From odhiambo at gmail.com Tue Apr 2 12:55:47 2019 From: odhiambo at gmail.com (Odhiambo Washington) Date: Tue, 2 Apr 2019 19:55:47 +0300 Subject: [Mailman-Users] Strange behavior with Outlook+Exchange Message-ID: I have a client who is facing a problem unseen before. She's been using MS Outlook to send mail to a Newsletter managed by Mailman. It's all been good, using Approved:Password as the very first line to send her newsletters using Outlook - until we added an Exchange account. Now, when she sends the Newsletter, the below error is returned and the message rejected by Mailman: -----Original Message----- From: Newsletter [mailto:listname-bounces at lists.domain.name] On Behalf Of listname-owner at lists.domain.name Sent: Tuesday, April 02, 2019 6:48 PM To: Jane Doe Subject: Monthly Newsletter Message rejected. It appears that this message contains an HTML part with the Approved: password line, but due to the way it is coded in the HTML it can't be safely removed. ----- End Original Message---- I am debating with myself whether it is necessary to adjust any changes related to message composition within Outlook, or make a change within Mailman config to accommodate the issue. -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) From mark at msapiro.net Thu Apr 4 18:15:51 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 4 Apr 2019 15:15:51 -0700 Subject: [Mailman-Users] Strange behavior with Outlook+Exchange In-Reply-To: References: Message-ID: <1b940c2a-dded-8ef2-58a7-181179e57321@msapiro.net> On 4/2/19 9:55 AM, Odhiambo Washington wrote: > I have a client who is facing a problem unseen before. > She's been using MS Outlook to send mail to a Newsletter managed by Mailman. > > It's all been good, using Approved:Password as the very first line to send > her newsletters using Outlook - until we added an Exchange account. > Now, when she sends the Newsletter, the below error is returned and the > message rejected by Mailman: > > -----Original Message----- > From: Newsletter [mailto:listname-bounces at lists.domain.name] On Behalf Of > listname-owner at lists.domain.name > Sent: Tuesday, April 02, 2019 6:48 PM > To: Jane Doe > Subject: Monthly Newsletter > > Message rejected. > It appears that this message contains an HTML part with the > Approved: password line, but due to the way it is coded in the HTML it > can't be safely removed. > ----- End Original Message---- The best way to handle this is to use a real Approved: header rather than a "pseudo-header" as the first body line, but I recognize that many MUAs make it difficult or impossible to do that. If the "Approved: password" line is the first body line of the first text/plain part, Mailman remove it and will attempt to remove it from all other text/* parts using the regexp Approved:(\xA0|\s| )*password If that regexp matches in the text/* part the matching text is removed. If the regexp doesn't match, but does match after stripping all html tags and ignoring line breaks, we conclude we can't remove the match without seriously mangling the text, so we reject the post as above rather than leak the password to the list. > I am debating with myself whether it is necessary to adjust any changes > related to message composition within Outlook, or make a change > within Mailman config to accommodate the issue. A possible Mailman config change is to adjust the list settings so a post without the Approved: header is held. Then post and approve the held post. Depending on how many "non-approved" held posts would result from this, it might be viable, albeit more cumbersome than pre-approval. The message composition changes that would be effective are: 1) Use a real header instead of the first body line, or 2) Compose the message as plain text only rather than multipart/alternative, or 3) Examine the actual message HTML part to see why the pattern can't be removed and possibly alter that. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From donnerland at aol.com Fri Apr 5 13:59:39 2019 From: donnerland at aol.com (Valentin Schwarze) Date: Fri, 5 Apr 2019 17:59:39 +0000 (UTC) Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> Message-ID: <946810895.17340302.1554487179093@mail.yahoo.com> Hello, I am the administrator of some mailman lists of the student self-administration of our university. We happend to have some spam issues on our mailman lists. These spammers were able to send emails on our lists through mail spoofing (only faking the From: field in the header is sufficient to get accepted). With a faked sender email adress, which was in accept_these_nonmembers of the list, they were to send spam mails on the lists. Are there any settings that we as administrators of the list could change to end that behavior? For example, is it possible in any way, that Mailman only accepts emails that passed a SPF check? Or any other option to prevent email with forged sender adresses to be distributed through the mailman list? It would be great, if someone knows a solution to that? problem! Cheers, Valentin PS: Used Mailman Version is?2.1.18 From mark at msapiro.net Fri Apr 5 22:08:27 2019 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 5 Apr 2019 19:08:27 -0700 Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) In-Reply-To: <946810895.17340302.1554487179093@mail.yahoo.com> References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> <946810895.17340302.1554487179093@mail.yahoo.com> Message-ID: <6b228e47-dbe3-4205-04a2-642a5fe793c2@msapiro.net> On 4/5/19 10:59 AM, Valentin Schwarze via Mailman-Users wrote: > > I am the administrator of some mailman lists of the student self-administration of our university. We happend to have some spam issues on our mailman lists. These spammers were able to send emails on our lists through mail spoofing (only faking the From: field in the header is sufficient to get accepted). With a faked sender email adress, which was in accept_these_nonmembers of the list, they were to send spam mails on the lists. > > Are there any settings that we as administrators of the list could change to end that behavior? For example, is it possible in any way, that Mailman only accepts emails that passed a SPF check? Or any other option to prevent email with forged sender adresses to be distributed through the mailman list? These kinds of tests are better implemented in the incoming MTA before the mail ever gets to Mailman. Mailman itself, without code modification or implementation of a custom handler (see ), has no way to check things like SPF. You can use Privacy options... -> Spam filters -> header_filter_rules to take various actions based on regexp matches against message headers. This can be useful if you can identify things that separate the spam from the ham. Also, if you want to do certain tests in the MTA, but not reject the mail at SMTP time, you can have the MTA add a header which is checked by header_filter_rules. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From cpz at tuunq.com Fri Apr 5 22:11:29 2019 From: cpz at tuunq.com (Carl Zwanzig) Date: Fri, 5 Apr 2019 19:11:29 -0700 Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) In-Reply-To: <946810895.17340302.1554487179093@mail.yahoo.com> References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> <946810895.17340302.1554487179093@mail.yahoo.com> Message-ID: <82d72a26-b78f-c4cd-b8e3-b21e1b3c33f4@tuunq.com> On 4/5/2019 10:59 AM, Valentin Schwarze via Mailman-Users wrote: > We happend to have some spam > issues on our mailman lists. These spammers were able to send emails on > our lists through mail spoofing (only faking the From: field in the > header is sufficient to get accepted). Do you have any mail/virus scanning in the pipeline before mailman? They're usually better tools for the job. > PS: Used Mailman Version is?2.1.18 Consider upgrading to the current version, too. (Looks like Mark just posted about this, too.) z! From gtaylor at tnetconsulting.net Fri Apr 5 23:35:02 2019 From: gtaylor at tnetconsulting.net (Grant Taylor) Date: Fri, 5 Apr 2019 21:35:02 -0600 Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) In-Reply-To: <946810895.17340302.1554487179093@mail.yahoo.com> References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> <946810895.17340302.1554487179093@mail.yahoo.com> Message-ID: On 4/5/19 11:59 AM, Valentin Schwarze via Mailman-Users wrote: > Are there any settings that we as administrators of the list could > change to end that behavior? For example, is it possible in any way, > that Mailman only accepts emails that passed a SPF check? Or any other > option to prevent email with forged sender adresses to be distributed > through the mailman list? As Mark and Carl have stated, you are better off implementing email hygiene in your MTA and only passing clean messages to Mailman. Note: SPF by itself won't do anything to protect against From: header spoofing. I would suggest that you also look into DKIM and particularly DMARC filtering. -- Grant. . . . unix || die -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4008 bytes Desc: S/MIME Cryptographic Signature URL: From turnbull.stephen.fw at u.tsukuba.ac.jp Sat Apr 6 20:09:38 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Sun, 7 Apr 2019 09:09:38 +0900 Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) In-Reply-To: References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> <946810895.17340302.1554487179093@mail.yahoo.com> Message-ID: <23721.16322.604456.143740@turnbull.sk.tsukuba.ac.jp> Grant Taylor via Mailman-Users writes: > Note: SPF by itself won't do anything to protect against From: header > spoofing. Sure, but if configured correctly, it gives you exactly the information you need. The problem with SPF is that a lot of