr/lib or /usr/lib/mailman?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jaybird at bluegrasspals.com  Sun May  6 23:37:56 2018
From: jaybird at bluegrasspals.com (Jayson Smith)
Date: Sun, 6 May 2018 23:37:56 -0400
Subject: [Mailman-Users] Installing Mailman on a Debian system with
 Apache 2.4.2, CGI error!
In-Reply-To: <e7f186b3-ef51-d551-047f-94821dd6a941@msapiro.net>
References: <3e937abe-40ae-fab0-dd72-6e358b49c379@bluegrasspals.com>
 <e7f186b3-ef51-d551-047f-94821dd6a941@msapiro.net>
Message-ID: <3dab51d8-5d4b-d7d1-8168-582e6878d687@bluegrasspals.com>

Hello,

Okay, now I feel like a total dummy. No, Suexec wasn't enabled as far as 
I can tell. Yes, the CGI scripts are owned by mailman:mailman. Yes, the 
permissions are correct. So what was the problem, you ask.

It seems that by default, Debian's Apache install doesn't enable the CGI 
module. Somehow, it sort of works better if you enable CGI. It works 
better if you plug it in.

Head?desk. I'd spent hours trying to troubleshoot this! Sometimes the 
most obvious things escape the best of us.

Thanks anyway.

Jayson

On 5/6/2018 11:10 PM, Mark Sapiro wrote:
> On 05/06/2018 07:16 PM, Jayson Smith wrote:
>> ScriptAlias /mailman/ /usr/lib/mailman/cgi-bin/
>> <Directory /usr/lib/mailman/cgi-bin/>
>>  ??? AllowOverride None
>>  ??? Options ExecCGI
>>  ??? Require all granted
>> </Directory>
>
> This looks correct.
>
>
>> The problem is that the CGI isn't working. If I go to
>> http://temphostname/mailman/listinfo/mailman for example, Apache says
>> /usr/lib/mailman/cgi-bin/listinfo/mailman doesn't exist. If I just go to
>> /mailman/listinfo I get an Elf binary thrown at me, rather than the page
>> saying there are no advertised lists. If I do the same thing from the
>> server using the Lynx web browser, I get the same binary thrown at me,
>> with a page title, "Mailman CGI error!" It sounds to me like Apache
>> 2.4.2 isn't seeing that /usr/lib/mailman/cgi-bin is, in fact, CGI
>> scripts, and is trying to treat them like regular files. Has something
>> else changed between Apache versions?
>
> Is Suexec enabled? That could explain it. If that isn't it, are the
> various compiled wrappers in /usr/lib/mailman/cgi-bin/ all in Mailman's
> group (probably 'mailman' if you installed from source, but Debian likes
> 'list') and permissions like -rwxr-sr-x (o+x is I think the important
> one here).
>
> And are there any other Directory blocks in the apache config for /,
> /usr, /usr/lib or /usr/lib/mailman?
>


From mark at msapiro.net  Mon May  7 11:03:07 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 7 May 2018 08:03:07 -0700
Subject: [Mailman-Users] Installing Mailman on a Debian system with
 Apache 2.4.2, CGI error!
In-Reply-To: <3dab51d8-5d4b-d7d1-8168-582e6878d687@bluegrasspals.com>
References: <3e937abe-40ae-fab0-dd72-6e358b49c379@bluegrasspals.com>
 <e7f186b3-ef51-d551-047f-94821dd6a941@msapiro.net>
 <3dab51d8-5d4b-d7d1-8168-582e6878d687@bluegrasspals.com>
Message-ID: <027fa63b-e188-01e7-3f1b-08cb84b52914@msapiro.net>

On 05/06/2018 08:37 PM, Jayson Smith wrote:
> 
> It seems that by default, Debian's Apache install doesn't enable the CGI
> module. Somehow, it sort of works better if you enable CGI. It works
> better if you plug it in.
> 
> Head?desk. I'd spent hours trying to troubleshoot this! Sometimes the
> most obvious things escape the best of us.


Don't feel bad. I knew I'd seen this before, and I couldn't remember the
cause, and it never occurred to me either that the obvious explanation
was mod_cgi not enabled.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From dadoonan at mac.com  Mon May  7 11:58:47 2018
From: dadoonan at mac.com (David Doonan)
Date: Mon, 07 May 2018 11:58:47 -0400
Subject: [Mailman-Users] Private archive file not found
Message-ID: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>

I manage a couple of dozen mailman lists, all of which are functioning correctly except for one.

When I go to the list archives, the following error message is displayed:
> Private archive file not found

Tried changing the settings Archive Yes to No to Yes.

Tried changing the settings from Private to Public to Private.

Error message still appears.

Exploring the server via SFTP, this troublesome list only has one folder, with a sub-folder called attachments.

The rest of the lists are set up correctly, with two folders, one with the name of the list and the second with the name of the list and .mbox as a suffix.

The troublesome list is not new; it was created a decade or more ago. Can?t believe that no has complained about the lack of archives.

Is there a solution other than to re-install?

david






From mark at msapiro.net  Tue May  8 11:36:20 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 8 May 2018 08:36:20 -0700
Subject: [Mailman-Users] Private archive file not found
In-Reply-To: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>
References: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>
Message-ID: <f0e260c4-4f63-bc7b-b11c-edce892c09a2@msapiro.net>

On 05/07/2018 08:58 AM, David Doonan wrote:
> 
> Exploring the server via SFTP, this troublesome list only has one folder, with a sub-folder called attachments.
> 
> The rest of the lists are set up correctly, with two folders, one with the name of the list and the second with the name of the list and .mbox as a suffix.
> 
> The troublesome list is not new; it was created a decade or more ago. Can?t believe that no has complained about the lack of archives.
> 
> Is there a solution other than to re-install?

It is possible that something was somehow deleted or lost from the
archive. If you have any older backups, you might look for them.

If not, if you have shell access, rather than just SFTP, what you need
to do is create the archives/private/LISTNAME.mbox directory and an
empty archives/private/LISTNAME.mbox/LISTNAME.mbox file. These should
have the same ownership and permissions as the ones for other lists, in
particular drwxrwsr-x for the directory and -rw-rw-r-- for the file and
mailman's group for both.

Then run Mailman's

bin/arch --wipe LISTNAME

and that will create the (empty) archive.

Alternatively, you can back up the lists/LISTNAME/ directory, containing
the config.pck and other files. Then delete the list or just remove the
lists/LISTNAME/ directory and then create the list and replace the
lists/LISTNAME/ directory with the one you backed up. This should cerate
the list with a "proper" empty archive and then restoring the
lists/LISTNAME/ directory and contents will restore the list config and
membership.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From dadoonan at mac.com  Tue May  8 13:39:59 2018
From: dadoonan at mac.com (David Doonan)
Date: Tue, 08 May 2018 13:39:59 -0400
Subject: [Mailman-Users] Private archive file not found
In-Reply-To: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>
References: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>
Message-ID: <E204576E-76CA-4FF3-ADB3-13D39857141A@mac.com>

ignore all.

ended up deleting and reinstalling

> On May 7, 2018, at 11:58 AM, David Doonan <dadoonan at mac.com> wrote:
> 
> I manage a couple of dozen mailman lists, all of which are functioning correctly except for one.
> 
> When I go to the list archives, the following error message is displayed:
>> Private archive file not found
> 
> Tried changing the settings Archive Yes to No to Yes.
> 
> Tried changing the settings from Private to Public to Private.
> 
> Error message still appears.
> 
> Exploring the server via SFTP, this troublesome list only has one folder, with a sub-folder called attachments.
> 
> The rest of the lists are set up correctly, with two folders, one with the name of the list and the second with the name of the list and .mbox as a suffix.
> 
> The troublesome list is not new; it was created a decade or more ago. Can?t believe that no has complained about the lack of archives.
> 
> Is there a solution other than to re-install?
> 
> david
> 
> 
> 
> 
> 
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/dadoonan%40mac.com


From andrew at hodgson.io  Tue May  8 13:22:12 2018
From: andrew at hodgson.io (Andrew Hodgson)
Date: Tue, 8 May 2018 17:22:12 +0000
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
Message-ID: <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>

Hi,

Has anyone in the EU come across the GDPR guidelines in the context of Mailman?  We are a charity and run Mailman as part of that with some high traffic email lists.  I am getting a lot of conflicting information regarding whether we can even continue to do this in the current climate, most of it coming from half baked documents or different people's opinion, so I wanted to put it out there to see if there is anything that the community may have that we can use or help with in a co-ordinated way.

Thanks.
Andrew.

From dadoonan at gmail.com  Tue May  8 13:47:33 2018
From: dadoonan at gmail.com (david doonan)
Date: Tue, 8 May 2018 13:47:33 -0400
Subject: [Mailman-Users] Private archive file not found
In-Reply-To: <f0e260c4-4f63-bc7b-b11c-edce892c09a2@msapiro.net>
References: <13497449-C1B4-4B40-A2F3-C899C3734C3C@mac.com>
 <f0e260c4-4f63-bc7b-b11c-edce892c09a2@msapiro.net>
Message-ID: <CAM+1Pc_spZr0Ad4pJSSqXQ9JsKAm6EXU6dg=yh2M2=CZvkiHQQ@mail.gmail.com>

Thanks Mark.

I ended up deleting and starting from scratch

On Tue, May 8, 2018 at 11:36 AM, Mark Sapiro <mark at msapiro.net> wrote:

> On 05/07/2018 08:58 AM, David Doonan wrote:
> >
> > Exploring the server via SFTP, this troublesome list only has one
> folder, with a sub-folder called attachments.
> >
> > The rest of the lists are set up correctly, with two folders, one with
> the name of the list and the second with the name of the list and .mbox as
> a suffix.
> >
> > The troublesome list is not new; it was created a decade or more ago.
> Can?t believe that no has complained about the lack of archives.
> >
> > Is there a solution other than to re-install?
>
> It is possible that something was somehow deleted or lost from the
> archive. If you have any older backups, you might look for them.
>
> If not, if you have shell access, rather than just SFTP, what you need
> to do is create the archives/private/LISTNAME.mbox directory and an
> empty archives/private/LISTNAME.mbox/LISTNAME.mbox file. These should
> have the same ownership and permissions as the ones for other lists, in
> particular drwxrwsr-x for the directory and -rw-rw-r-- for the file and
> mailman's group for both.
>
> Then run Mailman's
>
> bin/arch --wipe LISTNAME
>
> and that will create the (empty) archive.
>
> Alternatively, you can back up the lists/LISTNAME/ directory, containing
> the config.pck and other files. Then delete the list or just remove the
> lists/LISTNAME/ directory and then create the list and replace the
> lists/LISTNAME/ directory with the one you backed up. This should cerate
> the list with a "proper" empty archive and then restoring the
> lists/LISTNAME/ directory and contents will restore the list config and
> membership.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> dadoonan%40gmail.com
>



-- 
David Doonan
3 Gray Avenue #2
Greenwich, New York 12834
518-265-4030

From specktator at totallynoob.com  Wed May  9 03:26:23 2018
From: specktator at totallynoob.com (specktator)
Date: Wed, 9 May 2018 10:26:23 +0300
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <bb0c26ec-7bf9-8bc1-a4c3-8acfeb821cf7@totallynoob.com>

Hi Andrew,

I have more or less the same issue with you. So far, I'm pretty sure 
about this: you have to notify your recipients to "authorize" (or not), 
accept and read about how you treat their personal data in order to do 
the mailings ... if you are able to do that, most probably you can 
continue doing it, with all those who accepted of course.

hope it helps a bit

Cheers,

speck


On 08/05/2018 08:22 ??, Andrew Hodgson wrote:
> Hi,
>
> Has anyone in the EU come across the GDPR guidelines in the context of Mailman?  We are a charity and run Mailman as part of that with some high traffic email lists.  I am getting a lot of conflicting information regarding whether we can even continue to do this in the current climate, most of it coming from half baked documents or different people's opinion, so I wanted to put it out there to see if there is anything that the community may have that we can use or help with in a co-ordinated way.
>
> Thanks.
> Andrew.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/specktator%40totallynoob.com


From jhs at berklix.com  Wed May  9 08:39:09 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Wed, 09 May 2018 14:39:09 +0200
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: Your message "Tue, 08 May 2018 17:22:12 -0000."
 <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <201805091239.w49Cd9GO009055@fire.js.berklix.net>

Hi, Reference:
> From:		Andrew Hodgson <andrew at hodgson.io>
> Date:		Tue, 8 May 2018 17:22:12 +0000

Andrew Hodgson wrote:
> Hi,
> 
> Has anyone in the EU come across the GDPR guidelines in the context of Mailman?  We are a charity and run Mailman as part of that with some high traffic email lists.  I am getting a lot of conflicting information regarding whether we can even continue to do this in the current climate, most of it coming from half baked documents or different people's opinion, so I wanted to put it out there to see if there is anything that the community may have that we can use or help with in a co-ordinated way.

The 88 page source:
 http://eur-lex.europa.eu/legal-content/EN/TXT/PDF/?uri=CELEX:32016R0679&from=EN

Linked from:
 https://en.wikipedia.org/wiki/General_Data_Protection_Regulation

GDPR seems the latest government imposed plague ** to consume
business time unpaid, along with VAT etc.  Bigger companies can
afford it, but for some small companies it's last nail in the coffin.

** Remember the ISO 9000 certification plague ?  When industry
threw out good equipment that wasn't ISO 9000; & even banks bored
us they too were ISO 9000 method compliant. 

I may put something like this at top of
	http://mailman.berklix.org/mailman/listinfo
  GDPR: 88 pages of PDF this unpaid admin has no time to read.
  Mail lists & web are run Free. You pay nothing. We are paid nothing.
  If you object Unsubscribe Yourself.

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From phils at caerllewys.net  Wed May  9 10:16:55 2018
From: phils at caerllewys.net (Phil Stracchino)
Date: Wed, 9 May 2018 10:16:55 -0400
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: <201805091239.w49Cd9GO009055@fire.js.berklix.net>
References: <201805091239.w49Cd9GO009055@fire.js.berklix.net>
Message-ID: <328a8e9f-9f63-948a-34b7-44d2920005e8@caerllewys.net>

On 05/09/18 08:39, Julian H. Stacey wrote:

> I may put something like this at top of
> 	http://mailman.berklix.org/mailman/listinfo
>   GDPR: 88 pages of PDF this unpaid admin has no time to read.
>   Mail lists & web are run Free. You pay nothing. We are paid nothing.
>   If you object Unsubscribe Yourself.

That in my opinion is about the right level of response for a typical
mailing list.  I myself would add the following:

- We do not collect any personal information beyond your email address
- We do not sell, share or otherwise use your email address except to
deliver mail to you
- Public archives are public; think before you post.



-- 
  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

From addw at phcomp.co.uk  Wed May  9 10:05:13 2018
From: addw at phcomp.co.uk (Alain D D Williams)
Date: Wed, 9 May 2018 15:05:13 +0100
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: <201805091239.w49Cd9GO009055@fire.js.berklix.net>
References: <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <201805091239.w49Cd9GO009055@fire.js.berklix.net>
Message-ID: <20180509140513.GB21337@phcomp.co.uk>

On Wed, May 09, 2018 at 02:39:09PM +0200, Julian H. Stacey wrote:

> Andrew Hodgson wrote:

> > Has anyone in the EU come across the GDPR guidelines in the context of Mailman?  We are a charity and run Mailman as part of that with some high traffic email lists.  I am getting a lot of conflicting information regarding whether we can even continue to do this in the current climate, most of it coming from half baked documents or different people's opinion, so I wanted to put it out there to see if there is anything that the community may have that we can use or help with in a co-ordinated way.

> GDPR seems the latest government imposed plague ** to consume
> business time unpaid, along with VAT etc.  Bigger companies can
> afford it, but for some small companies it's last nail in the coffin.

The attitude that I have taken with mail lists is that:

* all those on the list subscribed themselves - they thus, at that time,
gave their consent to mailman/list-owner to have their email address for the
purpose of sending email; also on the sign up page I mention list archiving,
etc.

* those on the list can unsubscribe themselves - a reminder of the list web page
is at the foot of every email.

Job done.

There is a lot of hype about the GDPR, much of it inflated by those who either
do not understand it or those who are selling DDPR 'services'. GDPR is not
designed to hit things like mailman lists, or web sites that do not collect and
process personal information. ''process'' is the important word - the fact that
someone's IP address ends up in your Apache logs is of little interest unless
you mechanically process them -- using them to track down some bug or attempt at
cracking the web site would not fall foul of GDPR.

Summary: play nice (ie don't be facebook) and you are probably OK.

> ** Remember the ISO 9000 certification plague ?  When industry
> threw out good equipment that wasn't ISO 9000; & even banks bored
> us they too were ISO 9000 method compliant. 

Yes. I just ignored it.

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>

From david at midrange.com  Wed May  9 12:02:49 2018
From: david at midrange.com (David Gibbs)
Date: Wed, 9 May 2018 11:02:49 -0500
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: <20180509140513.GB21337@phcomp.co.uk>
References: <VI1PR08MB3358805DD93A596006506908AF9A0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <201805091239.w49Cd9GO009055@fire.js.berklix.net>
 <20180509140513.GB21337@phcomp.co.uk>
Message-ID: <pcv5v8$uml$1@blaine.gmane.org>

On 5/9/2018 9:05 AM, Alain D D Williams wrote:
> * all those on the list subscribed themselves - they thus, at that time,
> gave their consent to mailman/list-owner to have their email address for the
> purpose of sending email; also on the sign up page I mention list archiving,
> etc.

FWIW: I've added the following to a list rules message that is posted monthly.

"By posting to this mailing list, you are granting <name of organization> perpetual, non-exclusive, unlimited, and irrevocable, rights to the content."

I've had people, who thought the questions they asked on a list reflected poorly on them, try to 'revoke' my right to publish the content they had contributed.

david


-- 
IBM i on Power Systems: For when you can't afford to be out of business!

I'm riding 615 miles (Yes, you read that right) in the American Diabetes Association's Tour de Cure to raise money for diabetes research, education, advocacy, and awareness.  You can make a tax deductible donation to my ride by visiting https://gmane.diabetessucks.net.

You can see where my donations come from by visiting my interactive donation map ... https://gmane.diabetessucks.net/map (it's a geeky thing).

I may have diabetes, but diabetes doesn't have me!


From mailman at 16bits.net  Wed May  9 19:58:03 2018
From: mailman at 16bits.net (=?ISO-8859-1?Q?=C1ngel?=)
Date: Thu, 10 May 2018 01:58:03 +0200
Subject: [Mailman-Users] Possibly OT: GDPR and list servers
In-Reply-To: <328a8e9f-9f63-948a-34b7-44d2920005e8@caerllewys.net>
References: <201805091239.w49Cd9GO009055@fire.js.berklix.net>
 <328a8e9f-9f63-948a-34b7-44d2920005e8@caerllewys.net>
Message-ID: <1525910283.960.11.camel@16bits.net>

On 2018-05-09 at 10:16 -0400, Phil Stracchino wrote:
> On 05/09/18 08:39, Julian H. Stacey wrote:
> 
> > I may put something like this at top of
> > 	http://mailman.berklix.org/mailman/listinfo
> >   GDPR: 88 pages of PDF this unpaid admin has no time to read.
> >   Mail lists & web are run Free. You pay nothing. We are paid nothing.
> >   If you object Unsubscribe Yourself.
> 
> That in my opinion is about the right level of response for a typical
> mailing list.  I myself would add the following:
> 
> - We do not collect any personal information beyond your email address
> - We do not sell, share or otherwise use your email address except to
> deliver mail to you

Are you sure you don't share it?
I was precisely going to mention ensuring that the roster is configured
to list-admin-only.

> - Public archives are public; think before you post.

I would also add:
- If you send an email to the mailing list, we will distribute it on
your behalf to the mailing list members. This will typically include
your name and email address, as well as any contents you place there.

- We only subscribe you to the list when you have requested so. We
ensure so by sending a confirmation email on which you need to act
before we start sending you the mailing list messages.

Best


From turnbull.stephen.fw at u.tsukuba.ac.jp  Fri May 11 12:06:15 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Sat, 12 May 2018 01:06:15 +0900
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
Message-ID: <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>

I hate to disagree with everybody, but ...

We need to get an articulare European lawyer, or at least find someone
who has studied the subject.  I don't know the credentials of anyone
who has posted on this list, so I would be careful.  There was a post
a few months back listing a bunch of stuff that person claimed we
needed to support for our users (ie, list owners) to be able to
conform to GDPR.  (Sorry, on a plane right now, search is painful.)
I have no idea if that person was clueful, but I suspect he was a
privacy activist and so would be biased toward stringent
interpretation.  Still that post is where I'd start.

On the FUD end of the spectrum, there are claims that the IPs in your
webserver log are subject to redaction on request.  There are
counterclaims that that is FUD. ;-)  I don't know the credentials of
either claimant.  It is my understanding that you may need to remove
posts from archives on request.  AFAIK neither Mailman 2 nor Mailman 3
supports that in the sense of making it possible to do it without
editing the archives by hand (and in Mailman 2's case, rebuilding the
archives), which requires login access to the host.

There are also claims that if you don't profit from the data stored in
your host's records, you're safe.  Some people have posted "all posts
yours are automatically permanently ours" rules of usage -- but I
don't think EU law necessarily allows that, because GDPR rights may
very well be inalienable "creator's rights".  I have no way to
evaluate these claims, but at the very least you have to worry about
frivolous claims (insert Michael Cohen/Rudy Guiliani joke here).

Footnotes: 
[1]  If someone reading this thinks they know GDPR well enough to (1)
present basic concepts and risks (while liberally sprinkling IANALs and
TINLAs around) and (2) point people at real lawyer blogs, *please*
speak up.  I'm not deprecating your knowledge, just I haven't seen
such here.  Pointing at the official lawyerly stuff isn't really
helpful, I'm sure we can all google for that.  What we need is a
curated list of sane sources.


From addw at phcomp.co.uk  Fri May 11 13:53:51 2018
From: addw at phcomp.co.uk (Alain D D Williams)
Date: Fri, 11 May 2018 18:53:51 +0100
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
Message-ID: <20180511175351.GQ22777@phcomp.co.uk>

On Sat, May 12, 2018 at 01:06:15AM +0900, Stephen J. Turnbull wrote:
> I hate to disagree with everybody, but ...
> 
> We need to get an articulare European lawyer, or at least find someone
> who has studied the subject.  I don't know the credentials of anyone
> who has posted on this list, so I would be careful.  There was a post
> a few months back listing a bunch of stuff that person claimed we
> needed to support for our users (ie, list owners) to be able to
> conform to GDPR.  (Sorry, on a plane right now, search is painful.)
> I have no idea if that person was clueful, but I suspect he was a
> privacy activist and so would be biased toward stringent
> interpretation.  Still that post is where I'd start.
> 
> On the FUD end of the spectrum, there are claims that the IPs in your
> webserver log are subject to redaction on request.  There are
> counterclaims that that is FUD. ;-)

[ first: IANAL ]

It is FUD.

Yes, you could argue that an IP address is a form of 'personal information'
(PI), in that it might identify someone. But you are allowed to keep such
information for the purposes of debugging server problems, tracking down
attempted break ins, etc. So you can keep the logs for a reasonable time to
allow you to do that.

How long: the default log recycling times (eg a few weeks to a couple of months)
would be reasonable. Some have suggested 2 days - but it is easy to justify
that that is not long enough since many problems do not become known for some
time.

One confusion is that the GDPR does not prevent you keeping PI (eg as above),
but there are strictures on *processing* it, eg with the purpose of sending
spam.

*processing* it to trace a break in would be allowed - you are not seeking to
identify or act on the individual -- unless s/he was the reprobate who attacked
your machine.


A huge number of organisations are now seeking reaffirmation that you want to
receive email from them, this is because they do not have adequate documentation
that you want to receive email. My view is that the mailman log files show when
a user requested to join a mail list (eg the subscribe file); if they asked to
be subscribed and someone else did it, then the email/signup-form should be
kept.


https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/



> I don't know the credentials of
> either claimant.  It is my understanding that you may need to remove
> posts from archives on request.  AFAIK neither Mailman 2 nor Mailman 3
> supports that in the sense of making it possible to do it without
> editing the archives by hand (and in Mailman 2's case, rebuilding the
> archives), which requires login access to the host.

There is a right to be forgotten

https://ico.org.uk/for-organisations/guide-to-the-general-data-protection-regulation-gdpr/individual-rights/right-to-erasure/

> There are also claims that if you don't profit from the data stored in
> your host's records, you're safe.  Some people have posted "all posts
> yours are automatically permanently ours" rules of usage -- but I
> don't think EU law necessarily allows that, because GDPR rights may
> very well be inalienable "creator's rights".  I have no way to
> evaluate these claims, but at the very least you have to worry about
> frivolous claims (insert Michael Cohen/Rudy Guiliani joke here).
> 
> Footnotes: 
> [1]  If someone reading this thinks they know GDPR well enough to (1)
> present basic concepts and risks (while liberally sprinkling IANALs and
> TINLAs around) and

IANAL

> (2) point people at real lawyer blogs,

But beware: there is a mini-industry of people who try to worry organisations
and seek to advise you (at a fee - of course).

-- 
Alain Williams
Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer.
+44 (0) 787 668 0256  https://www.phcomp.co.uk/
Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php
#include <std_disclaimer.h>

From jhs at berklix.com  Fri May 11 17:55:02 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Fri, 11 May 2018 23:55:02 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: Your message "Fri, 11 May 2018 18:53:51 +0100."
 <20180511175351.GQ22777@phcomp.co.uk>
Message-ID: <201805112155.w4BLt2cw082647@fire.js.berklix.net>

Alain D D Williams wrote:
> On Sat, May 12, 2018 at 01:06:15AM +0900, Stephen J. Turnbull wrote:
> > I hate to disagree with everybody, but ...
> > 
> > We need to get an articulare European lawyer, or at least find someone
> > who has studied the subject.  

If you or employer have money & time for that, do share results of
	- paying a lawyer to read those 88 EU pages, & answering questions
	- paying a programmer for development time for patches to Mailman.
Maybe other major users of Mailman might afford to share costs.  I won't.

It's just EU law so far, but laws & interpretations vary by time &
geography, This list is global, 191 countries in
https://en.wikipedia.org/wiki/List_of_sovereign_states

Best action for least effort, IMO is first someone to agree to commit a big
default legal disclaimer in the Mailman source distribution, as a
seperate localy served clickable link from top of
		http://mailman.YOUR-DOMAIN/mailman/listinfo
That default Legal page would include a further clickable link to a
dummy page for site local extra legal waffle.

Once that's agreed t would be worth some of us workng on content.
My suggestion, approx:

Generic Preamble: Why Mailman Rules Are Necessary & Mandatory To All Users
	While Big [Anti-]Social Web providers, may get enough
	advertising revenue to employ people to deal with various
	legal pains ...

	Many Mailman sites have smaller lists, run Free by Unpaid
	volunteers with No free time for boring, annoyiny, risky
	legal hastles wasting their of time, (eg: logging & adjudcating
	internal or external complainers, users & authorities,
	discipling posters, editing archives, etc).

	Many Mailman sites & list admins would rather close down
	their free service rather than have their time forcibly
	wasted unpaid to provide & host free levels of "service" &
	abuse control, that users might be accustomed to have
	provided on larger commercial )often advert paid) [Anti-]Social
	web sites, (as first targeted by regulators etc).

Some issues one might then cover in the generic, or leave to local site: eg:
	Those from previous posters to this thread +
	Liability
	Copyright
	Secrecy
	Security
	Posting means irrevocable publishing
	No right to use lists if you waste unpaid admins time.
	Incitement to this & that
	Right to inform authorities
	Non obligation of admins to have to waste time monitoring/
	censoring etc.
	Anti hate crime/ adjitation laws V. free speach 
		(eg As considered in Germany, reported in: Economist Jan
		13-19th 2018 Page 21 "Freedom & its discontents")
	site owner doesnt necessarily agree views of archived posters etc 
	Policy if members of a by default private archived list vote to
		make their archive public ?  What if someone had
		posted, archived, then left list, sees it public,
		& now objects ? )
	How to even technicaly & legaly establish objector is same
	person (or their rep. or inheritor or purchaser of copyright
	of initial postera or litigant against poster, or recipient
	of court order against poster ?
	Local server operator & global Mailman org disclaim liability,
		& no insurance to tempt lawyesr to sue (another can of worms ;-)

Optionaly & asynchronously while some are drafting a generic legal page:
	A python programmer (or HTML editor, depending where) could
	add a switch so new users had to agree before joining
	list[s].  Whether switch should be per list or global, to be
	decided by who does the work. Switch might be a null string,
	updated to latest date when terms agreed. ?

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From dmaziuk at bmrb.wisc.edu  Fri May 11 18:25:08 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Fri, 11 May 2018 17:25:08 -0500
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
Message-ID: <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>

On 05/11/2018 04:55 PM, Julian H. Stacey wrote:
...

I think the basic inconvenient truth is nobody's going to come after you
unless you have money to pay the settlement. I expect the impact on
"smaller lists run by Unpaid Volunteers" to be about on par with that of
the right to be forgotten. How many people here had to delete messages
and rebuild the archives because of it?

And besides, I've done that a few times cleaning up spam that got past
the filters -- it's not *that* hard.
-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180511/8a24d079/attachment.sig>

From jhs at berklix.com  Sat May 12 10:07:38 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Sat, 12 May 2018 16:07:38 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: Your message "Fri, 11 May 2018 17:25:08 -0500."
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
Message-ID: <201805121407.w4CE7ci2093433@fire.js.berklix.net>

Dimitri Maziuk wrote:
> On 05/11/2018 04:55 PM, Julian H. Stacey wrote:
> I think the basic inconvenient truth is nobody's going to come after you
> unless you have money to pay the settlement.

Not `Nobody' but `Very few' & then a major pain best pre-deterred.

Most volunteer unpaid admins not working for employers, have no employer
protection, but will still have personal savings they wouldnt want at risk.

The attention to GDPR in an increasingly litigous world will encourage
more complainers & more ambulance chasing lawyers looking for jobs.

There's also the occasional looney that's really malicious: 
   (eg back running majordomo, I saw a few swine report a whole
   domain as a spammer, as they were too lazy to learn to unsubscribe
   themselves, they also emitted all sorts of time wasting annoying
   threats, best warn people before they start )

A generic in distribution + site supplemental link to an empty dummy
would be well worth the few hours it would take to write.
We could start drafting our own under various
	http://mailman.YOUR-DOMAIN/mailman/listinfo#legal
& share URLs & ides here, then someone could merge for distribution ?


> I expect the impact on
> "smaller lists run by Unpaid Volunteers" to be about on par with that of
> the right to be forgotten. How many people here had to delete messages
> and rebuild the archives because of it?

Not me yet, I want to deter users from wasting admin time requesting anything.

> And besides, I've done that a few times cleaning up spam that got past
> the filters -- it's not *that* hard.

Good.

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From turnbull.stephen.fw at u.tsukuba.ac.jp  Sat May 12 16:39:27 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Sun, 13 May 2018 05:39:27 +0900
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
Message-ID: <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>

Dimitri Maziuk writes:
 > On 05/11/2018 04:55 PM, Julian H. Stacey wrote:
 > ...
 > 
 > I think the basic inconvenient truth is nobody's going to come after you
 > unless you have money to pay the settlement.

I think the basic inconvenient truth is that *some*body *will* come
after *some*body else on the basis that they *might* have enough money
to pay a settlement, or just to make "the responding party's" life
hell.  I know several people that's happened to in the US, and one in
the EU (where things are reputed to be more civilized, but that
doesn't mean risk is zero).

 > I expect the impact on "smaller lists run by Unpaid Volunteers" to
 > be about on par with that of the right to be forgotten. How many
 > people here had to delete messages and rebuild the archives because
 > of it?  And besides, I've done that a few times cleaning up spam
 > that got past the filters -- it's not *that* hard.

It would be a much more annoying matter if they claimed the right to
be deleted from third party posts that quoted and identified them,
though.  If there is a "right to be forgotten" that impinges on
mailing list archives, that seems plausible to me, though who knows
what the High Court would rule.

Steve


From turnbull.stephen.fw at u.tsukuba.ac.jp  Sat May 12 16:42:14 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Sun, 13 May 2018 05:42:14 +0900
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
References: <20180511175351.GQ22777@phcomp.co.uk>
 <201805112155.w4BLt2cw082647@fire.js.berklix.net>
Message-ID: <23287.20902.328442.888227@turnbull.sk.tsukuba.ac.jp>

Julian H. Stacey writes:

 > Best action for least effort, IMO is first someone to agree to
 > commit a big default legal disclaimer in the Mailman source
 > distribution, as a

This isn't going to happen if I have anything to say about it.  (I may
not have all that much to say about it! :-)  As far as I can see that
would be tantamount to giving legal advice, even if hedged with IANAL
TINLA.  And it would almost certainly be wrong for many sites.  At the
very least I would oppose it without opinion of two real lawyers (one
from the US where we have some money that could be taken from us and
most of our devs live for the TINLA issue, and one from the EU for
GDPR interpretation), which I don't think we can afford.

[There used to be 60-some lines of suggestion here, which just
reinforces my estimate that we cannot afford enough real legal advice
to make such a boilerplate disclaimer safe for publication in the
distribution.]

Counterproposal: we make a wiki page that people can update, with
suggested text *and citations to "authorities"* (or real authorities,
where possible) explaining the use cases and limitations of those
EULA clauses.

Steve


From gtaylor at tnetconsulting.net  Sat May 12 16:48:00 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Sat, 12 May 2018 14:48:00 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
Message-ID: <f3e17839-f902-eac4-be91-56cde822e1bd@spamtrap.tnetconsulting.net>

On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote:
> It would be a much more annoying matter if they claimed the right to be 
> deleted from third party posts that quoted and identified them, though. 
> If there is a "right to be forgotten" that impinges on mailing list 
> archives, that seems plausible to me, though who knows what the High 
> Court would rule.

I wonder if the entire post (and any partial / quoted copies) must be 
deleted or if it is sufficient to modify them so that they do not 
reflect the author but still retain (non-PII) content.  That would be 
less of a negative impact on archives.

God forbid if blockchain was used on the archive.  }:-)



-- 
Grant. . . .
unix || die


From dmaziuk at bmrb.wisc.edu  Sat May 12 16:48:43 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Sat, 12 May 2018 15:48:43 -0500
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
Message-ID: <b7f811fb-e68c-0d98-31e0-d37dc5e3dce8@bmrb.wisc.edu>

On 05/12/2018 03:39 PM, Stephen J. Turnbull wrote:

> I think the basic inconvenient truth is that *some*body *will* come
> after *some*body else on the basis that they *might* have enough money
> to pay a settlement, or just to make "the responding party's" life
> hell.

Possibly. Also an asteroid size of Texas will hit the Caribbean at some
point in this planet's lifetime and I don't believe I should start
building an asteroid-killing Death Star just yet either.

And besides, I strongly suspect that all the legalese one can write for
the mailman's starting page will have a little unguarded duct in it
leading all the way to the soft chewy core and... KABOOM!

I.e. I'm talking the cure worse than the disease. Especially when there
are no observable symptoms yet.
-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180512/c4089a2f/attachment.sig>

From bernd at petrovitsch.priv.at  Sat May 12 17:35:54 2018
From: bernd at petrovitsch.priv.at (Bernd Petrovitsch)
Date: Sat, 12 May 2018 23:35:54 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <f3e17839-f902-eac4-be91-56cde822e1bd@spamtrap.tnetconsulting.net>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
 <f3e17839-f902-eac4-be91-56cde822e1bd@spamtrap.tnetconsulting.net>
Message-ID: <91aab6cb-edce-2bce-3890-ac43146a658b@petrovitsch.priv.at>

Hi all!

On 12/05/18 22:48, Grant Taylor via Mailman-Users wrote:
> On 05/12/2018 02:39 PM, Stephen J. Turnbull wrote:
>> It would be a much more annoying matter if they claimed the right to
>> be deleted from third party posts that quoted and identified them,
>> though. If there is a "right to be forgotten" that impinges on mailing
>> list archives, that seems plausible to me, though who knows what the

Well, it's the very nature of an archive that everything stays there
(similar to a backup).

>> High Court would rule.
> 
> I wonder if the entire post (and any partial / quoted copies) must be
> deleted or if it is sufficient to modify them so that they do not
> reflect the author but still retain (non-PII) content.? That would be

The other aspect of a mailing list archive is that one can find it and
may want to ask the original author something about the issue there.

On the other hand deleting the mail address (on the mail server side by
the author) also kills that communication line.

One other thing: And if someone (as a current or former mailing list
member) has the right to get the email address, name and signature
removed in one mail, does the mailing list admin has the right to delete
*all* the instances or only the actively requested/mentioned ones?
And what about other mail addresses of the same person?

> less of a negative impact on archives.
> 
> God forbid if blockchain was used on the archive.? }:-)

Does anyone know how the "blockckain is the solution to everything"
faction handles these issues?
It's not that they can ignore that either - if only to discuss the
question how personal the wallet address (or whatever it is called) is.

Or can we kill the whole problem by using a blockchain for a mailinglist
archive archive?

MfG,
	Bernd
-- 
Bernd Petrovitsch                  Email : bernd at petrovitsch.priv.at
                     LUGA : http://www.luga.at

From gtaylor at tnetconsulting.net  Sat May 12 19:18:09 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Sat, 12 May 2018 17:18:09 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <91aab6cb-edce-2bce-3890-ac43146a658b@petrovitsch.priv.at>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
 <f3e17839-f902-eac4-be91-56cde822e1bd@spamtrap.tnetconsulting.net>
 <91aab6cb-edce-2bce-3890-ac43146a658b@petrovitsch.priv.at>
Message-ID: <97c3ca59-1f69-b7fa-754a-aaf8dde725b7@spamtrap.tnetconsulting.net>

On 05/12/2018 03:35 PM, Bernd Petrovitsch wrote:
> Well, it's the very nature of an archive that everything stays there 
> (similar to a backup).

Yes.  But I believe that GDPR has implications on expunging things from 
archives / backups too.  Not doing so is not within the spirit of 
forgetting someone.

> The other aspect of a mailing list archive is that one can find it and 
> may want to ask the original author something about the issue there.

Yes.  IMHO that's one of the wonderful things about public email archives.

> On the other hand deleting the mail address (on the mail server side by 
> the author) also kills that communication line.

I would rather have a GDPRed (read: anonymized) copy of a message than 
no message at all.

Consider if you will, someone publishing a How To for something quite 
rare, including all the necessary steps and minutia.  Then they 
subsequently leverage GDPR to be forgotten.  Would you want their how to 
to be removed (possibly taking the only / best source of said 
information with it) or simply anonymized so that it no longer reflects 
the sender?

I personally would STRONGLY prefer the latter.  The former causes 
destruction / loss of usable information that is not related to the sender.

> One other thing: And if someone (as a current or former mailing list 
> member) has the right to get the email address, name and signature removed 
> in one mail, does the mailing list admin has the right to delete *all* 
> the instances or only the actively requested/mentioned ones?  And what 
> about other mail addresses of the same person?

My understanding of (the pertinent part of) the spirit of is that the 
person has the right to be forgotten.  Thus, I would think that any and 
all references to the person would need to be modified so that the 
person is forgotten.

So I do believe that means that the mailing list admin would have the 
obligation to modify all instances of the requester in the archive.

Now, this brings up a question:  Is the mailing list administrator also 
responsible for my private archive of messages that I received while 
subscribed to a mailing list they administer?

> Does anyone know how the "blockckain is the solution to everything" 
> faction handles these issues?  It's not that they can ignore that either 
> - if only to discuss the question how personal the wallet address (or 
> whatever it is called) is.

First, IMHO blockchain is NOT the solution to everything.  It is a 
technique that happens to be a buzzword.

Further, blockchain is specifically designed to detect modification. 
What is done when something is detected is likely implementation dependent.

Remember that blockchain is a LOT more than just crypto currency. 
Crypto currency happens to be a heavy user of blockchain because it is 
possible to detect modifications.

Blockchain can be used for a LOT of other things.  I've heard references 
to using it for system logs as a way to prove that logs have not been 
modified after the fact.  Or at least detect if they have been modified.

My understanding is that blockchain is meant to make the historical 
portion of what it's used for be immutable.  (Or detectable.)

> Or can we kill the whole problem by using a blockchain for a mailinglist 
> archive archive?

I think using blockchain for mailing list archives would be the wrong 
way to go.

1)  We have no motivation (problem that needs to be fixed) to migrate 
away from what's been used for decades.
2)  Moving to blockchain would be seen as an attempt to avoid GDPR.
3)  The attempt would quite likely fail in and of itself.
4)  The bad motivation would be known (see #1) and as such, invalidate 
any attempt to migrate to blockchain for mailing list archives.
5)  We would still need to have a way to delete things.
6)  We would likely get into trouble with GDPR for going out of our way 
to snub our faces at GDPR.

I think most uses of blockchain are bogus and I'm ready for the buzz 
word to go away.

I mentioned it because GDPR and blockchain are sort of antipodes when it 
comes to the right to be forgotten.



-- 
Grant. . . .
unix || die


From enseikou at gmail.com  Sun May 13 02:40:55 2018
From: enseikou at gmail.com (Rubeno =?ISO-8859-1?Q?Fern=E1ndez?=)
Date: Sun, 13 May 2018 08:40:55 +0200
Subject: [Mailman-Users] Internationalizing administrative aliases
Message-ID: <2074053.fT7H6P9viX@fractal>

Hello all,
I'd like to know whether it's possible to internationalize addresses for list 
control, like mylist-owner, mylist-subscribe, mylist-unsubscribe...

I tried editing the file /usr/lib/mailman/data/aliases and then running /usr/
lib/mailman/bin/genaliases, but it doesn't work, even after restarting the 
server the default addresses are still the only ones valid. I should add that 
the new addresses had only ASCII characters.

Is it possible at all?

Rub?n

From mark at msapiro.net  Sun May 13 07:41:27 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 13 May 2018 04:41:27 -0700
Subject: [Mailman-Users] Internationalizing administrative aliases
In-Reply-To: <2074053.fT7H6P9viX@fractal>
References: <2074053.fT7H6P9viX@fractal>
Message-ID: <42b6c94a-40ac-be68-aba0-75f1cdcab4fd@msapiro.net>

On 5/12/18 11:40 PM, Rubeno Fern?ndez wrote:
> Hello all,
> I'd like to know whether it's possible to internationalize addresses for list 
> control, like mylist-owner, mylist-subscribe, mylist-unsubscribe...
> 
> I tried editing the file /usr/lib/mailman/data/aliases and then running /usr/
> lib/mailman/bin/genaliases, but it doesn't work, even after restarting the 
> server the default addresses are still the only ones valid. I should add that 
> the new addresses had only ASCII characters.


The above doesn't work because running /usr/lib/mailman/bin/genaliases
will rebuild /usr/lib/mailman/data/aliases and undo all your changes.
What you need to run after editing /usr/lib/mailman/data/aliases is

postalias /usr/lib/mailman/data/aliases

to rebuild the /usr/lib/mailman/data/aliases.db file, but this is
fragile because running genaliases or equivalent at any time in the
future will again undo your changes.

You need to make a second set, e.g., /usr/lib/mailman/data/aliases2 and
/usr/lib/mailman/data/aliases2.db with the same ownership and
permissions as the existing ones, perhaps by

cd /usr/lib/mailman/data/
cp -a aliases aliases2
cp -a aliases.db aliases2.db

make your changes to aliases2 and run 'postalias aliases2' to update
aliases2.db and then add hash:/usr/lib/mailman/data/aliases2 to your
Postfix config.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From muddy at muddys.org  Sat May 12 06:32:06 2018
From: muddy at muddys.org (Phillip Waters)
Date: Sat, 12 May 2018 10:32:06 +0000
Subject: [Mailman-Users] new user
Message-ID: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>

I have three separate domains all hosted by the same company. I created 
a private mailing list for one of my domains as a test to try and see if 
it was something I could use. Turn out it is something I want to use. I 
deleted that list and tried to start over.
However, On the main page for Cpanel it shows the list is still there:

Mailing Lists 
<https://nemunas.tchmachines.com:2083/cpsess9309149334/frontend/paper_lantern/mail/lists.html>
1 / ?

When in fact it isn't. I want to re-create that list with the same name, 
however, when I tried to create the list again I get the following 
error:

Failed to create the mailing list ?d4 at XXXXXX.org?: The requested mailing 
list address, ?d4 at XXXXXX.org?, conflicts with the forwarder 
?d4 at XXXXXX.org <mailto:dist4 at gaafg.org> <mailto:dist4 at gaafg.org> 
<mailto:dist4 at gaafg.org>?. To create a mailing list named 
?d4 at XXXXXX.org?, you must first delete the forwarder that conflicts with 
that name. <mailto:dist4 at gaafg.org>

My problem is I can't find where it is being forwarded. Can someone help 
me figure out where my problem lies? No forwards are listed anywhere 
that I can see.

Thanks in advance,

Phillip

From mark at msapiro.net  Sun May 13 08:52:23 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 13 May 2018 05:52:23 -0700
Subject: [Mailman-Users] new user
In-Reply-To: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>
References: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>
Message-ID: <f6b3dc69-777c-6dfc-48dd-19d8193e6eb6@msapiro.net>

On 5/12/18 3:32 AM, Phillip Waters wrote:
> I have three separate domains all hosted by the same company. I created
> a private mailing list for one of my domains as a test to try and see if
> it was something I could use. Turn out it is something I want to use. I
> deleted that list and tried to start over.


How did you delete it?


> However, On the main page for Cpanel it shows the list is still there:
> 
> Mailing Lists
> <https://nemunas.tchmachines.com:2083/cpsess9309149334/frontend/paper_lantern/mail/lists.html>
> 
> 1 / ?
> 
> When in fact it isn't. I want to re-create that list with the same name,


This seems to be a cPanel issue. Please see
<https://wiki.list.org/DOC/Mailman%20and%20CPanel>.


> however, when I tried to create the list again I get the following error:
> 
> Failed to create the mailing list ?d4 at XXXXXX.org?: The requested mailing
> list address, ?d4 at XXXXXX.org?, conflicts with the forwarder
> ?d4 at XXXXXX.org <mailto:dist4 at gaafg.org> <mailto:dist4 at gaafg.org>
> <mailto:dist4 at gaafg.org>?. To create a mailing list named
> ?d4 at XXXXXX.org?, you must first delete the forwarder that conflicts with
> that name. <mailto:dist4 at gaafg.org>
> 
> My problem is I can't find where it is being forwarded. Can someone help
> me figure out where my problem lies? No forwards are listed anywhere
> that I can see.


cPanel typically uses Exim which uses 'routers'.

If you have access to the file sistem, look in the directory
/usr/local/cpanel/3rdparty/mailman/lists/. If there is a d4_gaafg.org
(or is it dist4_gaafg.org) sub-directory, remove it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jhs at berklix.com  Sun May 13 11:54:11 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Sun, 13 May 2018 17:54:11 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: Your message "Sun, 13 May 2018 05:39:27 +0900."
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
Message-ID: <201805131554.w4DFsBi7057842@fire.js.berklix.net>

"Stephen J. Turnbull" wrote Sun, 13 May 2018 05:39:27 +0900
> Dimitri Maziuk writes:
>  > On 05/11/2018 04:55 PM, Julian H. Stacey wrote:
>  > ...
>  > 
>  > I think the basic inconvenient truth is nobody's going to come after you
>  > unless you have money to pay the settlement.
> 
> I think the basic inconvenient truth is that *some*body *will* come

It could have been clearer to have omitted my name Julian S. from above,
as I did not write any quoted text as such.

No direct text from me, just a later 6 word contraction from my
	Message-id: <201805112155.w4BLt2cw082647 at fire.js.berklix.net>
	smaller lists, run Free by Unpaid
	volunteers
to Dimitri M.'s
	Message-id: <49946b69-1e3a-63cb-b497-663e12e875fa at bmrb.wisc.edu>
	"smaller lists run by Unpaid Volunteers"
to Stephen T's
	> I expect the impact on "smaller lists run by Unpaid Volunteers" to

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From luscheina at yahoo.de  Sun May 13 08:31:12 2018
From: luscheina at yahoo.de (Christian F Buser)
Date: Sun, 13 May 2018 14:31:12 +0200
Subject: [Mailman-Users] new user
In-Reply-To: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>
References: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>
Message-ID: <20180513143112454645.9ae8d4f2@yahoo.de>

Hello Phillip Waters. On Sat, 12 May 2018 10:32:06 +0000, you wrote:

> I deleted that list and tried to start over.
> However, On the main page for Cpanel it shows the list is still there:
> 
> Mailing Lists 
> <https://nemunas.tchmachines.com:2083/cpsess9309149334/frontend/paper_lantern/mail/lists.html>
> 1 / ?

Mh - without you telling us your credentials for cPanel, we won't be able to see anything there... :-)

> Failed to create the mailing list ?d4 at XXXXXX.org?: The requested 
> mailing list address, ?d4 at XXXXXX.org?, conflicts with the forwarder 
> ?d4 at XXXXXX.org <mailto:dist4 at gaafg.org> <mailto:dist4 at gaafg.org> 
> <mailto:dist4 at gaafg.org>?. To create a mailing list named ?
> d4 at XXXXXX.org?, you must first delete the forwarder that conflicts 
> with that name. <mailto:dist4 at gaafg.org>

The forwarders are "mail address aliases", which you can set up (or delete) in the second icon of cPanel's "Email" section. 

Christian 
-- 
Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland)      
Hilfe fuer Strassenkinder in Ghana: http://www.chance-for-children.org

From muddy at muddys.org  Sun May 13 16:12:24 2018
From: muddy at muddys.org (Phillip Waters)
Date: Sun, 13 May 2018 20:12:24 +0000
Subject: [Mailman-Users] new user
In-Reply-To: <f6b3dc69-777c-6dfc-48dd-19d8193e6eb6@msapiro.net>
References: <em7cf6ae36-e88c-43ec-8a05-36b91f12f958@office>
 <f6b3dc69-777c-6dfc-48dd-19d8193e6eb6@msapiro.net>
Message-ID: <emf00f560c-9ee1-46c6-92ac-74787ebd81ea@office>

There is an option within cpanel to delete a mailing list. I selected 
it, it asked if I was sure, I said yes and it was gone.

------ Original Message ------
From: "Mark Sapiro" <mark at msapiro.net>
To: mailman-users at python.org
Sent: 5/13/2018 8:52:23 AM
Subject: Re: [Mailman-Users] new user

>On 5/12/18 3:32 AM, Phillip Waters wrote:
>>I have three separate domains all hosted by the same company. I 
>>created
>>a private mailing list for one of my domains as a test to try and see 
>>if
>>it was something I could use. Turn out it is something I want to use. 
>>I
>>deleted that list and tried to start over.
>
>
>How did you delete it?
>
>
>>However, On the main page for Cpanel it shows the list is still there:
>>
>>Mailing Lists
>><https://nemunas.tchmachines.com:2083/cpsess9309149334/frontend/paper_lantern/mail/lists.html>
>>
>>1 / ?
>>
>>When in fact it isn't. I want to re-create that list with the same 
>>name,
>
>
>This seems to be a cPanel issue. Please see
><https://wiki.list.org/DOC/Mailman%20and%20CPanel>.
>
>
>>however, when I tried to create the list again I get the following 
>>error:
>>
>>Failed to create the mailing list ?d4 at XXXXXX.org?: The requested 
>>mailing
>>list address, ?d4 at XXXXXX.org?, conflicts with the forwarder
>>?d4 at XXXXXX.org <mailto:dist4 at gaafg.org> <mailto:dist4 at gaafg.org>
>><mailto:dist4 at gaafg.org>?. To create a mailing list named
>>?d4 at XXXXXX.org?, you must first delete the forwarder that conflicts 
>>with
>>that name. <mailto:dist4 at gaafg.org>
>>
>>My problem is I can't find where it is being forwarded. Can someone 
>>help
>>me figure out where my problem lies? No forwards are listed anywhere
>>that I can see.
>
>
>cPanel typically uses Exim which uses 'routers'.
>
>If you have access to the file sistem, look in the directory
>/usr/local/cpanel/3rdparty/mailman/lists/. If there is a d4_gaafg.org
>(or is it dist4_gaafg.org) sub-directory, remove it.
>
>--
>Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
>San Francisco Bay Area, California    better use your sense - B. Dylan
>------------------------------------------------------
>Mailman-Users mailing list Mailman-Users at python.org
>https://mail.python.org/mailman/listinfo/mailman-users
>Mailman FAQ: http://wiki.list.org/x/AgA3
>Security Policy: http://wiki.list.org/x/QIA9
>Searchable Archives: 
>http://www.mail-archive.com/mailman-users%40python.org/
>Unsubscribe: 
>https://mail.python.org/mailman/options/mailman-users/muddy%40muddys.org


From andrew at hodgson.io  Mon May 14 08:33:37 2018
From: andrew at hodgson.io (Andrew Hodgson)
Date: Mon, 14 May 2018 12:33:37 +0000
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>,
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>,
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>

Guys,

Thanks for all the discussion around this topic.  I have been in further communication with the people working on GDPR with us.  Background: I run Mailman lists for a couple of charities as a voluntary contribution to the charities, the charities have money that their disposal and we want to reduce exposure both for me personally and the charities involved.

These are just rough notes:

- Archive purge requests. We have discussed the same items as on the list to date.  I am looking at doing a simple grep for the relevant person's details and changing that.  The main reason for doing this is that if we just remove the author's messages they will be in a thread of other messages and our users typically don't remove quoted material.  Current advice from the GDPR people is we may have to delete the whole thread.  Still under discussion, this is also complex because threads and subjects change, if we delete the whole thread there may be messages from the same author in other threads that don't have correct atribution etc.

- Audit logs for data access.  it is not clear who is accessing subscription data for the list as there is just a single owner and moderator account.  Unsure if current logging data in either MM2 or MM3 is "good enough" for this.  MM3 may solve the issue about single accounts.

- Relevant people seem to be happy that running a discussion list not used for marketing purposes should exempt us from some of the marketing type rules regarding data processing.

- People seem happy with the system default logs as long as we can audit access to the logs (which we are able to as there is little access to the boxes themselves).

- Likely that I will have to move the lists to a host the charities control themselves and a separate host for each charity.  This will increase costs so we may need to look at an alternative solution like a hosted list service as I am not setting myself up as a list hosting business.

Again all this up for interpretation.  The largest ones for me at the moment is regarding auditing access to the Mailman admin access and the archive purging requests.

Andrew.

From gtaylor at tnetconsulting.net  Mon May 14 15:46:38 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Mon, 14 May 2018 13:46:38 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>

On 05/14/2018 06:33 AM, Andrew Hodgson wrote:
> - Archive purge requests. We have discussed the same items as on the 
> list to date.  I am looking at doing a simple grep for the relevant 
> person's details and changing that.  The main reason for doing this is 
> that if we just remove the author's messages they will be in a thread 
> of other messages and our users typically don't remove quoted material.

ACK

This seems like the lowest common denominator.

> Current advice from the GDPR people is we may have to delete the whole 
> thread.

What?

What is their working definition of "thread"?

Consider this scenario:  a LONG running thread and the person exercising 
their right to be forgotten simply adds a "me to" or an insult at the 
very end.

Does that thread, which obviously had a lot of value to the thread 
participants need to be deleted?

Why can't just the individual's message(s) be delete?  Or better 
redacted to not reflect them?

> Still under discussion, this is also complex because threads and subjects 
> change, if we delete the whole thread there may be messages from the 
> same author in other threads that don't have correct atribution etc.

What does GDPR have to say, if anything, about subscribers having their 
own archives, which will not be redacted in any way?  ?  Is the mailing 
list owner / administrator in any way, shape, or form, responsible for 
expunging those records too?

> - Audit logs for data access.  it is not clear who is accessing 
> subscription data for the list as there is just a single owner and 
> moderator account.  Unsure if current logging data in either MM2 or MM3 is 
> "good enough" for this.  MM3 may solve the issue about single accounts.

I guess I don't understand the problem and / or make invalid assumptions 
about MM.

I see six modes of access to the data:

1)  List subscribers
2)  List owners / administrators
3)  Host system administrators
4)  Administrators that are in the downstream SMTP / HTTP path and can 
track things.
5)  Backups.
6)  Ongoing Discovery.

I would expect that #1 requires authentication to MM for subscribers to 
see data, and I expect that this is logged in some (indirect) capacity.

I would expect that #2 would have access to the data as part of their 
role of owning / administering a mailing list.

I would also expect that #3 has the capability to access the data.  But 
I would also expect that #3 would not access the data in normal day to 
day operations.

Are you saying that GDPR is going to complicate things related to #3 and 
make it such that there is more of a union between #2 and #3?  I.e. 
exclude 3rd party site hosters from being able to be #3?

What say you / them about #4?

> - Relevant people seem to be happy that running a discussion list not 
> used for marketing purposes should exempt us from some of the marketing 
> type rules regarding data processing.

What is their working definition of "marketing"?

Does someone saying "Hay, I've got a hand knitted blanket for sale, 
contact me directly if you're interested." count as marketing?  What 
about a news list from a library saying "Bob is managing the sale of 
used computer equipment."?  They both refer to items for sale and how to 
contact someone off list.

To be really ornery, what if Bob is the person exercising his right to 
be forgotten.  ?  Can you simply redact his name & contact info?  Can 
you replace it with someone else's?  ?  Or do you need to delete the 
entire thread and send out a new message / thread?

IMHO:  History happened.  (Some) People will remember (some) details 
(for a while).  Removing evidence of them does not mean that history did 
not happen.

> - People seem happy with the system default logs as long as we can audit 
> access to the logs (which we are able to as there is little access to 
> the boxes themselves).

Please forgive me for questioning if all of your bases are covered.

Are #5 and #6 accounted for?  What about #4 downstream?  Or something 
like the NSA's PRISM program.

> - Likely that I will have to move the lists to a host the charities 
> control themselves and a separate host for each charity.  This will 
> increase costs so we may need to look at an alternative solution like 
> a hosted list service as I am not setting myself up as a list hosting 
> business.

I understand why you say this.  But to me this is an unacceptable 
solution.  It certainly will not scale.

I fell like there should be a GDPR counterpart of reasonable level of 
effort in good faith.  ?  I.e. redacting things in existing files and 
stating that backups are expunged after X number of days.  ?  I'm 
perfectly fine responding to someone saying "I've REDACTED you from live 
files, and old backups will automatically expunge?" in a short time 
frame after the ""amnesia request.  Yet knowing that I can't mark 
something as completely resolved until after the backups do expunge.

I'm not quite sure what to do in a situation of a litigation hold that 
suspends expunging of backups.

?\_(?)_/?

> Again all this up for interpretation.  The largest ones for me at the 
> moment is regarding auditing access to the Mailman admin access and the 
> archive purging requests.

I'm not trying to come across as argumentative.  I'm sorry if I am.  I'm 
simply bringing up things that I think are potential concerns that the 
powers that be probably need to consider, and have a pat response to.



-- 
Grant. . . .
unix || die


From jhs at berklix.com  Mon May 14 17:24:05 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Mon, 14 May 2018 23:24:05 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: Your message "Mon, 14 May 2018 13:46:38 -0600."
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
Message-ID: <201805142124.w4ELO5AA010203@fire.js.berklix.net>

Grant Taylor via Mailman-Users wrote:
... lots of good examples ... well done !

I too dont think any complainer should have the right to kill a
thread, just cos he/she wrote something they later wish to retract.
Killing a thread would be gross abuse of all other posters' rights,
& would invite worse abuse: anyone could write to a thread knowing
they could leverage it later to kill a whole thread.

My guess is GDPR (& later similar elsewhere) will probably have
been drafted by, & interpreted by mostly politicians & lawyers
clueless of our sort of mail lists, who will not have thought through
most nasty edge cases we could easily present. Most probably they
wont know more than nasty anonymous low grade abusive cases on
commercial [anti-]social web chat forums.

( As a crude test I'd expect most drafters to be top posters,
gratuitously breaking context, not our sort of list people.  (I only
know one lawyer professionaly, & typicaly he top posts, & thinks
tech style bottom posters weird & they should confirm to his Normal
standards, - never occurs to such `Normal' people that they are
un-educated, & are contravening Internet procedures techs evolved
for good reasons. )).

So no faith in GDPR or similar being anything other than drafted
by & interpreted by ignorant `Normal' people who will bring us
nothing but trouble, & who will seek to waste time of unpaid admins.

Hence my intent is to reduce the threat of time wasters as much as
pos.: to draft something that says all those who don't conform to
our norms are breaching the domains terms of unpaid service, & they lose
all rights to waste our time.  It wont be water- tight, but if it
reduces time wasters, it's sufficient.

Most unpaid volunteer admins aren't about to pay their own money
to get lawyers to write water tight clauses to protect us from
wasters, so I see no better option.

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From mailman at 16bits.net  Mon May 14 18:02:20 2018
From: mailman at 16bits.net (=?ISO-8859-1?Q?=C1ngel?=)
Date: Tue, 15 May 2018 00:02:20 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <201805142124.w4ELO5AA010203@fire.js.berklix.net>
References: <201805142124.w4ELO5AA010203@fire.js.berklix.net>
Message-ID: <1526335340.1079.8.camel@16bits.net>

Grant Taylor asked:
> What does GDPR have to say, if anything, about subscribers having
> their own archives, which will not be redacted in any way?
> 
IMHO they would mostly fail under ?18 and GDPR wouldn't apply:

> This Regulation does not apply to the processing of personal data by a
> natural person in the course of a purely personal or household
> activity and thus with no connection to a professional or commercial
> activity. Personal or household activities could include
> correspondence and the holding of addresses, or social networking and
> online activity undertaken within the context of such activities.
> However, this Regulation applies to controllers or processors which
> provide the means for processing personal data for such personal or
> household activities.

Of course, if a company was using the mailing list to process personal
data, it should have been stated the whole time.

Being nitpicky. What about sysadmins subscribed to this list as part of
their professional activity ? (but otherwise interacting in the same way
as a hobbyist)


From dmaziuk at bmrb.wisc.edu  Mon May 14 18:12:18 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Mon, 14 May 2018 17:12:18 -0500
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <1526335340.1079.8.camel@16bits.net>
References: <201805142124.w4ELO5AA010203@fire.js.berklix.net>
 <1526335340.1079.8.camel@16bits.net>
Message-ID: <d756b05c-07f4-b94a-0074-a4f7ec5563c2@bmrb.wisc.edu>

On 05/14/2018 05:02 PM, ?ngel wrote:

> Being nitpicky. What about sysadmins subscribed to this list as part of
> their professional activity ? (but otherwise interacting in the same way
> as a hobbyist)

How do hobbyists interact? Enquiring minds want to know.

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180514/beccdf9a/attachment.sig>

From bernd at petrovitsch.priv.at  Mon May 14 18:11:53 2018
From: bernd at petrovitsch.priv.at (Bernd Petrovitsch)
Date: Tue, 15 May 2018 00:11:53 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 , <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp> ,
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>

Hi all!

On Mon, 2018-05-14 at 12:33 +0000, Andrew Hodgson wrote:
[...]
> These are just rough notes:
> 
> - Archive purge requests. We have discussed the same items as on the
> list to date.  I am looking at doing a simple grep for the relevant
> person's details and changing that.  The main reason for doing this
> is that if we just remove the author's messages they will be in a
> thread of other messages and our users typically don't remove quoted
> material.  Current advice from the GDPR people is we may have to
> delete the whole thread.  Still under discussion, this is also 

While at it, why not delete the entire archive just to be sure? SCNR
....

Seriously, these folks don't know what they imply.

And to be honest: If person X fullquotes and the email ends in an
archive, who's fault is it?

Obviously the archive's (or more it's owners), not?

For the author's rights side to it: I answer an email (and happen to
quote just the relevant parts of other emails) to a public mailinglist
with a public archive.
I don't think that the archive's admin or anyone else should have the
right (let alone the duty) to *edit* or *change* *my* email in there -
or even worse: *remove* it completely.

MfG,
	Bernd

PS: The whole "right to be forgotten" idea is absurd per se - think
    about private archives (and I don't think about 3-letter
    organizations only).
    Can't we define the public archive to be an *necessary* and
    *important* part of a public mailinglist and be done with it?!
    For almost everyone else, some "important reason" is good enough
    too.
-- 
Bernd Petrovitsch                  Email : bernd at petrovitsch.priv.at
                     LUGA : http://www.luga.at

From gtaylor at tnetconsulting.net  Mon May 14 18:25:37 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Mon, 14 May 2018 16:25:37 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <1526335340.1079.8.camel@16bits.net>
References: <201805142124.w4ELO5AA010203@fire.js.berklix.net>
 <1526335340.1079.8.camel@16bits.net>
Message-ID: <9e841422-f450-d1ad-9b57-b2e71273c4f5@spamtrap.tnetconsulting.net>

On 05/14/2018 04:02 PM, ?ngel wrote:
> IMHO they would mostly fail under ?18 and GDPR wouldn't apply:

Okay.

What happens if a subsequent data breach (malware / infection) causes 
said individual archives to become public information?  }:-)

> Of course, if a company was using the mailing list to process personal 
> data, it should have been stated the whole time.

I half way suspect this happens much more commonly than you might think.

I've seen info@ or sales@ or the likes positional addresses be front 
ends for mailing lists (of one form or another) that redistributes the 
email to multiple (usually) internal (usually) employees.  I have never 
seen these types of expansion contacts disclosed as such.

> Being nitpicky. What about sysadmins subscribed to this list as part 
> of their professional activity ?

I know that this happens.  But I would argue that the SA should not 
subscribe themselves.  Instead there should be an additional monitoring 
email address specifically for that purpose.

I'd really like to see an intelligent Mailing List Manager have the 
ability to subscribe an address like this that is used as a feedback 
loop.  I.e. Did the MLM receive a copy of the message that it sent 
yesterday.  I'd assume that it would be something like 
<$list>-fbl@<$list_domain> to avoid recursive loops.

That would allow the MLM to self monitor and escalate if there's a problem.



-- 
Grant. . . .
unix || die


From gtaylor at tnetconsulting.net  Mon May 14 18:54:55 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Mon, 14 May 2018 16:54:55 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
Message-ID: <a73d203a-a1e7-aedf-c9ff-e59efa30b095@spamtrap.tnetconsulting.net>

On 05/14/2018 04:11 PM, Bernd Petrovitsch wrote:
> Seriously, these folks don't know what they imply.

Nope.  Politicians (almost) never fully understand what's going on.

> And to be honest: If person X fullquotes and the email ends in an archive, 
> who's fault is it?
> 
> Obviously the archive's (or more it's owners), not?

I don't think so.

Who's at fault in this scenario:  The person who overheard what I said 
(the archive) or me for saying it in a non-secure manner (the sender)?

Is there any legal method that I can use to compel a person to forget 
what they overheard me say?

> For the author's rights side to it: I answer an email (and happen to 
> quote just the relevant parts of other emails) to a public mailinglist 
> with a public archive.
> 
> I don't think that the archive's admin or anyone else should have the 
> right (let alone the duty) to edit or change my email in there - or even 
> worse: remove it completely.

I disagree.

I believe that the admins / owners of the archive have the right to 
remove something from the archive (or prevent it from going into the 
archive in the first place).

I don't believe that admins / owners have the general right to modify 
what was said.

I do believe that the admins / owners have the right to modify what was 
said in very specific cases, like REDACTING something.  As long as they 
do so in a manner that is clearly identifiable that something was REDACTED.

After all, it is their system, they administer / own it and can do what 
ever they want to with it.

They should go out of their way to not misrepresent what you said / did.

They could also claim that your message was modified before it got to them.

Enter rabbit hole.

> PS: The whole "right to be forgotten" idea is absurd per se - think about 
> private archives (and I don't think about 3-letter organizations only). 
> Can't we define the public archive to be an necessary and important part 
> of a public mailinglist and be done with it?!  For almost everyone else, 
> some "important reason" is good enough too.

I feel like the idea that you can compel someone to forget something is 
absurd.

I think you can compel businesses to no longer use your contact 
information.  ?  Which is my naive understanding of part of what the 
spirit of GDPR is.

I can see a scenario where a company completely removes any and all 
traces of someone, then buys sales leads which contain said person, and 
ultimately contact said person again.  ?  Is the company in violation of 
GDPR?  They did (and can prove *) that they removed the person's contact 
information and thus forgot about them.

Or should the company have retained just enough information to know that 
they should not contact the person again?  I.e. a black list.

(* Don't talk to me about proving the negative.  Assume a 3rd party 
oversight of some sort.)