header spoofing is legitimate (at least from the point of view of the sender). For example, using your school address as From on your Gmail account. > I would suggest that you also look into DKIM and particularly DMARC > filtering. These don't help with the fundamental problem of host-based sender authentication. You still need to use a school MTA to send mail with your school address, and that often sucks from the point of view of the users. If Valentin is willing to enforce that (in my experience, pretty draconian) restriction, SPF is good enough for the application at hand, DKIM is more robust against many kinds of forwarding. DMARC policy (other than "none") is likely a disaster in an educational setting. Steve From turnbull.stephen.fw at u.tsukuba.ac.jp Sat Apr 6 20:11:12 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Sun, 7 Apr 2019 09:11:12 +0900 Subject: [Mailman-Users] Spam / Email Spoofing Problem (SPF check possible?) In-Reply-To: <946810895.17340302.1554487179093@mail.yahoo.com> References: <946810895.17340302.1554487179093.ref@mail.yahoo.com> <946810895.17340302.1554487179093@mail.yahoo.com> Message-ID: <23721.16416.194609.439905@turnbull.sk.tsukuba.ac.jp> Valentin Schwarze via Mailman-Users writes: > I am the administrator of some mailman lists of the student > self-administration of our university. We happend to have some spam > issues on our mailman lists. These spammers were able to send > emails on our lists through mail spoofing (only faking the From: > field in the header is sufficient to get accepted). With a faked > sender email adress, which was in accept_these_nonmembers of the > list, they were to send spam mails on the lists. It is helpful if you tell us more about the mail flows you *want* to go to the lists. For example, perhaps these addresses are in accept_these_nonmembers because the lists are one-way, going from a small number of allowed posters (eg, committee chairpersons) to the subscribers (eg, committee members). In that case it would be possible to give the allowed posters a password, which is included a line of the form "Approved: PASSWORD", either in the message header, or as the very first line of the message, which Mailman will remove before distributing. (The message header method is preferred, because many clients produce HTML which makes it unreliable to remove the Approved line. This isn't a problem in the header. But many users may not know how to add such a line to their header.) This method can be very effective, depending on the list configutation and the sophistication of the allowed posters. If the list configuration is different, there may be other ways. The only generic way to prevent spam is full-on content and source filtering based on known features of spam and known spam sources. Host-based authentication (SPF and DKIM) may be a solution depending on your users' habits, but as others have pointed out, these are best done in the MTA before passing the post to Mailman. Steve From bryan at skiblack.com Wed Apr 10 11:06:28 2019 From: bryan at skiblack.com (Bryan Blackwell) Date: Wed, 10 Apr 2019 11:06:28 -0400 Subject: [Mailman-Users] Systemctl unit file for MM Message-ID: Hi folks, I'm learning how to use systemd on my Fedora box, since I still had MM as a script startup I thought I'd fix that. Below is a unit file, it starts and stops ok but the rm command doesn't work. Comments welcome. [Unit] Description=Mailman, the GNU Mailing List Manager After=local-fs.target postfix.service [Service] Type=forking ExecStartPre=/bin/rm -f /home/mailman/locks/* ExecStart=/usr/bin/python /home/mailman/bin/mailmanctl -s -q start ExecReload=/usr/bin/python /home/mailman/bin/mailmanctl -q restart ExecStop=/usr/bin/python /home/mailman/bin/mailmanctl -q stop [Install] WantedBy=multi-user.target -- Bryan Blackwell -- Unix Systems Engineer bryan at skiblack.com From mgoebel at emich.edu Wed Apr 10 11:36:24 2019 From: mgoebel at emich.edu (Matthew Goebel) Date: Wed, 10 Apr 2019 11:36:24 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? Message-ID: Hey, Now that all support for Python 2 is supposed to go away in 2020 are people going to move off of mailman 2? I've been looking at mailman 3 and finding it hard to grok after using mailman 2 for many years. I haven't seen a discussion about this so I thought I would check and see if people were willing to share their thoughts. I will be bugging the mailman 3 users list about some questions I have about that software. Thanks, Matt -- Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer From mark at msapiro.net Wed Apr 10 11:44:19 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 08:44:19 -0700 Subject: [Mailman-Users] Systemctl unit file for MM In-Reply-To: References: Message-ID: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> On 4/10/19 8:06 AM, Bryan Blackwell wrote: > Hi folks, > > I'm learning how to use systemd on my Fedora box, since I still had MM as a script startup I thought I'd fix that. Below is a unit file, it starts and stops ok but the rm command doesn't work. Comments welcome. > > [Unit] > Description=Mailman, the GNU Mailing List Manager > After=local-fs.target postfix.service > > [Service] > Type=forking > ExecStartPre=/bin/rm -f /home/mailman/locks/* > ExecStart=/usr/bin/python /home/mailman/bin/mailmanctl -s -q start > ExecReload=/usr/bin/python /home/mailman/bin/mailmanctl -q restart > ExecStop=/usr/bin/python /home/mailman/bin/mailmanctl -q stop > > [Install] > WantedBy=multi-user.target You may want to add PIPFile=/home/mailman/data/master-qrunner.pid However, I don't think that's relevant to your issue. I don't know why the rm command doesn't work. How do you know it doesn't? But, in any case, I don't think it's a good idea. the -s in '/mailmanctl -s -q start' should suffice to clean any stale locks. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From cpz at tuunq.com Wed Apr 10 11:46:34 2019 From: cpz at tuunq.com (Carl Zwanzig) Date: Wed, 10 Apr 2019 08:46:34 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: Message-ID: <77f36901-e62f-17b6-782f-3d2423b3fc81@tuunq.com> On 4/10/2019 8:36 AM, Matthew Goebel wrote: > Now that all support for Python 2 is supposed to go away in 2020 are > people going to move > off of mailman 2? I've been looking at mailman 3 and finding it hard to > grok after using > mailman 2 for many years. I haven't seen a discussion about this so I > thought I would > check and see if people were willing to share their thoughts. Well... for the few and small lists I run, MM3 is a sledgehammer driving carpet tacks. I'll probably continue with MM2 until either it's ported to python3 or I stop running these lists. (Then, I also drive a 18 year old car because it still works.) Later, z! From mark at msapiro.net Wed Apr 10 12:25:37 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 09:25:37 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: Message-ID: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> On 4/10/19 8:36 AM, Matthew Goebel wrote: > > Now that all support for Python 2 is supposed to go away in 2020 are > people going to move > off of mailman 2? I've been looking at mailman 3 and finding it hard to > grok after using > mailman 2 for many years. I haven't seen a discussion about this so I > thought I would > check and see if people were willing to share their thoughts. Coincidentally, I was asked off list just yesterday > Could you share > how long in months/years can we expect to continue to have Mailman 2.x > patches/updates without having to move up to version 3.x? My answer was: ------------------------------ Official Mailman 2.1 support should have been abandoned before now, but I am compulsive about a lot of things, and it is difficult for me to ignore bug reports. Consider that Mailman 2.1 is implemented in Python 2 and see . I can't answer your question with an actual time frame. 1) I could get hit by a bus tomorrow. 2) I'm 77 years old and in good health, but I won't live forever. 3) Something in between. Of course, as long as you are running on a platform that supports Python 2.7, you can continue to use Mailman 2.1, and if it works today, it will probably still work tomorrow. But some time this year, I will release Mailman 2.1.30 and that may well be the last official release. On the other hand, my work on Mailman 2.1 is in large part driven by the community, so we'll have to see. ------------------------------ Some of the @python.org lists (not this one yet) have been migrated to Mailman 3 and new lists are Mailman 3. There are already 73 Mailman 3 lists @python.org (there are still 313 MM 2.1 lists). Some of my bicycling club's lists have been migrated and there is one that was MM 3 from the start, but there are two that are still MM 2.1 because of ancillary processes that are blocking the migration. Also, there are MM 2.1 features not yet supported in MM 3. I miss regular_exclude_lists and the ability to 'invite' members. There are also settings that are in MM 3 core, but not yet exposed in Postorius which makes some things difficult for list admins who don't have shell access to the server. These things will come, but we are a small team and most of us have a $dayjob. We welcome help. Check out our trackers at , and if you can submit merge requests, that would be great. The path forward is to increase the community of MM 3 users which will result in more people contributing to the project and faster progress. Of course, I'm in a unique position as both a MM 3 developer and essentially the last person supporting the official MM 2.1 branch, so it would be interesting to get other people's views on this. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Apr 10 12:29:17 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 09:29:17 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <77f36901-e62f-17b6-782f-3d2423b3fc81@tuunq.com> References: <77f36901-e62f-17b6-782f-3d2423b3fc81@tuunq.com> Message-ID: On 4/10/19 8:46 AM, Carl Zwanzig wrote: > > I'll probably continue with MM2 until either it's ported > to python3 or I stop running these lists. The GNU Mailman project will never port Mailman 2.1 to Python 3. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From turnbull.stephen.fw at u.tsukuba.ac.jp Wed Apr 10 12:32:26 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Thu, 11 Apr 2019 01:32:26 +0900 Subject: [Mailman-Users] Systemctl unit file for MM In-Reply-To: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> References: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> Message-ID: <23726.6810.790252.533869@turnbull.sk.tsukuba.ac.jp> Mark Sapiro writes: > You may want to add > > PIPFile=/home/mailman/data/master-qrunner.pid should that variable be PIDFile? From bryan at skiblack.com Wed Apr 10 12:40:20 2019 From: bryan at skiblack.com (Bryan Blackwell) Date: Wed, 10 Apr 2019 12:40:20 -0400 Subject: [Mailman-Users] Systemctl unit file for MM In-Reply-To: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> References: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> Message-ID: <481F1AA5-0762-4FA8-AB7B-61FC27AA7617@skiblack.com> On Apr 10, 2019, at 11:44 AM, Mark Sapiro wrote: > > You may want to add > > PIPFile=/home/mailman/data/master-qrunner.pid Ok, thanks, will do. > > However, I don't think that's relevant to your issue. I don't know why > the rm command doesn't work. How do you know it doesn't? I touched a test file in the locks directory and it was still there after starting MM. I found the solution after further searching (on an archived systemd-devel mailing list post, of course): >> ExecStart does not go through a shell, so it won't expand wildcards. >> Try running 'find /dir -mindepth 1 -delete', that also cleans up dotdirs. >> Alternatively 'sh -c "rm .../*" to handle wildcards. Problem solved! --Bryan From mark at msapiro.net Wed Apr 10 12:41:20 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 09:41:20 -0700 Subject: [Mailman-Users] Systemctl unit file for MM In-Reply-To: <23726.6810.790252.533869@turnbull.sk.tsukuba.ac.jp> References: <51bb0238-f25b-1f6d-72aa-674892d0ae14@msapiro.net> <23726.6810.790252.533869@turnbull.sk.tsukuba.ac.jp> Message-ID: <940dca5a-c8a0-4cf2-401d-b0985783d64d@msapiro.net> On 4/10/19 9:32 AM, Stephen J. Turnbull wrote: > Mark Sapiro writes: > > > You may want to add > > > > PIPFile=/home/mailman/data/master-qrunner.pid > > should that variable be PIDFile? Absolutely yes. Thanks Steve. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dmaziuk at bmrb.wisc.edu Wed Apr 10 13:38:34 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Wed, 10 Apr 2019 12:38:34 -0500 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: Message-ID: On 4/10/19 10:36 AM, Matthew Goebel wrote: > Hey, > > Now that all support for Python 2 is supposed to go away in 2020 are > people going to move off of mailman 2? How much support for python 2 have you been getting until now, and why do you believe you will need it in the future? -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From sean at rogue-research.com Wed Apr 10 13:49:20 2019 From: sean at rogue-research.com (Sean McBride) Date: Wed, 10 Apr 2019 13:49:20 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: Message-ID: <20190410174920.428842065@mail.rogue-research.com> On Wed, 10 Apr 2019 12:38:34 -0500, Dimitri Maziuk via Mailman-Users said: >> Now that all support for Python 2 is supposed to go away in 2020 are >> people going to move off of mailman 2? > >How much support for python 2 have you been getting until now, and why >do you believe you will need it in the future? Fixes to security vulnerabilities basically. If/when some new one is found after 2020, you're screwed. Sean From dmaziuk at bmrb.wisc.edu Wed Apr 10 14:36:59 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Wed, 10 Apr 2019 13:36:59 -0500 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <20190410174920.428842065@mail.rogue-research.com> References: <20190410174920.428842065@mail.rogue-research.com> Message-ID: On 4/10/19 12:49 PM, Sean McBride wrote: > On Wed, 10 Apr 2019 12:38:34 -0500, Dimitri Maziuk via Mailman-Users said: > >> How much support for python 2 have you been getting until now, and why >> do you believe you will need it in the future? > > Fixes to security vulnerabilities basically. If/when some new one is found after 2020, you're screwed. Screwed how, exactly? With a properly sandboxed application your security vulnerability has to be a) exploitable through that application and b) able to break out of the sandbox and wreak havoc to your host system. It's all perfectly possible in theory but really, do a basic risk analysis before jumping on the knee-jerk security bandwagon. (That said, given the history of python, my question would be if there are any plans to port MM2 to golang or maybe gnat.) -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From cpz at tuunq.com Wed Apr 10 15:08:53 2019 From: cpz at tuunq.com (Carl Zwanzig) Date: Wed, 10 Apr 2019 12:08:53 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: <20190410174920.428842065@mail.rogue-research.com> Message-ID: <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> On 4/10/2019 11:36 AM, Dimitri Maziuk via Mailman-Users wrote: > With a properly sandboxed application your security vulnerability has to > be a) exploitable through that application and b) able to break out of > the sandbox and wreak havoc to your host system. Exactly. > (That said, given the history of python, my question would be if there > are any plans to port MM2 to golang or maybe gnat.) Or rust, or python3 (which might be the easiest). I'm not sufficiently up on the python differences, but..... it can't be -that- difficult..... (and aren't there tools to assist? some code claims to be both v2 and v3 compatible) (gnat? that's really ada, isn't it?) The main thing is that from appearances MM3 is large enterprise-grade list manager, but many of us don't need that, we need something for a few (<100?) lists with a few (<500?) members. I can run that on a small BSD box; spinning up django, sass, (docker?), and whatever else is overkill for the purpose and adds to the maintenance load. Heck, with MM2 I'd dump apache for a simpler server if it wasn't already set up. Maybe there's a place for a community-driven port of MM2 onto python3. I am not volunteering, too many other projects currently. Later, z! From sean at rogue-research.com Wed Apr 10 15:26:28 2019 From: sean at rogue-research.com (Sean McBride) Date: Wed, 10 Apr 2019 15:26:28 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: <20190410174920.428842065@mail.rogue-research.com> Message-ID: <20190410192628.2011467548@mail.rogue-research.com> On Wed, 10 Apr 2019 13:36:59 -0500, Dimitri Maziuk via Mailman-Users said: >On 4/10/19 12:49 PM, Sean McBride wrote: >> On Wed, 10 Apr 2019 12:38:34 -0500, Dimitri Maziuk via Mailman-Users said: >> >>> How much support for python 2 have you been getting until now, and why >>> do you believe you will need it in the future? >> >> Fixes to security vulnerabilities basically. If/when some new one is >found after 2020, you're screwed. > >Screwed how, exactly? In the way you described (below). >With a properly sandboxed application your security vulnerability has to >be a) exploitable through that application and b) able to break out of >the sandbox and wreak havoc to your host system. > >It's all perfectly possible in theory but really, do a basic risk >analysis before jumping on the knee-jerk security bandwagon. Agreed. But should it happen, there'll be no patches to python2 forthcoming. Sean From addw at phcomp.co.uk Wed Apr 10 15:31:53 2019 From: addw at phcomp.co.uk (Alain D D Williams) Date: Wed, 10 Apr 2019 20:31:53 +0100 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: References: Message-ID: <20190410193153.GD28484@phcomp.co.uk> On Wed, Apr 10, 2019 at 11:36:24AM -0400, Matthew Goebel wrote: > Now that all support for Python 2 is supposed to go away in 2020 are people > going to move off of mailman 2? Most of my mailman lists are run off a CentOS 6 box, have done for a long time, quite stable. CentOS 8 will (is expected to) be out later this year; when that happens I will upgrade the whole machine - before CentOS 6 EOLs. CentOS 8 will have the version of Python need to support MM3, so I will upgrade and copy over my lists at that point. I am expecting that there will be a few issues (there always are) but will give me some new abilities; based on quick browsing of the MM3 docs I will be able to keep rosta information in an SQL database rather than a Python pickle; this will let me do interesting things like easy interface with other subsystems. -- Alain Williams Linux/GNU Consultant - Mail systems, Web sites, Networking, Programmer, IT Lecturer. +44 (0) 787 668 0256 https://www.phcomp.co.uk/ Parliament Hill Computers Ltd. Registration Information: https://www.phcomp.co.uk/contact.php #include From mgoebel at emich.edu Wed Apr 10 16:08:29 2019 From: mgoebel at emich.edu (Matthew Goebel) Date: Wed, 10 Apr 2019 16:08:29 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <20190410192628.2011467548@mail.rogue-research.com> References: <20190410174920.428842065@mail.rogue-research.com> <20190410192628.2011467548@mail.rogue-research.com> Message-ID: I'm more worried another DMARC style debacle myself, more than a Python security issue, although that could be an issue. Thanks, Matt On Wed, Apr 10, 2019 at 3:29 PM Sean McBride