-- 
Grant. . . .
unix || die


From mailman at 16bits.net  Mon May 14 19:00:45 2018
From: mailman at 16bits.net (=?ISO-8859-1?Q?=C1ngel?=)
Date: Tue, 15 May 2018 01:00:45 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
Message-ID: <1526338845.1079.49.camel@16bits.net>

On 2018-05-13 at 05:39 +0900, Stephen J. Turnbull wrote:
> It would be a much more annoying matter if they claimed the right to
> be deleted from third party posts that quoted and identified them,
> though.  If there is a "right to be forgotten" that impinges on
> mailing list archives, that seems plausible to me, though who knows
> what the High Court would rule.

I see a few points here.

First of all, and I think it hasn't been mentioned yet is the Right to
access, ie. of letting people know which data you have about them.

I would consider that listing all post by email address X would fulfill
it, plus a search feature (*) in case they want to search by other
terms, like looking for posts with their name in it.

(*) It is my understanding that just providing the mbox and expecting
them to grep through it just as the sysadmin would have to do would be
sufficient (OTOH if you had an advanced system for completely tracking a
guy, and provide him just a crude interface that's probably not ok). 

Having to find out "anything and everything" where the user was
mentioned may imho require what the GDPR calls "a disproportionate
effort", and could even result into some liability for not finding some
instance.
Whereas providing the tools with which it can be done, takes that issue
back to the requestor, by providing the tools by which they can do it.


As such, wrt redacting archives my view is that they should provide all
the urls to the content they want removed (which they should have been
able to easily found per above).
They provide a list of urls for consideration, only those need to be
looked at. I would assume they are ok with other mentions to them if
they didn't provide them.
If I detected that there was a follow-up top-posting email containing
the original content I would probably also truncate it, but strictly as
a courtesy matter and with no guarantees that I would do that.
If they failed to find themselves, why would I need to dig through the
archives, not even knowing what I am looking for? There are too many
ways to refer to someone, the email address, different names and
abbreviations (and misspellings!), which would not even be unique, plus
all kind of references (just suppose that the people to which Julian
referred claimed that his email contains PII about them!).

Requests to remove on-topic inline replies would be quite a different
matter, as they involve removing or altering messages by other people,
which could significantly modify the meaning of what third users say by
changing the context of the rest of the thread (which isn't necessarily
well-defined in a machine readable way). Plus, changing that may
infringe some protected speech rights by the subsequent poster (ouch!).
Not to mention the multiple jurisdictions typically found on the user
base many mailing lists.

I would expect reasonable requests not to be a problem, though (eg. just
removing an address from a mail signature).




As an actionable for the mailman project, I think it could facilitate
the implementation of ?59:
> Modalities should be provided for facilitating the exercise of the
> data subject's rights under this Regulation, including mechanisms to
> request and, if applicable, obtain, free of charge, in particular,
> access to and rectification or erasure of personal data and the
> exercise of the right to object. The controller should also provide
> means for requests to be made electronically, especially where
> personal data are processed by electronic means. The controller should
> be obliged to respond to requests from the data subject without undue
> delay and at the latest within one month and to give reasons where the
> controller does not intend to comply with any such requests.
> 
The user could be browsing a mailing list archive (as noted above) that
provides a link to "report content to remove" (automatically verifying
the reporter provided email address), which can then be automatically
removed (if it's his own email message and configured that way by the
list admin) or goes into a queue for admin reviewing (where it can be
easily hidden) or replied.
NB: this process is more ample than mere "Right to be forgotten"
requests, as that would also work for copyright infringement, virus,
etc.


Best regards

?ngel

-- 
Just another non-lawyer looking for his way through the GDPR.


From ajay.happy at gmail.com  Tue May 15 02:59:06 2018
From: ajay.happy at gmail.com (ajay babu)
Date: Tue, 15 May 2018 12:29:06 +0530
Subject: [Mailman-Users] Email Address getting Deleted
Message-ID: <CAK6nn5Ot5t4WbVsp43vRdqerKQ_Yug79t51Agzq2FrEF9EpV0w@mail.gmail.com>

 Hi Team,

Need your kind help.

When ever i add an email-id to mailing list, the email-id is getting
deleted on its own in mailman and the below logs were captured in bounce &
subscribe log files:

May 11 00:59:27 2018 (11937) it-support: new abc at xxx.com <sunil.em at tivo.com>,
admin mass sub

May 11 20:00:51 2018 (27739) it-support: *deleted *abc at xxx.com*; disabled
address*

May 11 20:00:51 2018 (27739) it-support: abc at xxx.com
<sunil.em at tivo.com> auto-unsubscribed
[reason: BYBOUNCE]

May 11 20:00:51 2018 (27739) it-support: abc at xxx.com <sunil.em at tivo.com> bounce
score: 1.0

May 11 20:00:51 2018 (27739) it-support: *abc at xxx.com
<sunil.em at tivo.com> disabling due to bounce score 1.0 >= 1.0*
May 11 20:00:51 2018 (27739) it-support: *abc at xxx.com
<sunil.em at tivo.com> deleted after exhausting notices*

Could you help me to understand what might be the reason for this issue? if
you're not the right point of contact, can you share me the correct details
to whom i can contact in this regards?

Thanks in Advance.

~Regards
AJ

From ajay.happy at gmail.com  Tue May 15 03:02:30 2018
From: ajay.happy at gmail.com (ajay babu)
Date: Tue, 15 May 2018 12:32:30 +0530
Subject: [Mailman-Users] Mailman not dispatching Status mail to user list
Message-ID: <CAK6nn5Mmqk2245KLo_tki7t_xx3XSfP+3NLTfuJQOb3xsSKTUA@mail.gmail.com>

Hi Team,

I have an application which uses mailman for receiving Validation &
Notification mails to my mailing list.
But unfortunately am facing intermittent issues with receiving the
Notification mails to my mailing list, but am getting Validation mails to
my mailing list without any issues.

Any idea what might be the issue? appreciate your help here.

Thanks in Advance.

~Regards
AJ

From eric at ericabrahamsen.net  Mon May 14 17:16:52 2018
From: eric at ericabrahamsen.net (Eric Abrahamsen)
Date: Mon, 14 May 2018 14:16:52 -0700
Subject: [Mailman-Users] Encoding issues when importing archives
Message-ID: <87po1yvsxn.fsf@ericabrahamsen.net>

I'm recreating some old lists I had in a Mailman 2 installation, and
trying to import the old mboxes into Hyperkitty.

The lists were on Chinese-related subjects, and we've got both messages
that contain Chinese characters, and attachments that have Chinese
filenames and contents.

The import process is blowing up with a UnicodeEncodeError, in
hyperkitty/lib/incoming.py#add_to_list, it looks like when the
attachments are being processed:

content = content.encode(decoding)

UnicodeEncodeError: 'gb2312' codec can't encode character '\ufffd' in position 3131: illegal multibyte sequence

Apparently the offending attachments are specified as gb2312 (a common
Chinese encoding).

Is there something I can do to somehow preprocess the archive mboxes, or
otherwise re-encode the attachments?

Thanks,
Eric

From kevin at ucsd.edu  Mon May 14 22:26:52 2018
From: kevin at ucsd.edu (Kevin Bowen)
Date: Mon, 14 May 2018 19:26:52 -0700
Subject: [Mailman-Users] Help with mailman instance in broken state
Message-ID: <CACHqquAPsZpSiOspV1b72ehPZp70PGG2SDJc4GLZBWKuzCWpsw@mail.gmail.com>

My mailman instance (2.1.9) has gotten into a funky broken state where one
of my lists has become inoperable, with a message which should be awaiting
moderation, but the moderator never got notified. The list's config appears
to be corrupt - attempting to load the admin web interface results in a
timeouts (the archive and basic listinfo pages still work, and the admin
interface for all other lists work). When I look in
/var/lib/mailman/lists/<listname>,
I can see that mailman is continually rewriting config.pck every few
seconds.

I attempted to fix the issue by restoring the contents of
/var/lib/mailman/lists/<listname> from the previous day's backup, and that
got the config into a working state such that it was possible to load the
web admin interface for the list, but as soon as I started back up the
mailman service, it got right back into the same broken state.

Next I tried deleting the list with rmlist, then recreating it and
importing its config and membership with config_list and sync_members, but
again, as soon as I restart the mailman service, it gets right back into
the same broken state.

Any ideas how to fix this?

Kevin Bowen
UCSD ITS UBPS
kevin at ucsd.edu

From andrew at hodgson.io  Tue May 15 05:18:19 2018
From: andrew at hodgson.io (Andrew Hodgson)
Date: Tue, 15 May 2018 09:18:19 +0000
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>,
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
Message-ID: <VI1PR08MB3358AA2EDBF0D6F2B968114CAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>

Grant Taylor wrote:


On 05/14/2018 06:33 AM, Andrew Hodgson wrote:

[...]

>> - Audit logs for data access.  it is not clear who is accessing
>> subscription data for the list as there is just a single owner and
>> moderator account.  Unsure if current logging data in either MM2 or MM3 is
>> "good enough" for this.  MM3 may solve the issue about single accounts.

>I guess I don't understand the problem and / or make invalid assumptions
>about MM.

>I see six modes of access to the data:

>1)  List subscribers
>2)  List owners / administrators

At the moment the list administrator and moderator account is accessed via no username and a single password.  If that password is shared, I have no audit trail of who logged into the system.  Also the system currently doesn't log specific access, for example admin A exported a load of addresses, admin B added 100 subscribers to the mailing list etc.

Andrew.

From mark at msapiro.net  Tue May 15 08:52:02 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 05:52:02 -0700
Subject: [Mailman-Users] Encoding issues when importing archives
In-Reply-To: <87po1yvsxn.fsf@ericabrahamsen.net>
References: <87po1yvsxn.fsf@ericabrahamsen.net>
Message-ID: <b0f91028-d75b-b347-948f-6dc3af637358@msapiro.net>

On 5/14/18 2:16 PM, Eric Abrahamsen wrote:
> I'm recreating some old lists I had in a Mailman 2 installation, and
> trying to import the old mboxes into Hyperkitty.


This is not the appropriate list for Mailman 3.
mailman-users at mailman3.org
<https://lists.mailman3.org/mailman3/lists/mailman-users at mailman3.org/>
or possibly mailman-developers at python3.org
<https://mail.python.org/mailman/listinfo/mailman-developers> are the
appropriate lists.


> The lists were on Chinese-related subjects, and we've got both messages
> that contain Chinese characters, and attachments that have Chinese
> filenames and contents.
> 
> The import process is blowing up with a UnicodeEncodeError, in
> hyperkitty/lib/incoming.py#add_to_list, it looks like when the
> attachments are being processed:
> 
> content = content.encode(decoding)
> 
> UnicodeEncodeError: 'gb2312' codec can't encode character '\ufffd' in position 3131: illegal multibyte sequence
> 
> Apparently the offending attachments are specified as gb2312 (a common
> Chinese encoding).
> 
> Is there something I can do to somehow preprocess the archive mboxes, or
> otherwise re-encode the attachments?


Possibly there is, but this is a bug in the hyperkitty_import process.
It would help if you file an issue at
<https://gitlab.com/mailman/hyperkitty/issues/new> with enough
information for us to reproduce it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 15 08:59:15 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 05:59:15 -0700
Subject: [Mailman-Users] Help with mailman instance in broken state
In-Reply-To: <CACHqquAPsZpSiOspV1b72ehPZp70PGG2SDJc4GLZBWKuzCWpsw@mail.gmail.com>
References: <CACHqquAPsZpSiOspV1b72ehPZp70PGG2SDJc4GLZBWKuzCWpsw@mail.gmail.com>
Message-ID: <75d52503-db48-af17-cad0-12c851c88ea9@msapiro.net>

On 5/14/18 7:26 PM, Kevin Bowen wrote:
> When I look in
> /var/lib/mailman/lists/<listname>,
> I can see that mailman is continually rewriting config.pck every few
> seconds.


I think the "duplicate" post I rejected mentioned a qrunner at 99% cpu.

Which runner? What's in the various mailman/qfiles/* queues.

What's in Mailman's logs?

What's in Mailman's locks directory? See <https://wiki.list.org/x/17891756>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 15 09:08:49 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 06:08:49 -0700
Subject: [Mailman-Users] Email Address getting Deleted
In-Reply-To: <CAK6nn5Ot5t4WbVsp43vRdqerKQ_Yug79t51Agzq2FrEF9EpV0w@mail.gmail.com>
References: <CAK6nn5Ot5t4WbVsp43vRdqerKQ_Yug79t51Agzq2FrEF9EpV0w@mail.gmail.com>
Message-ID: <9ed97da0-e5ef-add6-c49f-cf4a0a14a62a@msapiro.net>

On 5/14/18 11:59 PM, ajay babu wrote:
> 
> When ever i add an email-id to mailing list, the email-id is getting
> deleted on its own in mailman and the below logs were captured in bounce &
> subscribe log files:
...
> May 11 20:00:51 2018 (27739) it-support: *abc at xxx.com
> <sunil.em at tivo.com> disabling due to bounce score 1.0 >= 1.0*
> May 11 20:00:51 2018 (27739) it-support: *abc at xxx.com
> <sunil.em at tivo.com> deleted after exhausting notices*


Your list's Bounce processing is set with

bounce_score_threshold = 1.0
bounce_you_are_disabled_warnings = 0
	
So the first bounce removes the user from the list. The list welcome
message to the user bounces and the user is removed. You might consider
different bounce processing settings, but the real question is why is
this message bouncing. Look in Mailman's smtp and smtp-failure logs and
the MTA logs.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 15 09:11:44 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 06:11:44 -0700
Subject: [Mailman-Users] Mailman not dispatching Status mail to user list
In-Reply-To: <CAK6nn5Mmqk2245KLo_tki7t_xx3XSfP+3NLTfuJQOb3xsSKTUA@mail.gmail.com>
References: <CAK6nn5Mmqk2245KLo_tki7t_xx3XSfP+3NLTfuJQOb3xsSKTUA@mail.gmail.com>
Message-ID: <1f6e1fee-2a14-8269-3ef4-ced762aa59c1@msapiro.net>

On 5/15/18 12:02 AM, ajay babu wrote:
> 
> I have an application which uses mailman for receiving Validation &
> Notification mails to my mailing list.
> But unfortunately am facing intermittent issues with receiving the
> Notification mails to my mailing list, but am getting Validation mails to
> my mailing list without any issues.
> 
> Any idea what might be the issue? appreciate your help here.


Not without more information. What is different about the Notification
mails that have issues. What are the issues? Are the messages held? If
so, for what reason. What's in Mailman's vette log?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From andrew at hodgson.io  Tue May 15 05:08:05 2018
From: andrew at hodgson.io (Andrew Hodgson)
Date: Tue, 15 May 2018 09:08:05 +0000
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com> ,
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp> ,
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>,
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
Message-ID: <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>

Bernd Petrovitsch [bernd at petrovitsch.priv.at] wrote:

>On Mon, 2018-05-14 at 12:33 +0000, Andrew Hodgson wrote:
[...]
>> These are just rough notes:
>>
>> - Archive purge requests. We have discussed the same items as on the
>> list to date.  I am looking at doing a simple grep for the relevant
>> person's details and changing that.  The main reason for doing this
>> is that if we just remove the author's messages they will be in a
>> thread of other messages and our users typically don't remove quoted
>> material.  Current advice from the GDPR people is we may have to
>> delete the whole thread.  Still under discussion, this is also

>While at it, why not delete the entire archive just to be sure? SCNR

That is something we haven't ruled out just yet!

>And to be honest: If person X fullquotes and the email ends in an
>archive, who's fault is it?

The last archive removal request I had a few weeks ago stemmed from one of the subscribers posting a private message about an event and it had the original poster's mobile number in it as well as contact details for the event.  There was a large thread about this event, and everyone used top posting.  The original author contacted us after having been informed they found the event invitation from our website, and were not happy.  What do I redact or remove in this instance?

- The whole thread;
- Personal details about the original poster and the event who had not consented to having their email posted to the mailing list;
- Anything else?

In the end I removed the phone numbers, her personal address and the Eventbright links from *all* messages, including some messages from other people where they had re-echoed the Eventbright links as part of their conversation to help other people.  She wasn't very happy, but worse is the person who forwarded it to the mailing list refused to understand what they had really done and believed they had the right to send the post anywhere as they believed it was in the public domain.

Just an example of the type of stuff that I may get asked to remove in future.

Andrew.

From gtaylor at tnetconsulting.net  Tue May 15 13:12:33 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Tue, 15 May 2018 11:12:33 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <VI1PR08MB3358AA2EDBF0D6F2B968114CAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
 <VI1PR08MB3358AA2EDBF0D6F2B968114CAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <4011a889-3125-2786-55a0-cc2279f20d74@spamtrap.tnetconsulting.net>

On 05/15/2018 03:18 AM, Andrew Hodgson wrote:
> At the moment the list administrator and moderator account is accessed 
> via no username and a single password.  If that password is shared, 
> I have no audit trail of who logged into the system.

ACK

I like to run Mailman (et al) administration pages behind htaccess 
protection.  Thus I have the username that authenticated to the web 
server to corroborate who's actually accessing things.

> Also the system currently doesn't log specific access, for example admin 
> A exported a load of addresses, admin B added 100 subscribers to the 
> mailing list etc.

Can you not tell what was done based on the web server logs and the 
requested URLs?  I know that won't catch POST data, but it will give you 
more information than not looking at the web server logs.

Aside:  I personally consider the web server to be part of the 
application framework.  As such, I exercise and use it to (what I think 
is) my advantage.



-- 
Grant. . . .
unix || die


From kevin at ucsd.edu  Tue May 15 13:27:51 2018
From: kevin at ucsd.edu (Kevin Bowen)
Date: Tue, 15 May 2018 10:27:51 -0700
Subject: [Mailman-Users] Help with mailman instance in broken state
In-Reply-To: <75d52503-db48-af17-cad0-12c851c88ea9@msapiro.net>
References: <CACHqquAPsZpSiOspV1b72ehPZp70PGG2SDJc4GLZBWKuzCWpsw@mail.gmail.com>
 <75d52503-db48-af17-cad0-12c851c88ea9@msapiro.net>
Message-ID: <CACHqquDp9XpRE0UorSWNEgMybQ6zLW7EaG3Bt_CMU+dY0o500Q@mail.gmail.com>

So the issue seems to have resolved itself over night - there's no longer a
qrunner process taking 99% cpu, the list's admin interface is accessible,
and it's no longer rewriting its config.pck every few seconds, so I think
that means the list is now fine (although there hasn't yet been any traffic
through it so I'm not 100% sure). Even if resolved, I'd like to figure out
what happened so it doesn't happen again. To answer your questions:

>Which runner?

I remember the process had qrunner in its command line, but since it's gone
now I can't tell you in any more detail.

>What's in the various mailman/qfiles/* queues.

I don't seem to have that directory? I'm running v2.1.9 on RHEL5, do you
know where it would be located?

>What's in Mailman's logs?

The only thing relvant-seeming we were able to find in the logs was a
mention in vette that a message was being held for moderation, and then a
bunch of bounce-processing.

>What's in Mailman's locks directory? See <https://wiki.list.org/x/17891756
>.

Ok, now this is interesting: there are 6 files in /var/lock/mailman named
<listname>.lock.announce.ucsd.edu.<digits>.0 They have timestamps between 3
and 4 in the morning, which is probably around the time the issue cleared
up. Looking in /var/log/mailman/locks I see, starting right around the time
the problem started yesterday, a bunch of stack traces with
"<listname>.lock lifetime has expired, breaking" and "<listname>.lock
unexpected linkcount: -1"

Also, I notice that in /var/lib/mailman/data, there are currently 4 files
called heldmsg-<listname>-<digits>.pck, although the admin interface says
there are currently no messages being held for moderation. Does that mean
anything?

Kevin Bowen
UCSD ITS UBPS
kevin at ucsd.edu

On Tue, May 15, 2018 at 5:59 AM, Mark Sapiro <mark at msapiro.net> wrote:

> On 5/14/18 7:26 PM, Kevin Bowen wrote:
> > When I look in
> > /var/lib/mailman/lists/<listname>,
> > I can see that mailman is continually rewriting config.pck every few
> > seconds.
>
>
> I think the "duplicate" post I rejected mentioned a qrunner at 99% cpu.
>
> Which runner? What's in the various mailman/qfiles/* queues.
>
> What's in Mailman's logs?
>
> What's in Mailman's locks directory? See <https://wiki.list.org/x/17891756
> >.
>
> --
> Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
> San Francisco Bay Area, California    better use your sense - B. Dylan
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> kevin.t.bowen%40gmail.com
>

From mark at msapiro.net  Tue May 15 14:12:07 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 11:12:07 -0700
Subject: [Mailman-Users] Help with mailman instance in broken state
In-Reply-To: <CACHqquDp9XpRE0UorSWNEgMybQ6zLW7EaG3Bt_CMU+dY0o500Q@mail.gmail.com>
References: <CACHqquAPsZpSiOspV1b72ehPZp70PGG2SDJc4GLZBWKuzCWpsw@mail.gmail.com>
 <75d52503-db48-af17-cad0-12c851c88ea9@msapiro.net>
 <CACHqquDp9XpRE0UorSWNEgMybQ6zLW7EaG3Bt_CMU+dY0o500Q@mail.gmail.com>
Message-ID: <bb122aaf-ea57-247e-b3da-f180f215506d@msapiro.net>

On 5/15/18 10:27 AM, Kevin Bowen wrote:
> 
>> What's in the various mailman/qfiles/* queues.
> 
> I don't seem to have that directory? I'm running v2.1.9 on RHEL5, do you
> know where it would be located?


In RHEL, it's /var/spool/mailman/ (see <https://wiki.list.org/x/8486953>).



>> What's in Mailman's locks directory? See <https://wiki.list.org/x/17891756
>> .
> 
> Ok, now this is interesting: there are 6 files in /var/lock/mailman named
> <listname>.lock.announce.ucsd.edu.<digits>.0 They have timestamps between 3
> and 4 in the morning, which is probably around the time the issue cleared
> up. Looking in /var/log/mailman/locks I see, starting right around the time
> the problem started yesterday, a bunch of stack traces with
> "<listname>.lock lifetime has expired, breaking" and "<listname>.lock
> unexpected linkcount: -1"


So the issue was a locked list. See <https://wiki.list.org/x/17891756>
for more on locks, but those file names are  if the form
<listname>.lock.<hostname>.<pid>.<seq> so what yo call 'digits' is the
pid of the process waiting on the lock. If there is no file named just
<listname>.lock, the list isn't locked and all the other
<listname>.lock.* files are orphans and their pids are probably gone, so
just remove them.

Actually, when these files are created, they are created with a time
stamp in the future which represents the expiration of the lock lifetime
so that probably is when the list was no longer locked and things
cleared up.

As far as what caused it, that's hard to say, but one strong possibility
is there was an interaction with the list's admin or admindb UI that was
timed out by the web server and left the list locked.


> Also, I notice that in /var/lib/mailman/data, there are currently 4 files
> called heldmsg-<listname>-<digits>.pck, although the admin interface says
> there are currently no messages being held for moderation. Does that mean
> anything?


Those are orphaned held messages, probably orphaned when you deleted and
recreated the list. You can look at them with Mailman's bin/dumpdb and
if you want them, you can reprocess them with the script at
<https://www.msapiro.net/scripts/hold_again>


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gtaylor at tnetconsulting.net  Tue May 15 14:51:22 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Tue, 15 May 2018 12:51:22 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
Message-ID: <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>

On 05/15/2018 03:08 AM, Andrew Hodgson wrote:
> What do I redact or remove in this instance?
> 
> - Personal details about the original poster and the event who had not 
> consented to having their email posted to the mailing list;

I would likely have (presuming sufficient motivation):

1)  Get mailman into a state that I can safely modify the archive.
2)  Run a script (likely sed) to REDACT the contents.
       sed -i$ticketID 's/phone number/REDACTED/g;s/Eventbright 
Link/REDACTED/g;#etc'
3)  Restarted Mailman and possibly web server serving the archive.
     (Or otherwise flushed caches.)

I quite like "REDACTED" as it shows that there was something, and that 
it was removed, but it does not show what that something was.

> In the end I removed the phone numbers, her personal address and the 
> Eventbright links from all messages, including some messages from other 
> people where they had re-echoed the Eventbright links as part of their 
> conversation to help other people.

Fair enough.

> She wasn't very happy,

I doubt there was much more that you could have done.  She's free to be 
upset.  But she shouldn't be upset with you.  You did her a favor that I 
don't think you were strictly compelled to do.

> but worse is the person who forwarded it to the mailing list refused to 
> understand what they had really done and believed they had the right to 
> send the post anywhere as they believed it was in the public domain.

*sigh*

I don't know what to say there.

I feel like that's between her and the event owner / organizer.

> Just an example of the type of stuff that I may get asked to remove 
> in future.

IMHO that is not unexpected, if not somewhat typical.



-- 
Grant. . . .
unix || die


From joly at punkcast.com  Tue May 15 16:03:39 2018
From: joly at punkcast.com (Joly MacFie)
Date: Tue, 15 May 2018 16:03:39 -0400
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
Message-ID: <CAM9VJk1=CVzEqoFxaLhM9qdbxsvd_h04n0ha1_0mWuRkbt4BCg@mail.gmail.com>

?Following with interest, although my mailmans are on Dreamhost and I don't
have root access only admin.

?
RBTF concerns aside, I am wondering how to do a renewed opt-in, similar to
what I see Mailchimp currently running. Any ideas?

-- 
---------------------------------------------------------------
Joly MacFie  218 565 9365 Skype:punkcast
--------------------------------------------------------------
-

From mark at msapiro.net  Tue May 15 21:04:06 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 15 May 2018 18:04:06 -0700
Subject: [Mailman-Users] GDPR
In-Reply-To: <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
Message-ID: <88bb0a95-2ea3-682f-fca3-5a3fe48bc2f4@msapiro.net>

On 5/15/18 11:51 AM, Grant Taylor via Mailman-Users wrote:
> 
> I would likely have (presuming sufficient motivation):
> 
> 1)? Get mailman into a state that I can safely modify the archive.
> 2)? Run a script (likely sed) to REDACT the contents.
> ????? sed -i$ticketID 's/phone number/REDACTED/g;s/Eventbright
> Link/REDACTED/g;#etc'
> 3)? Restarted Mailman and possibly web server serving the archive.
> ??? (Or otherwise flushed caches.)
> 
> I quite like "REDACTED" as it shows that there was something, and that
> it was removed, but it does not show what that something was.


I've been silent in this thread because it doesn't interest me that
much, but I want to point out that redacting a pipermail archive is more
difficult than it would first appear.

You not only have to redact the HTML pages, but also the .txt and
.txt.gz files, and if there is sensitive information in the index pages
(subject and sender info), you also have to redact that in the pipermail
database. See the script at <https://www.msapiro.net/scripts/hdfix> and
read its docstring for an idea.

Finally, you have to redact the cumulative LIST.mbox/LIST.mbox and maybe
the attachments directory.

Actually, the easiest way is to just redact the cumulative
LIST.mbox/LIST.mbox file and rebuild the archive with 'bin/arch --wipe'
but that can have undesired side effects.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From gtaylor at tnetconsulting.net  Tue May 15 21:50:29 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Tue, 15 May 2018 19:50:29 -0600
Subject: [Mailman-Users] GDPR
In-Reply-To: <88bb0a95-2ea3-682f-fca3-5a3fe48bc2f4@msapiro.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
 <88bb0a95-2ea3-682f-fca3-5a3fe48bc2f4@msapiro.net>
Message-ID: <67e63687-fa03-8333-de43-974f2fd58ac6@spamtrap.tnetconsulting.net>

Duly noted.

On 05/15/2018 07:04 PM, Mark Sapiro wrote:
> Actually, the easiest way is to just redact the cumulative 
> LIST.mbox/LIST.mbox file and rebuild the archive with 'bin/arch --wipe' 
> but that can have undesired side effects.

Doesn't that run the risk of renumbering messages, thus breaking 
existing links to messages?  Or at least disassociating them such that 
they link to the wrong message?



-- 
Grant. . . .
unix || die

From mark at msapiro.net  Wed May 16 07:48:55 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 16 May 2018 04:48:55 -0700
Subject: [Mailman-Users] GDPR
In-Reply-To: <67e63687-fa03-8333-de43-974f2fd58ac6@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <VI1PR08MB3358D4FF54335A2BF3D318DCAF930@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <c6d0c597-31cb-91b6-c495-2d6ef37f641f@spamtrap.tnetconsulting.net>
 <88bb0a95-2ea3-682f-fca3-5a3fe48bc2f4@msapiro.net>
 <67e63687-fa03-8333-de43-974f2fd58ac6@spamtrap.tnetconsulting.net>
Message-ID: <07e4b949-f143-12d6-4c4f-72aabdf7d702@msapiro.net>

On 5/15/18 6:50 PM, Grant Taylor via Mailman-Users wrote:
> 
> On 05/15/2018 07:04 PM, Mark Sapiro wrote:
>> Actually, the easiest way is to just redact the cumulative
>> LIST.mbox/LIST.mbox file and rebuild the archive with 'bin/arch
>> --wipe' but that can have undesired side effects.
> 
> Doesn't that run the risk of renumbering messages, thus breaking
> existing links to messages?? Or at least disassociating them such that
> they link to the wrong message?


That's one of the "undesired side effects" although if the list is less
than 10 years old and you don't and never have edited the mbox with an
MUA that can reorder messages and you just redact text and don't delete
messages, that risk is small.

Other issues can arise if the list's scrub_nondigest setting is No now
but has been Yes at some time in the past, scrubbed attachments from the
Yes period will be lost.

Also, if you have a list search, e.g. htdig integration, that can order
hits by file system time stamp, this may be an issue because all the
timestamps become the current time, although the same issue occurs when
editing the HTML files directly. There is a script to fix that at
<https://www.msapiro.net/scripts/update_archive_mtime>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bernd at petrovitsch.priv.at  Thu May 17 04:56:38 2018
From: bernd at petrovitsch.priv.at (Bernd Petrovitsch)
Date: Thu, 17 May 2018 10:56:38 +0200
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <a73d203a-a1e7-aedf-c9ff-e59efa30b095@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <a73d203a-a1e7-aedf-c9ff-e59efa30b095@spamtrap.tnetconsulting.net>
Message-ID: <801934d4b9151ba299f651be6185c36c5ec6ac95.camel@petrovitsch.priv.at>

On Mon, 2018-05-14 at 16:54 -0600, Grant Taylor via Mailman-Users
wrote:
[...]
> On 05/14/2018 04:11 PM, Bernd Petrovitsch wrote:
> > Seriously, these folks don't know what they imply.
> 
> Nope.  Politicians (almost) never fully understand what's going on.

FWIW and IMHO, I think we are in violent agreement here.

[...]
> Who's at fault in this scenario:  The person who overheard what I said
> (the archive) or me for saying it in a non-secure manner (the sender)?

In the old-school life: the sender (because s/he said it on her/his
free will) - I hope;-).
But the person who overheard it may tell the story to a third person.
And it's just/only hear-say - even if it's actually 100% correct (which
it is almost never ever the case). And there starts actually the real
"forgetting" or "doubts" ...

But in a "everything is written" world, that is massively different: In
the old-school world, a "written proof" had a quite large value because
it wasn't trivial to have such a thing.
Nowadays - with almost every communication over the Internet - it's the
normal, that there is a "written proof" aka recorded/logged/whatever.

I'm not diving into differences of "how some judge may value some so-
called proof" in some given (somewhat Western) country, but most people
- even in Spring 2018 - don't realize, what's really going on and try
to get back the world from the 1960s (or so;-) - well, "thinking before
talking" was always a hard job;-)

> Is there any legal method that I can use to compel a person to
> forget=20
> what they overheard me say?

A court order may "force" you to not tell it to anyone but it can't
make you forget it (or write it down and hide it somewhere safe).

So in general: No. And that's exactly the problem with the "right to be
forgotten".

> > For the author's rights side to it: I answer an email (and happen
> > to quote just the relevant parts of other emails) to a public
> > mailinglist with a public archive.
> > 
> > I don't think that the archive's admin or anyone else should have
> > the right (let alone the duty) to edit or change my email in there
> > - or even worse: remove it completely.
> 
> I disagree.
> 
> I believe that the admins / owners of the archive have the right to
> remove something from the archive (or prevent it from going into the
> archive in the first place).

Of course.
But only for (somewhat obvious) very good (including legal) reason like
really hard law issues like - at least in .at and .de - Nazi stuff
and/or (everywhere I hope) certain forms of pr0n.

But for some claims of "please remove my email address?"?
If that email address can be found (via Google) on hundreds of sites,
the removal of one instance doesn't change anything.
Ooops, and a chicken-egg problem ....

> I don't believe that admins / owners have the general right to modify
> what was said.

ACK.

> I do believe that the admins / owners have the right to modify what was
> said in very specific cases, like REDACTING something.  As long as they

That question should be answered by some copyright/authors right
lawyer.

> do so in a manner that is clearly identifiable that something was REDACTED.

ACK.

> After all, it is their system, they administer / own it and can do
> what ever they want to with it.

Yes, and everyone writes that in the mailinglists charta (including
that all mails go into a public archive, are never edited, censored,
deleted, etc.).
Just from that point of view, everyone sending mails to the mailinglist
has implicitly agreed to the rules including the publication in a
Google-indexed archive.

BTW: I cannot do *everything* I want with it because I cannot choose to
plain simply ignore modification requests from a court.

> They should go out of their way to not misrepresent what you said /
> did.
> 
> They could also claim that your message was modified before it got to
> them.

Everyone can claim a lot of things - the hard question is how to proove
it;-)

> > PS: The whole "right to be forgotten" idea is absurd per se - think
> > about private archives (and I don't think about 3-letter
> > organizations only).
> > Can't we define the public archive to be an necessary and important
> > part of a public mailinglist and be done with it?!  For almost
> > everyone else some "important reason" is good enough too.
> 
> I feel like the idea that you can compel someone to forget something
> is absurd.
> 
> I think you can compel businesses to no longer use your contact
> information.

Any serious business won't send me any "newsletters" if I request that
without any legal backing (if only that I continue to buy from it in
the future and don't tell anyone that they ignore such simple things -
and because it's "just the right thing to do"(TM)).

> Which is my naive understanding of part of what the spirit of GDPR
> is.

Yup, but there are other companies or folks using selling addresses and
other personal data (if only for "scientific purposes"[0]).