wrote: > On Wed, 10 Apr 2019 13:36:59 -0500, Dimitri Maziuk via Mailman-Users said: > > >On 4/10/19 12:49 PM, Sean McBride wrote: > >> On Wed, 10 Apr 2019 12:38:34 -0500, Dimitri Maziuk via Mailman-Users > said: > >> > >>> How much support for python 2 have you been getting until now, and why > >>> do you believe you will need it in the future? > >> > >> Fixes to security vulnerabilities basically. If/when some new one is > >found after 2020, you're screwed. > > > >Screwed how, exactly? > > In the way you described (below). > > >With a properly sandboxed application your security vulnerability has to > >be a) exploitable through that application and b) able to break out of > >the sandbox and wreak havoc to your host system. > > > >It's all perfectly possible in theory but really, do a basic risk > >analysis before jumping on the knee-jerk security bandwagon. > > Agreed. But should it happen, there'll be no patches to python2 > forthcoming. > > Sean > > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/mgoebel%40emich.edu > -- Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer From dmaziuk at bmrb.wisc.edu Wed Apr 10 16:14:45 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Wed, 10 Apr 2019 15:14:45 -0500 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> References: <20190410174920.428842065@mail.rogue-research.com> <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> Message-ID: On 4/10/19 2:08 PM, Carl Zwanzig wrote: > Or rust, or python3 (which might be the easiest). I'm not sufficiently > up on the python differences, but..... it can't be -that- difficult..... > (and aren't there tools to assist? some code claims to be both v2 and v3 > compatible) (gnat? that's really ada, isn't it?) Python 3.4 is not compatible with python 3.6 is not compatible with python 3.7 -- there is not guarantee you won't have to do the same dance again and again every couple of years. Quite the opposite, in fact. Ada (yes) and Go's the stated goal is to be long-term stable. Something that basically isn't broken, like MM2, wouldn't need to be fixed "because 2020". > Maybe there's a place for a community-driven port of MM2 onto python3. I > am not volunteering, too many other projects currently. MM probably deals with strings a lot, and strings is exactly what they felt they needed to do differently in python 3... I'm sure there's other monsters there too. I suspect the practical answer may be as simple as replacing /usr/lib/mailman/mail/mailman with """ cat - | docker exec MM2_CONTAINTER /usr/lib/mailman/mail/mailman "$@" - """ and maybe when I get a round tuit for upgrading our mail server I'll give that a try... -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From jimpop at domainmail.org Wed Apr 10 17:53:11 2019 From: jimpop at domainmail.org (Jim Popovitch) Date: Wed, 10 Apr 2019 17:53:11 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> References: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> Message-ID: <1554933191.3074.1.camel@domainmail.org> On Wed, 2019-04-10 at 09:25 -0700, Mark Sapiro wrote: > > The path forward is to increase the community of MM 3 users which will > result in more people contributing to the project and faster progress. What Mailman things need assistance in MM3? I've avoided jumping in because honestly every time I looked it seemed like all the focus was everything but the email reflector bits. -Jim P. From mark at msapiro.net Wed Apr 10 18:27:45 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 15:27:45 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> References: <20190410174920.428842065@mail.rogue-research.com> <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> Message-ID: <59ae304c-190b-bace-48ba-7e94a7365513@msapiro.net> On 4/10/19 12:08 PM, Carl Zwanzig wrote: > > The main thing is that from appearances MM3 is large enterprise-grade > list manager, but many of us don't need that, we need something for a > few (<100?) lists with a few (<500?) members. I can run that on a small > BSD box; spinning up django, sass, (docker?), and whatever else is > overkill for the purpose and adds to the maintenance load. Heck, with > MM2 I'd dump apache for a simpler server if it wasn't already set up. Actually, it is possible to run Mailman 3 core without HyperKitty, Postorius, Django, et al. Management without the web UI is cumbersome, but doable for admins at least, and users can join and leave via email (remember Majordomo?). Also, coincidentally, was just posted and may be interesting. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Apr 10 19:03:35 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 16:03:35 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> References: <20190410174920.428842065@mail.rogue-research.com> <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> Message-ID: <19dd26ff-b471-e861-4455-3842e1d35952@msapiro.net> On 4/10/19 12:08 PM, Carl Zwanzig wrote: > > Maybe there's a place for a community-driven port of MM2 onto python3. I > am not volunteering, too many other projects currently. I think a much more productive use of the community's resources would be implementation of a light weight, non-Django web UI to be a layer between users and Mailman core, perhaps using mailman-client. Postorius and HyperKitty were never intended to be the only web UIs. They are examples. Of course, we knew that if people were actually going to adopt Mailman 3, we needed a web UI, so Postorius and HyperKitty are there, but they certainly don't preclude other approaches. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Apr 10 19:03:44 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 16:03:44 -0700 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <1554933191.3074.1.camel@domainmail.org> References: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> <1554933191.3074.1.camel@domainmail.org> Message-ID: <3253e41a-b36a-ceb5-add8-aa259cb185cf@msapiro.net> On 4/10/19 2:53 PM, Jim Popovitch via Mailman-Users wrote: > > What Mailman things need assistance in MM3? I've avoided jumping in because > honestly every time I looked it seemed like all the focus was everything but > the email reflector bits. There are (at the moment) 509 open issues at and 232 of those involve Mailman core There probably aren't a lot of issues bearing directly on message acceptance and delivery, but there are missing 2.1 features. I previously mentioned regular_exclude_lists and invitations (see for the latter). -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jhunter at Paramounttech.solutions Wed Apr 10 15:10:05 2019 From: jhunter at Paramounttech.solutions (Jeff Hunter) Date: Wed, 10 Apr 2019 19:10:05 +0000 Subject: [Mailman-Users] Malformed URLs for some admin web page links Message-ID: I have a mailman list that is working correctly, except for some of the links on the base admin web page and it's child pages. The list is at listserv.mydomain.com and all of the links on the list admin page start with that base url, except the link "Go to list archives". That link drops the listserv. from the link (mydomain.com/......). Moving to the Membership Management page, the link "Click here to include the legend for this table." Drops the listserv off, each of the links on the alphabet letters to search for member names also drop the listserv, while the other links all have the listserv.mydomain.com base url. Listserv.mydomain.com is a virtual domain, and the email host is just mydomain.com (not listserv.) My mm_cfg.py has VIRTUAL_HOSTS.clear() # Required when setting any of its arguments. add_virtualhost('listserv.brushchamber.org') VIRTUAL_HOST_OVERVIEW = Off Any idea how to get those malformed links to match the listserv.mydomain.com base URL? Thanks! Jeff Hunter From mark at msapiro.net Wed Apr 10 19:27:28 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Apr 2019 16:27:28 -0700 Subject: [Mailman-Users] Malformed URLs for some admin web page links In-Reply-To: References: Message-ID: <955aa981-7247-32a3-321e-38e5a8980c61@msapiro.net> On 4/10/19 12:10 PM, Jeff Hunter wrote: > I have a mailman list that is working correctly, except for some of the links on the base admin web page and it's child pages. The list is at listserv.mydomain.com and all of the links on the list admin page start with that base url, except the link "Go to list archives". That link drops the listserv. from the link (mydomain.com/......). Moving to the Membership Management page, the link "Click here to include the legend for this table." Drops the listserv off, each of the links on the alphabet letters to search for member names also drop the listserv, while the other links all have the listserv.mydomain.com base url. All of your problem links are the ones that are absolute rather than relative. These links are based on the hidden list attribute web_page_url which is created from DEFAULT_URL_PATTERN and DEFAULT_URL_HOST at list creation time. > Listserv.mydomain.com is a virtual domain, and the email host is just mydomain.com (not listserv.) > > My mm_cfg.py has > > VIRTUAL_HOSTS.clear() > # Required when setting any of its arguments. > add_virtualhost('listserv.brushchamber.org') This is OK, but it is preferred to have DEFAULT_URL_HOST = 'listserv.brushchamber.org' DEFAULT_EMAIL_HOST = 'brushchamber.org' add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) But in your case, just setting DEFAULT_URL_HOST and DEFAULT_EMAIL_HOST at some point would do. > VIRTUAL_HOST_OVERVIEW = Off > > > Any idea how to get those malformed links to match the listserv.mydomain.com base URL? First ensure that DEFAULT_URL_HOST is set to 'listserv.brushchamber.org'. Then run fix_url. See for instructions. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mcguire at neurotica.com Wed Apr 10 19:36:02 2019 From: mcguire at neurotica.com (Dave McGuire) Date: Wed, 10 Apr 2019 19:36:02 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> References: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> Message-ID: <83826467-b872-9ea7-2c27-36a0daf602a7@neurotica.com> On 4/10/19 12:25 PM, Mark Sapiro wrote: > The path forward is to increase the community of MM 3 users which will > result in more people contributing to the project and faster progress. On that note, I migrated my half-dozen lists (a few hundred recipients in total) to MM3 yesterday. I'm having a couple of minor issues, for which I will request advice as soon as I'm sure of what's happening, but overall the results have been positive. -Dave -- Dave McGuire, AK4HZ New Kensington, PA From turnbull.stephen.fw at u.tsukuba.ac.jp Thu Apr 11 04:22:29 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Thu, 11 Apr 2019 17:22:29 +0900 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> References: <20190410174920.428842065@mail.rogue-research.com> <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> Message-ID: <23726.63813.875494.741179@turnbull.sk.tsukuba.ac.jp> Carl Zwanzig writes: > On 4/10/2019 11:36 AM, Dimitri Maziuk via Mailman-Users wrote: > > (That said, given the history of python, my question would be if there > > are any plans to port MM2 to golang or maybe gnat.) Not within the Mailman project. It seems pointless to me. If you want something that's never going to change, Python 2.7 is as good as anything else. Python 2 will still be alive in 2030, I'll bet. The security issues ... if Mailman 2 running on Python 2 in a VM is a security problem for you, Mailman is the least of your security problems. #opsec #apt And I'm sure somebody (though not the Python project itself) will still be doing patches and backports, which for most of the security issues I've seen (I'm NOT an expert yet) seem to be more straightforward backports than dealing with text (ie, you don't have to worry about charsets and anything unexpected may be considered hostile and quarantine is the right thing to do). > Or rust, or python3 (which might be the easiest). I'm not > sufficiently up on the python differences, but..... it can't be > -that- difficult..... Yes, it can. For about 10 years, the most popular kind of bug in Mailman 2 was a UnicodeError that bubbled up to the top, resulting in a message shunt at best. Porting from Python 2 to Python 3 will almost certainly open that window again. I suspect the same is true of porting to any language with the internal string encoding being Unicode, but I don't have experience with rust or golang. This wasn't a problem in Mailman 3 because we simply rebuilt everything from the ground up, and it's much easier to do things right (ie robust and resilient handling of fuzzbombs from spammers and Japanese highschool students who write their own MTAs). > The main thing is that from appearances MM3 is large > enterprise-grade list manager, So is MM2. MM3 just tried to make it much easier to "have it your way" on admin and archiving. This did not work out as planned. It turned out that many of the "volunteers" who wrote Postorius and HyperKitty were actually working for Red Hat who needed enterprise- grade features. On the other hand, most SMEs and social groups trying Mailman 3 seem fine with the industrial-strength architecture, and have neither tried to build their own front ends, nor asked that we do it. > but many of us don't need that, we need something for a few (<100?) > lists with a few (<500?) members. I can run that on a small BSD > box; If reducing heavy dependencies is the goal, it shouldn't be that hard to write a MM2 clone web interface, reusing most of the screens. So I don't think a port of the MM2 admin interface to talk REST to MM3 core would be hard. And as Mark says, if your users are old enough, they can use the mail admin interface a la majordomo. :-) I'm pretty sure there was some work done on porting Pipermail to MM3 (it would still run on Python 2 though, but that port shouldn't be terribly hard). > Maybe there's a place for a community-driven port of MM2 onto > python3. I don't think that's a good idea. I'll be happy to kibbitz if somebody wants to try it -- it's not a *terrible* idea. But I think coming up with downsized web admin and archive applications is a better one. Steve From dmaziuk at bmrb.wisc.edu Thu Apr 11 11:33:55 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Thu, 11 Apr 2019 10:33:55 -0500 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <23726.63813.875494.741179@turnbull.sk.tsukuba.ac.jp> References: <20190410174920.428842065@mail.rogue-research.com> <25c96692-fbb2-b282-b518-8d5343890adc@tuunq.com> <23726.63813.875494.741179@turnbull.sk.tsukuba.ac.jp> Message-ID: On 4/11/2019 3:22 AM, Stephen J. Turnbull wrote: > ... If you want something that's never going to > change, Python 2.7 is as good as anything else. Some orgs have "cybersecurity" with "vulnerability scanners". You may have to spend more time hiding your python version from them, then you'll spend hiding/patching the actual issues from Evil Hackers. Ask me how I know about Apache's "ServerTokens". Dima From mikeflan at att.net Thu Apr 11 13:05:02 2019 From: mikeflan at att.net (Mike Flannigan) Date: Thu, 11 Apr 2019 12:05:02 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: Message-ID: I'm surprised to hear there is so much migration in Python with limited backward compatibility.?? Perl has never had that problem.?? I almost never have to modify my old code.?? I'd recommend you use Perl, but everybody knows Perl is dead :-) Mike On 4/10/2019 6:03 PM, mailman-users-request at python.org wrote: > Python 3.4 is not compatible with python 3.6 is not compatible with > python 3.7 -- there is not guarantee you won't have to do the same dance > again and again every couple of years. Quite the opposite, in fact. > > Ada (yes) and Go's the stated goal is to be long-term stable. Something > that basically isn't broken, like MM2, wouldn't need to be fixed > "because 2020". > From mark at msapiro.net Thu Apr 11 13:15:36 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 11 Apr 2019 10:15:36 -0700 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: Message-ID: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> On 4/11/19 10:05 AM, Mike Flannigan wrote: > > I'm surprised to hear there is so much migration in > Python with limited backward compatibility.?? Perl > has never had that problem.?? I almost never have to > modify my old code.?? I'd recommend you use Perl, but > everybody knows Perl is dead :-) The statement below is misleading. > On 4/10/2019 6:03 PM, mailman-users-request at python.org wrote: >> Python 3.4 is not compatible with python 3.6 is not compatible with >> python 3.7 -- there is not guarantee you won't have to do the same dance >> again and again every couple of years. Quite the opposite, in fact. Generally older Python 3 code will run on newer versions. The issues are trying to run code developed for newer Python 3 versions on older versions. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dmaziuk at bmrb.wisc.edu Thu Apr 11 16:25:50 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Thu, 11 Apr 2019 15:25:50 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> References: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> Message-ID: On 4/11/19 12:15 PM, Mark Sapiro wrote: > Generally older Python 3 code will run on newer versions. The issues are > trying to run code developed for newer Python 3 versions on older versions. The problem is reliance on third-party libraries coupled with absence of usable package management system. It will "generally" run within the same major interpreter version unless it imports a package that got updated by some other python app on the system. This is why containers are such a big deal: they're the only safe way to have 2 python applications on the same host. (Coincidentally, I hear docker's written in go and singularity recently got rewritten in go.) -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From dmaziuk at bmrb.wisc.edu Thu Apr 11 16:30:22 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Thu, 11 Apr 2019 15:30:22 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> References: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> Message-ID: PS not that I disagree that the practical way out right now is to make a simple e.g. flask-based UI for MM3. -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From turnbull.stephen.fw at u.tsukuba.ac.jp Fri Apr 12 02:58:36 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Fri, 12 Apr 2019 15:58:36 +0900 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: Message-ID: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> Mike Flannigan writes: > I'm surprised to hear there is so much migration in Python with > limited backward compatibility. Perl has never had that problem. Of course it has. I had Perl 4 on my Debian box for a decade after Perl 5 was released, because various apps had scripts or something that wouldn't work or weren't tested on Perl 5. Ditto, point releases of Perl 5 on Debian and MacPorts. Python is no different, except for porting from Python 2 to Python 3. > I almost never have to modify my old code. I can beat that: I have never yet modified code written for Python 3 because something broke when I upgraded Python. I've modified (mostly added, but sometimes rewritten) a lot of code because suddenly it was fun rather than painful to write something (definitely comprehensions and f-strings had that effect). When you're writing for fun (which is true of the people who work on core Mailman and mostly for Postorius; HyperKitty was pretty much all done on Red Hat's tab IIUC), that's really important to keeping the project moving. > I'd recommend you use Perl, but everybody knows Perl is dead :-) The premature reports of Perl's death are not why I don't like reading Perl. Dimitri wrote: > > Ada (yes) and Go's the stated goal is to be long-term > > stable. That doesn't mean that security fixes in libraries or new web protocols like DMARC won't break your code or pollute its environment, which is the "because 2020" issue in MM2. AFAICS, it's the same deal for those languages -- you're going to have to deal with security issues in libraries, not language translators, that are abandoned. I just don't see a big win here, unless you're able to restrict the libraries you use to a very limited scope. But that makes the 2020 problem for Python much less painful too. > > Something that basically isn't broken, like MM2, wouldn't > > need to be fixed "because 2020". MM2 doesn't need to be fixed "because 2020." It needs to be fixed because of the hordes of orcs on the Internet. 