> I can see a scenario where a company completely removes any and all
> traces of someone, then buys sales leads which contain said person, 

Selling and buying "sales leads" (which are actually contact addresses
at best) or personal data (as covered by the spirit of the GDPR) as
such should be forbidden - that would solve more problems and is easier
to enforce).
ATM the companies are free to do (almost - also depending on the local
jurisdiction) anything with personal data and the effort to handle
misuse of it is shifted to the private person.
It should be the other way around ....

> and ultimately contact said person again.
>
> Is the company in violation of GDPR?  They did (and can prove *) that

No.

> they removed the person's contact information and thus forgot about
> them.
> 
> Or should the company have retained just enough information to know
> that they should not contact the person again?  I.e. a black list.

Yeah, that's an interesting issue (which happen to apply to the next
club with normal member management): A member leaves (for whatever
reason) and - to minimize the data - expects that all data about
him/her is (really) deleted.
But if the same person comes back two years later, doesn't the club (or
company) have the right to *know* that that person was already a member
(and in which years)?
And if a member is expelled, the club surely wants' to remember that.

Of course, that completely invalidates any "request on forgetting" per
se (and reduces it to "act like you don't know it").

A completely other approach (and solution;-) to "mailinglist archive
and the GDPR": *Is* an automatically generated mailinglist archive in
HTML actually subject to the GDPR?
It's not that is really structured and/or organized like e.g. some SQL-
database.

MfG,
	Bernd (IANAL etc.)

[0]: Killing whales is only allowed for scientific purposes since >30
     years IIRC. Did that really change anything for the whales?
-- 
Bernd Petrovitsch                  Email : bernd at petrovitsch.priv.at
                     LUGA : http://www.luga.at

From gtaylor at tnetconsulting.net  Thu May 17 13:53:30 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 17 May 2018 11:53:30 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <801934d4b9151ba299f651be6185c36c5ec6ac95.camel@petrovitsch.priv.at>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <0b5bddd0b4ec874d0f730509e4bdde8c8745794a.camel@petrovitsch.priv.at>
 <a73d203a-a1e7-aedf-c9ff-e59efa30b095@spamtrap.tnetconsulting.net>
 <801934d4b9151ba299f651be6185c36c5ec6ac95.camel@petrovitsch.priv.at>
Message-ID: <45056e16-6310-2f32-006a-2f44210d740e@spamtrap.tnetconsulting.net>

On 05/17/2018 02:56 AM, Bernd Petrovitsch wrote:
> FWIW and IMHO, I think we are in violent agreement here.

:-)

> In the old-school life: the sender (because s/he said it on her/his free 
> will) - I hope;-).  But the person who overheard it may tell the story 
> to a third person.  And it's just/only hear-say - even if it's actually 
> 100% correct (which it is almost never ever the case). And there starts 
> actually the real "forgetting" or "doubts" ...

I agree that fan-out can be a problem.  IMHO the root cause is the 
person that said it, the sender.

> But in a "everything is written" world, that is massively different: 
> In the old-school world, a "written proof" had a quite large value 
> because it wasn't trivial to have such a thing.  Nowadays - with almost 
> every communication over the Internet - it's the normal, that there is a 
> "written proof" aka recorded/logged/whatever.

That's an interesting point, but I'm not seeing who's at fault, the 
person who overheard what I said (the archive) or me for saying it in a 
non-secure manner (the sender)?

> I'm not diving into differences of "how some judge may value some so- 
> called proof" in some given (somewhat Western) country, but most people - 
> even in Spring 2018 - don't realize, what's really going on and try to 
> get back the world from the 1960s (or so;-) - well, "thinking before 
> talking" was always a hard job;-)

True.

> A court order may "force" you to not tell it to anyone but it can't make 
> you forget it (or write it down and hide it somewhere safe).

Where force = order under some form of penalty, sure.

> So in general: No. And that's exactly the problem with the "right to 
> be forgotten".

:-)

Good ideas usually start to have problems when they are taken too far.

> Of course.  But only for (somewhat obvious) very good (including legal) 
> reason like really hard law issues like - at least in .at and .de - 
> Nazi stuff and/or (everywhere I hope) certain forms of pr0n.

Even with those issues, the court can only order you, under some 
penalty, to not do something.  They still can't cause you to unsee or 
forget something.

At least I'm not aware of any such technology yet.  (My ignorance of 
such technology does not preclude it from existing.)

> But for some claims of "please remove my email address?"?  If that email 
> address can be found (via Google) on hundreds of sites, the removal of one 
> instance doesn't change anything.  Ooops, and a chicken-egg problem ....

I think it does.

IMHO it's the issue of multiple people doing the same wrong thing does 
not make the thing in question correct.

Case and point, is it wrong to ask someone specific to stop spamming me 
when considering that multiple other people could be spamming me?

Or, more along the lines of your example, saluting in a Nazi-esq manner? 
  (I'm not saying I agree with anything there in, I'm just using it as 
an example.)

> That question should be answered by some copyright/authors right lawyer.

Hum.

I would be interested in what their take is.

I suspect it's going to come down to misrepresentation.  Either trying 
to falsely claim credit for someone else's work, or trying to attribute 
something to someone who didn't say it.

Short of significant persuation to the contrary, I'm going to continue 
to believe that admins / owners of system have the right to modify what 
was said in very specific cases when it comes to what enters / passes 
through / is stored on their systems.  IMHO this MUST be done in a 
manner that makes it clear that this was done.

> Yes, and everyone writes that in the mailinglists charta (including 
> that all mails go into a public archive, are never edited, censored, 
> deleted, etc.).  Just from that point of view, everyone sending mails 
> to the mailinglist has implicitly agreed to the rules including the 
> publication in a Google-indexed archive.

I have some issues with that.

  - Corporate policy, regional laws, technical capabilities, etc. can 
conflict.
  - Agreeing to a E.U.L.A. does not mean that you actually understand it.
    (I'm hearing where this is being starting to be challenged in courts.)
  - Index ability is independent of publicity.

> BTW: I cannot do everything I want with it because I cannot choose to 
> plain simply ignore modification requests from a court.

Hence regional laws above.

> Everyone can claim a lot of things - the hard question is how to proove 
> it;-)

Yep.

> Any serious business won't send me any "newsletters" if I request that 
> without any legal backing (if only that I continue to buy from it in 
> the future and don't tell anyone that they ignore such simple things - 
> and because it's "just the right thing to do"(TM)).

Sadly, I've seen legitimate businesses fail and do exactly that.  Use 
contact details specifically for the contracted service inappropriately 
for marketing reasons.

> Yup, but there are other companies or folks using selling addresses and 
> other personal data (if only for "scientific purposes"[0]).

I feel like those companies should be required to collect the data from 
somewhere other than what was used explicitly for contracted business.

Much like how HIPAA affords us the restriction to say that the 
information can only be used for healthcare treatment, and the express 
process associated there in (billing, insurance, etc.).

This does not extend to marketing or sales as that's not expressly 
healthcare / treatment.

> Selling and buying "sales leads" (which are actually contact addresses 
> at best) or personal data (as covered by the spirit of the GDPR) as 
> such should be forbidden that would solve more problems and is easier 
> to enforce).

I'm going to disagree with you.

I've been around all sorts of people that won't give you their password 
if you ask them.  But if you offer to give them an ice cream cone to buy 
their password, they will happily trade with you.

The point being, I think there is a valid business model to legitimate 
collect information under pretense that it will be provided (read: sold) 
to marketers.

As long as that's clearly indicated up front, and I'm compensated (for 
my eventual hassle), I might consider doing so.  Especially if I have an 
easy way to tell the people that contact me in the future to bugger off. 
  Who knows, I might actually find something useful in the noise.

> ATM the companies are free to do (almost - also depending on the local 
> jurisdiction) anything with personal data and the effort to handle 
> misuse of it is shifted to the private person.  It should be the other 
> way around ....

Agreed.

I should be able to earmark that my contact information can ONLY be used 
for official business transactions and NOT for anything outside said 
explicit business transaction.

IMHO this should be something like a bit in the database that indicates 
if the info is available for other uses (read: marketing).  Perhaps it 
should be express contractual uses, general business uses, business 
partner uses, and general.

> No.

:-)

> Yeah, that's an interesting issue (which happen to apply to the next club 
> with normal member management): A member leaves (for whatever reason) 
> and - to minimize the data - expects that all data about him/her is 
> (really) deleted.

IMHO, expecting that it is deleted is asking too much in this day and 
age.  Expecting to not be contacted again might be too much.

I think that depends on the terms of the separation.  I.e. non-renewing 
a magazine subscription would likely be okay to offer renewal discounts 
in 3 / 6 / 9 / 12 / 18 months.  Conversely, asking a former member who 
has been forcibly excommunicated (read: voted out by other members) for 
a donation during the next fund raiser is probably a bad idea.

> But if the same person comes back two years later, doesn't the club (or 
> company) have the right to know that that person was already a member 
> (and in which years)?  And if a member is expelled, the club surely wants' 
> to remember that.

I think that the company has the right to know that information.

Note:  Knowing that does not translate to using said information for 
anything outside of the express business relationship.

I seem to keep coming back to the express business relationship.

> Of course, that completely invalidates any "request on forgetting" per se 
> (and reduces it to "act like you don't know it").

I think the spirit of requesting to be forgotten really translates to 
requesting to not be contacted in the future.  At least for most (but 
not all) situations.

> A completely other approach (and solution;-) to "mailinglist archive 
> and the GDPR": Is an automatically generated mailinglist archive in HTML 
> actually subject to the GDPR?  It's not that is really structured and/or 
> organized like e.g. some SQL- database.

I think that any data collection / aggregation is likely going to be 
subject to GDPR, for better or worse, in some way.

I also feel like the structure of the data, or lack there of, is 
somewhat immaterial.  Especially in this day and age where people are 
touting storing data in unstructured manner.  Plus, extracting email 
addresses (and associated names) from a mail archive, HTML or not, is 
relatively easy.  ;-)



-- 
Grant. . . .
unix || die


From enseikou at gmail.com  Sun May 20 05:42:18 2018
From: enseikou at gmail.com (=?UTF-8?Q?Rub=c3=a9n_Fern=c3=a1ndez_Asensio?=)
Date: Sun, 20 May 2018 11:42:18 +0200
Subject: [Mailman-Users] Internationalizing administrative aliases
In-Reply-To: <42b6c94a-40ac-be68-aba0-75f1cdcab4fd@msapiro.net>
References: <2074053.fT7H6P9viX@fractal>
 <42b6c94a-40ac-be68-aba0-75f1cdcab4fd@msapiro.net>
Message-ID: <e7479b1e-202b-14bf-0bb7-66f7b1e57f84@gmail.com>


Hi, thanks for the hint.

However, the changes have effect only on Postfix. I can send a "help" 
request to prova3-peto at poshto.esperanto.cat but the reply seems to come 
from prova3-owner at poshto.esperanto.cat, not from 
prova3-posedanto@?oshto.esperanto.cat. On the other hand, when I reply 
to prova3-owner I only get a message delivery error; I can only write to 
prova3-posedanto.

To fully internalionalize Mailman I would have to edit its templates, 
not just Postfix. Has anybody ever tried this? I guess my idea of 
"internationalization" is more ambitious than usual. Does anybody know 
where I can configure the variables that get substituted in the 
templates like %(requestaddr)s or  %(adminaddr)s?


El 13/05/18 a les 13:41, Mark Sapiro ha escrit:
> On 5/12/18 11:40 PM, Rubeno Fern?ndez wrote:
>> Hello all,
>> I'd like to know whether it's possible to internationalize addresses for list
>> control, like mylist-owner, mylist-subscribe, mylist-unsubscribe...
>>
>> I tried editing the file /usr/lib/mailman/data/aliases and then running /usr/
>> lib/mailman/bin/genaliases, but it doesn't work, even after restarting the
>> server the default addresses are still the only ones valid. I should add that
>> the new addresses had only ASCII characters.
> 
> 
> The above doesn't work because running /usr/lib/mailman/bin/genaliases
> will rebuild /usr/lib/mailman/data/aliases and undo all your changes.
> What you need to run after editing /usr/lib/mailman/data/aliases is
> 
> postalias /usr/lib/mailman/data/aliases
> 
> to rebuild the /usr/lib/mailman/data/aliases.db file, but this is
> fragile because running genaliases or equivalent at any time in the
> future will again undo your changes.
> 
> You need to make a second set, e.g., /usr/lib/mailman/data/aliases2 and
> /usr/lib/mailman/data/aliases2.db with the same ownership and
> permissions as the existing ones, perhaps by
> 
> cd /usr/lib/mailman/data/
> cp -a aliases aliases2
> cp -a aliases.db aliases2.db
> 
> make your changes to aliases2 and run 'postalias aliases2' to update
> aliases2.db and then add hash:/usr/lib/mailman/data/aliases2 to your
> Postfix config.
> 

From enseikou at gmail.com  Sun May 20 10:32:08 2018
From: enseikou at gmail.com (=?UTF-8?Q?Rub=c3=a9n_Fern=c3=a1ndez_Asensio?=)
Date: Sun, 20 May 2018 16:32:08 +0200
Subject: [Mailman-Users] Roster security
Message-ID: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com>

Hi all!
My question may be dumb, but I need some confirmation.
I set up a list so that the roster is visible to subscribers.
I just noticed that, when any subscriber logs into the roster, s/he can 
access any other user's option page and try to unsubscribe that user or 
send a password reminder.
I know no user can be unsubscribed without replying to the confirmation 
message, but I was very surprised that any subscriber would be allowed 
to do that to any other. I thought making the roster visible to 
subscribers would only expose their emails (and names, if they provided 
one).
Is this by design, or is this a bug in my Mailman installation? Is there 
any way of making the roster visible to subscribers without giving 
access to personal option pages through it?

Rub?n

From mark at msapiro.net  Sun May 20 11:10:18 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 20 May 2018 08:10:18 -0700
Subject: [Mailman-Users] Internationalizing administrative aliases
In-Reply-To: <e7479b1e-202b-14bf-0bb7-66f7b1e57f84@gmail.com>
References: <2074053.fT7H6P9viX@fractal>
 <42b6c94a-40ac-be68-aba0-75f1cdcab4fd@msapiro.net>
 <e7479b1e-202b-14bf-0bb7-66f7b1e57f84@gmail.com>
Message-ID: <8a911d76-ef55-c4f6-c13a-a420b4765b68@msapiro.net>

On 05/20/2018 02:42 AM, Rub?n Fern?ndez Asensio wrote:
> 
> To fully internalionalize Mailman I would have to edit its templates,
> not just Postfix. Has anybody ever tried this? I guess my idea of
> "internationalization" is more ambitious than usual. Does anybody know
> where I can configure the variables that get substituted in the
> templates like %(requestaddr)s or? %(adminaddr)s?


The actual substitutions are spread all over the code, but you might try
looking at the definition of getListAddress(self, extra=None) in
Mailman/MailList.py. 'extra' is the '-owner' etc. appendage. You might
be able to translate them there and have it work.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Sun May 20 11:26:38 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sun, 20 May 2018 08:26:38 -0700
Subject: [Mailman-Users] Roster security
In-Reply-To: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com>
References: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com>
Message-ID: <02b13e25-0213-55a8-25f1-644721b1f4e5@msapiro.net>

On 05/20/2018 07:32 AM, Rub?n Fern?ndez Asensio wrote:
> Is this by design, or is this a bug in my Mailman installation? Is there
> any way of making the roster visible to subscribers without giving
> access to personal option pages through it?


One user does not have access to another user's options unless
authenticated with a list admin password. If an ordinary user clicks
another user's link, she only gets the options login page which can be
gotten for any address just by knowing the address no matter how you get
there.

By making the roster visible to members you are exposing the addresses.
Anyone can go to a url like
http://example.com/mailman/options/listname/user at example.net to get to
the options login page for user at example.net.

That's how mailman works. There's nothing magic about coming from the
roster. You can't get past the login page without proper authentication.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From heller at deepsoft.com  Sun May 20 14:56:58 2018
From: heller at deepsoft.com (Robert Heller)
Date: Sun, 20 May 2018 14:56:58 -0400 (EDT)
Subject: [Mailman-Users] Roster security
In-Reply-To: <02b13e25-0213-55a8-25f1-644721b1f4e5@msapiro.net>
References: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com> 
 <02b13e25-0213-55a8-25f1-644721b1f4e5@msapiro.net>
Message-ID: <20180520185658.DB20826C27F0@sharky3.deepsoft.com>

At Sun, 20 May 2018 08:26:38 -0700 Mark Sapiro <mark at msapiro.net> wrote:

> 
> On 05/20/2018 07:32 AM, Rub??n Fern??ndez Asensio wrote:
> > Is this by design, or is this a bug in my Mailman installation? Is there
> > any way of making the roster visible to subscribers without giving
> > access to personal option pages through it?
> 
> 
> One user does not have access to another user's options unless
> authenticated with a list admin password. If an ordinary user clicks
> another user's link, she only gets the options login page which can be
> gotten for any address just by knowing the address no matter how you get
> there.
> 
> By making the roster visible to members you are exposing the addresses.
> Anyone can go to a url like
> http://example.com/mailman/options/listname/user at example.net to get to
> the options login page for user at example.net.

And yes the "options login page" also contains an "unsubscribe" button.  But 
as Mark says, you need the user's list password for anything to actually 
happen.

> 
> That's how mailman works. There's nothing magic about coming from the
> roster. You can't get past the login page without proper authentication.
> 

-- 
Robert Heller             -- 978-544-6933
Deepwoods Software        -- Custom Software Services
http://www.deepsoft.com/  -- Linux Administration Services
heller at deepsoft.com       -- Webhosting Services
                                                                                                      

From enseikou at gmail.com  Mon May 21 03:27:29 2018
From: enseikou at gmail.com (=?UTF-8?Q?Rub=c3=a9n_Fern=c3=a1ndez_Asensio?=)
Date: Mon, 21 May 2018 09:27:29 +0200
Subject: [Mailman-Users] Roster security
In-Reply-To: <20180520185658.DB20826C27F0@sharky3.deepsoft.com>
References: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com>
 <02b13e25-0213-55a8-25f1-644721b1f4e5@msapiro.net>
 <20180520185658.DB20826C27F0@sharky3.deepsoft.com>
Message-ID: <1a2ca567-8199-3061-5cba-ce0201a94c21@gmail.com>

OK, that was what I meant. Not the actual options page but the options 
login page, with the buttons to unsubscribe and send the password.

Yeah, I'm aware that only the concerned subscriber will receive the 
password reminder and the unsubscribe confirmation, so there's no 
security hole, but anyway it puzzles me that subscribers can "spam" each 
other this way.

But if it's supposed to be this way, I guess I'll have to live with it.

El 20/05/18 a les 20:56, Robert Heller ha escrit:
> And yes the "options login page" also contains an "unsubscribe" button.  But
> as Mark says, you need the user's list password for anything to actually
> happen.

From mark at msapiro.net  Mon May 21 11:10:42 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 21 May 2018 08:10:42 -0700
Subject: [Mailman-Users] Roster security
In-Reply-To: <1a2ca567-8199-3061-5cba-ce0201a94c21@gmail.com>
References: <a4cc3bc8-ab48-c3f3-2464-185cc2287d10@gmail.com>
 <02b13e25-0213-55a8-25f1-644721b1f4e5@msapiro.net>
 <20180520185658.DB20826C27F0@sharky3.deepsoft.com>
 <1a2ca567-8199-3061-5cba-ce0201a94c21@gmail.com>
Message-ID: <81b828a0-ca2d-2c7c-370f-d1b8ee5772d0@msapiro.net>

On 05/21/2018 12:27 AM, Rub?n Fern?ndez Asensio wrote:
> 
> Yeah, I'm aware that only the concerned subscriber will receive the
> password reminder and the unsubscribe confirmation, so there's no
> security hole, but anyway it puzzles me that subscribers can "spam" each
> other this way.
> 
> But if it's supposed to be this way, I guess I'll have to live with it.


Anyone from anywhere can go to the options login page for any user. It
has to be that way. If it weren't, users could not go to their own
options login page.

There is nothing special about going to a user's options login page from
the roster, and removing that link from the roster would not offer any
real protection against someone going to someone else's options login page.

Also, removing the Unsubscribe and Remind buttons from login page
creates real problems for users who've forgotten their password.

I.e., there are good reasons why it is the way it is, and there are no
plans to change it.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From suporte at aprendendolinux.com  Sun May 20 10:13:38 2018
From: suporte at aprendendolinux.com (Henrique Fagundes)
Date: Sun, 20 May 2018 11:13:38 -0300
Subject: [Mailman-Users] Doubts with Mailman + DMARC + Option "Munge From"
Message-ID: <a60a03ee-ab42-34fd-83a9-5b3812cf7efc@aprendendolinux.com>

Dear Colleagues,

First good afternoon!

I apologize to the poorly written English. I am Brazilian and I do not 
have so much knowledge of this language.

I implemented the MailMan solution on a server for testing, to 
homologate before putting into production.

I made the settings according to the documentation and everything flowed 
properly, except for one detail: I saw that there were some problems in 
the delivery of messages coming from some providers, for example: 
ZohoMail, YaHoo and AOL.

So I used the log output from the "/var/log/mail.log" file to do a 
search and then discovered that these providers reject the messages 
because of their DMARC policies.

I also discovered that there is a way to get around this in the MailMan 
options, in the web interface, selecting the desired list, going to 
"administration" and then "general options".

In the following option:

"Replace the From: header with the list's posting address to mitigate 
issues stemming from the original From: domain's DMARC or similar policies."

Just check the "Munge From" option.

As pictured in the link below:
http://temporario2.aprendendolinux.com/option.png

This "solves" the problem.

What's bothering you is that when someone sends an email to the list, 
the "From" field, in addition to the sender's name, is displaying "via 
list name"

Example: I have a list called "clubenaval" and I sent an email to the 
list. It appears like this: "Henrique Fagundes via clubenaval", as 
pictured in the link below:
http://temporario2.aprendendolinux.com/from.png

I'd like to remove that. I would like only the name of the sender to 
appear, in the case of the example, "Henrique Fagundes".

I already researched a lot and I did not find anything related to that! 
Could someone help me?

Here are some more information:

Distribution: Ubuntu 16.04.4 LTS x64
Kernel Version: 4.4.0-1057
Apache version: 2.4.18

Postfix version: 3.1.0
main.cf: http://temporario2.aprendendolinux.com/main.cf.txt
master.cf: http://temporario2.aprendendolinux.com/master.cf.txt

Mailman version: 2.1.20
mm_cfg.py: http://temporario2.aprendendolinux.com/mm_cfg.py.txt

I will be very grateful if anyone can help!

Regards,

Henrique Fagundes
suporte at aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
______________________________________________________________________
Participe do Grupo Aprendendo Linux
https://groups.google.com/forum/#!forum/portal-aprendendo-linux

Ou envie um e-mail para:
portal-aprendendo-linux+subscribe at googlegroups.com


From mark at msapiro.net  Mon May 21 13:01:14 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Mon, 21 May 2018 10:01:14 -0700
Subject: [Mailman-Users] Doubts with Mailman + DMARC + Option "Munge
 From"
In-Reply-To: <a60a03ee-ab42-34fd-83a9-5b3812cf7efc@aprendendolinux.com>
References: <a60a03ee-ab42-34fd-83a9-5b3812cf7efc@aprendendolinux.com>
Message-ID: <a8bf22c9-9ecc-a72e-a810-d91d2745b3ca@msapiro.net>

On 05/20/2018 07:13 AM, Henrique Fagundes wrote:
> 
> Example: I have a list called "clubenaval" and I sent an email to the
> list. It appears like this: "Henrique Fagundes via clubenaval", as
> pictured in the link below:
> http://temporario2.aprendendolinux.com/from.png
> 
> I'd like to remove that. I would like only the name of the sender to
> appear, in the case of the example, "Henrique Fagundes".


It is done the way it is in order to not confuse people as the actual
address in the From: header is the list posting address, not Henrique
Fagundes address. I.e., if the "via clubenaval" were removed, the
message would be

From: Henrique Fagundes <clubenaval at groupos.aprendendolinux.com>

making it appear as if <clubenaval at groupos.aprendendolinux.com> was
Henrique Fagundes actual email address.

That said, you can remove the via listname by applying the following
change to Mailman/Handlers/CookHeaders.py

> --- CookHeaders_2.1.20.py	2018-05-21 09:37:09.018765014 -0700
> +++ CookHeaders_2.1.20_new.py	2018-05-21 09:40:11.899778618 -0700
> @@ -148,7 +148,7 @@
>          # Remove domain from realname if it looks like an email address
>          realname = re.sub(r'@([^ .]+\.)+[^ .]+$', '---', realname)
>          change_header('From',
> -                      formataddr(('%s via %s' % (realname, mlist.real_name),
> +                      formataddr((realname,
>                                   mlist.GetListEmail())),
>                        mlist, msg, msgdata)
>      else:


Also, later versions of Mailman (>=2.1.22) will translate "via" to "por"
for pt_BR. (The i18n was added in 2.1.21, but the pt_BR message catalog
wasn't updated until 2.1.22)

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From suporte at aprendendolinux.com  Mon May 21 13:35:24 2018
From: suporte at aprendendolinux.com (Henrique Fagundes)
Date: Mon, 21 May 2018 14:35:24 -0300
Subject: [Mailman-Users] Doubts with Mailman + DMARC + Option "Munge
 From"
In-Reply-To: <a8bf22c9-9ecc-a72e-a810-d91d2745b3ca@msapiro.net>
References: <a60a03ee-ab42-34fd-83a9-5b3812cf7efc@aprendendolinux.com>
 <a8bf22c9-9ecc-a72e-a810-d91d2745b3ca@msapiro.net>
Message-ID: <14f73916-bbb8-a60b-b652-8ca3c26ec0dd@aprendendolinux.com>

Dear friend,

Thank you!

I have edited the file "/usr/lib/mailman/Mailman/Handler/CookHeaders.py" 
and replace "formataddr (('% s via% s'% (realname, mlist.real_name)" 
with "formataddr (('% s '% (realname)'.

This solved my problem and left the tool working the way I wanted it to.

Thank you very much.
I posted this doubt in several forums here in Brazil and no one knew how 
to respond.

Once again I apologize if my text is too difficult to understand. I do 
not have many English language skills.

Regards,

Henrique Fagundes
Linux Support Analyst
suporte at aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
______________________________________________________________________
Participe do Grupo Aprendendo Linux
https://groups.google.com/forum/#!forum/portal-aprendendo-linux

Ou envie um e-mail para:
portal-aprendendo-linux+subscribe at googlegroups.com

Em 21/05/2018 14:01, Mark Sapiro escreveu:
> On 05/20/2018 07:13 AM, Henrique Fagundes wrote:
>>
>> Example: I have a list called "clubenaval" and I sent an email to the
>> list. It appears like this: "Henrique Fagundes via clubenaval", as
>> pictured in the link below:
>> http://temporario2.aprendendolinux.com/from.png
>>
>> I'd like to remove that. I would like only the name of the sender to
>> appear, in the case of the example, "Henrique Fagundes".
> 
> 
> It is done the way it is in order to not confuse people as the actual
> address in the From: header is the list posting address, not Henrique
> Fagundes address. I.e., if the "via clubenaval" were removed, the
> message would be
> 
> From: Henrique Fagundes <clubenaval at groupos.aprendendolinux.com>
> 
> making it appear as if <clubenaval at groupos.aprendendolinux.com> was
> Henrique Fagundes actual email address.
> 
> That said, you can remove the via listname by applying the following
> change to Mailman/Handlers/CookHeaders.py
> 
>> --- CookHeaders_2.1.20.py	2018-05-21 09:37:09.018765014 -0700
>> +++ CookHeaders_2.1.20_new.py	2018-05-21 09:40:11.899778618 -0700
>> @@ -148,7 +148,7 @@
>>           # Remove domain from realname if it looks like an email address
>>           realname = re.sub(r'@([^ .]+\.)+[^ .]+$', '---', realname)
>>           change_header('From',
>> -                      formataddr(('%s via %s' % (realname, mlist.real_name),
>> +                      formataddr((realname,
>>                                    mlist.GetListEmail())),
>>                         mlist, msg, msgdata)
>>       else:
> 
> 
> Also, later versions of Mailman (>=2.1.22) will translate "via" to "por"
> for pt_BR. (The i18n was added in 2.1.21, but the pt_BR message catalog
> wasn't updated until 2.1.22)
> 


From turnbull.stephen.fw at u.tsukuba.ac.jp  Tue May 22 21:33:18 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Wed, 23 May 2018 10:33:18 +0900
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
Message-ID: <23300.50398.110366.467389@turnbull.sk.tsukuba.ac.jp>

Grant Taylor via Mailman-Users writes:
 > On 05/14/2018 06:33 AM, Andrew Hodgson wrote:

 > > Current advice from the GDPR people is we may have to delete the whole 
 > > thread.
 > 
 > What is their working definition of "thread"?

I would imagine that it is the subthread rooted at the first post
containing complainant's PII -- "Personally Identifying Information".

 > Why can't just the individual's message(s) be delete?  Or better 
 > redacted to not reflect them?

That is going to depend on the presence of PII in the messages.  If
*whole messages* are to be deleted, that would presumably involve
content that somehow identifies the person.  I would expect that we
don't have to delete whole bug reports on this list just because
somebody requests their PII be redacted.

What worries me more is the implications for blockchain, or more
precisely, DAG-based VCSes that use hashes for integrity check like
git: the identity of commits will change if authors and emails are
redacted, including if a commit log refers to PII of a bug reporter as
they often do.  I guess you'd need to maintain an index of pointers
from old commit ids, or at least for branches and tags (we do have the
reflog in git).

And heaven help you if you're a security conscious group like the
Linux kernel and use signed commits.  I guess the person who does the
redaction would sign the new commits, but that's pretty yucky -- that
person could do anything and nobody would know when it happened
because you have to delete the old commits and blobs that get redacted.

 > > Still under discussion, this is also complex because threads and
 > > subjects change, if we delete the whole thread there may be
 > > messages from the same author in other threads that don't have
 > > correct atribution etc.

As I understand the "right to be forgotten", it's *not* a right to
arbitrarily edit content stored by someone else, it's the right to
redact *all* PII in that content.  It's not just messages from a
person, it's headers containing their name and email address,
attribution lines for quoted material, quoted .sigs, etc etc.

 > I see six modes of access to the data:
 > 
 > 1)  List subscribers
 > 2)  List owners / administrators
 > 3)  Host system administrators
 > 4)  Administrators that are in the downstream SMTP / HTTP path and can 
 >     track things.
 > 5)  Backups.
 > 6)  Ongoing Discovery.

You're missing

0)  Randos accessing public archives.

For (0), the only logging would be IP addresses in the webserver.

 > I would expect that #1 requires authentication to MM for
 > subscribers to see data, and I expect that this is logged in some
 > (indirect) capacity.

No.  The accessing IPs will be in the webserver logs, but I don't
think there is any logging in either Mailman 2 or Mailman 3 of
authentication data.  All there would be is the implication that
authentication was successful if that data were accessed.  In Mailman
2 there's no PII data whatsoever except for email address and (maybe)
display name in the subscriber data.  I suppose you could put phone #s
and junk like that in the display name, but GDPR is more concerned
with the database fields that might store PII than the actual content.

 > I would expect that #2 would have access to the data as part of their 
 > role of owning / administering a mailing list.

However, in Mailman 2 the various list passwords are shared, and would
not identify individuals in cases with multiple moderators or list
owners.

 > I would also expect that #3 has the capability to access the data.  But 
 > I would also expect that #3 would not access the data in normal day to 
 > day operations.

Indeed.  The problem is identifying them if they do, since they can
just use normal filesystem operations from the shell, which are not
normally logged at all.  In Mailman 3, we can configure databases like
PostgreSQL, which I suppose can log access to the subscriber
databases, and which make it hard (but not impossible) to access data
via ordinary filesystem operations.

However, I think that the issue here is basically moot.  You keep host
access logs to check for suspicious IP addresses (attempting to) log
in, and otherwise (for #2 and #3) you just give the list of all the
people who can access that data in the normal course of their duties.
I don't think the issue with logging is pinning down a particular
access to specific data, but rather determining who *could* access
that data.  The relevant access might have been by a long-since fired
engineer who did a Snowden on your database.  How could you possibly
know?

 > Are you saying that GDPR is going to complicate things related to
 > #3 and make it such that there is more of a union between #2 and
 > #3?  I.e. exclude 3rd party site hosters from being able to be #3?

I don't understand the "exclude third party site hosters".  The
GDPR requirement is not to *limit* access, it's to *log* access.

 > What is their working definition of "marketing"?

I'm pretty sure they're referring to CRM-type databases where you
track customer interactions over time, linked by PII, and build up a
profile.  One-off "for sale" posts wouldn't matter.  However, if this
were a common activity on the list, the *archives* might qualify as
such a database.

 > IMHO: History happened.  (Some) People will remember (some) details
 > (for a while).  Removing evidence of them does not mean that
 > history did not happen.

Sure, the point is to make it difficult for 3rd parties to discover
that history ex post.  I don't think the legislators envisioned people
invoking these rights frivolously or maliciously (though I do :-/).

 > Are #5 and #6 accounted for?

Backups would need to be redacted as well, I suppose.  I have no idea
what you mean by "ongoing discovery".

 > What about #4 downstream?

Not Mailman host's problem, assuming all subscribers have properly
been opted in and are allowed to opt out at will, as is normally the
case.  Distributing content downstream is the purpose of the software,
and subscribers are aware of that.  The only edge cases I can imagine
offhand is the one discussed elsewhere in the thread, where a
subscriber posts a third party's information without permission, and
possibly an open-post list where the poster doesn't realize that it's
open subscription/public archives/whatever.

 > Or something  like the NSA's PRISM program.

Not Mailman host's problem.

 > I fell like there should be a GDPR counterpart of reasonable level of 
 > effort in good faith.

Sure, but you probably won't like what the courts consider reasonable.

 > I'm not quite sure what to do in a situation of a litigation hold
 > that suspends expunging of backups.

You lock up the backups offline unless and until the court asks for
them or you actually need to restore.  That reasonably addresses the
privacy issue itself, and you're covered by the "essential to business
purpose" clause for the duration of the court order.

 > I'm simply bringing up things that I think are potential concerns
 > that the powers that be probably need to consider, and have a pat
 > response to.


From turnbull.stephen.fw at u.tsukuba.ac.jp  Tue May 22 21:37:32 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Wed, 23 May 2018 10:37:32 +0900
Subject: [Mailman-Users] Encoding issues when importing archives
In-Reply-To: <b0f91028-d75b-b347-948f-6dc3af637358@msapiro.net>
References: <87po1yvsxn.fsf@ericabrahamsen.net>
 <b0f91028-d75b-b347-948f-6dc3af637358@msapiro.net>
Message-ID: <23300.50652.626653.145943@turnbull.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > > content = content.encode(decoding)
 > > 
 > > UnicodeEncodeError: 'gb2312' codec can't encode character '\ufffd' in position 3131: illegal multibyte sequence
 > > 
 > > Apparently the offending attachments are specified as gb2312 (a common
 > > Chinese encoding).
 > > 
 > > Is there something I can do to somehow preprocess the archive mboxes, or
 > > otherwise re-encode the attachments?
 > 
 > Possibly there is, but this is a bug in the hyperkitty_import process.

Technically, it's a bug in common Chinese MUAs.  We can work around it
if we want to, of course, and I think we do.

<tl;dr endsat="Whew!">
The backstory is that Chinese (simplified, aka mainland) has three
major encoding standards: GB 2312, GBK, and GB 18030.  GBK is not
really an encoding, it's an encoding schema which says "future Chinese
encodings shall be supersets of GB 2312" but doesn't assign any new
characters, and GB 18030 is not only a superset of GB 2312 that
actually defines the new characters compatibly with GBK, but it is
also a superset of Unicode that folds Unicode into the GBK code space
algorithmically (GB 2312 and Unicode are incompatible in page 0).

Whew!

So, because GB 18030 is backward compatible with GB 2312, a lot of
Chinese MUAs get away with incorrectly labeling the extended character
set "GB 2312", and you get the error above.  The same thing happens
with Shift JIS, by the way.

OTOH, for that exact reason, we can do what Webencodings does, and
promote GB 2312 claims, and *decode* with GB 18030.  I think this is
safe, as there's really no alternative encoding to worry about, and
since this stuff presumably all text/plain or text/html, we should be
OK on security stuff (although I guess in theory it could be source
code or executable scripts that is doing something sneaky).

(On the other hand, I *am* worried about the fact that there is a
REPLACEMENT CHARACTER in the content at this point.  Presumably that's
because we *decoded* the original mail with errors=who-gives-a-fsck,
which is not appropriate here---we can be almost sure that the content
is *not* corrupt, rather it's mislabeled.)

The OP can do a poor man's version, by going through the existing mbox
and case-independently regexp-replacing r"=\?GB2312\?" with
r"=\?GB18030\?", and r'charset=("?)GB2312' with r'charset=\1GB18030'.

I'm still jet-lagged from PyCon, so I'm not going to do more now, and
if you want some Python code to do this, please feel free to ping me
on or off list.

 > It would help if you file an issue at
 > <https://gitlab.com/mailman/hyperkitty/issues/new> with enough
 > information for us to reproduce it.

print("""
Subject: nothing to see here: =?GB2312?Q?=FF=FD?=

Oops!
""")

should do the trick. ;-)

I'll be looking for this issue, or you can assign it to me.

Steve


From turnbull.stephen.fw at u.tsukuba.ac.jp  Tue May 22 21:46:20 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Wed, 23 May 2018 10:46:20 +0900
Subject: [Mailman-Users] GDPR
In-Reply-To: <1526338845.1079.49.camel@16bits.net>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
 <1526338845.1079.49.camel@16bits.net>
Message-ID: <23300.51180.425638.496130@turnbull.sk.tsukuba.ac.jp>

?ngel writes:

 > First of all, and I think it hasn't been mentioned yet is the Right
 > to access, ie. of letting people know which data you have about
 > them.
 > 
 > I would consider that listing all post by email address X would
 > fulfill it, plus a search feature (*) in case they want to search
 > by other terms, like looking for posts with their name in it.

Many posts will include their names in CCs, especially on lists that
munge Reply-To.  Some of these may be hidden (eg, Reply-To is normally
not displayed; I don't know offhand if it's in the mbox files).

However, I think that what that clause means is not "all data items
that mention you," but rather "what personally identifying information
(PII) is stored," ie, name, email, postal address (.sig!), phone
number (.sig!), blog and other website URLs, etc.  The right to be
forgotten would imply at least redacting *all* instances of such PII.

 > (*) It is my understanding that just providing the mbox and
 > expecting them to grep through it just as the sysadmin would have
 > to do would be sufficient (OTOH if you had an advanced system for
 > completely tracking a guy, and provide him just a crude interface
 > that's probably not ok).

If the archives are private, this is seriously problematic if it
provides access to nonsubscribers who "are afraid" they were
mentioned.  Do you really want a stalker trawling through your private
lists just because somebody "might" have called him out by name?

 > Having to find out "anything and everything" where the user was
 > mentioned may imho require what the GDPR calls "a disproportionate
 > effort", and could even result into some liability for not finding some
 > instance.

What "disproportionate" means will have to be decided by courts or
further legislation (I'm not familiar with how this works in the EU).
I suspect that a sed script redacting name, nickname, email addresses,
SNS aliases, phone, postal address, and geographical address (perhaps
even as minimal as city) will be the bare minimum expected for mailing
list archives to the extent that they are covered by GDPR.

 > As such, wrt redacting archives my view is that they should provide
 > all the urls to the content they want removed (which they should
 > have been able to easily found per above).

This could easily be thousands of posts in a long-running mailing
list.  Really, you'd want it done in bulk, using sed on an mbox or SQL
on a database, rather than URL by URL in the HTML.

 > If I detected that there was a follow-up top-posting email containing
 > the original content I would probably also truncate it, but strictly as
 > a courtesy matter and with no guarantees that I would do that.

Consider the example provided later in the thread of a private email
forwarded to the list by a subscriber.  Through no action of their
own, the private mail's author's PII was distributed over dozens (and
in really extreme cases it could be 100s) of posts in a long thread.
Anyway, as pointed out above, I'm pretty sure GDPR envisions *all*
instances of PII being redacted.

 > If they failed to find themselves, why would I need to dig through
 > the archives, not even knowing what I am looking for?

Because if it turns out later that that PII was found in your
archives, you will definitely be considered guilty of negligence or
worse.  You really cannot expect either users who want their PII
redacted or courts to be at all sympathetic to the mailing list
managers on this point.

 > There are too many ways to refer to someone, the email address,
 > different names and abbreviations (and misspellings!), which would
 > not even be unique, plus all kind of references (just suppose that
 > the people to which Julian referred claimed that his email contains
 > PII about them!).

The proverb, "the law is an ass", applies.  But that doesn't mean
people of ill-will can't abuse it, and people in a panic (eg, stalking
victims) may not care about your problems when they are literally at
risk of being murdered if found out.

This applies to several of your other comments implying that you can't
believe that the law means what it says, so I'm eliding them.

 > I would expect reasonable requests not to be a problem, though
 > (eg. just removing an address from a mail signature).

GDPR is not reasonable for mailing list operators who maintain
archives, period.  The problem is not the intent of lawmakers, who
mostly are horrified by the abuses that hackers have made of private
information leaked from various databases, and want to address those
problems as well as stalkers of various types.  The problem is that
people who would use such querying and redaction facilities are
likely to be in an "unreasonable" state of mind, as described above.

Unless we somehow have a blanket exemption, or "click-wrap" "I waive
my GDPR rights with respect to posts to this list" Subscriber
Agreements are deemed valid, I half-expect GDPR will kill volunteer-
maintained mailing lists in Europe, and likely get Europeans banned
from lists elsewhere.

I don't agree with the scams currently being promoted that ban
subscriptions or even commercial transactions simply because the IP
address is allocated to Europe.  I hope that you're right, that the
"unbelievable" implications of GDPR actually aren't implied by the law
as it will be enforced.  I'm certainly going to wait for enforcement
policy to become clear, and will do my best to comply in the unlikely
event I have to deal with such requests under GDPR (my own mailing
lists are full of Asian students in Japan).  But I still see no good
reason to be confident that mailing lists are at zero risk just by
taking a few simple precautions to comply with GDPR.

 > The user could be browsing a mailing list archive (as noted above)
 > that provides a link to "report content to remove" (automatically
 > verifying the reporter provided email address),

What does "verify" mean here?  The problematic address may have been
deleted or pwned, and not available to the person wanting redaction.

Steve




From gtaylor at tnetconsulting.net  Tue May 22 22:40:51 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Tue, 22 May 2018 20:40:51 -0600
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <23300.50398.110366.467389@turnbull.sk.tsukuba.ac.jp>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
 <23300.50398.110366.467389@turnbull.sk.tsukuba.ac.jp>
Message-ID: <b1e220f7-bd8d-86b8-091b-4d6f8de70253@spamtrap.tnetconsulting.net>

On 05/22/2018 07:33 PM, Stephen J. Turnbull wrote:
> I would imagine that it is the subthread rooted at the first post 
> containing complainant's PII -- "Personally Identifying Information".

I feel like that's a self referencing definition.

A "thread" is "a subthread rooted at the first post containing PII".

I agree that's where the focus should start.  But I don't think it 
defines a thread in the way that I'm asking.

What is their working definition of "thread"?

Let's say:

1)  Bla
2)   +--- Re: Bla
3)   +--- Re: Bla
4)   |     +--- BlaBlaBla
5)   +--- Re: Bla
6)         +--- I hijacked this thread because I need help!!!

Let's say the PII was in message 3 and the person replying to it in 
message 4 removed the PII.  Do messages 3 and 4 need to be removed (or 
otherwise modified)?

Let's say that message 1 had the PII, messages 2, 3, and 5 quoted it, 
but 4 did not and 6 is a hijacker that hit reply on the most convenient 
message (under his cursor) and removed all content.  Do messages 4 and 6 
need to be removed?

What is the "(sub)thread" that needs to be removed?

> That is going to depend on the presence of PII in the messages.  If *whole 
> messages* are to be deleted, that would presumably involve content that 
> somehow identifies the person.  I would expect that we don't have to 
> delete whole bug reports on this list just because somebody requests 
> their PII be redacted.

I agree that it's possible to remove / redact PII without deleting the 
items containing the PII.

Think about it this way, spooks don't shred the entire sheet of paper, 
instead they take a black marker and redact just the pieces that need to 
be removed.

I'm afraid that the infinite wisdom of politicians will say that the 
entire paper needs to be shredded.

I think it also significantly depends on what needs to be redacted. 
Removing "supercalifragilisticexpialidocious" is a LOT different than 
removing "Grant Taylor" from the Mailman-Users archive. 
"supercalifragilisticexpialidocious" would be like reference to an 
event.  "Grant Taylor" would be any mention of my (or an impostor's) name.

The former is likely MUCH simpler to do than the latter.  The latter 
will also impact MANY more messages.

> What worries me more is the implications for blockchain, or more 
> precisely, DAG-based VCSes that use hashes for integrity check like git: 
> the identity of commits will change if authors and emails are redacted, 
> including if a commit log refers to PII of a bug reporter as they often 
> do.  I guess you'd need to maintain an index of pointers from old commit 
> ids, or at least for branches and tags (we do have the reflog in git).

I don't want to try to work that out.

> And heaven help you if you're a security conscious group like the Linux 
> kernel and use signed commits.  I guess the person who does the redaction 
> would sign the new commits, but that's pretty yucky -- that person could 
> do anything and nobody would know when it happened because you have to 
> delete the old commits and blobs that get redacted.

Yep.

> As I understand the "right to be forgotten", it's *not* a right to 
> arbitrarily edit content stored by someone else, it's the right to redact 
> *all* PII in that content.

Agreed.

In this case, I don't think that supercalifragilisticexpialidocious 
qualifies under GDPR's right to be forgotten.  }:-)

> It's not just messages from a person, it's headers containing their name 
> and email address, attribution lines for quoted material, quoted .sigs, 
> etc etc.

Agreed.

What about headers containing message ID from an uncommon / single user 
domain like mine?  I'd say that anything that can be used to identify 
less than a group of 1000 people would probably need to be redacted.  (I 
just chose 1000 arbitrarily, but it's a starting point.)

> You're missing
> 
> 0)  Randos accessing public archives.

What other modes have we collectively missed?

> For (0), the only logging would be IP addresses in the webserver.

True.

> No.  The accessing IPs will be in the webserver logs, but I don't think 
> there is any logging in either Mailman 2 or Mailman 3 of authentication 
> data.  All there would be is the implication that authentication was 
> successful if that data were accessed.

Okay.

I wonder if there's any correlation between the IP that authenticated 
and the IP that accessed data.

> In Mailman 2 there's no PII data whatsoever except for email address 
> and (maybe) display name in the subscriber data.

I expect that either of those, the email address -or- the display name 
are enough to count as PII.

I believe it's fair to say that people expect gtaylor (at) 
tnetconsulting (dot) net to reference a single person.  I also believe 
it's fair to say that most people expect most email addresses to 
identify be associated with one person.  The only exceptions to the rule 
being things like positional addresses; sales@ or info@ or webmaster at .

> I suppose you could put phone #s and junk like that in the display name, 
> but GDPR is more concerned with the database fields that might store 
> PII than the actual content.

1)  I'd consider the phone numbers in the display name to be a form of 
display name.
2)  *sigh*  It sounds like GDPR is talking about specific fields that 
could contain PII, even if they don't, while ignoring other fields that 
erroneously do contain PII.

> However, in Mailman 2 the various list passwords are shared, and would 
> not identify individuals in cases with multiple moderators or list owners.

IMHO that's an operational mis-step.  I get that it does happen.  But I 
think that it shouldn't.  People tend to share root password on unix 
too, despite multiple other options where it's not needed.

> Indeed.  The problem is identifying them if they do, since they can 
> just use normal filesystem operations from the shell, which are not 
> normally logged at all.

Where I've worked, it was assumed that if you had an ID on the box and 
file system level permission to access things then you effectively had 
accessed it.  ?  If you can't prove that they didn't access the data, 
then you assume that they did access the data.

> In Mailman 3, we can configure databases like PostgreSQL, which I suppose 
> can log access to the subscriber databases, and which make it hard 
> (but not impossible) to access data via ordinary filesystem operations.

Having an RDBMS (et al) manage the files doesn't prevent file level 
access.  I can very likely still copy the DB file(s) and do my own thing 
with them to extract the data.

This is where (and why) DB encryption comes into play.  Though, if a 
rogue admin has access to the decryption key through any method.  (This 
includes extracting it out of memory.)  }:-)

> However, I think that the issue here is basically moot.  You keep host 
> access logs to check for suspicious IP addresses (attempting to) log 
> in, and otherwise (for #2 and #3) you just give the list of all the 
> people who can access that data in the normal course of their duties.

Yep.

> I don't think the issue with logging is pinning down a particular access 
> to specific data, but rather determining who *could* access that data.

Yep. Yep.

> The relevant access might have been by a long-since fired engineer who 
> did a Snowden on your database.  How could you possibly know?

Yep. Yep. Yep.

> I don't understand the "exclude third party site hosters".  The GDPR 
> requirement is not to *limit* access, it's to *log* access.

I was trying to imply that companies would need to host their own list 
servers.  Meaning that they couldn't outsource it to 3rd party 
companies, whom have their own host system administrators.

> I'm pretty sure they're referring to CRM-type databases where you track 
> customer interactions over time, linked by PII, and build up a profile. 
> One-off "for sale" posts wouldn't matter.  However, if this were a common 
> activity on the list, the *archives* might qualify as such a database.

~chuckle~

How many grains of sand does it take to make a pile?

IMHO none.  You just have to declare the pile's location.

> Sure, the point is to make it difficult for 3rd parties to discover 
> that history ex post.

Okay.  I want to make sure I'm understanding you correctly.  (Part of) 
GDPR is not about (just) knowing who has (had at the time) legitimate 
access to data, but additionally making it more difficult for other 3rd 
parties to gain access to the data in the future.  By the fact that the 
data is removed from the corpus that the 3rd party is subsequently given 
access to.

> I don't think the legislators envisioned people invoking these rights 
> frivolously or maliciously (though I do :-/).

Agreed.

> Backups would need to be redacted as well, I suppose.

Um... that also presents a severe technical problem.  One that could 
impose large operational expenses.  Suppose a company contracts to store 
their backup tapes off sight.  This means that they would need to recall 
the tapes that need to be redacted, do so, send the tapes back to the 
offsite storage.  This may involve an additional company that is simply 
the courier.  Let's not forget about the off site companies handling 
fees and the courier's fees.  Both ways for each tape.  Let's also throw 
company policies in place that dictate that only X number of drives can 
be in transit or recalled at one time.  That's a logistical nightmare, 
could take more than a trivial amount of time to complete, and untold 
cost.  Ouch!

> I have no idea what you mean by "ongoing discovery".

Ah.

Let's say that Wile E. Coyote decides to sue Acme because of their bad 
products.  As soon as the lawsuit is initiated, chances are very good 
that Acme's lawyers will 1) tell them to destroy all records or 2) tell 
Acme's IT staff that they can no longer rotate out any backups that may 
contain data pertinent to the lawsuit.  This is to facilitate the legal 
process of discovering evidence to be used in the case.  (Either way, 
for or against, Mr. Coyote, doesn't matter.)

I frequently hear about this referred to as one of two things 
"Litigation Hold" or "(Electronic) Discovery".  Discovery being the more 
common term and applies to more than just electronics.

> Not Mailman host's problem, assuming all subscribers have properly been 
> opted in and are allowed to opt out at will, as is normally the case.

What about that pesky time where the moderator hasn't approved the 
unsubscribe request.  (I think I remember seeing that option in Mailman.)

> Distributing content downstream is the purpose of the software, and 
> subscribers are aware of that.  The only edge cases I can imagine offhand 
> is the one discussed elsewhere in the thread, where a subscriber posts a 
> third party's information without permission, and possibly an open-post 
> list where the poster doesn't realize that it's open subscription/public 
> archives/whatever.

I think you misinterpreted what I was referring to.  Or I'm 
misinterpreting your reply.

I'm talking about 3rd party spam filtering services that are in the path 
between, downstream in between Mailman and the recipient's server.  They 
collect logs / data all the time.  Usually those logs and that data are 
what help them be better at their job of spam filtering.

> Not Mailman host's problem.

Okay.

> Sure, but you probably won't like what the courts consider reasonable.

"reasonable" is always subject to deliberation.

Lawyers get payed to tell a judge that "It will cost $Company $50,000 
dollars to recover the messages that $Plaintiff is requesting from 
$Defendant as part of their sunshine law request.  Here's why:

1)  We don't have a server that we can use so we must buy a low end 
machine.  (Legit, when there is only one mail server and the business 
can't be without mail for days / weeks.)
2)  We need another tape drive to do the restores.
3)  It will take $X number of (wo)man hours at $Y dollars per hour.
4)  We, $Defendant's lawyers must go through the emails at $YYYYY 
dollars per hour to make sure there's nothing given out that's outside 
of the sunshine law request.
5)  You just expanded the scope of your discovery?  Well, now we need to 
increase #1 and #2 to go through the last 5 years of things in the next 
three weeks.  Also #3 and #4.  }:-)

So ? the total bill for your sunshine request comes to just over 
$50,000.  Are you willing to pay that bill to get an answer to your 
question via a sunshine law request?

Aside:  A sunshine law request is a request from a citizen to a 
governmental body for data that was arguably payed for by tax funding 
and on behalf of citizens, thus the citizen effectively owns the data in 
a round about way.  ?  I don't know how wide spread that is.

> You lock up the backups offline unless and until the court asks for them 
> or you actually need to restore.  That reasonably addresses the privacy 
> issue itself, and you're covered by the "essential to business purpose" 
> clause for the duration of the court order.

6)  We have to buy additional tapes to replace the tapes that are on 
Lit' Hold.
7)  We have to pay for more storage to accommodate #6.  (Or we have to 
pay someone to house the tapes in a secure manner.)

I digress.



-- 
Grant. . . .
unix || die

From gtaylor at tnetconsulting.net  Tue May 22 23:08:17 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Tue, 22 May 2018 21:08:17 -0600
Subject: [Mailman-Users] GDPR
In-Reply-To: <23300.51180.425638.496130@turnbull.sk.tsukuba.ac.jp>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
 <1526338845.1079.49.camel@16bits.net>
 <23300.51180.425638.496130@turnbull.sk.tsukuba.ac.jp>
Message-ID: <d2c67882-501f-4a80-e584-10963c0065ef@spamtrap.tnetconsulting.net>

On 05/22/2018 07:46 PM, Stephen J. Turnbull wrote:
> Many posts will include their names in CCs, especially on lists that 
> munge Reply-To.

Don't forget the munged reply.  }:-)

> Some of these may be hidden (eg, Reply-To is normally not displayed; 
> I don't know offhand if it's in the mbox files).

Yes, Reply-To: is a standard header and included in mbox files.

> However, I think that what that clause means is not "all data items 
> that mention you," but rather "what personally identifying information 
> (PII) is stored," ie, name, email, postal address (.sig!), phone number 
> (.sig!), blog and other website URLs, etc.  The right to be forgotten 
> would imply at least redacting *all* instances of such PII.

Agreed.

> If the archives are private, this is seriously problematic if it provides 
> access to nonsubscribers who "are afraid" they were mentioned.  Do you 
> really want a stalker trawling through your private lists just because 
> somebody "might" have called him out by name?

Yep.  There are all sorts of implications here.

> What "disproportionate" means will have to be decided by courts or 
> further legislation (I'm not familiar with how this works in the EU). 
> I suspect that a sed script redacting name, nickname, email addresses, 
> SNS aliases, phone, postal address, and geographical address (perhaps 
> even as minimal as city) will be the bare minimum expected for mailing 
> list archives to the extent that they are covered by GDPR.

The technical implications of that in and of itself astound.

What if part of the data is wrapped across lines?  What if it's quoted 
printable encoded with =20 breaking sed scripts trying to deal with line 
breaks?  What if it's base 64 encoded?  What if it's hosted on an 
Exchange server (or something else that uses as massive SIS type DB)?

... trying to think about ways to do this ...
...
... failing ...
...
... giving up

Nope.  I want to NOT go there.

> This could easily be thousands of posts in a long-running mailing list. 
> Really, you'd want it done in bulk, using sed on an mbox or SQL on a 
> database, rather than URL by URL in the HTML.

Wasn't it the owner of Lavabit that gave the master decryption key to 
the courts in tiny font printed on hundreds of pages of paper?  ?  He 
complied with the court order, but did not make it easy.

> Consider the example provided later in the thread of a private email 
> forwarded to the list by a subscriber.  Through no action of their 
> own, the private mail's author's PII was distributed over dozens (and 
> in really extreme cases it could be 100s) of posts in a long thread.

Or if it's Gmail (or the likes) where the messages being replied to are 
hidden and perpetually added to in each reply.  *HEAVYsigh*

> Anyway, as pointed out above, I'm pretty sure GDPR envisions *all* 
> instances of PII being redacted.

It's my (mis)understanding that it's the right for $individual to be 
forgotten, which means anything and /everything/ that identifies them. 
Emphasis on "everything".

> Because if it turns out later that that PII was found in your archives, 
> you will definitely be considered guilty of negligence or worse.  You 
> really cannot expect either users who want their PII redacted or courts 
> to be at all sympathetic to the mailing list managers on this point.

I mostly agree.

I think there is some small room for good faith effort.  I.e. we found 
and removed 10,000 instances of $plaintiff's PII.  We're sorry for 9 
that we missed.  We've removed them and contracted with 
$external3rdparty to see if we missed anything.

> The proverb, "the law is an ass", applies.  But that doesn't mean people 
> of ill-will can't abuse it, and people in a panic (eg, stalking victims) 
> may not care about your problems when they are literally at risk of 
> being murdered if found out.

I would hope there is some small room....

> GDPR is not reasonable for mailing list operators who maintain archives, 
> period.  The problem is not the intent of lawmakers, who mostly are 
> horrified by the abuses that hackers have made of private information 
> leaked from various databases, and want to address those problems as 
> well as stalkers of various types.

I agree that it's black hat hackers that do a lot of the exfiltration. 
But I think it's more the B2B selling of information that causes more 
concern (to me) than what hackers do with it.

I think we've seen enough breaches here in the US (I'm not up on the 
rest of the world) where little if anything makes the news about what is 
done with our the outcome there of the leaked information.

I've heard more about businesses using contact info for marketing.

I follow someone on Twitter who was complaining about Yubico and Linode 
because they used his information from business consumer / contractual 
information for pure marketing purposes.  ?  IMHO that's a breach of 
intended use of the information.  ?  That being said, it's within the 
CAN-SPAM Act in that there is an established business relationship.

> The problem is that people who would use such querying and redaction 
> facilities are likely to be in an "unreasonable" state of mind, as 
> described above.

I would hope that the cogs of the legal machine and it's process would 
help slow some of that down.  I also hope that there would be protection 
for people that feel they are in immediate danger while said cogs, 
mechanisms, and processes work.

> Unless we somehow have a blanket exemption, or "click-wrap" "I waive my 
> GDPR rights with respect to posts to this list" Subscriber Agreements are 
> deemed valid, I half-expect GDPR will kill volunteer- maintained mailing 
> lists in Europe, and likely get Europeans banned from lists elsewhere.

I can't reasonably say that you're wrong.

> I don't agree with the scams currently being promoted that ban 
> subscriptions or even commercial transactions simply because the IP 
> address is allocated to Europe.

Agreed.

I think multiple court cases here in the US have shown that an IP 
address is not PII.  It's a contributing piece of information, but it is 
not PII in and of itself.  (At least that's my understanding.)

> What does "verify" mean here?  The problematic address may have been 
> deleted or pwned, and not available to the person wanting redaction.

Technical complications.  :-D



-- 
Grant. . . .
unix || die

From jacques at lavignotte.org  Wed May 23 18:30:25 2018
From: jacques at lavignotte.org (Jacques)
Date: Thu, 24 May 2018 00:30:25 +0200
Subject: [Mailman-Users] Invite subscribers via command line.
Message-ID: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>

Hello,

Due to new rules and regulations I will have to massively INVITE 
subscribers.


I have some idea on how to (shell)script Subscribe (add_members (-r|-d) 
file list)

but I am afraid a -invite key does not exist (yet) to massively Invite 
subscribers.

Any chance to get this feature ?

Thanks, Jacques


-- 
GnuPg : C8F5B1E3 WeUsePGP Because privacy matters http://weusepgp.info/

From mark at msapiro.net  Wed May 23 22:40:24 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Wed, 23 May 2018 19:40:24 -0700
Subject: [Mailman-Users] Invite subscribers via command line.
In-Reply-To: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
Message-ID: <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>

On 05/23/2018 03:30 PM, Jacques wrote:
> Hello,
> 
> Due to new rules and regulations I will have to massively INVITE
> subscribers.
> 
> 
> I have some idea on how to (shell)script Subscribe (add_members (-r|-d)
> file list)
> 
> but I am afraid a -invite key does not exist (yet) to massively Invite
> subscribers.


For years on my own site, I have used a modified version of add_members
that does only invitation. It also removes some of the add_members
options. I don't recall why I didn't just add a -i/--invite option to
add_members at the time. Probably because this was going to be invoked
by a php script written/maintained by a not completely trusted person.

Anyway, I'll look at adding the option to add_members for the next release.

See (or subscribe to) <https://bugs.launchpad.net/mailman/+bug/1773064>
to track the progress.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jacques at lavignotte.org  Thu May 24 06:09:10 2018
From: jacques at lavignotte.org (Jacques)
Date: Thu, 24 May 2018 12:09:10 +0200
Subject: [Mailman-Users] Invite subscribers via command line.
In-Reply-To: <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
 <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
Message-ID: <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>



Le 24/05/2018 ? 04:40, Mark Sapiro a ?crit?:
> On 05/23/2018 03:30 PM, Jacques wrote:
>> Hello,
>>
>> Due to new rules and regulations I will have to massively INVITE
>> subscribers.


Thanks for the reply, Mark

> Anyway, I'll look at adding the option to add_members for the next release.
> 
> See (or subscribe to) <https://bugs.launchpad.net/mailman/+bug/1773064>
> to track the progress.

I see : Bug Description This is particularly important for *GDPR*.

That's *exactly* my concern.

Will look around and tell you about.

Jacques


-- 
GnuPg : C8F5B1E3 WeUsePGP Because privacy matters http://weusepgp.info/

From jimpop at domainmail.org  Thu May 24 11:40:36 2018
From: jimpop at domainmail.org (Jim Popovitch)
Date: Thu, 24 May 2018 11:40:36 -0400
Subject: [Mailman-Users] Probable bug in Bouncers/DSN.py
Message-ID: <1527176436.1336.1.camel@domainmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hello!

Given a bounce msg with a subpart of:


  message/delivery-status:
     Final-Recipient: rfc822;user at domain.tld
     Action: failed
     Status: 5.1.10
     Diagnostic-Code: smtp;550 5.1.10 RESOLVER.ADR.RecipientNotFound; 


and the code beginning at Bouncers/DSN.py:64

????????????params = []
????????????foundp = False
????????????for header
in ('original-recipient', 'final-recipient'):
????????????????for k, v
in msgblock.get_params([], header):
????????????????????if k.lower() ==
'rfc822':
????????????????????????foundp = True
????????????????????else:
????????????????????????params.append(k)
????????????????if foundp:
?????
???????????????# Note that params should already be unquoted.
??????????
??????????addrs.extend(params)
????????????????????break


It appears that "params" is never populated and thus the bounce score
is never incremented for the user.  ?

I was intending to release a patch for this but my dev system is
showing an odd python issue where once "k.lower()" is evaluated the
variable v is no longer available. O.o

- -Jim 
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsG3PUACgkQJxVetMRa
JwVnzA/+NJnsWa2bTEo689I7KsoIubwUlf6KPv1jIGU+98gKecOGFOlc9YAx6dU4
TiWPqkLG6oKYZti7Y/kjVxhmxKvj0Pb6xos8uJBqRikDKJQDbZjo+hVY1yR6zAL7
r1NIVc7BKsvTTQ+U4D4k4Y2D1WdOEGIYWdV0ds3SScc2eq6CM2nulI/YM7U32pdi
YB4FTxK51K+8OYK9tprJEtSDgTADPiYjOb/qUTM1Zxnsdx6NK+q6MCTzUFilrgl8
pWOoIrmdrMyytRMgNp40arK8LMbD406P9kmDpuSU9/kPkFE7T98uRuD1II24m7MZ
W8QtSPbmQDBWqKbu3/KmnC8OGiIO05KW9PHwt9fNWmqA/nSRbQ7tKZOkywRZIfQt
6RwJGqZnvRR5qk6ltIRNm/Cq3AQgGHD2m40m9ppSrGaeijtfNWfQnTnDCYB3P6d1
hnAxnDJ8UCxK3v4gQUeOf9xsfCaT5hss+vp6C1nZPfM7jupQWQxA4SjGH77Q47Wd
SkqZvOPZ0lVajBvFKoNlttdrvXjeDBRki1v5hFvuNSHSMBSJ+yySb0FMuC3aw+2y
KKZhKhwYJuoWMHMa6Lmhrtna/x1ywD1xvCg2m0J2mEM3biNFlwIHx7zewYbhn56j
wTtX9Ch8ozdKVGakmybxfo91xkbQvRpROpjwIslRWrbxAgbV6r8=
=z4V/
-----END PGP SIGNATURE-----

From jimpop at domainmail.org  Thu May 24 11:53:02 2018
From: jimpop at domainmail.org (Jim Popovitch)
Date: Thu, 24 May 2018 11:53:02 -0400
Subject: [Mailman-Users] Probable bug in Bouncers/DSN.py
In-Reply-To: <1527176436.1336.1.camel@domainmail.org>
References: <1527176436.1336.1.camel@domainmail.org>
Message-ID: <1527177182.1336.2.camel@domainmail.org>

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Argh!  This was intended for just Mark, not the whole list.  Sigh.

- -Jim P.

On Thu, 2018-05-24 at 11:40 -0400, Jim Popovitch via Mailman-Users
wrote:
> Hello!
> 
> Given a bounce msg with a subpart of:
> 
> 
> ? message/delivery-status:
> ?????Final-Recipient: rfc822;user at domain.tld
> ?????Action: failed
> ?????Status: 5.1.10
> ?????Diagnostic-Code: smtp;550 5.1.10
> RESOLVER.ADR.RecipientNotFound;?
> 
> 
> and the code beginning at Bouncers/DSN.py:64
> 
> ????????????params = []
> ????????????foundp = False
> ????????????for header
> in ('original-recipient', 'final-recipient'):
> ????????????????for k, v
> in msgblock.get_params([], header):
> ????????????????????if k.lower() ==
> 'rfc822':
> ????????????????????????foundp = True
> ????????????????????else:
> ????????????????????????params.append(k)
> ????????????????if foundp:
> ?????
> ???????????????# Note that params should already be unquoted.
> ??????????
> ??????????addrs.extend(params)
> ????????????????????break
> 
> 
> It appears that "params" is never populated and thus the bounce score
> is never incremented for the user.???
> 
> I was intending to release a patch for this but my dev system is
> showing an odd python issue where once "k.lower()" is evaluated the
> variable v is no longer available. O.o
> 
> -Jim?
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40pyth
> on.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/ji
> mpop%40domainmail.org
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCgAdFiEEPxwe8uYBnqxkbORSJxVetMRaJwUFAlsG394ACgkQJxVetMRa
JwU9EhAAqmjhVZQl4go2sEfSzcWSqT+DYbqoaotJG3Z7Yl723uPVlt/ybbsDvmSS
I2pv4v0dEVJalVxVq5cisqfxNw/vd33o4Qju7pDPtBcahOWljbeNNvc6kWKqzBwc
IOJSuAGH8R5V4WAdNPmwZnwcSloomFavnoll2bvuPOgIMsaJzBPAG2Jq1dCgPhTG
loojPOlTcCJY2VUHgpwIPT1mKAdCc7MMHiewghRXRrlVkJRRcmSRrlSFwMbDxapZ
eQWC/mV8isS9WgYHBepjIBrTyVr1khIrS8jXsIMurHwYsoupveu0qv2qfNY0uOiY
ST062iunVtp9lb1uo7vSofbsEaZv8N0rFJgWw1JqdHN3nsZew+HTuc40n2iz5pob
MGKsULtUKAkOzf+V5shmk0RheI/dNNL/kw6cu9eI2OysS2Rb413UZR4QxARuv6rQ
i37bUDQ/cEQrdhKtwuiT+mtZU70vQCDfsxcvSZX2ITr8D+7c0Dw9wUtIv7Ofop13
nLDHXJ2psBUDV3Ui3kpjazbDEhS/3LAOFuD/o2f97boOcXuEI2Ub4KZ7JO40pPzM
qZLHcdXt1W8BMToYJnORUewyHbQkwgzlN1UvzYQD0jn9xttNTGohJhae9fSQ0fdJ
RXXOooLt/OhGYoeGyLaQIi0jxJEQoJUiRs3OlxLp5I9ba5WEfa0=
=iWpM
-----END PGP SIGNATURE-----


From Jeffrey.Westgate at arkansas.gov  Thu May 24 15:19:46 2018
From: Jeffrey.Westgate at arkansas.gov (Jeffrey Westgate)
Date: Thu, 24 May 2018 19:19:46 +0000
Subject: [Mailman-Users] analytics tool for mailman?
Message-ID: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>

I have a list-owner asking if there is a way for us to provide him " list analytics like number of posts over time, new members over time, etc? "  

I don' know of any, or how that would even work.... except for a horrible stroll through the archive...

anybody got any tools that do analytics?



--
Jeff Westgate
DIS UNIX/Linux System Administrator




________________________________________
From: Mailman-Users [mailman-users-bounces+jeffrey.westgate=arkansas.gov at python.org] on behalf of mailman-users-request at python.org [mailman-users-request at python.org]
Sent: Thursday, May 24, 2018 11:00 AM
To: mailman-users at python.org
Subject: Mailman-Users Digest, Vol 171, Issue 26

Send Mailman-Users mailing list submissions to
        mailman-users at python.org

To subscribe or unsubscribe via the World Wide Web, visit
        https://mail.python.org/mailman/listinfo/mailman-users
or, via email, send a message with subject or body 'help' to
        mailman-users-request at python.org

You can reach the person managing the list at
        mailman-users-owner at python.org

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Mailman-Users digest..."

From mark at msapiro.net  Thu May 24 16:06:42 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 24 May 2018 13:06:42 -0700
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>
References: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>
Message-ID: <6cb542ca-0a7a-bf59-c412-1de1bb479729@msapiro.net>

On 05/24/2018 12:19 PM, Jeffrey Westgate wrote:
> 
> anybody got any tools that do analytics?


See the mmdsr script in the contrib directory of the Mailman 2.1 source
distribution.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jhs at berklix.com  Thu May 24 17:06:31 2018
From: jhs at berklix.com (Julian H. Stacey)
Date: Thu, 24 May 2018 23:06:31 +0200
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: Your message "Thu, 24 May 2018 19:19:46 -0000."
 <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>
Message-ID: <201805242106.w4OL6VsA007156@fire.js.berklix.net>

Jeffrey Westgate wrote:
> I have a list-owner asking if there is a way for us to provide him " list analytics like number of posts over time, new members over time, etc? "  
> 
> I don' know of any, or how that would even work.... except for a horrible stroll through the archive...
> 
> anybody got any tools that do analytics?

I'd suggest delay & care in answering/ offering some mail list owner
who just now wants extra analytics from Mailman, real bad timing !

GDPR law hits Europe in 1 hour if CET or 2 maybe in BST, & 
Many people in major through tiny companies & orgs (way beyond
a few of us Mailman admins) are freaking about that, & that law
was [presumably] triggered by misuse of analytics.

IMO (I'm not a Mailman developer), developers can of course
choose what they spend their free time on, but ...

Rather than spending time considering extra analytics capabilities,
right now I think list admins in Europe but maybe beyond too, seeing
trouble coming, might more appreciate tools / docs / scripts /
HowTos whatever, that might make it easier to deal with GDPR demands
to manipulate lists & archives (eg in scenarios others have already
exemplified).

Cheers,
Julian
-- 
Julian Stacey, Computer Consultant, Systems Engineer, BSD Linux Unix, Munich
 Brexit Referendum stole 3,700,000 votes, inc. 700,000 from British in EU.
 UK Govt. lied it's "democratic" in Article 50 letter to EU paragraph 3.
 		Petition for votes: http://berklix.eu/queen/

From jacques at lavignotte.org  Fri May 25 06:55:34 2018
From: jacques at lavignotte.org (Jacques)
Date: Fri, 25 May 2018 12:55:34 +0200
Subject: [Mailman-Users] Invite text Was: Invite subscribers via command
 line.
In-Reply-To: <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
 <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
 <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>
Message-ID: <1b7bc245-f78e-1e55-7c0a-a7f506fc6dec@lavignotte.org>

Hi

I am twiking

the /usr/share/mailman/fr/invite.txt file

with mentions to GDPR

but the changes are not reflected on the message received by the 
subscribers.

I restarted Mailman.

Sure I am missing something.

Any help ?


Jacques
-- 
GnuPg : C8F5B1E3 WeUsePGP Because privacy matters http://weusepgp.info/

From jacques at lavignotte.org  Fri May 25 10:11:45 2018
From: jacques at lavignotte.org (Jacques)
Date: Fri, 25 May 2018 16:11:45 +0200
Subject: [Mailman-Users] Invite text Was: Invite subscribers via command
 line.
In-Reply-To: <1b7bc245-f78e-1e55-7c0a-a7f506fc6dec@lavignotte.org>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
 <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
 <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>
 <1b7bc245-f78e-1e55-7c0a-a7f506fc6dec@lavignotte.org>
Message-ID: <2837055b-0280-758f-7319-ddb6ade059c1@lavignotte.org>

Replying-To-MySelf :

/etc/mailman/fr/invite.txt



Le 25/05/2018 ? 12:55, Jacques a ?crit?:
> Hi
> 
> I am twiking
> 
> the /usr/share/mailman/fr/invite.txt file
> 
> with mentions to GDPR
> 
> but the changes are not reflected on the message received by the 
> subscribers.
> 
> I restarted Mailman.
> 
> Sure I am missing something.
> 
> Any help ?
> 
> 
> Jacques

-- 
GnuPg : C8F5B1E3 WeUsePGP Because privacy matters http://weusepgp.info/

From mark at msapiro.net  Fri May 25 11:58:09 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 25 May 2018 08:58:09 -0700
Subject: [Mailman-Users] Invite text Was: Invite subscribers via command
 line.
In-Reply-To: <2837055b-0280-758f-7319-ddb6ade059c1@lavignotte.org>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
 <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
 <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>
 <1b7bc245-f78e-1e55-7c0a-a7f506fc6dec@lavignotte.org>
 <2837055b-0280-758f-7319-ddb6ade059c1@lavignotte.org>
Message-ID: <d65f6320-bc3d-e94e-6f22-f8a51a31e43e@msapiro.net>

On 05/25/2018 07:11 AM, Jacques wrote:
> Replying-To-MySelf :
> 
> /etc/mailman/fr/invite.txt


I don't understand. Are you saying that editing
/usr/share/mailman/fr/invite.txt was inneffective but editing
/etc/mailman/fr/invite.txt was effective?

In any case, The wiki page at <https://wiki.list.org/x/4030605>
discusses the search rules and locations of templates in our Mailman
distribution. It appears you are working with a downstream package that
puts things in different places, possibly symlinking to/from other
places. Please see the page at <https://wiki.list.org/x/12812344>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From tlhackque at yahoo.com  Fri May 25 12:50:57 2018
From: tlhackque at yahoo.com (tlhackque)
Date: Fri, 25 May 2018 12:50:57 -0400
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: <201805242106.w4OL6VsA007156@fire.js.berklix.net>
References: <201805242106.w4OL6VsA007156@fire.js.berklix.net>
Message-ID: <f6eb2364-5a46-011c-5e23-8bda22894d27@yahoo.com>

On 24-May-18 17:06, Julian H. Stacey wrote:
> who just now wants extra analytics from Mailman, real bad timing !
> GDPR law hits Europe in 1 hour if CET or 2 maybe in BST, & 
> Many people in major through tiny companies & orgs (way beyond
> a few of us Mailman admins) are freaking about that, & that law
> was [presumably] triggered by misuse of analytics.
>
I hesitate to get into the GPDR discussion, as I have no qualifications
(and little interest) in that area.

However, GitLab's recent missives on the subject reference their new
terms of service, which

include the following snippets that may be of interest:

As part of my voluntary contribution to any GitLab code base, I
acknowledge and agree that my name and email address will become
embedded and part of the repository, which may be publicly available. I
understand the removal of this information would be impermissibly
destructive to the project and the interests of all those who
contribute, utilize, and benefit from it. Therefore, in consideration of
my participation in any project, I hereby waive any right to request any
erasure, removal, or rectification of this information under any
applicable privacy or other law and acknowledge and understand that
providing this information is a requirement under the agreement to
contribute to the GitLab project.

Please note that due to the open source nature of our products,
services, and community, we may retain limited personally-identifiable
information indefinitely. For example, if you provide your information
in connection with a blog post or comment, we may display that
information even if you have deleted your account as we do not
automatically delete community posts. Also, as described in our Terms of
Use, if you contribute to a GitLab project and provide your personal
information in connection with that contribution, that information
(including your name) will be embedded and publicly displayed with your
contribution and we will not be able to delete or erase it because doing
so would break the project code.

See https://about.gitlab.com/terms/ and https://about.gitlab.com/privacy/

I have no opinion on the wisdom or bases of GitLab's position.? As
mailing lists share some characteristics with their services, those who
have to deal with GPDR may wish to consider it in developing their own.



From cmupythia at cmu.edu  Fri May 25 14:45:24 2018
From: cmupythia at cmu.edu (Gretchen R Beck)
Date: Fri, 25 May 2018 18:45:24 +0000
Subject: [Mailman-Users] Subscription via email
Message-ID: <7de3918df44b4575b57cef4fa1de1b1c@cmu.edu>

Is it possible to subscribe members to a list via email (for the admin to send an email with one or more addresses to subscribe to a list -- similar to the mass subscription page)?


Gretchen Beck

Carnegie Mellon

From Jeffrey.Westgate at arkansas.gov  Fri May 25 15:33:01 2018
From: Jeffrey.Westgate at arkansas.gov (Jeffrey Westgate)
Date: Fri, 25 May 2018 19:33:01 +0000
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: <6cb542ca-0a7a-bf59-c412-1de1bb479729@msapiro.net>
References: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>,
 <6cb542ca-0a7a-bf59-c412-1de1bb479729@msapiro.net>
Message-ID: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F67011@UA-SAS-MBX-07.sas.arkgov.net>

That's a nice tool.  got it, installed it, got it set for cron.  Won't really get what was asked for, but, hey - we like it, even if it doesn't meet the customer's requirements.

thank you.

________________________________________
From: Mark Sapiro [mark at msapiro.net]
Sent: Thursday, May 24, 2018 3:06 PM
To: mailman-users at python.org
Subject: Re: [Mailman-Users] analytics tool for mailman?

On 05/24/2018 12:19 PM, Jeffrey Westgate wrote:
>
> anybody got any tools that do analytics?


See the mmdsr script in the contrib directory of the Mailman 2.1 source
distribution.

--
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan


From mark at msapiro.net  Fri May 25 16:14:01 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Fri, 25 May 2018 13:14:01 -0700
Subject: [Mailman-Users] Subscription via email
In-Reply-To: <7de3918df44b4575b57cef4fa1de1b1c@cmu.edu>
References: <7de3918df44b4575b57cef4fa1de1b1c@cmu.edu>
Message-ID: <d6610a85-9e81-b887-7809-a83cff3d1fd4@msapiro.net>

On 05/25/2018 11:45 AM, Gretchen R Beck wrote:
> Is it possible to subscribe members to a list via email (for the admin to send an email with one or more addresses to subscribe to a list -- similar to the mass subscription page)?


Not really.

The admin or anyone can send an email to the -request address with a
list of commands like

subscribe address=someuser at example.com
subscribe address=otheruser at example.com
...

but depending on the list's subscribe_policy this will normally result
in confirmation requests sent to the users and/or subscriptions held for
moderator approval.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From jacques at lavignotte.org  Fri May 25 16:18:18 2018
From: jacques at lavignotte.org (Jacques)
Date: Fri, 25 May 2018 22:18:18 +0200
Subject: [Mailman-Users] Invite text Was: Invite subscribers via command
 line.
In-Reply-To: <d65f6320-bc3d-e94e-6f22-f8a51a31e43e@msapiro.net>
References: <dea00d58-d252-bf9f-2ae4-fc0c17b0b7ce@lavignotte.org>
 <550bf055-27b4-ed05-65fd-c7d8b80cab32@msapiro.net>
 <95d1ae0a-0f09-24b0-35b0-8f3adb424141@lavignotte.org>
 <1b7bc245-f78e-1e55-7c0a-a7f506fc6dec@lavignotte.org>
 <2837055b-0280-758f-7319-ddb6ade059c1@lavignotte.org>
 <d65f6320-bc3d-e94e-6f22-f8a51a31e43e@msapiro.net>
Message-ID: <80a21ae8-26f5-bb1d-09aa-79b8fe0e0738@lavignotte.org>



Le 25/05/2018 ? 17:58, Mark Sapiro a ?crit?:
> On 05/25/2018 07:11 AM, Jacques wrote:
>> Replying-To-MySelf :

>> /etc/mailman/fr/invite.txt

> I don't understand. Are you saying that editing
> /usr/share/mailman/fr/invite.txt was inneffective but editing
> /etc/mailman/fr/invite.txt was effective?

I do.

>  It appears you are working with a downstream package that
> puts things in different places,

Debian 8 Mailman 2.1.18-2+deb8u2

Forget it, we have plans for an upgrade upto Debian 9 these days.

Jacques
-- 
GnuPg : C8F5B1E3 WeUsePGP Because privacy matters http://weusepgp.info/

From odhiambo at gmail.com  Sat May 26 04:32:53 2018
From: odhiambo at gmail.com (Odhiambo Washington)
Date: Sat, 26 May 2018 11:32:53 +0300
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>
References: <A36B14FA9AA67F4E836C0EE59DEA89C401A8F55F3C@CM-SAS-MBX-07.sas.arkgov.net>
Message-ID: <CAAdA2WNcWEVdYNwwbtunAJ4pKE23W5xPz+SPfN9jsRi2VyRaRg@mail.gmail.com>

On 24 May 2018 at 22:19, Jeffrey Westgate <Jeffrey.Westgate at arkansas.gov>
wrote:

> I have a list-owner asking if there is a way for us to provide him " list
> analytics like number of posts over time, new members over time, etc? "
>
> I don' know of any, or how that would even work.... except for a horrible
> stroll through the archive...
>
> anybody got any tools that do analytics?
>
>
>
> --
> Jeff Westgate
> DIS UNIX/Linux System Administrator
>

I used mail-trends to visualize posts from one of the lists I run. It's
here -> https://github.com/jpbarraca/mail-trends

-- 
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft."

From enseikou at gmail.com  Sat May 26 13:13:48 2018
From: enseikou at gmail.com (=?UTF-8?Q?Rub=c3=a9n_Fern=c3=a1ndez_Asensio?=)
Date: Sat, 26 May 2018 19:13:48 +0200
Subject: [Mailman-Users] Duplicate command results
Message-ID: <3460dd61-94a3-df75-acef-6bea410c1ac7@gmail.com>


Hello all,
It's a tiny issue but really nags me.
When a user sends a command to the request address (so far I've tried 
'help' and 'set help') the reply shows the command's results twice, 
repeated within the same message.
How could I fix this?

From mark at msapiro.net  Sat May 26 15:27:32 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Sat, 26 May 2018 12:27:32 -0700
Subject: [Mailman-Users] Duplicate command results
In-Reply-To: <3460dd61-94a3-df75-acef-6bea410c1ac7@gmail.com>
References: <3460dd61-94a3-df75-acef-6bea410c1ac7@gmail.com>
Message-ID: <e897deb7-701a-aa9e-9395-a597201ea631@msapiro.net>

On 05/26/2018 10:13 AM, Rub?n Fern?ndez Asensio wrote:
> 
> Hello all,
> It's a tiny issue but really nags me.
> When a user sends a command to the request address (so far I've tried
> 'help' and 'set help') the reply shows the command's results twice,
> repeated within the same message.
> How could I fix this?


If you are including the command in both the Subject: and the body, that
is why. If the Subject: contains a valid command, it will be executed.
Thus a message with 'Subject: help' and 'help' in the body contains two
help commands so the command is executed twice.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From nikos at qbit.gr  Tue May 29 09:49:13 2018
From: nikos at qbit.gr (nikos)
Date: Tue, 29 May 2018 16:49:13 +0300
Subject: [Mailman-Users] Unsubscribe link
Message-ID: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>

   Hello list.

   Is possible to insert somehow a unsubscribe link inside the message
   instead in footer?

   After many tries I manage to put a direct link in footer, setting Full
   Personalization ON first. The problem is that Outlook attach footer and
   most users ignore it. So it could be useful to putt a link inside message.

   I use version 2.1.12 on Centos 6.

   Thank you in advance

From ishii at sraoss.co.jp  Tue May 29 10:20:07 2018
From: ishii at sraoss.co.jp (Tatsuo Ishii)
Date: Tue, 29 May 2018 23:20:07 +0900 (JST)
Subject: [Mailman-Users] "Freezing" mailing list
Message-ID: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>

Hi,

I would like to "freeze" an existing mailing list: I want to keep the
mailing list but I want no one newly subscribe the list. Can you
please anyone tell me how I can implement it?

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

From michaelof at rocketmail.com  Tue May 29 06:19:47 2018
From: michaelof at rocketmail.com (michaelof at rocketmail.com)
Date: Tue, 29 May 2018 12:19:47 +0200
Subject: [Mailman-Users] (2.1.26) Mailman CGI error!!! The Mailman CGI
 wrapper encountered a fatal error. This entry is being stored in your
 syslog: Cannot open wrapper configuration file: No such file or directory
Message-ID: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>

Hello to all,


first post to this mailing list, so first of all thank you very much to all who helped to make Mailman and it's
community reality!

I'm running mailman now for a while without issues. On my VPS, not a big installation, not many lists, just a few users
per list.

After upgrading the VPS to OpenSuse Leap 15.0, Mailman still 2.1.26, Apache from 2.4.23 to 2.4.33, Python from 2.7.13 to
2.7.14, I'm getting the error message in the subject of this mail when trying to access the mailman web pages on Apache.

All other Apache sites (non-Mailman, like TYPO3, Nextcloud, Roundcubemail, ...) / their Vhosts are running fine.

Relevant part of Apache's error_log:

[Tue May 29 11:46:07.135217 2018] [cgi:error] [pid 24758] [client (IPV6)] AH02811: script not found or unable to stat:
/usr/lib/mailman/cgi-bin/favicon.ico
[Tue May 29 11:46:07.486058 2018] [cgi:error] [pid 24758] [client (IPV6)] AH02811: script not found or unable to stat:
/usr/lib/mailman/cgi-bin/error
[Tue May 29 11:46:07.267081 2018] [cgi:error] [pid 25456] [client (IPV6)] AH02811: script not found or unable to stat:
/usr/lib/mailman/cgi-bin/favicon.ico
[Tue May 29 11:46:07.486381 2018] [cgi:error] [pid 25456] [client (IPV6)] AH02811: script not found or unable to stat:
/usr/lib/mailman/cgi-bin/error

--> which is true, but "favicon.ico" and "error" also haven't been existing on the fine running Mailman instance before
the OpenSuse upgrade, checked in server backups.

- I've compared (diff) Apache's config files (before and after the upgrade) file by file, most of them, esp. all direct
Mailman files, are untouched by the upgrade, others (general httpd) with smaller changes, which really shouldn't affect
Mailman.

- Got the hint from #httpd, that the error msg has nothing to to with apache itself. Tested to run e.g. "listinfo"
manually, same error:

vserver:/usr/lib/mailman/cgi-bin # ./listinfo
Content-type: text/html

<head>
<title>Mailman CGI error!!!</title>
</head><body>
<h1>Mailman CGI error!!!</h1>
The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
<pre>
Cannot open wrapper configuration file: No such file or directory</pre>


- In contrast the executables in /usr/lib/mailman/bin are working fine, tested with e.g. "version", "check_db",
"list_lists", all working as expected

- Also Mailman systemd unit seems to run fine:

vserver:~ # systemctl status mailman
? mailman.service - LSB: Starts the mailinglist manager Mailman
   Loaded: loaded (/etc/init.d/mailman; generated; vendor preset: disabled)
   Active: active (running) since Mon 2018-05-28 19:39:09 CEST; 16h ago
     Docs: man:systemd-sysv-generator(8)
    Tasks: 9 (limit: 629145)
   CGroup: /system.slice/mailman.service
           ??1946 /usr/bin/python /usr/lib/mailman/bin/mailmanctl --quiet --stale-lock-cleanup start
           ??1948 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s
           ??1949 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s
           ??1950 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s
           ??1951 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s

           ??1952 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s

           ??1953 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s

           ??1954 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s

           ??1955 /usr/bin/python /usr/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s



Mai 28 19:39:08 vserver systemd[1]: Starting LSB: Starts the mailinglist manager Mailman...

Mai 28 19:39:09 vserver mailman[1933]: Starting mailman..done

Mai 28 19:39:09 vserver systemd[1]: Started LSB: Starts the mailinglist manager Mailman.

- Vhost definition, unchanged:

<IfDefine SSL>
<IfDefine !NOSSL>


<VirtualHost *:443>

        ServerName mailman.domain.tld:443

        Include /etc/apache2/conf.d/mailman.conf


        DirectoryIndex listinfo
        ScriptAlias     /       /usr/lib/mailman/cgi-bin/


        #   SSL Engine Switch:
        #   Enable/Disable SSL for this virtual host.
        SSLEngine on

        <IfModule mod_headers.c>
              Header always set Strict-Transport-Security "max-age=15552000; preload"
        </IfModule>

</VirtualHost>

</IfDefine>
</IfDefine>


Stopping now with config files, avoiding getting this mail bigger and bigger :-)


As I'm completely running of of ideas now, I would be very happy about new ideas/hints what might be the problem, where
to continue searching for the issue.


Thanks in advance,
regards,
Michael




From luscheina at yahoo.de  Tue May 29 12:24:22 2018
From: luscheina at yahoo.de (Christian F Buser)
Date: Tue, 29 May 2018 18:24:22 +0200
Subject: [Mailman-Users] Unsubscribe link
In-Reply-To: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
References: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
Message-ID: <20180529182422953197.64620bdb@yahoo.de>

Hello nikos. On Tue, 29 May 2018 16:49:13 +0300, you wrote:

>    Is possible to insert somehow a unsubscribe link inside the message
>    instead in footer?
> 
>    After many tries I manage to put a direct link in footer, setting Full
>    Personalization ON first. The problem is that Outlook attach footer and
>    most users ignore it. So it could be useful to putt a link inside 
>    message.

I am not sure - but when I was young, I learnt that the standard separator for a footer in internet mail is "-- " (without the quotes, of course). 

Try changing that to - for example - "____________________" or "********************" and look how Outlook treats it then. 

Christian 

-- 
Christian F. Buser, Hohle Gasse 6, CH-5507 Mellingen (Switzerland)      
Hilfe fuer Strassenkinder in Ghana: http://www.chance-for-children.org

From specktator at totallynoob.com  Tue May 29 12:30:02 2018
From: specktator at totallynoob.com (specktator)
Date: Tue, 29 May 2018 19:30:02 +0300
Subject: [Mailman-Users] Unsubscribe link
In-Reply-To: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
References: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
Message-ID: <dff20e4e-d409-19ff-eca0-faa5423170cc@totallynoob.com>

Nick, I've tried that too. I don't think there's a way ... or at least I 
haven't found it yet


On 29/05/2018 04:49 ??, nikos wrote:
>     Hello list.
>
>     Is possible to insert somehow a unsubscribe link inside the message
>     instead in footer?
>
>     After many tries I manage to put a direct link in footer, setting Full
>     Personalization ON first. The problem is that Outlook attach footer and
>     most users ignore it. So it could be useful to putt a link inside message.
>
>     I use version 2.1.12 on Centos 6.
>
>     Thank you in advance
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/specktator%40totallynoob.com


From mark at tafn.org.uk  Tue May 29 12:32:17 2018
From: mark at tafn.org.uk (Mark T)
Date: Tue, 29 May 2018 17:32:17 +0100
Subject: [Mailman-Users] updating mailman
Message-ID: <40wKHt4pNNzFqtT@mail.python.org>

Hi can anyone give me easy instructions  to update mailman
Using the apt-get install process 
Also will  it keep all my mailing lists and members
Many thanks mark.

Tune in to the number one station on the web TAFN radio 
http://tafn.org.uk/listen
Or for our catch up service on demand http://www.tafn.org.uk/on-demand 
or for our upcoming weekly schedule 
http://www.tafn.org.uk/radio
part of the accessible friends network 
www.tafn.org.uk
Registered UK Charity: #1108043.
Sent from Windows 10 Mail.


From phils at caerllewys.net  Tue May 29 12:45:19 2018
From: phils at caerllewys.net (Phil Stracchino)
Date: Tue, 29 May 2018 12:45:19 -0400
Subject: [Mailman-Users] "Freezing" mailing list
In-Reply-To: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>
References: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>
Message-ID: <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>

On 05/29/18 10:20, Tatsuo Ishii wrote:
> Hi,
> 
> I would like to "freeze" an existing mailing list: I want to keep the
> mailing list but I want no one newly subscribe the list. Can you
> please anyone tell me how I can implement it?


You could set the list to require moderator approval for subscription,
then simply discard all subscription requests.




-- 
  Phil Stracchino
  Babylon Communications
  phils at caerllewys.net
  phil at co.ordinate.org
  Landline: +1.603.293.8485
  Mobile:   +1.603.998.6958

From mark at msapiro.net  Tue May 29 13:00:43 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 10:00:43 -0700
Subject: [Mailman-Users] "Freezing" mailing list
In-Reply-To: <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>
References: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>
 <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>
Message-ID: <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>

On 05/29/2018 09:45 AM, Phil Stracchino wrote:
> On 05/29/18 10:20, Tatsuo Ishii wrote:
>> Hi,
>>
>> I would like to "freeze" an existing mailing list: I want to keep the
>> mailing list but I want no one newly subscribe the list. Can you
>> please anyone tell me how I can implement it?
> 
> 
> You could set the list to require moderator approval for subscription,
> then simply discard all subscription requests.


Or you could put

^.

in the list's ban_list to ban any address containing at least one
character from subscribing.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 29 13:11:53 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 10:11:53 -0700
Subject: [Mailman-Users] Unsubscribe link
In-Reply-To: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
References: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
Message-ID: <862521f9-2175-a17e-ec0f-e31bf497c1c5@msapiro.net>

On 05/29/2018 06:49 AM, nikos wrote:
>    Hello list.
> 
>    Is possible to insert somehow a unsubscribe link inside the message
>    instead in footer?


There is no way short of modifying code to insert personalized
information in the body of a message.

There are ways to ensure the footer is appended to the message body
rather than added as a separate MIME part (attachment), but this
involves setting content filtering to reduce the message to a single
text/plain part or setting scrub_nondigest to Yes. See the wiki page at
<https://wiki.list.org/x/4030707> and the "(Details for
scrub_nondigest)" link on the admin Non-digest options page.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 29 13:37:08 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 10:37:08 -0700
Subject: [Mailman-Users] (2.1.26) Mailman CGI error!!! The Mailman CGI
 wrapper encountered a fatal error. This entry is being stored in your
 syslog: Cannot open wrapper configuration file: No such file or directory
In-Reply-To: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
References: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
Message-ID: <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>

On 05/29/2018 03:19 AM, michaelof--- via Mailman-Users wrote:
> 
> After upgrading the VPS to OpenSuse Leap 15.0, Mailman still 2.1.26, Apache from 2.4.23 to 2.4.33, Python from 2.7.13 to
> 2.7.14, I'm getting the error message in the subject of this mail when trying to access the mailman web pages on Apache.


Is there anything in Mailman's error log?


> - Got the hint from #httpd, that the error msg has nothing to to with apache itself. Tested to run e.g. "listinfo"
> manually, same error:
> 
> vserver:/usr/lib/mailman/cgi-bin # ./listinfo
> Content-type: text/html
> 
> <head>
> <title>Mailman CGI error!!!</title>
> </head><body>
> <h1>Mailman CGI error!!!</h1>
> The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
> <pre>
> Cannot open wrapper configuration file: No such file or directory</pre>


This comes from the various cgi-bin wrappers themselves when they
encounter a fatal error.

First of all, when trying to debug by running these from the command
line you have to run them as the web server user. I.e.,

sudo -u xxx ./listinfo

where xxx is the user the web server runs as. The issues that cause this
are GROUP_NAME_NOT_FOUND, GROUP_MISMATCH or failure to set the effective
GID.

If the wrapper was able to write Mailman's error log, the message there
should give details. If there's nothing in the error log, you might try
temporarily setting o+w in the log file to see if that allows writing
the message.

If the upgrade somehow changed the user:group that apaches runs as, that
would cause this.

If your Mailman is installed from source, you may need to rerun
configure with a different --with-cgi-gid option and make install. If
it's a Suse package, this is a Suse issue.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From futatuki at poem.co.jp  Tue May 29 13:19:27 2018
From: futatuki at poem.co.jp (Yasuhito FUTATSUKI)
Date: Wed, 30 May 2018 02:19:27 +0900
Subject: [Mailman-Users] "Freezing" mailing list
In-Reply-To: <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>
References: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>
 <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>
 <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>
Message-ID: <b9a434bb-ac51-0717-fdd8-13fd3b23bf26@poem.co.jp>

On 05/30/18 02:00, Mark Sapiro wrote:
> On 05/29/2018 09:45 AM, Phil Stracchino wrote:
>> On 05/29/18 10:20, Tatsuo Ishii wrote:
>>> Hi,
>>>
>>> I would like to "freeze" an existing mailing list: I want to keep the
>>> mailing list but I want no one newly subscribe the list. Can you
>>> please anyone tell me how I can implement it?
>>
>>
>> You could set the list to require moderator approval for subscription,
>> then simply discard all subscription requests.
> 
> 
> Or you could put
> 
> ^.
> 
> in the list's ban_list to ban any address containing at least one
> character from subscribing.

Please note, putting pattern to match all addresses, it also prevent
changing mail address to subscribe.

-- 

Yasuhito <futatuki at poem.co.jp>

From ishii at sraoss.co.jp  Tue May 29 13:53:57 2018
From: ishii at sraoss.co.jp (Tatsuo Ishii)
Date: Wed, 30 May 2018 02:53:57 +0900 (JST)
Subject: [Mailman-Users] "Freezing" mailing list
In-Reply-To: <b9a434bb-ac51-0717-fdd8-13fd3b23bf26@poem.co.jp>
References: <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>
 <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>
 <b9a434bb-ac51-0717-fdd8-13fd3b23bf26@poem.co.jp>
Message-ID: <20180530.025357.1717301333375036807.t-ishii@sraoss.co.jp>

>>> You could set the list to require moderator approval for subscription,
>>> then simply discard all subscription requests.

I have already done it. Problem is, I'm getting more and more
subscription requests from spammers these days.

>> Or you could put
>>^.
>>in the list's ban_list to ban any address containing at least one
>> character from subscribing.

Thanks. I will try this way.

> Please note, putting pattern to match all addresses, it also prevent
> changing mail address to subscribe.

Thanks for the caution.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

From suporte at aprendendolinux.com  Tue May 29 13:57:45 2018
From: suporte at aprendendolinux.com (Henrique Fagundes)
Date: Tue, 29 May 2018 14:57:45 -0300
Subject: [Mailman-Users] confirmation string is not working
Message-ID: <d8329642-8869-9373-6fa4-4830029dc51e@aprendendolinux.com>

Dear,

To give continuity to this topic that I found on the internet 
(https://mail.python.org/pipermail/mailman-users/2012-May/073367.html)

I also went through that.

I solved this problem by disabling https.
So that when redirecting from http to https occurred, the cache was lost.

Forgive me for any incorrect spelling. I am Brazilian and I have 
difficulties with English.

Regards,

Henrique Fagundes
suporte at aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
______________________________________________________________________
Participe do Grupo Aprendendo Linux
https://listas.aprendendolinux.com/listinfo/aprendendolinux

Ou envie um e-mail para:
aprendendolinux-subscribe at listas.aprendendolinux.com


From michaelof at rocketmail.com  Tue May 29 15:16:07 2018
From: michaelof at rocketmail.com (michaelof at rocketmail.com)
Date: Tue, 29 May 2018 21:16:07 +0200
Subject: [Mailman-Users] (2.1.26) Mailman CGI error!!! The Mailman CGI
 wrapper encountered a fatal error. This entry is being stored in your
 syslog: Cannot open wrapper configuration file: No such file or directory
In-Reply-To: <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>
References: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
 <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>
Message-ID: <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>

Mark,

thank you for answering so detailed!


Am 29.05.2018 um 19:37 schrieb Mark Sapiro:
> On 05/29/2018 03:19 AM, michaelof--- via Mailman-Users wrote:
>>
>> After upgrading the VPS to OpenSuse Leap 15.0, Mailman still 2.1.26, Apache from 2.4.23 to 2.4.33, Python from 2.7.13 to
>> 2.7.14, I'm getting the error message in the subject of this mail when trying to access the mailman web pages on Apache.
> 
> 
> Is there anything in Mailman's error log?

My Mailman has been talking to my Postfix, so (forgot where this was defined) uses also Postfix's log files. Postfix
errors on OpenSuse go to /var/log/mail.err.

Independent if I call via Browser / Apache or directly, or in the cgi-bin dir with ./listinfo as root, or with "su -u
mailman ./listinfo", result in mail.err is always the same added line:

2018-05-29T20:31:14.894893+02:00 vserver Mailman cgi-wrapper (listinfo): Cannot open wrapper configuration file: No such
file or directory

Means
a) that logging itself is possible but
b) log does not add any value for narrowing down the problem, at least not for me :-(

Maybe a silly question: for what (specific) "wrapper configuration file" mailman is searching for??

Any chance to get mailman's log more verbosive, temporarily?

I'm 100% sure for OpenSuse that as well apache (wwwrun/www) as mailman (mailman/mailman) haven't changed their username
and unix group for at least the last 3 centuries, in IT timing :-) I'm also sure (checked in backup) that the numeric
UIDs and GIDs haven't changed.

> 
> 
>> - Got the hint from #httpd, that the error msg has nothing to to with apache itself. Tested to run e.g. "listinfo"
>> manually, same error:
>>
>> vserver:/usr/lib/mailman/cgi-bin # ./listinfo
>> Content-type: text/html
>>
>> <head>
>> <title>Mailman CGI error!!!</title>
>> </head><body>
>> <h1>Mailman CGI error!!!</h1>
>> The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
>> <pre>
>> Cannot open wrapper configuration file: No such file or directory</pre>
> 
> 
> This comes from the various cgi-bin wrappers themselves when they
> encounter a fatal error.
> 
> First of all, when trying to debug by running these from the command
> line you have to run them as the web server user. I.e.,
> 
> sudo -u xxx ./listinfo

done, see above

> 
> where xxx is the user the web server runs as. The issues that cause this
> are GROUP_NAME_NOT_FOUND, GROUP_MISMATCH or failure to set the effective
> GID.
> 
> If the wrapper was able to write Mailman's error log, the message there
> should give details. If there's nothing in the error log, you might try
> temporarily setting o+w in the log file to see if that allows writing
> the message.

no (more) details in log except error msg, see above

> 
> If the upgrade somehow changed the user:group that apaches runs as, that
> would cause this.

For sure not changed, see above

> 
> If your Mailman is installed from source, you may need to rerun
> configure with a different --with-cgi-gid option and make install. If
> it's a Suse package, this is a Suse issue.
> 

no change in gid/uid, could open an OpenSuse Bugzilla issue, but not a real how to start / get the OpenSuse team
convinced that this is not an issue on my side/config or a mailman issue



From mark at msapiro.net  Tue May 29 16:07:36 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 13:07:36 -0700
Subject: [Mailman-Users] confirmation string is not working
In-Reply-To: <d8329642-8869-9373-6fa4-4830029dc51e@aprendendolinux.com>
References: <d8329642-8869-9373-6fa4-4830029dc51e@aprendendolinux.com>
Message-ID: <4f270330-5fa2-3bd1-48b9-ac5edf0c555c@msapiro.net>

On 5/29/18 10:57 AM, Henrique Fagundes wrote:
> 
> I solved this problem by disabling https.
> So that when redirecting from http to https occurred, the cache was lost.


If you want to require https, the proper way to fix this is discussed in
steps 2 and 3 at <https://wiki.list.org/x/17892007>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bryan at skiblack.com  Tue May 29 16:01:27 2018
From: bryan at skiblack.com (Bryan Blackwell)
Date: Tue, 29 May 2018 16:01:27 -0400
Subject: [Mailman-Users] Filtering messages with no subject
Message-ID: <4A368CAA-8D8E-4F63-B53B-52F0FCFF2F3C@skiblack.com>

Hi folks,

I'm having trouble with some spam using spoofed addresses getting through to my lists, they all seem to have no subject.  I don't see any obvious way to filter these, am I missing an option?  If not, has anyone implemented a filter to block these sorts of messages?

Thanks for any help,

--Bryan

--  Bryan Blackwell --
Unix Systems Engineer
bryan at skiblack.com




From mark at msapiro.net  Tue May 29 16:33:38 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 13:33:38 -0700
Subject: [Mailman-Users] Filtering messages with no subject
In-Reply-To: <4A368CAA-8D8E-4F63-B53B-52F0FCFF2F3C@skiblack.com>
References: <4A368CAA-8D8E-4F63-B53B-52F0FCFF2F3C@skiblack.com>
Message-ID: <8b141109-ae03-f88b-d608-4959637d7d0e@msapiro.net>

On 5/29/18 1:01 PM, Bryan Blackwell wrote:
> Hi folks,
> 
> I'm having trouble with some spam using spoofed addresses getting through to my lists, they all seem to have no subject.  I don't see any obvious way to filter these, am I missing an option?  If not, has anyone implemented a filter to block these sorts of messages?


Use header_filter_rules (on the admin Privacy options... -> Spam filters
page.

A regexp of

^subject:\s*(\(no subject\))?\s*$

will match messages with an empty Subject: header or literally '(no
subject)', but it's more complicated than that because the message may
have no Subject: header at all. To account for that you need three
rules. The first of these has the regexp above with an action of
discard. The second has the regexp

^subject:

and an action of accept to accept messages with Subject: headers that
didn't match the first rule, and the third has the regexp

^.*$

and action discard to discard all messages that got past the first two,
i.e. those with no Subject: header at all.

If you already have header_filter_rules, these three are added after the
others. Otherwise, they are the only rules.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From bryan at skiblack.com  Tue May 29 16:49:29 2018
From: bryan at skiblack.com (Bryan Blackwell)
Date: Tue, 29 May 2018 16:49:29 -0400
Subject: [Mailman-Users] Filtering messages with no subject
In-Reply-To: <8b141109-ae03-f88b-d608-4959637d7d0e@msapiro.net>
References: <4A368CAA-8D8E-4F63-B53B-52F0FCFF2F3C@skiblack.com>
 <8b141109-ae03-f88b-d608-4959637d7d0e@msapiro.net>
Message-ID: <45E97491-B363-4BDB-B48F-C94CAB61F130@skiblack.com>

On May 29, 2018, at 4:33 PM, Mark Sapiro <mark at msapiro.net> wrote:
> 
> Use header_filter_rules (on the admin Privacy options... -> Spam filters
> page.
> 
> A regexp of
> 
> ^subject:\s*(\(no subject\))?\s*$
> 
> will match messages with an empty Subject: header or literally '(no
> subject)', but it's more complicated than that because the message may
> have no Subject: header at all. To account for that you need three
> rules. The first of these has the regexp above with an action of
> discard. The second has the regexp
> 
> ^subject:
> 
> and an action of accept to accept messages with Subject: headers that
> didn't match the first rule, and the third has the regexp
> 
> ^.*$
> 
> and action discard to discard all messages that got past the first two,
> i.e. those with no Subject: header at all.
> 
> If you already have header_filter_rules, these three are added after the
> others. Otherwise, they are the only rules.
> 
Excellent, thanks.  I put them in with 'hold' instead of 'discard' for now just in case I made a mistake.  Right now I have a bunch of lines in the Legacy section, is it ok to leave those in place?

--Bryan

From mark at msapiro.net  Tue May 29 17:27:55 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 14:27:55 -0700
Subject: [Mailman-Users] (2.1.26) Mailman CGI error!!! The Mailman CGI
 wrapper encountered a fatal error. This entry is being stored in your
 syslog: Cannot open wrapper configuration file: No such file or directory
In-Reply-To: <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>
References: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
 <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>
 <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>
Message-ID: <7d586c6e-e2a0-09b9-2d03-b79855af543a@msapiro.net>

On 05/29/2018 12:16 PM, michaelof--- via Mailman-Users wrote:

> Maybe a silly question: for what (specific) "wrapper configuration file" mailman is searching for??


That's a Suse question. Standard GNU Mailman has no such message. Read
the Suse Mailman docs to see what they say about this.


> Any chance to get mailman's log more verbosive, temporarily?


No. Suse changed the wrapper and the message you got is it.

OK, I googled a bit and found
<https://build.opensuse.org/package/view_file/openSUSE:12.2/mailman/mailman-wrapper.patch>

They patch out all the nice error messages and instead put in their own
stuff. The error in the subject means the file
/etc/mailman/mailman.cgi-gid doesn't exist. It should exist and if I
read the code correctly, contain the numeric GID of the web server.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Tue May 29 17:32:45 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Tue, 29 May 2018 14:32:45 -0700
Subject: [Mailman-Users] Filtering messages with no subject
In-Reply-To: <45E97491-B363-4BDB-B48F-C94CAB61F130@skiblack.com>
References: <4A368CAA-8D8E-4F63-B53B-52F0FCFF2F3C@skiblack.com>
 <8b141109-ae03-f88b-d608-4959637d7d0e@msapiro.net>
 <45E97491-B363-4BDB-B48F-C94CAB61F130@skiblack.com>
Message-ID: <645c23f6-f468-acbc-9fde-0c5439b92f7d@msapiro.net>

On 05/29/2018 01:49 PM, Bryan Blackwell wrote:

> Excellent, thanks.  I put them in with 'hold' instead of 'discard' for now just in case I made a mistake.  Right now I have a bunch of lines in the Legacy section, is it ok to leave those in place?


Yes, it's OK to leave them. If all you have there are the default ones,
they're ancient and probably never match anything, but they don't hurt.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From michaelof at rocketmail.com  Tue May 29 17:34:09 2018
From: michaelof at rocketmail.com (michaelof at rocketmail.com)
Date: Tue, 29 May 2018 23:34:09 +0200
Subject: [Mailman-Users] (2.1.26) Mailman CGI error!!! The Mailman CGI
 wrapper encountered a fatal error. This entry is being stored in your
 syslog: Cannot open wrapper configuration file: No such file or directory
In-Reply-To: <7d586c6e-e2a0-09b9-2d03-b79855af543a@msapiro.net>
References: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
 <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>
 <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>
 <7d586c6e-e2a0-09b9-2d03-b79855af543a@msapiro.net>
Message-ID: <538bef0b-394d-8350-2bd7-432c99e9dc8e@rocketmail.com>

Hi Mark,


just clicked "send" for a second answer to you last reply ten second ago, overlap with your current reply :-)

I've went a different way, but found the same reason, so thank you very much again!


Michael


Am 29.05.2018 um 23:27 schrieb Mark Sapiro:
> On 05/29/2018 12:16 PM, michaelof--- via Mailman-Users wrote:
> 
>> Maybe a silly question: for what (specific) "wrapper configuration file" mailman is searching for??
> 
> 
> That's a Suse question. Standard GNU Mailman has no such message. Read
> the Suse Mailman docs to see what they say about this.
> 
> 
>> Any chance to get mailman's log more verbosive, temporarily?
> 
> 
> No. Suse changed the wrapper and the message you got is it.
> 
> OK, I googled a bit and found
> <https://build.opensuse.org/package/view_file/openSUSE:12.2/mailman/mailman-wrapper.patch>
> 
> They patch out all the nice error messages and instead put in their own
> stuff. The error in the subject means the file
> /etc/mailman/mailman.cgi-gid doesn't exist. It should exist and if I
> read the code correctly, contain the numeric GID of the web server.
> 

From michaelof at rocketmail.com  Tue May 29 17:29:52 2018
From: michaelof at rocketmail.com (michaelof at rocketmail.com)
Date: Tue, 29 May 2018 23:29:52 +0200
Subject: [Mailman-Users] *** SOLVED *** Re: (2.1.26) Mailman CGI error!!!
 The Mailman CGI wrapper encountered a fatal error. This entry is being
 stored in your syslog: Cannot open wrapper configuration file: No such file
 or directory
In-Reply-To: <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>
References: <b7036364-ae9a-191e-53ed-d25c61b90d86@rocketmail.com>
 <4beb804d-436a-460c-6365-14c628f87884@msapiro.net>
 <c1634dc3-9874-3818-9815-f89786b1a505@rocketmail.com>
Message-ID: <239ace14-aef4-00a9-13fe-d13492f58de7@rocketmail.com>

Mark,

pls forget my last email, you've led me already in the right direction:

- tried a sudo -u mailman /usr/lib/mailman/cgi-bin/listinfo and echo $? after that
- showed 8 as error code
- downloaded source for mailman 2.1.26, looked into source for cgi-wrapper.c, specifically into common.h
- 8 means GROUP_NAME_NOT_FOUND, you mentioned this as possible solution below

With this, and my knowlegde (or trust :-)) that mailman's GID configs in OpenSuse are in /etc/mailman, I've doublecked
and found one file missing after upgrade, /etc/mailman/mailman.cgi-gid.
Containing just an 8 :-S

Restored this from last backup, made immediately before I've started the upgrade of OpenSuse.

Works like a charm, as before :-)


Mark,
a) THANK YOU VERY, VERY MUCH !!!
b) I'll open an OpenSuse bugzilla issue for this


Regards,
Michael


Am 29.05.2018 um 21:16 schrieb michaelof at rocketmail.com:
> Mark,
> 
> thank you for answering so detailed!
> 
> 
> Am 29.05.2018 um 19:37 schrieb Mark Sapiro:
>> On 05/29/2018 03:19 AM, michaelof--- via Mailman-Users wrote:
>>>
>>> After upgrading the VPS to OpenSuse Leap 15.0, Mailman still 2.1.26, Apache from 2.4.23 to 2.4.33, Python from 2.7.13 to
>>> 2.7.14, I'm getting the error message in the subject of this mail when trying to access the mailman web pages on Apache.
>>
>>
>> Is there anything in Mailman's error log?
> 
> My Mailman has been talking to my Postfix, so (forgot where this was defined) uses also Postfix's log files. Postfix
> errors on OpenSuse go to /var/log/mail.err.
> 
> Independent if I call via Browser / Apache or directly, or in the cgi-bin dir with ./listinfo as root, or with "su -u
> mailman ./listinfo", result in mail.err is always the same added line:
> 
> 2018-05-29T20:31:14.894893+02:00 vserver Mailman cgi-wrapper (listinfo): Cannot open wrapper configuration file: No such
> file or directory
> 
> Means
> a) that logging itself is possible but
> b) log does not add any value for narrowing down the problem, at least not for me :-(
> 
> Maybe a silly question: for what (specific) "wrapper configuration file" mailman is searching for??
> 
> Any chance to get mailman's log more verbosive, temporarily?
> 
> I'm 100% sure for OpenSuse that as well apache (wwwrun/www) as mailman (mailman/mailman) haven't changed their username
> and unix group for at least the last 3 centuries, in IT timing :-) I'm also sure (checked in backup) that the numeric
> UIDs and GIDs haven't changed.
> 
>>
>>
>>> - Got the hint from #httpd, that the error msg has nothing to to with apache itself. Tested to run e.g. "listinfo"
>>> manually, same error:
>>>
>>> vserver:/usr/lib/mailman/cgi-bin # ./listinfo
>>> Content-type: text/html
>>>
>>> <head>
>>> <title>Mailman CGI error!!!</title>
>>> </head><body>
>>> <h1>Mailman CGI error!!!</h1>
>>> The Mailman CGI wrapper encountered a fatal error. This entry is being stored in your syslog:
>>> <pre>
>>> Cannot open wrapper configuration file: No such file or directory</pre>
>>
>>
>> This comes from the various cgi-bin wrappers themselves when they
>> encounter a fatal error.
>>
>> First of all, when trying to debug by running these from the command
>> line you have to run them as the web server user. I.e.,
>>
>> sudo -u xxx ./listinfo
> 
> done, see above
> 
>>
>> where xxx is the user the web server runs as. The issues that cause this
>> are GROUP_NAME_NOT_FOUND, GROUP_MISMATCH or failure to set the effective
>> GID.
>>
>> If the wrapper was able to write Mailman's error log, the message there
>> should give details. If there's nothing in the error log, you might try
>> temporarily setting o+w in the log file to see if that allows writing
>> the message.
> 
> no (more) details in log except error msg, see above
> 
>>
>> If the upgrade somehow changed the user:group that apaches runs as, that
>> would cause this.
> 
> For sure not changed, see above
> 
>>
>> If your Mailman is installed from source, you may need to rerun
>> configure with a different --with-cgi-gid option and make install. If
>> it's a Suse package, this is a Suse issue.
>>
> 
> no change in gid/uid, could open an OpenSuse Bugzilla issue, but not a real how to start / get the OpenSuse team
> convinced that this is not an issue on my side/config or a mailman issue
> 
> 

From ishii at sraoss.co.jp  Wed May 30 02:30:36 2018
From: ishii at sraoss.co.jp (Tatsuo Ishii)
Date: Wed, 30 May 2018 15:30:36 +0900 (JST)
Subject: [Mailman-Users] "Freezing" mailing list
In-Reply-To: <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>
References: <20180529.232007.1988814293118828690.t-ishii@sraoss.co.jp>
 <7650a33e-0c44-32c1-2c18-789a433f67ef@caerllewys.net>
 <1c486871-2d9e-f768-fe92-fa2cd1aa1d23@msapiro.net>
Message-ID: <20180530.153036.1521024182608821564.t-ishii@sraoss.co.jp>

> Or you could put
> 
> ^.
> 
> in the list's ban_list to ban any address containing at least one
> character from subscribing.

Thanks. This works for me.

Best regards,
--
Tatsuo Ishii
SRA OSS, Inc. Japan
English: http://www.sraoss.co.jp/index_en.php
Japanese:http://www.sraoss.co.jp

From nikos at qbit.gr  Wed May 30 06:44:52 2018
From: nikos at qbit.gr (nikos)
Date: Wed, 30 May 2018 13:44:52 +0300
Subject: [Mailman-Users] Unsubscribe link
In-Reply-To: <20180529182422953197.64620bdb@yahoo.de>
References: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
 <20180529182422953197.64620bdb@yahoo.de>
Message-ID: <ffe55a80-ed24-408c-fec7-42f988656a2b@qbit.gr>

Hello list.

Christian unfortunately didn't work...
Mark It have to be html message for commercial reasons.

Thank you all for your answers.
?

On 29/05/2018 7:24 ??, Christian F Buser wrote:
> Hello nikos. On Tue, 29 May 2018 16:49:13 +0300, you wrote:
>
>>    Is possible to insert somehow a unsubscribe link inside the message
>>    instead in footer?
>>
>>    After many tries I manage to put a direct link in footer, setting Full
>>    Personalization ON first. The problem is that Outlook attach footer and
>>    most users ignore it. So it could be useful to putt a link inside 
>>    message.
> I am not sure - but when I was young, I learnt that the standard separator for a footer in internet mail is "-- " (without the quotes, of course). 
>
> Try changing that to - for example - "____________________" or "********************" and look how Outlook treats it then. 
>
> Christian 
>


From Richard at Damon-Family.org  Wed May 30 08:05:12 2018
From: Richard at Damon-Family.org (Richard Damon)
Date: Wed, 30 May 2018 08:05:12 -0400
Subject: [Mailman-Users] Unsubscribe link
In-Reply-To: <ffe55a80-ed24-408c-fec7-42f988656a2b@qbit.gr>
References: <bc9ffa75-6d9d-6f27-676b-c06fdf19494e@qbit.gr>
 <20180529182422953197.64620bdb@yahoo.de>
 <ffe55a80-ed24-408c-fec7-42f988656a2b@qbit.gr>
Message-ID: <2782de2a-b174-08b6-253b-d07e0b989ac1@Damon-Family.org>

The issue is that programmatically adding content to an HTML section is
problematic, as you need to parse and build up a rendering of the
content to figure out where you need to add the ew content. Just adding
it at the end can often end up with strange results.

On 5/30/18 6:44 AM, nikos wrote:
> Hello list.
>
> Christian unfortunately didn't work...
> Mark It have to be html message for commercial reasons.
>
> Thank you all for your answers.
> ?
>
> On 29/05/2018 7:24 ??, Christian F Buser wrote:
>> Hello nikos. On Tue, 29 May 2018 16:49:13 +0300, you wrote:
>>
>>>    Is possible to insert somehow a unsubscribe link inside the message
>>>    instead in footer?
>>>
>>>    After many tries I manage to put a direct link in footer, setting Full
>>>    Personalization ON first. The problem is that Outlook attach footer and
>>>    most users ignore it. So it could be useful to putt a link inside 
>>>    message.
>> I am not sure - but when I was young, I learnt that the standard separator for a footer in internet mail is "-- " (without the quotes, of course). 
>>
>> Try changing that to - for example - "____________________" or "********************" and look how Outlook treats it then. 
>>
>> Christian 
>>

-- 
Richard Damon


From suporte at aprendendolinux.com  Wed May 30 17:10:34 2018
From: suporte at aprendendolinux.com (Henrique Fagundes)
Date: Wed, 30 May 2018 18:10:34 -0300
Subject: [Mailman-Users] confirmation string is not working
In-Reply-To: <4f270330-5fa2-3bd1-48b9-ac5edf0c555c@msapiro.net>
References: <d8329642-8869-9373-6fa4-4830029dc51e@aprendendolinux.com>
 <4f270330-5fa2-3bd1-48b9-ac5edf0c555c@msapiro.net>
Message-ID: <ab02797a-7de6-25cf-3d1a-b0b40d05b139@aprendendolinux.com>

Thank you friend,

Thanks to your tip, will it be possible for me to work to redeploy https 
on my MailMan server again.

A big hug and thanks again.

Atenciosamente,

Henrique Fagundes
suporte at aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
______________________________________________________________________
Participe do Grupo Aprendendo Linux
https://listas.aprendendolinux.com/listinfo/aprendendolinux

Ou envie um e-mail para:
aprendendolinux-subscribe at listas.aprendendolinux.com

Em 29/05/2018 17:07, Mark Sapiro escreveu:
> On 5/29/18 10:57 AM, Henrique Fagundes wrote:
>>
>> I solved this problem by disabling https.
>> So that when redirecting from http to https occurred, the cache was lost.
> 
> 
> If you want to require https, the proper way to fix this is discussed in
> steps 2 and 3 at <https://wiki.list.org/x/17892007>.
> 


From andrew at hodgson.io  Wed May 30 07:36:26 2018
From: andrew at hodgson.io (Andrew Hodgson)
Date: Wed, 30 May 2018 11:36:26 +0000
Subject: [Mailman-Users] updating mailman
In-Reply-To: <40wKHt4pNNzFqtT@mail.python.org>
References: <40wKHt4pNNzFqtT@mail.python.org>
Message-ID: <VI1PR08MB33581A0B547E3A779784E72EAF6C0@VI1PR08MB3358.eurprd08.prod.outlook.com>

Hi Mark,

Generally speaking updating Mailman via Apt is straightforward and in most cases everything carries forward.  However depending on if you made customisations to various files these could get undone, but if you are using the standard pacakge and have made customisations in the right place this should go through.

However, if you just run apt-get it may not upgrade Mailman because you may already be on the latest version for that distribution, and may have to do a distro upgrade depending on which distro and version you are running.

I am not sure if it helps but I run several Mailman lists for blind charities so if you want I may be able to help further with this off list.

Best,
Andrew.
________________________________________
From: Mailman-Users [mailman-users-bounces+andrew=hodgson.io at python.org] on behalf of Mark T [mark at tafn.org.uk]
Sent: 29 May 2018 17:32
To: Mailman-Users at python.org
Subject: [Mailman-Users] updating mailman

Hi can anyone give me easy instructions  to update mailman
Using the apt-get install process
Also will  it keep all my mailing lists and members
Many thanks mark.

Tune in to the number one station on the web TAFN radio
http://tafn.org.uk/listen
Or for our catch up service on demand http://www.tafn.org.uk/on-demand
or for our upcoming weekly schedule
http://www.tafn.org.uk/radio
part of the accessible friends network
www.tafn.org.uk
Registered UK Charity: #1108043.
Sent from Windows 10 Mail.

------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/andrew%40hodgson.io

From turnbull.stephen.fw at u.tsukuba.ac.jp  Thu May 31 03:31:45 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 31 May 2018 16:31:45 +0900
Subject: [Mailman-Users] [Mailman-cabal] GDPR
In-Reply-To: <b1e220f7-bd8d-86b8-091b-4d6f8de70253@spamtrap.tnetconsulting.net>
References: <CBB65C2F-E0F2-40A8-AFFC-D8E614D81537@mac.com>
 <23285.49015.279638.189170@turnbull.sk.tsukuba.ac.jp>
 <VI1PR08MB33585E4EB83568709778DC73AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <VI1PR08MB3358C4C9C419C903B297D8F6AF9C0@VI1PR08MB3358.eurprd08.prod.outlook.com>
 <98850603-1bf3-f13a-84b2-b30bf48d72c9@spamtrap.tnetconsulting.net>
 <23300.50398.110366.467389@turnbull.sk.tsukuba.ac.jp>
 <b1e220f7-bd8d-86b8-091b-4d6f8de70253@spamtrap.tnetconsulting.net>
Message-ID: <23311.42209.544772.720955@turnbull.sk.tsukuba.ac.jp>

Grant Taylor via Mailman-Users writes:

 > What is their working definition of "thread"?

I don't know.  I gave what I think is a reasonable definition, and I
would argue that going to parents of that message is not required by
GDPR, even if for some reason you need to remove whole posts.

 > I'm afraid that the infinite wisdom of politicians will say that the 
 > entire paper needs to be shredded.

We know what the politicians said.  It's in the GDPR law.  Forget
politicians' stupidity.  What matters now is (1) what courts will say,
and (2) what courts will refuse to call frivolous (so that the party
with the uglier lawyer wins at great expense to the party with the
beautiful lawyer).

Appeals judges generally are pretty sensible in the U.S. and Japan,
and usually they do understand the issues.  I suppose it's similar in
the EU.

What I'm concerned with is where PII can enter Mailman and be stored
on the host.  Whether the law reaches that or not is not really
important here.  We look at each place, decide how easy it is to (1)
find all instances of a particular identifier, (2) determine whether
and by whom it has been accessed, and (3) redact that identifier.
Then we look at costs and start implementing the cheaper cases.

 > I think it also significantly depends on what needs to be redacted. 
 > Removing "supercalifragilisticexpialidocious" is a LOT different than 
 > removing "Grant Taylor" from the Mailman-Users archive. 

It needs to be personally identifying, and pragmatically (1) above
means either (a) it will be found in certain header fields which we
can remove entirely or redact in full or part, or (b) a full-text
search will find it.  This means that descriptions like "the US
politician known to lie 6 times a day" are out -- there are too many
ways to express that.  If GDPR requires finding and redacting that,
the list will have to fold up shop.  But I don't think it does: I
think here PII refers to numbers, names, and addresses (as we usually
understand those words!) that uniquely identify a person for purposes
such delivering goods, services and information, or as part of an
authentication process for accessing services (eg, financial or
informational).

 > I wonder if there's any correlation between the IP that authenticated 
 > and the IP that accessed data.

Not in Mailman, although it could be done.  HTTP is a stateless
protocol, so to maintain a session you need to provide a token
(typically a "cookie").  That token can be passed around in the user's
network.  It would be possible to include the IP in the data hashed to
create the auth token, and validate that, but we don't.

 > 2)  *sigh*  It sounds like GDPR is talking about specific fields that 
 > could contain PII, even if they don't, while ignoring other fields that 
 > erroneously do contain PII.

It's not GDPR.  *I* wrote that.  What I was trying to say is that
there are fields like display name and email that are normally used
for data that is PII, and so would be presumed to contain PII if
populated in a database record.

 > > However, in Mailman 2 the various list passwords are shared, and
 > > would not identify individuals in cases with multiple moderators
 > > or list owners.
 > 
 > IMHO that's an operational mis-step.

It's a FACT, and it's not going to change in Mailman 2.  We need to
work with it, or perhaps European lists simply won't be able to use
Mailman 2 with multiple admins if GDPR requires auth that identifies a
single individual.  (Mailman 3 does allow identifying a single
individual, but I don't think we log auth attempts or successes
yet.)

 > (Part of) GDPR is not about (just) knowing who has (had at the
 > time) legitimate access to data, but additionally making it more
 > difficult for other 3rd parties to gain access to the data in the
 > future.  By the fact that the data is removed from the corpus that
 > the 3rd party is subsequently given access to.

I don't think "make it difficult to access data" is a requirement in
GDPR.  I think making reconstruction of history difficult is the
*intent* of GDPR's "right to be forgotten", but that doesn't mean you
need to conceal data (such as social network "handles") that is
normally used to identify users in operation.

The access logging is about a different aspect of privacy, which is
knowing who had access to that data.

AFAICS, the privacy policy itself is up to the host and/or the
industry and its regulators.  Wikis may have zero privacy in normal
operation, but you still need to log accesses to people's profiles I
suppose.  Banking privacy is specified by banking laws, not GDPR, I
suppose, but again GDPR mandates logging of accesses.

 > I'm talking about 3rd party spam filtering services that are in the
 > path between, downstream in between Mailman and the recipient's
 > server.  They collect logs / data all the time.  Usually those logs
 > and that data are what help them be better at their job of spam
 > filtering.

The Mailman admins don't have access to that data in this scenario, I
assume.  I don't really think the Mailman host is implicated there,
even if they're the direct client of such a service.  I suspect what
the Mailman host needs to worry about most is interruption of service
if the vendor gets put out of business for GDPR violation.

Steve


From turnbull.stephen.fw at u.tsukuba.ac.jp  Thu May 31 03:31:54 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 31 May 2018 16:31:54 +0900
Subject: [Mailman-Users] GDPR
In-Reply-To: <d2c67882-501f-4a80-e584-10963c0065ef@spamtrap.tnetconsulting.net>
References: <201805112155.w4BLt2cw082647@fire.js.berklix.net>
 <49946b69-1e3a-63cb-b497-663e12e875fa@bmrb.wisc.edu>
 <23287.20735.818788.615170@turnbull.sk.tsukuba.ac.jp>
 <1526338845.1079.49.camel@16bits.net>
 <23300.51180.425638.496130@turnbull.sk.tsukuba.ac.jp>
 <d2c67882-501f-4a80-e584-10963c0065ef@spamtrap.tnetconsulting.net>
Message-ID: <23311.42218.33787.303702@turnbull.sk.tsukuba.ac.jp>

Grant Taylor via Mailman-Users writes:

 > > Some of these may be hidden (eg, Reply-To is normally not displayed; 
 > > I don't know offhand if it's in the mbox files).
 > 
 > Yes, Reply-To: is a standard header and included in mbox files.

"The" mbox files refers to what Mailman stores in archives, which are
accessible not only to admins but to 3rd parties in some
configurations.  I believe a lot of fields are cleaned out of those
files, just enough is kept to rebuild the archives.  But I'm not sure.

 > The technical implications of [full text search in markup] in and
 > of itself astound.

It's really not that hard.  The same technology that renders email to
the screen can be used to render it to a sequence of sentences each on
a single line.  It won't be 100% accurate, but there is that
"disproportionate" clause.  Do one extra thing the judge doesn't think
of herself and you're gold, I expect. :-)

 > But I think it's more the B2B selling of information that causes
 > more concern (to me) than what hackers do with it.

You're probably right about that.  I suspect GDPR is as much motivated
by kneecapping Google and Facebook in EU markets as it is by privacy. ;-)

 > > What does "verify" mean here?  The problematic address may have been 
 > > deleted or pwned, and not available to the person wanting redaction.
 > 
 > Technical complications.  :-D

Yeah, and this is a big one.  The more I think about it, the more I
think that this has the potential to be worse than DMCA takedowns.  I
hope the EU lawmakers considered that aspect, and there are provisions
to require identification of people requesting various remedies under
GDPR.

Steve





From turnbull.stephen.fw at u.tsukuba.ac.jp  Thu May 31 03:31:59 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 31 May 2018 16:31:59 +0900
Subject: [Mailman-Users] analytics tool for mailman?
In-Reply-To: <f6eb2364-5a46-011c-5e23-8bda22894d27@yahoo.com>
References: <201805242106.w4OL6VsA007156@fire.js.berklix.net>
 <f6eb2364-5a46-011c-5e23-8bda22894d27@yahoo.com>
Message-ID: <23311.42223.890462.14409@turnbull.sk.tsukuba.ac.jp>

tlhackque via Mailman-Users writes:

 > I have no opinion on the wisdom or bases of GitLab's position.? As
 > mailing lists share some characteristics with their services, those
 > who have to deal with GPDR may wish to consider it in developing
 > their own.
 > 
 > [Among other things, GitLab's ToS sez:]

 > I understand the removal of this information would be impermissibly
 > destructive to the project and the interests of all those who
 > contribute, utilize, and benefit from it.

tlhackque sort of implies this, but I think it's worth emphasis:

AFAICS "impermissible" is a point of difference.  It will never be
true of a stock Mailman.  (For git geeks: GitLab's problem is that
removing such information at minimum changes the SHA1 of that commit,
and all descendent commits, completely rewriting that part of the DAG.
Mailman doesn't have such an integrity check on threads, although
perhaps DKIM signatures could be abused that way. :-)

However, in some cases it might be a severe inconvenience for users,
etc.  Be careful not to overstate your wording here.  And consult a
lawyer if you have a business interest in your lists.

Steve


From turnbull.stephen.fw at u.tsukuba.ac.jp  Thu May 31 03:17:59 2018
From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull)
Date: Thu, 31 May 2018 16:17:59 +0900
Subject: [Mailman-Users] Duplicate command results
In-Reply-To: <e897deb7-701a-aa9e-9395-a597201ea631@msapiro.net>
References: <3460dd61-94a3-df75-acef-6bea410c1ac7@gmail.com>
 <e897deb7-701a-aa9e-9395-a597201ea631@msapiro.net>
Message-ID: <23311.41383.938789.193645@turnbull.sk.tsukuba.ac.jp>

Mark Sapiro writes:

 > If you are including the command in both the Subject: and the body, that
 > is why. If the Subject: contains a valid command, it will be executed.
 > Thus a message with 'Subject: help' and 'help' in the body contains two
 > help commands so the command is executed twice.

I don't think this is worth fixing in Mailman 2, but we should try to
ensure idempotence in Mailman 3.


From Michael.D.Parker at ga.com  Wed May 30 17:36:50 2018
From: Michael.D.Parker at ga.com (Parker, Michael D.)
Date: Wed, 30 May 2018 21:36:50 +0000
Subject: [Mailman-Users] How do I run  2.x mailman more securely?
Message-ID: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>

I've been assigned the task of attempting to secure our current implementation of GNU MailMan.

Have any of you out there done this?

What did you do?


Some of the initial items that have been directed my way:


1.       Can archiving be totally and permanently be eliminated?

2.       How and where are the passwords stored?

3.       Can user passwords be eliminated and have the list administrator make any user adjustments which should not be necessary?

4.       Does the website have to run in http: since passwords are entered at points in the interactions?

Thanks for your guidance and thoughts.





From cpz at tuunq.com  Thu May 31 11:10:44 2018
From: cpz at tuunq.com (Carl Zwanzig)
Date: Thu, 31 May 2018 08:10:44 -0700
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
Message-ID: <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>

I'm sure Mark has more complete answers, but diving in anyways :)

On 5/30/2018 2:36 PM, Parker, Michael D. wrote:
> I've been assigned the task of attempting to secure our current implementation of GNU MailMan.
You're probably better off changing to MM3, but if you have to stay with v2--

> What did you do?
Needs a better definition of "secure" and an understanding of the intended 
goals- protect the archive? spam prevention? keep users from (un)subscribing 
lists? Are these goals part of the _mailing_list_manager_ or another part of 
the system (web server, email MTA & spam filtering, file sharing, etc)?


> Some of the initial items that have been directed my way:
> 1.       Can archiving be totally and permanently be eliminated?
More than turning it off on a per-list basis? (This doesn't "secure" 
mailman, it only makes archives unusable. You'd be better off to hide them 
behind a web page requiring web-server authentication.) Won't stop users 
from keeping their own archives, of course. (Or change the code to disable 
them.)


> 2.       How and where are the passwords stored?
IIRC users' list passwords are stored in the list config 'pickle' in the 
lists/ directory; see the comments in "Mailman/SecurityManager.py".


> 3.       Can user passwords be eliminated and have the list administrator make any user adjustments which should not be necessary?
At a great loss of utility, sure. This would require a code change.


> 4.       Does the website have to run in http: since passwords are entered at points in the interactions?
No, the FAQ describes to to enable HTTPS.


Later,

z!

From mark at msapiro.net  Thu May 31 12:52:27 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 31 May 2018 09:52:27 -0700
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
Message-ID: <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>

On 05/31/2018 08:10 AM, Carl Zwanzig wrote:
> I'm sure Mark has more complete answers, but diving in anyways :)


Carl's answers are good, but to add a bit ...


> On 5/30/2018 2:36 PM, Parker, Michael D. wrote:
> 
>> Some of the initial items that have been directed my way:
>> 1.?????? Can archiving be totally and permanently be eliminated?
> More than turning it off on a per-list basis? (This doesn't "secure"
> mailman, it only makes archives unusable. You'd be better off to hide
> them behind a web page requiring web-server authentication.) Won't stop
> users from keeping their own archives, of course. (Or change the code to
> disable them.)


To disable archiving completely, you could add to mm_cfg.py

GLOBAL_PIPELINE.remove('ToArchive')


>> 2.?????? How and where are the passwords stored?
> IIRC users' list passwords are stored in the list config 'pickle' in the
> lists/ directory; see the comments in "Mailman/SecurityManager.py".


Correct.


>> 3.?????? Can user passwords be eliminated and have the list
>> administrator make any user adjustments which should not be necessary?
> At a great loss of utility, sure. This would require a code change.


The code changes to do it right would not be simple.


>> 4.?????? Does the website have to run in http: since passwords are
>> entered at points in the interactions?
> No, the FAQ describes to to enable HTTPS.


Specifically <https://wiki.list.org/x/17892007>.


-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From incoming-pythonlists at rjl.com  Thu May 31 13:42:48 2018
From: incoming-pythonlists at rjl.com (incoming-pythonlists at rjl.com)
Date: Thu, 31 May 2018 10:42:48 -0700
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
Message-ID: <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>

On 05/31/2018 09:52 AM, Mark Sapiro wrote:
> On 05/31/2018 08:10 AM, Carl Zwanzig wrote:
>
>>> 3.?????? Can user passwords be eliminated and have the list
>>> administrator make any user adjustments which should not be necessary?
>> At a great loss of utility, sure. This would require a code change.
>
> The code changes to do it right would not be simple.

Depending on where your users are coming from, it might be easier to
limit access to the GUI using a firewall.? What I do, is to run the
mailman GUI on a non-standard https port.? I then create webserver URL
rewrites that redirect url access to that port.? I use my firewall
(IPTABLES), to control who can access the GUI.? If all of your users
come from a LAN inside an office, you can easily restrict access to only
those on the LAN.? I've also used thing like GEOIP, and other tools to
limit access to specific countries or specific geographic areas or
specific service providers.? Alot of attacks come from outside countries
and limiting access substantially reduces attacks on my servers.

You could also require users to use a VPN or fwknop in order to access
the GUI.? This is easy if your users already access your site over a VPN.

Nataraj


From gtaylor at tnetconsulting.net  Thu May 31 14:25:51 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 12:25:51 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
Message-ID: <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>

On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
> I've been assigned the task of attempting to secure our current 
> implementation of GNU MailMan.

One thing that I've not seen (or missed) in this thread is the idea of 
leveraging HTTPS usernames and passwords to protect the web interface.

IMHO the web server has a LOT more experience at user access control 
than most web applications. As such, I feel like the web server probably 
has a better handle on how to do it.

As for the default ugly username & password dialog box, there are ways 
around that.



-- 
Grant. . . .
unix || die


From gtaylor at tnetconsulting.net  Thu May 31 14:28:40 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 12:28:40 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
Message-ID: <7daed4b4-8b5a-8e4f-4149-8f7608ce6182@spamtrap.tnetconsulting.net>

On 05/31/2018 12:25 PM, Grant Taylor wrote:
> IMHO the web server has a LOT more experience at user access control 
> than most web applications. As such, I feel like the web server probably 
> has a better handle on how to do it.

Apache (and I suspect Nginx) has the ability to use client side TLS 
certificates to authenticate the client to the server.  ?  I have yet to 
see any Web UI leverage this.  ?  It's built into the web server.  }:-)



-- 
Grant. . . .
unix || die


From gtaylor at tnetconsulting.net  Thu May 31 14:25:13 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 12:25:13 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
 <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
Message-ID: <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>

I feel like I'm missing something and as such have some questions.

On 05/31/2018 11:42 AM, incoming-pythonlists at rjl.com wrote:
> Depending on where your users are coming from, it might be easier to
> limit access to the GUI using a firewall.

Why are you using a firewall instead of leveraging the web server's 
ability to filter by IP?

> What I do, is to run the mailman GUI on a non-standard https port.

Okay.  (Additional) security through obscurity.  Sure.  I do similar 
with various things.

> I then create webserver URL rewrites that redirect url access to that 
> port.

Why?  I feel like this voids hiding the Mailman Web UI on an alternate port?

> I use my firewall (IPTABLES), to control who can access the GUI.  If all 
> of your users come from a LAN inside an office, you can easily restrict 
> access to only those on the LAN.

Or is this purely so that you can protect the Mailman Web UI via the 
firewall without impacting other web resources running on the default ports?

> I've also used thing like GEOIP, and other tools to limit access to 
> specific countries or specific geographic areas or specific service 
> providers.  Alot of attacks come from outside countries and limiting 
> access substantially reduces attacks on my servers.

I've not messed with GeoIP filters in a long time.  I don't know how 
IPTables' GoIP feature set compares with Apache's / Nginx's GeoIP 
feature set.

> You could also require users to use a VPN or fwknop in order to access
> the GUI.? This is easy if your users already access your site over a VPN.

I can see a VPN for corporate users.  I think it's a high bar for most 
public mailing lists.  Maybe not for the (few) administrator(s).

I feel like port knocking is a REALLY HIGH BAR for most public mailing 
lists.



-- 
Grant. . . .
unix || die


From dmaziuk at bmrb.wisc.edu  Thu May 31 15:18:29 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Thu, 31 May 2018 14:18:29 -0500
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
Message-ID: <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>

On 05/31/2018 01:25 PM, Grant Taylor via Mailman-Users wrote:
> On 05/30/2018 03:36 PM, Parker, Michael D. wrote:
>> I've been assigned the task of attempting to secure our current
>> implementation of GNU MailMan.
> 
> One thing that I've not seen (or missed) in this thread is the idea of
> leveraging HTTPS usernames and passwords to protect the web interface.

Yeah, I too once thought that was a good idea. And then heartbleed came
along, and our knee-jerk security department cut off everyone who hasn't
patched in 24 hours -- *at the gateway*. As Murphy would have it, I was
traveling across the Atlantic and our other IT guy was driving across
North America. And of course cut-off at the gateway meant no mail, no
ssh, no way to know what happened and no way to fix it.

This stuff sounds like it's coming from the same security experts.
Proper answer with those guys is don't run mailman. Export the
subscribers and use it as CC list in Orifice'365: you can't go wrong
with "industry standard".

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180531/8d9dc208/attachment-0001.sig>

From gtaylor at tnetconsulting.net  Thu May 31 15:40:57 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 13:40:57 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
 <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>
Message-ID: <61d908e3-d45a-8405-5b5d-04cbc8a9c947@spamtrap.tnetconsulting.net>

On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
> Yeah, I too once thought that was a good idea.

I'm not quite following you.  Are you saying that you now dislike 
HTTP(S) usernames & passwords specifically?  Or are you saying that you 
dislike hosting something yourself?

> And then heartbleed came along, and our knee-jerk security department 
> cut off everyone who hasn't patched in 24 hours -- at the gateway.

Problems happen.  It's how you (or the powers that be) respond to 
something that matters.

> As Murphy would have it, I was traveling across the Atlantic and our 
> other IT guy was driving across North America. And of course cut-off at 
> the gateway meant no mail, no ssh, no way to know what happened and no 
> way to fix it.

Yep.  Murphy and his law will get you when you least expect it or are 
least able to respond to it.

> This stuff sounds like it's coming from the same security experts. 
> Proper answer with those guys is don't run mailman. Export the subscribers 
> and use it as CC list in Orifice'365: you can't go wrong with "industry 
> standard".

I'm going to disagree with you there.  You most certainly can go wrong 
with "industry standard" or "what everybody else does".



-- 
Grant. . . .
unix || die


From Michael.D.Parker at ga.com  Thu May 31 15:50:15 2018
From: Michael.D.Parker at ga.com (Parker, Michael D.)
Date: Thu, 31 May 2018 19:50:15 +0000
Subject: [Mailman-Users] How does one edit the .pck files?
Message-ID: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>

I'd trying to change one of the parameters in one of the .pck files .... How can this file be edited/changed in Linux?

I've tried searching but cannot find what I want.

Thanks.

From mark at msapiro.net  Thu May 31 16:02:15 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 31 May 2018 13:02:15 -0700
Subject: [Mailman-Users] How does one edit the .pck files?
In-Reply-To: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
Message-ID: <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>

On 05/31/2018 12:50 PM, Parker, Michael D. wrote:
> I'd trying to change one of the parameters in one of the .pck files .... How can this file be edited/changed in Linux?
> 
> I've tried searching but cannot find what I want.


If you're talking about Mailman 2.1's config.pck, you can edit it with
mailman's bin/withlist, but what specifically are you trying to do?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From michaelof at rocketmail.com  Thu May 31 16:05:31 2018
From: michaelof at rocketmail.com (michaelof at rocketmail.com)
Date: Thu, 31 May 2018 22:05:31 +0200
Subject: [Mailman-Users] How does one edit the .pck files?
In-Reply-To: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
Message-ID: <d9c77e1e-a698-f715-36bd-ccbe727e809f@rocketmail.com>

Hi Michael D.,


although I strongly believe it's NOT recommended to do what you're thinking about for a productive environment - it's
open and free software, have fun ;-)

Instead of just changing the .pck files, as a starting point, I would suggest to download the mailman sources, try to
figure out how they do it, and then maybe "tweak" this, getting your own fork.


Just my five cents,
Michael


Am 31.05.2018 um 21:50 schrieb Parker, Michael D.:
> I'd trying to change one of the parameters in one of the .pck files .... How can this file be edited/changed in Linux?
> 
> I've tried searching but cannot find what I want.
> 
> Thanks.
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/michaelof%40rocketmail.com
> 

From Michael.D.Parker at ga.com  Thu May 31 16:10:35 2018
From: Michael.D.Parker at ga.com (Parker, Michael D.)
Date: Thu, 31 May 2018 20:10:35 +0000
Subject: [Mailman-Users] -EXT-Re:  How does one edit the .pck files?
In-Reply-To: <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
 <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
Message-ID: <41453aaf04e244148d6d219d0eb76e75@ASGEXCPWP05.ga.com>

Change the URL in a migrated mailman list so that it appears properly in the browser display.

Specifically, I'm trying to change the following variable as per dumpdb program of the config.pck file.

	'web_page_url': 'http://badhostname.ga.com/mailman/',

***** ***** *****
Michael D. Parker - provisional CISSP
General Atomics - ElectroMagnetics Systems Group (EMS)
Michael.d.parker at ga.com? <<<<< NOTE: Remember to include my middle initial >>>>>

*****************************************************************************************
The information contained in this electronic message is intended only for the use of the individual or entity to
which it is addressed and may contain information that is privileged, confidential and exempt from disclosure
under applicable law. This message may also contain technical data, export of which is restricted by the
International Traffic in Arms Regulations (ITAR). Disclosure to foreign persons without prior U.S. Government
approval is prohibited. Violations of these export laws and regulations are subject to severe civil and criminal
penalties.
?
This message may include Company Sensitive and/or Proprietary Information.? If the reader
of this message is not the intended recipient, you are informed that any dissemination, copying or disclosure of
the material contained herein, in whole or in part, is strictly prohibited. If you received this message in error,
please notify the sender by reply e-mail and delete all copies of this message.
******************************************************************************************

-----Original Message-----
From: Mailman-Users <mailman-users-bounces+michael.d.parker=ga.com at python.org> On Behalf Of Mark Sapiro
Sent: Thursday, May 31, 2018 13:02
To: mailman-users at python.org
Subject: -EXT-Re: [Mailman-Users] How does one edit the .pck files?

On 05/31/2018 12:50 PM, Parker, Michael D. wrote:
> I'd trying to change one of the parameters in one of the .pck files .... How can this file be edited/changed in Linux?
> 
> I've tried searching but cannot find what I want.


If you're talking about Mailman 2.1's config.pck, you can edit it with mailman's bin/withlist, but what specifically are you trying to do?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/michael.d.parker%40ga.com


From Michael.D.Parker at ga.com  Thu May 31 16:14:45 2018
From: Michael.D.Parker at ga.com (Parker, Michael D.)
Date: Thu, 31 May 2018 20:14:45 +0000
Subject: [Mailman-Users] -EXT-Re:  How does one edit the .pck files?
In-Reply-To: <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
 <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
Message-ID: <ef7c7f8b27d94c65be68d1c879a16e73@ASGEXCPWP05.ga.com>

Hmm....not being a python expert, where is a pointer to manipulating the file using withlist....

Specifically listing a variable, changing a variable, and then writing it back to the file?

***** ***** *****


-----Original Message-----
From: Mailman-Users <mailman-users-bounces+michael.d.parker=ga.com at python.org> On Behalf Of Mark Sapiro
Sent: Thursday, May 31, 2018 13:02
To: mailman-users at python.org
Subject: -EXT-Re: [Mailman-Users] How does one edit the .pck files?

On 05/31/2018 12:50 PM, Parker, Michael D. wrote:
> I'd trying to change one of the parameters in one of the .pck files .... How can this file be edited/changed in Linux?
> 
> I've tried searching but cannot find what I want.


If you're talking about Mailman 2.1's config.pck, you can edit it with mailman's bin/withlist, but what specifically are you trying to do?

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan
------------------------------------------------------
Mailman-Users mailing list Mailman-Users at python.org https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: https://mail.python.org/mailman/options/mailman-users/michael.d.parker%40ga.com


From mark at msapiro.net  Thu May 31 16:43:18 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 31 May 2018 13:43:18 -0700
Subject: [Mailman-Users] -EXT-Re: How does one edit the .pck files?
In-Reply-To: <41453aaf04e244148d6d219d0eb76e75@ASGEXCPWP05.ga.com>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
 <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
 <41453aaf04e244148d6d219d0eb76e75@ASGEXCPWP05.ga.com>
Message-ID: <0788e524-ad15-6f76-cc29-5d0ba5d905e8@msapiro.net>

On 05/31/2018 01:10 PM, Parker, Michael D. wrote:
> Change the URL in a migrated mailman list so that it appears properly in the browser display.
> 
> Specifically, I'm trying to change the following variable as per dumpdb program of the config.pck file.
> 
> 	'web_page_url': 'http://badhostname.ga.com/mailman/',


See the FAQ article at <https://wiki.list.org/x/4030616> which discusses
the proper way to do this.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From mark at msapiro.net  Thu May 31 16:58:42 2018
From: mark at msapiro.net (Mark Sapiro)
Date: Thu, 31 May 2018 13:58:42 -0700
Subject: [Mailman-Users] -EXT-Re: How does one edit the .pck files?
In-Reply-To: <ef7c7f8b27d94c65be68d1c879a16e73@ASGEXCPWP05.ga.com>
References: <6b52498dce344ea298bd1f8674a4547f@ASGEXCPWP05.ga.com>
 <6bdb1b3c-f67b-7d6b-f978-1eaaff394781@msapiro.net>
 <ef7c7f8b27d94c65be68d1c879a16e73@ASGEXCPWP05.ga.com>
Message-ID: <2137afe8-0cd9-5698-603b-a10e4f82c9f9@msapiro.net>

On 05/31/2018 01:14 PM, Parker, Michael D. wrote:
> Hmm....not being a python expert, where is a pointer to manipulating the file using withlist....
> 
> Specifically listing a variable, changing a variable, and then writing it back to the file?


bin/withlist -l LISTNAME
Loading list LISTNAME (locked)
The variable `m' is the LISTNAME MailList instance
>>> m.ATTRIBUTE_NAME
value of ATTRIBUTE_NAME prints
>>> m.ATTRIBUTE_NAME = NEW_VALUE
>>> m.Save()
>>> m.Unlock()
>>>       <- control-D to exit.

But do not do this!! There are already scripts to do most of what you
would want. withlist is for people who know enough Python and Mailman
internals to know what to do without asking. If you aren't one of those
people, you can easily shoot yourself in the foot.

Instead, describe what you are trying to accomplish in a post to this
list, and we will help you find a safe way to do it.

I have answered your specific question in another post. The answer
involves setting things properly in mm_cfg.py and then using withlist
but with a script fix_url.py that is much safer.

Also, in addition to the FAQ article I pointed to in the prior answer,
you might see <https://wiki.list.org/x/17892007?>.

-- 
Mark Sapiro <mark at msapiro.net>        The highway is for gamblers,
San Francisco Bay Area, California    better use your sense - B. Dylan

From dmaziuk at bmrb.wisc.edu  Thu May 31 17:05:19 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Thu, 31 May 2018 16:05:19 -0500
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <61d908e3-d45a-8405-5b5d-04cbc8a9c947@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
 <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>
 <61d908e3-d45a-8405-5b5d-04cbc8a9c947@spamtrap.tnetconsulting.net>
Message-ID: <23fb75fc-ce2d-d298-f0b4-bfc2bdc371db@bmrb.wisc.edu>

On 05/31/2018 02:40 PM, Grant Taylor via Mailman-Users wrote:
> On 05/31/2018 01:18 PM, Dimitri Maziuk wrote:
>> Yeah, I too once thought that was a good idea.
> 
> I'm not quite following you.? Are you saying that you now dislike
> HTTP(S) usernames & passwords specifically?

I do dislike the HTTPS push specifically. Google has a vested interest
in stopping those pesky ISPs from replacing Google's revenue-generating
ads with their own. I don't.

What exactly is it about mailman usernames and passwords that you are
trying to protect with HTTPS?

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180531/0ba9eae6/attachment.sig>

From gtaylor at tnetconsulting.net  Thu May 31 17:52:48 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 15:52:48 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <23fb75fc-ce2d-d298-f0b4-bfc2bdc371db@bmrb.wisc.edu>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
 <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>
 <61d908e3-d45a-8405-5b5d-04cbc8a9c947@spamtrap.tnetconsulting.net>
 <23fb75fc-ce2d-d298-f0b4-bfc2bdc371db@bmrb.wisc.edu>
Message-ID: <c4ceccc8-0afe-40eb-40aa-284b70613c8f@spamtrap.tnetconsulting.net>

On 05/31/2018 03:05 PM, Dimitri Maziuk wrote:
> What exactly is it about mailman usernames and passwords that you are 
> trying to protect with HTTPS?

I wasn't talking about Mailman usernames (email addresses) and 
passwords.  I was talking about the usernames and passwords for Basic 
HTTP(S) authentication.  As in authenticating to the web server and 
having it control who can access the Mailman Web UI.

There's always the fact that HTTPS (SSL/TLS) protects both sets of 
credentials.

I was replying to the original poster, Michael P., suggesting that 
HTTP(S)'s Basic Authentication can be used to protect the Mailman Web UI.



-- 
Grant. . . .
unix || die


From dmaziuk at bmrb.wisc.edu  Thu May 31 20:02:18 2018
From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk)
Date: Thu, 31 May 2018 19:02:18 -0500
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <c4ceccc8-0afe-40eb-40aa-284b70613c8f@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b0affb1d-ff50-7622-4323-d59bfea0177a@spamtrap.tnetconsulting.net>
 <639acb50-2745-15c1-de0b-9ac87d348d5b@bmrb.wisc.edu>
 <61d908e3-d45a-8405-5b5d-04cbc8a9c947@spamtrap.tnetconsulting.net>
 <23fb75fc-ce2d-d298-f0b4-bfc2bdc371db@bmrb.wisc.edu>
 <c4ceccc8-0afe-40eb-40aa-284b70613c8f@spamtrap.tnetconsulting.net>
Message-ID: <8e4d2fe9-decd-4819-f8a9-e47122abaa94@bmrb.wisc.edu>

On 05/31/2018 04:52 PM, Grant Taylor via Mailman-Users wrote:
> On 05/31/2018 03:05 PM, Dimitri Maziuk wrote:
>> What exactly is it about mailman usernames and passwords that you are
>> trying to protect with HTTPS?
> 
> I wasn't talking about Mailman usernames (email addresses) and
> passwords.? I was talking about the usernames and passwords for Basic
> HTTP(S) authentication.? As in authenticating to the web server and
> having it control who can access the Mailman Web UI.

Ah, sorry, I didn't realize you propose to protect subscriber's username
and password by requiring a second username and password to get to them.
Moving along now.

-- 
Dimitri Maziuk
Programmer/sysadmin
BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 190 bytes
Desc: OpenPGP digital signature
URL: <http://mail.python.org/pipermail/mailman-users/attachments/20180531/327f1b9f/attachment-0001.sig>

From suporte at aprendendolinux.com  Thu May 31 20:20:34 2018
From: suporte at aprendendolinux.com (Henrique Fagundes)
Date: Thu, 31 May 2018 21:20:34 -0300
Subject: [Mailman-Users] Server joining the CBL blacklist every day!
Message-ID: <04d5e7b5-0d8c-b8e4-b4e4-f0923c9f16e1@aprendendolinux.com>

Dear,

Sorry if the text is difficult to understand. I am Brazilian and I do 
not have many English language skills.

I'm just sending this email for information.

There we have I was not able to send emails from my server to some 
domains [especially those linked to Microsoft (hotmail.como, msn.com, 
outlook.com, etc.)].

Then I realized that the IP of my server was listed in the CBL blacklist.

I realized that one of the sites hosted on this server (which is also a 
Web server) was infected by malware that was connecting all the time to 
IP 192.42.116.41 (port 80 and 443).

This infection comes from Wordpress. One of my hosting clients used an 
obsolete version of the Wordpress platform and was eventually hit.

Details here:
https://consultalinux.org/blog/ler_post.php?category=linux&id=129

Almost every source on his site had been encrypted.
Fortunately, the server automatically backs up the database every day. 
Just delete the old WP, ??install the new upload dump of the DB.

After I resolved the problem, the IP was no longer listed.

Regards,

Henrique Fagundes
suporte at aprendendolinux.com
Skype: magnata-br-rj
Linux User: 475399

https://www.aprendendolinux.com
https://www.facebook.com/AprendendoLinux
https://youtube.com/AprendendoLinux
https://twitter.com/AprendendoLinux
https://telegram.me/AprendendoLinux
______________________________________________________________________
Participe do Grupo Aprendendo Linux
https://listas.aprendendolinux.com/listinfo/aprendendolinux

Ou envie um e-mail para:
aprendendolinux-subscribe at listas.aprendendolinux.com



From incoming-pythonlists at rjl.com  Thu May 31 20:37:46 2018
From: incoming-pythonlists at rjl.com (incoming-pythonlists at rjl.com)
Date: Thu, 31 May 2018 17:37:46 -0700
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
 <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
 <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>
Message-ID: <99e121f6-e399-f9ec-e3ad-ab746bf05bb8@rjl.com>

On 05/31/2018 11:25 AM, Grant Taylor via Mailman-Users wrote:
> I feel like I'm missing something and as such have some questions.
>
> On 05/31/2018 11:42 AM, incoming-pythonlists at rjl.com wrote:
>> Depending on where your users are coming from, it might be easier to
>> limit access to the GUI using a firewall.
>
> Why are you using a firewall instead of leveraging the web server's
> ability to filter by IP?

Both are valid alternatives.? There may be performance advantages, to
stopping attacks at the firewall level instead of higher up in the
application stack.

>
>> What I do, is to run the mailman GUI on a non-standard https port.
>
> Okay.? (Additional) security through obscurity.? Sure.? I do similar
> with various things.

No, this is not security through obscurity.? It runs on a different port
so I can add firewall rules that effect only mailman service and not
other web applications.

>
>> I then create webserver URL rewrites that redirect url access to that
>> port.
>
> Why?? I feel like this voids hiding the Mailman Web UI on an alternate
> port?

I need to give my users a url that they can easily remember.? It's too
complex to have to give them urls with port numbers in them, and since
this is not security through obscurity, it is not a problem.

>
>> I use my firewall (IPTABLES), to control who can access the GUI.? If
>> all of your users come from a LAN inside an office, you can easily
>> restrict access to only those on the LAN.
>
> Or is this purely so that you can protect the Mailman Web UI via the
> firewall without impacting other web resources running on the default
> ports?

yes

>
>> I've also used thing like GEOIP, and other tools to limit access to
>> specific countries or specific geographic areas or specific service
>> providers.? Alot of attacks come from outside countries and limiting
>> access substantially reduces attacks on my servers.
>
> I've not messed with GeoIP filters in a long time.? I don't know how
> IPTables' GoIP feature set compares with Apache's / Nginx's GeoIP
> feature set.

There are many ways to implement the same thing.? Before there were
modules in the kernel for this, I simply pulled lists of address blocks
out of databases and incorporated them into my IPtables lists.? There
are better tools to do this today.
>
>> You could also require users to use a VPN or fwknop in order to access
>> the GUI.? This is easy if your users already access your site over a
>> VPN.
>
> I can see a VPN for corporate users.? I think it's a high bar for most
> public mailing lists.? Maybe not for the (few) administrator(s).
>
> I feel like port knocking is a REALLY HIGH BAR for most public mailing
> lists.

It was unclear from the OPs initial posting whether it was a private or
a public mailing list.? What I describe here probably would not be
appropriate for a public list and the best solution there is probably to
upgrade to mailman 3 if they need a more secure interface that is wide
open to the public.? VPN and/or fwknop (which is primarily SPA though
the older port knocking is still supported) are more suitable if you
have a private list where user membership must be approved anyway and
your moderators and admins might use these tools to have access to
mailman, but the web GUI would be blocked from public access.

Certainly adding web server based username authentication sounds pretty
cumbersome to me because users would have to login twice, though from a
security standpoint it would help protect from vulnerabilities in the
mailman web GUI.

There's no one answer to solving these problems.? I'm only sharing ideas
that have worked for me.? The less of the public Internet that can apply
brute force attacks on your web interface, the less likely you are to
have a compromise.? Also, the less junk in your log files, the easier it
is to monitor the logs.

I plan to go to mailman 3, but in the meantime I have minimal issues
with attacks on my mailman GUI.? Maybe not the perfect solution for
everyone, but it is effective.

Nataraj

>
>
>
>
>
>
> ------------------------------------------------------
> Mailman-Users mailing list Mailman-Users at python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/incoming-pythonlists%40rjl.com



From gtaylor at tnetconsulting.net  Thu May 31 21:24:48 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 19:24:48 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <99e121f6-e399-f9ec-e3ad-ab746bf05bb8@rjl.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
 <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
 <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>
 <99e121f6-e399-f9ec-e3ad-ab746bf05bb8@rjl.com>
Message-ID: <15e0f57a-b52e-bf58-8872-a7a81f8850fd@spamtrap.tnetconsulting.net>

On 05/31/2018 06:37 PM, incoming-pythonlists at rjl.com wrote:
> Both are valid alternatives.  There may be performance advantages, 
> to stopping attacks at the firewall level instead of higher up in the 
> application stack.

Agreed, on both accounts.

Firewalls also have a tendency to protect multiple machines, not just 
one. (I'm referring to network appliance type firewalls, not host based.)

> No, this is not security through obscurity.  It runs on a different 
> port so I can add firewall rules that effect only mailman service and 
> not other web applications.

Fair enough.

> I need to give my users a url that they can easily remember.  It's too 
> complex to have to give them urls with port numbers in them, and since 
> this is not security through obscurity, it is not a problem.

Fair.

> yes

*nod*

> There are many ways to implement the same thing.  Before there were 
> modules in the kernel for this, I simply pulled lists of address blocks 
> out of databases and incorporated them into my IPtables lists.  There are 
> better tools to do this today.

ACK

I'm curious, did you use IPSets or just a rule per network / IP?

> It was unclear from the OPs initial posting whether it was a private 
> or a public mailing list.  What I describe here probably would not be 
> appropriate for a public list and the best solution there is probably to 
> upgrade to mailman 3 if they need a more secure interface that is wide 
> open to the public.  VPN and/or fwknop (which is primarily SPA though the 
> older port knocking is still supported) are more suitable if you have 
> a private list where user membership must be approved anyway and your 
> moderators and admins might use these tools to have access to mailman, 
> but the web GUI would be blocked from public access.
> 
> Certainly adding web server based username authentication sounds pretty 
> cumbersome to me because users would have to login twice,

Maybe, maybe not.

I've seen applications that can re-use the web server's authentication 
mechanism.  This would likely be a code change to Mailman.  (I have no 
idea how big.)

> though from a security standpoint it would help protect from 
> vulnerabilities in the mailman web GUI.

;-)

> There's no one answer to solving these problems.  I'm only sharing 
> ideas that have worked for me.  The less of the public Internet that 
> can apply brute force attacks on your web interface, the less likely 
> you are to have a compromise.  Also, the less junk in your log files, 
> the easier it is to monitor the logs.

Nope.  Hence my interest in what others have done and why the did it. 
I'm always interested in observing and hopefully learning.

> I plan to go to mailman 3, but in the meantime I have minimal issues with 
> attacks on my mailman GUI.  Maybe not the perfect solution for everyone, 
> but it is effective.

If it does what you need it to and you feel comfortable maintaining it, 
then more power to you.



-- 
Grant. . . .
unix || die

From incoming-pythonlists at rjl.com  Thu May 31 23:33:53 2018
From: incoming-pythonlists at rjl.com (incoming-pythonlists at rjl.com)
Date: Thu, 31 May 2018 20:33:53 -0700
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <15e0f57a-b52e-bf58-8872-a7a81f8850fd@spamtrap.tnetconsulting.net>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
 <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
 <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>
 <99e121f6-e399-f9ec-e3ad-ab746bf05bb8@rjl.com>
 <15e0f57a-b52e-bf58-8872-a7a81f8850fd@spamtrap.tnetconsulting.net>
Message-ID: <71d69a34-dc49-1c0f-da25-8e6f173dd490@rjl.com>

On 05/31/2018 06:24 PM, Grant Taylor via Mailman-Users wrote:
>
>> There are many ways to implement the same thing.? Before there were
>> modules in the kernel for this, I simply pulled lists of address
>> blocks out of databases and incorporated them into my IPtables
>> lists.? There are better tools to do this today.
>
> ACK
>
> I'm curious, did you use IPSets or just a rule per network / IP?

I wrote scripts that read the list and generated a rule per network.? It
can be slow, but has worked reliably for many years.? Since it is a
mailserver, performance has not been a big issue.? I am in the process
of designing a replacement.? If you enter your list of networks? as a
separate iptables list, then you only need to call that list when the
traffic is on the relevant port(s), so you avoid traversing the list for
other services.

Nataraj



From gtaylor at tnetconsulting.net  Thu May 31 23:47:24 2018
From: gtaylor at tnetconsulting.net (Grant Taylor)
Date: Thu, 31 May 2018 21:47:24 -0600
Subject: [Mailman-Users] How do I run 2.x mailman more securely?
In-Reply-To: <71d69a34-dc49-1c0f-da25-8e6f173dd490@rjl.com>
References: <952f37fede02442e9bf91eae58ae30de@ASGEXCPWP05.ga.com>
 <b00d7679-5cc8-4e91-dd0e-d8b1d041f397@tuunq.com>
 <f690f665-44bb-8d83-c849-ae8a70fa5069@msapiro.net>
 <79922a22-a1bb-e23b-2f43-8aa72d405c33@rjl.com>
 <e686734f-4eba-2de1-6a98-11309b3829f0@spamtrap.tnetconsulting.net>
 <99e121f6-e399-f9ec-e3ad-ab746bf05bb8@rjl.com>
 <15e0f57a-b52e-bf58-8872-a7a81f8850fd@spamtrap.tnetconsulting.net>
 <71d69a34-dc49-1c0f-da25-8e6f173dd490@rjl.com>
Message-ID: <f3a82326-46c7-0d10-e852-6eb2af18da66@spamtrap.tnetconsulting.net>

On 05/31/2018 09:33 PM, incoming-pythonlists at rjl.com wrote:
> I wrote scripts that read the list and generated a rule per network. 
> It can be slow, but has worked reliably for many years.  Since it is a 
> mailserver, performance has not been a big issue.  I am in the process 
> of designing a replacement.  If you enter your list of networks  as a 
> separate iptables list, then you only need to call that list when the 
> traffic is on the relevant port(s), so you avoid traversing the list 
> for other services.

*nod*

Thank you for sharing.

I've done something similar with IPSets and recently using routing with 
reverse path filtering.

I've found all of the above to be quite effective.



-- 
Grant. . . .
unix || die

From ruediger at stura.uni-heidelberg.de  Thu May 31 10:46:47 2018
From: ruediger at stura.uni-heidelberg.de (=?UTF-8?Q?R=c3=bcdiger_Wolf?=)
Date: Thu, 31 May 2018 16:46:47 +0200
Subject: [Mailman-Users] Problems Erasing Subscribe Spam
Message-ID: <51323a6b-4953-7aeb-93e5-341d9cc89b11@stura.uni-heidelberg.de>

We're currently dealing with some Subscribe Spam. Dealing with it, I 
encountered a problem I need help with:

I used Mark's scrip list_pending 
(https://www.msapiro.net/scripts/list_pending) to find out how many 
Subscriptions we got and which adresses were used. I iterated over all 
lists I got from list_lists --bare and took just the ones with "type: 
S". Turns out we got 66608 subscriptions from 66560 different adresses. 
Luckily, they all match the regex \w*\+\w*@gmail\.com, so I tried to 
wipe the mess whith another script of Mark, erase 
(https://www.msapiro.net/scripts/erase).

It works nicely for a bunch of lists, but I don't get why it doesn't 
work with all of them. Looking more closely I found in 
/var/lib/mailman/lists/<listname> the pending.pck file the script is 
operating on.

Does someone have an idea why it might not work for all lists?

Regards, Ruediger