2020 may make that somewhat harder. On the other hand, 2020 also makes one heck of a lot of software more fun and powerful because Python 3 exists. PS Just saw this: https://mobile.twitter.com/zooba/status/1116364827146854401 Steve -- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnbull at sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN From dmaziuk at bmrb.wisc.edu Fri Apr 12 11:17:44 2019 From: dmaziuk at bmrb.wisc.edu (Dmitri Maziuk) Date: Fri, 12 Apr 2019 10:17:44 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> References: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> Message-ID: <20190412101744.2ba1783ef2dda46eadf3c89a@bmrb.wisc.edu> On Fri, 12 Apr 2019 15:58:36 +0900 "Stephen J. Turnbull" wrote: > PS Just saw this: > > https://mobile.twitter.com/zooba/status/1116364827146854401 Whoever came up with that should upgrade to centos/SL/orrible 6: RedHat will maintain and fix RHEL6 with its python 2.6 and apache 2.2 until 2034, and rebuilds are free as in beer. As long as MM2 is python 2.6-compatible, I'll be fine with it until well past retirement age. (No wonder they sold their pile of software to anyone silly enough to buy it.) -- Dmitri Maziuk From mgoebel at emich.edu Fri Apr 12 11:21:11 2019 From: mgoebel at emich.edu (Matthew Goebel) Date: Fri, 12 Apr 2019 11:21:11 -0400 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: <20190412101744.2ba1783ef2dda46eadf3c89a@bmrb.wisc.edu> References: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> <20190412101744.2ba1783ef2dda46eadf3c89a@bmrb.wisc.edu> Message-ID: Won't redhat just apply/support fixes provided the software vendor? If something comes up with python how likely are they to build their own fix? Matt On Fri, Apr 12, 2019 at 11:17 AM Dmitri Maziuk via Mailman-Users < mailman-users at python.org> wrote: > On Fri, 12 Apr 2019 15:58:36 +0900 > "Stephen J. Turnbull" wrote: > > > PS Just saw this: > > > > https://mobile.twitter.com/zooba/status/1116364827146854401 > > Whoever came up with that should upgrade to centos/SL/orrible 6: RedHat > will maintain and fix RHEL6 with its python 2.6 and apache 2.2 until > 2034, and rebuilds are free as in beer. As long as MM2 is python > 2.6-compatible, I'll be fine with it until well past retirement age. > > (No wonder they sold their pile of software to anyone silly enough to > buy it.) > -- > Dmitri Maziuk > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: > https://mail.python.org/mailman/options/mailman-users/mgoebel%40emich.edu > -- Matthew Goebel : goebel at emunix.emich.edu : Unix Jockey @ EMU : Hail Eris Neo-Student, Net Lurker, Donut consumer, and procrastinating medher... "Always with the negative waves, Moriarty" - Oddball "Comfort the troubled, and trouble the comfortable." - Dietrich Bonhoeffer From dmaziuk at bmrb.wisc.edu Fri Apr 12 13:33:08 2019 From: dmaziuk at bmrb.wisc.edu (Dimitri Maziuk) Date: Fri, 12 Apr 2019 12:33:08 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> <20190412101744.2ba1783ef2dda46eadf3c89a@bmrb.wisc.edu> Message-ID: <7cb92756-bdba-a08e-eef1-302c06a2c1e7@bmrb.wisc.edu> On 4/12/19 10:21 AM, Matthew Goebel wrote: > Won't redhat just apply/support fixes provided the software vendor? If > something comes up with python > how likely are they to build their own fix? https://access.redhat.com/security/updates/backporting/ -- Dimitri Maziuk Programmer/sysadmin BioMagResBank, UW-Madison -- http://www.bmrb.wisc.edu -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 190 bytes Desc: OpenPGP digital signature URL: From turnbull.stephen.fw at u.tsukuba.ac.jp Sat Apr 13 02:09:04 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Sat, 13 Apr 2019 15:09:04 +0900 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: <23728.14108.228950.331165@turnbull.sk.tsukuba.ac.jp> <20190412101744.2ba1783ef2dda46eadf3c89a@bmrb.wisc.edu> Message-ID: <23729.32000.232928.650591@turnbull.sk.tsukuba.ac.jp> Matthew Goebel writes: > Won't redhat just apply/support fixes provided the software vendor? For RHEL, no, they'll do a lot more than that if it's covered by the support contract. That's the business model: if they were just providing the integration testing, Centos would eat their lunch. > If something comes up with python how likely are they to build > their own fix? >From complaints I've seen on Fedora lists, and the behavior of Red Hat people on Python dev lists, I'd say if it's security, quite likely. Otherwise, depends on how many/how important the affected customers are. I'd guess it's very unlikely that something they'd consider worth fixing would arise. Kudos to Dimitri for pointing to the Red Hat policy in his parallel post. Steve From steve at pearwood.info Sat Apr 13 07:05:39 2019 From: steve at pearwood.info (Steven D'Aprano) Date: Sat, 13 Apr 2019 21:05:39 +1000 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: References: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> Message-ID: <20190413110538.GC3010@ando.pearwood.info> On Thu, Apr 11, 2019 at 03:25:50PM -0500, Dimitri Maziuk via Mailman-Users wrote: > The problem is reliance on third-party libraries coupled with absence of > usable package management system. It will "generally" run within the > same major interpreter version unless it imports a package that got > updated by some other python app on the system. That doesn't sound like the way Python works to me. If you're running MM2 under Python 2.7, and you also have Python 3.7 installed, the two Python interpreters don't share packages unless you're doing something unusual. So updating one version of the installed package shouldn't touch the other. That's been my experience, for what its worth. -- Steven From phils at caerllewys.net Sat Apr 13 13:50:40 2019 From: phils at caerllewys.net (Phil Stracchino) Date: Sat, 13 Apr 2019 13:50:40 -0400 Subject: [Mailman-Users] Now that Python 2 is dead in 2020 what are people's plans with mailman2? In-Reply-To: <83826467-b872-9ea7-2c27-36a0daf602a7@neurotica.com> References: <5c2a700e-4ddf-bf2d-d881-f1ecd1d698d0@msapiro.net> <83826467-b872-9ea7-2c27-36a0daf602a7@neurotica.com> Message-ID: <2a9b8ecb-d22e-9529-13e9-e88a63437845@caerllewys.net> On 4/10/19 7:36 PM, Dave McGuire wrote: > On 4/10/19 12:25 PM, Mark Sapiro wrote: >> The path forward is to increase the community of MM 3 users which will >> result in more people contributing to the project and faster progress. > > On that note, I migrated my half-dozen lists (a few hundred recipients > in total) to MM3 yesterday. I'm having a couple of minor issues, for > which I will request advice as soon as I'm sure of what's happening, but > overall the results have been positive. I'm still waiting for Mailman3 to go stable on Gentoo. There is a 3.1.1 ebuild for both mailman and mailmanclient, but net-mail/mailman-3.1.1 is still masked. -- Phil Stracchino Babylon Communications phils at caerllewys.net phil at co.ordinate.org Landline: +1.603.293.8485 Mobile: +1.603.998.6958 From dmaziuk at bmrb.wisc.edu Sat Apr 13 14:20:19 2019 From: dmaziuk at bmrb.wisc.edu (Dmitri Maziuk) Date: Sat, 13 Apr 2019 13:20:19 -0500 Subject: [Mailman-Users] Now that Python 2 is dead In-Reply-To: <20190413110538.GC3010@ando.pearwood.info> References: <415aac67-0227-b8b5-2a0c-0a282d4196de@msapiro.net> <20190413110538.GC3010@ando.pearwood.info> Message-ID: <20190413132019.d938ad199f3a06cbcbd3d6b7@bmrb.wisc.edu> On Sat, 13 Apr 2019 21:05:39 +1000 Steven D'Aprano wrote: > If you're running MM2 under Python 2.7, and you also have Python 3.7 > installed, the two Python interpreters don't share packages unless > you're doing something unusual. So updating one version of the > installed package shouldn't touch the other. > > That's been my experience, for what its worth. My latest was SaltStack on centos 6 obsoleting some python-2.6 rpms or other and automagically replacing it with python-2.7 versions. The other guy here had his virtualenv pull in a wrong package on the deploy host, and took a while to figure out and find a workaround. I mostly managed to suppress the memories of trying to upgrade openstack from nova to havana (or whatever they were called). -- Dmitri Maziuk From lists at damorris.com Sun Apr 14 03:03:29 2019 From: lists at damorris.com (Adam Morris) Date: Sun, 14 Apr 2019 17:03:29 +1000 Subject: [Mailman-Users] creating an announce only list? Message-ID: Hi all, Can someone remind me what I need to do to make an email list announce only opposed to a normal list where people can post and reply to messages. TIA. -- Adam Morris Jaws certified 2016 Email, iMessage & FaceTime adam at damorris.com From odhiambo at gmail.com Sun Apr 14 08:38:25 2019 From: odhiambo at gmail.com (Odhiambo Washington) Date: Sun, 14 Apr 2019 15:38:25 +0300 Subject: [Mailman-Users] creating an announce only list? In-Reply-To: References: Message-ID: On Sun, 14 Apr 2019 at 15:33, Adam Morris wrote: > Hi all, > > Can someone remind me what I need to do to make an email list announce > only opposed to a normal list where people can post and reply to messages. > > TIA. In summary, 1. Deny posting to the list by everyone 2. (a) Allow posting by use of Approved:Password as the very 1st line of a post, OR (b) Post and then login as a moderator and approve the held post. You can Google the rest, no? -- Best regards, Odhiambo WASHINGTON, Nairobi,KE +254 7 3200 0004/+254 7 2274 3223 "Oh, the cruft.", grep ^[^#] :-) From mark at msapiro.net Sun Apr 14 10:57:35 2019 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 14 Apr 2019 07:57:35 -0700 Subject: [Mailman-Users] creating an announce only list? In-Reply-To: References: Message-ID: <965e6458-7bc5-e3c3-b473-d53b5b1cc661@msapiro.net> On 4/14/19 12:03 AM, Adam Morris wrote: > Hi all, > > Can someone remind me what I need to do to make an email list announce > only opposed to a normal list where people can post and reply to messages. See . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at mailmanlists.net Wed Apr 17 18:39:17 2019 From: mark at mailmanlists.net (Mark Dale) Date: Thu, 18 Apr 2019 08:39:17 +1000 Subject: [Mailman-Users] Restrict archives to Administrator Message-ID: Hi, I've posted some notes on restricting a list's archive to Administrators only. They may be of use to some folks. It's a hack of Jim Popovitch's code which restricts archive access to unmoderated subscribers. Restrict archives to Administrator only (for Mailman 2.1.29) https://www.postmark.io/mm2/archives_for_admin_only.html Best, Mark From turnbull.stephen.fw at u.tsukuba.ac.jp Thu Apr 18 04:23:41 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Thu, 18 Apr 2019 17:23:41 +0900 Subject: [Mailman-Users] Restrict archives to Administrator In-Reply-To: References: Message-ID: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> Mark Dale writes: > I've posted some notes on restricting a list's archive to Administrators > only. They may be of use to some folks. Could you say something about the use case? If there's a common enough reason for doing this, we (the committers) should think about adding such features to Mailman 3 (Mailman 2 is up to Mark, but I think he really really wants that in security mods only mode). But I don't see the point, since subscribers (moderated or not) will be receiving (and can locally archive) the posts. > It's a hack of Jim Popovitch's code which restricts archive access to > unmoderated subscribers. Ditto. The only scenario where either of these restrictions makes sense to me (given my own experience) would be a harrassment case, where (1) the perpetrator is moderated (very common scenario, or at least it's often threatened) and (2) set to no-mail (not something that people do AFAIK, but I've never been on a list where that would be necessary, and have never heard of it being done). In the harrassment scenario the perpetrator is typically booted from the list, solving on-list harrassment, surveillance via list traffic, and surveillance via archive access simultaneously (assuming private archives, of course). I guess you could argue that archive-access restrictions inconvenience those who "shouldn't" have access to list posts, but I'm not sure why that is useful or desirable. Again, I'm not saying these are bad ideas, just that I want more information to decide if they are useful enough to add to Mailman 3. Steve From mark at mailmanlists.net Thu Apr 18 06:31:57 2019 From: mark at mailmanlists.net (Mark Dale) Date: Thu, 18 Apr 2019 20:31:57 +1000 Subject: [Mailman-Users] Restrict archives to Administrator In-Reply-To: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> References: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> Message-ID: > Mark Dale writes: > > I've posted some notes on restricting a list's archive to Administrators > > only. They may be of use to some folks. From: Stephen J. Turnbull [mailto:turnbull.stephen.fw at u.tsukuba.ac.jp] > Again, I'm not saying these are bad ideas, just that I want more > information to decide if they are useful enough to add to Mailman 3. Hi Steve, We had a customer ask for their lists to have this option. Their lists are used with some kind of automated entry/exit logging processes. Once we had cobbled it together, posting the notes to the list was a simply a case of "maybe someone else might also find this useful" - so here it is. There's still some gas left in the tank of Mailman 2. Mark From jimpop at domainmail.org Thu Apr 18 09:34:25 2019 From: jimpop at domainmail.org (Jim Popovitch) Date: Thu, 18 Apr 2019 09:34:25 -0400 Subject: [Mailman-Users] Restrict archives to Administrator In-Reply-To: References: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> Message-ID: <1555594465.1981.3.camel@domainmail.org> On Thu, 2019-04-18 at 20:31 +1000, Mark Dale wrote: > > Mark Dale writes: > > > I've posted some notes on restricting a list's archive to Administrators > > > only. They may be of use to some folks. > > From: Stephen J. Turnbull [mailto:turnbull.stephen.fw at u.tsukuba.ac.jp] > > > Again, I'm not saying these are bad ideas, just that I want more > > information to decide if they are useful enough to add to Mailman 3. > > Hi Steve, > > We had a customer ask for their lists to have this option. Their lists > are used with some kind of automated entry/exit logging processes. > > Once we had cobbled it together, posting the notes to the list was a > simply a case of "maybe someone else might also find this useful" - so > here it is. There's still some gas left in the tank of Mailman 2. There's a lot of gas left in mm2. I know Mark sure is tired of it, but there's no way right now to have mm3 running on a public IP and ignore it for weeks/months like everyone does with mm2. -Jim P. From jimpop at domainmail.org Thu Apr 18 09:30:51 2019 From: jimpop at domainmail.org (Jim Popovitch) Date: Thu, 18 Apr 2019 09:30:51 -0400 Subject: [Mailman-Users] Restrict archives to Administrator In-Reply-To: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> References: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> Message-ID: <1555594251.1981.1.camel@domainmail.org> On Thu, 2019-04-18 at 17:23 +0900, Stephen J. Turnbull wrote: > Mark Dale writes: > > > I've posted some notes on restricting a list's archive to Administrators > > only. They may be of use to some folks. > > Could you say something about the use case? If there's a common > enough reason for doing this, we (the committers) should think about > adding such features to Mailman 3 (Mailman 2 is up to Mark, but I > think he really really wants that in security mods only mode). But I > don't see the point, since subscribers (moderated or not) will be > receiving (and can locally archive) the posts. > > > It's a hack of Jim Popovitch's code which restricts archive access to > > unmoderated subscribers. > > Ditto. > > The only scenario where either of these restrictions makes sense to me > (given my own experience) would be.... Ack. It's a narrow need, but there are reasons. Not every list is for raw public consumption. -Jim P. From acravens at uen.org Thu Apr 18 13:05:48 2019 From: acravens at uen.org (Andy Cravens) Date: Thu, 18 Apr 2019 17:05:48 +0000 Subject: [Mailman-Users] Disallow posting and alert members about replacement list Message-ID: <06670CE0-5935-40AC-AA2A-FE433FFF2B9A@umail.utah.edu> Using mailman 2.1.26. I have a list that is going to be retired and I need to stop people from posting to the old list. However, I don?t want to delete the list quite yet. Also, I need to auto-reply to any attempted posters that the list is being replaced with a new list. I have a plan but would like to see if I?m doing this the best way possible. 1) I?m going to put the list in emergency moderation mode so no more posts will go out. 2) Set Discard Held Messages to 1 day so the held messages don?t build up. 3) Configure the Auto-Responder (Auto-response text to send to mailing list posters.) telling them to use the new list. Does this sound reasonable? Is this the best way to achieve this? Thanks, Andy From mark at msapiro.net Thu Apr 18 13:22:17 2019 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 18 Apr 2019 10:22:17 -0700 Subject: [Mailman-Users] Disallow posting and alert members about replacement list In-Reply-To: <06670CE0-5935-40AC-AA2A-FE433FFF2B9A@umail.utah.edu> References: <06670CE0-5935-40AC-AA2A-FE433FFF2B9A@umail.utah.edu> Message-ID: <660c5d36-67f2-2207-1ceb-a157c426b021@msapiro.net> On 4/18/19 10:05 AM, Andy Cravens wrote: > Using mailman 2.1.26. I have a list that is going to be retired and I need to stop people from posting to the old list. However, I don?t want to delete the list quite yet. Also, I need to auto-reply to any attempted posters that the list is being replaced with a new list. I have a plan but would like to see if I?m doing this the best way possible. > > 1) I?m going to put the list in emergency moderation mode so no more posts will go out. > > 2) Set Discard Held Messages to 1 day so the held messages don?t build up. > > 3) Configure the Auto-Responder (Auto-response text to send to mailing list posters.) telling them to use the new list. > > Does this sound reasonable? Is this the best way to achieve this? It will probably work, but I would do the following: In Privacy options -> Sender filters set default_member_moderation = Yes member_moderation_action = Reject member_moderation_notice = the text you want sent to the poster and in Membership Management... -> Membership List -> Additional Member Tasks set everyone moderated. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dennisthetiger at chez-vrolet.net Thu Apr 18 18:41:13 2019 From: dennisthetiger at chez-vrolet.net (Dennis Carr) Date: Thu, 18 Apr 2019 15:41:13 -0700 Subject: [Mailman-Users] Mapping -owners alias to a separate list Message-ID: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> Hey, guys. I have a multi-admin list which has a number of administrators that is greater than one who all are volunteer admins. The side effect is that the -owners alias tends to get spammed - and in some cases, it can get spammed quite profusely. (Coming to mind are spams from fqdn qq.com - which I had to block by telling Postfix to bounce everything coming "From: *@qq.com".) To this end, I don't wish to do too much more at the MTA level unless it gets bad again, but aliases tends to send it over to 'mailman list admins' which in turn emails the admins as expected - but that means *everything* gets through. So to this end, my thought is to route that mail over to a separate -admins list instead of 'mailman list admins'. The expected side effect is that this will wind up in the -admins list "not-subscribed" trap. Is there a better way to do this, or am I good doing that sort of thing? -Dennis Carr From Richard at Damon-family.org Thu Apr 18 20:00:23 2019 From: Richard at Damon-family.org (Richard Damon) Date: Thu, 18 Apr 2019 20:00:23 -0400 Subject: [Mailman-Users] [SPAM?] Mapping -owners alias to a separate list In-Reply-To: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> References: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> Message-ID: <002F0E4B-5A8E-42C0-8581-E13D0E905DF6@Damon-family.org> > On Apr 18, 2019, at 6:41 PM, Dennis Carr wrote: > > Hey, guys. > ... > So to this end, my thought is to route that mail over to a separate > -admins list instead of 'mailman list admins'. The expected side > effect is that this will wind up in the -admins list "not-subscribed" > trap. Is there a better way to do this, or am I good doing that sort of > thing? > > -Dennis Carr > That just means that you need to setup the -admins list to accept mail from non-subscribers, which is a perfectly valid configuration. From turnbull.stephen.fw at u.tsukuba.ac.jp Fri Apr 19 01:21:28 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Fri, 19 Apr 2019 14:21:28 +0900 Subject: [Mailman-Users] Restrict archives to Administrator In-Reply-To: <1555594251.1981.1.camel@domainmail.org> References: <23736.13325.32918.824448@turnbull.sk.tsukuba.ac.jp> <1555594251.1981.1.camel@domainmail.org> Message-ID: <23737.23256.33283.623652@turnbull.sk.tsukuba.ac.jp> Mark Dale writes: > We had a customer ask for their lists to have this option. Their > lists are used with some kind of automated entry/exit logging > processes. Jim Popovitch via Mailman-Users writes: > Ack. It's a narrow need, but there are reasons. Not every list is for raw > public consumption. Thank you both! You're heros! This is what I love about open source. Steve -- Associate Professor Division of Policy and Planning Science http://turnbull.sk.tsukuba.ac.jp/ Faculty of Systems and Information Email: turnbull at sk.tsukuba.ac.jp University of Tsukuba Tel: 029-853-5175 Tennodai 1-1-1, Tsukuba 305-8573 JAPAN From dennisthetiger at chez-vrolet.net Fri Apr 19 09:47:21 2019 From: dennisthetiger at chez-vrolet.net (Dennis Carr) Date: Fri, 19 Apr 2019 06:47:21 -0700 Subject: [Mailman-Users] [SPAM?] Mapping -owners alias to a separate list In-Reply-To: <002F0E4B-5A8E-42C0-8581-E13D0E905DF6@Damon-family.org> References: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> <002F0E4B-5A8E-42C0-8581-E13D0E905DF6@Damon-family.org> Message-ID: <20190419064721.28ef038c6a2c00159c885bcf@chez-vrolet.net> On Thu, 18 Apr 2019 20:00:23 -0400 Richard Damon wrote: > That just means that you need to setup the -admins list to accept > mail from non-subscribers, which is a perfectly valid configuration. And pretty easy - the list will accept mail from nonsubs, it just sticks any such messages in the mod queue. =) -Dennis From mark at msapiro.net Fri Apr 19 09:53:38 2019 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 19 Apr 2019 06:53:38 -0700 Subject: [Mailman-Users] Mapping -owners alias to a separate list In-Reply-To: <20190419064721.28ef038c6a2c00159c885bcf@chez-vrolet.net> References: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> <002F0E4B-5A8E-42C0-8581-E13D0E905DF6@Damon-family.org> <20190419064721.28ef038c6a2c00159c885bcf@chez-vrolet.net> Message-ID: <566086ed-e2cd-669d-f973-305aecdff54b@msapiro.net> On 4/19/19 6:47 AM, Dennis Carr wrote: > On Thu, 18 Apr 2019 20:00:23 -0400 > Richard Damon wrote: > >> That just means that you need to setup the -admins list to accept >> mail from non-subscribers, which is a perfectly valid configuration. > > And pretty easy - the list will accept mail from nonsubs, it just > sticks any such messages in the mod queue. =) And if that's not what you want, set Privacy options... -> Sender filters -> generic_nonmember_action to Accept rather than Hold. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dennisthetiger at chez-vrolet.net Sat Apr 20 00:33:20 2019 From: dennisthetiger at chez-vrolet.net (Dennis Carr) Date: Fri, 19 Apr 2019 21:33:20 -0700 Subject: [Mailman-Users] Mapping -owners alias to a separate list In-Reply-To: <566086ed-e2cd-669d-f973-305aecdff54b@msapiro.net> References: <20190418154113.7249d6d7d987e338ff7a4fb1@chez-vrolet.net> <002F0E4B-5A8E-42C0-8581-E13D0E905DF6@Damon-family.org> <20190419064721.28ef038c6a2c00159c885bcf@chez-vrolet.net> <566086ed-e2cd-669d-f973-305aecdff54b@msapiro.net> Message-ID: <20190419213320.2a4fdcced9b6270702950948@chez-vrolet.net> On Fri, 19 Apr 2019 06:53:38 -0700 Mark Sapiro wrote: > > And pretty easy - the list will accept mail from nonsubs, it just > > sticks any such messages in the mod queue. =) > > > And if that's not what you want, set Privacy options... -> Sender > filters -> generic_nonmember_action to Accept rather than Hold. Oh, it's precisely what I want. Makes it easier to route the spam through Spamcop. =D -Dennis From kiffin.gish at planet.nl Mon Apr 22 04:18:32 2019 From: kiffin.gish at planet.nl (Kiffin Gish) Date: Mon, 22 Apr 2019 10:18:32 +0200 Subject: [Mailman-Users] REST API user_id and mailman_id are big integers Message-ID: <92b33cff-f30b-2829-7f0b-8fbe1c3736e2@planet.nl> Hi there. I'm implementing a frontend for accessing the mailman-core via the REST interface. Two problems arise, and both are related to the fact that in the json response the mailman_id and the user_id are big integers. As the values are greater than the maximum json integer format they appear as exponential values with the last digits truncated. I was just wondering if there is a proper way to handle this and/or it is possible for the REST API to return these values as strings rather than numbers. Kind regards, Kiffin -- Kiffin Gish Gouda, The Netherlands From bernie at fantasyfarm.com Mon Apr 22 21:22:29 2019 From: bernie at fantasyfarm.com (Bernie Cosell) Date: Mon, 22 Apr 2019 21:22:29 -0400 Subject: [Mailman-Users] Changing non-member message Message-ID: <5CBE68D5.22325.CFA560F@bernie.fantasyfarm.com> Is it possible [at least without hacking the python code] to change the default reject message that gets sent when a not-allowed member posts to a list. the default message is a terse "non-members are not allowed to post to this list", but that confuses a lot of people. they don't think of being on a mailing list as being an "member" of it. And several of my lists are associated with actual clubs and the club-members are confused and irritated to be called a "non member" [the problem is almost always a legit person posting from some different email address]. What I've done [by hand] is send a reject that says This is a closed list and posts from unsubscribed email addresses are not allowed. It'd be nice if I could configure that in, in place of the 'non member' default reject message. /Bernie\ Bernie Cosell bernie at fantasyfarm.com -- Too many people; too few sheep -- From mark at msapiro.net Mon Apr 22 22:02:57 2019 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 22 Apr 2019 19:02:57 -0700 Subject: [Mailman-Users] Changing non-member message In-Reply-To: <5CBE68D5.22325.CFA560F@bernie.fantasyfarm.com> References: <5CBE68D5.22325.CFA560F@bernie.fantasyfarm.com> Message-ID: <04bdd692-38b9-0702-1f66-c31bd3f7407e@msapiro.net> On 4/22/19 6:22 PM, Bernie Cosell wrote: > Is it possible [at least without hacking the python code] to change the default > reject message that gets sent when a not-allowed member posts to a list. Go to the list admin Privacy options... -> Sender filters If the non-member posts are rejected because generic_nonmember_action (near the bottom) is Reject, just below that is nonmember_rejection_notice which will set the message. On the other hand, if generic_nonmember_action is Hold and you want to change the default rejection message for rejecting a held post, that requires either hacking the source code or creating a English language message catalog with a "translation' for that message, but I don't think that's what you're talking about since the default for that is 'Your message was deemed inappropriate by the moderator.' -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Apr 23 00:35:29 2019 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 22 Apr 2019 21:35:29 -0700 Subject: [Mailman-Users] REST API user_id and mailman_id are big integers In-Reply-To: <92b33cff-f30b-2829-7f0b-8fbe1c3736e2@planet.nl> References: <92b33cff-f30b-2829-7f0b-8fbe1c3736e2@planet.nl> Message-ID: <2f2b9e98-4e1d-13f9-b578-0d713b298088@msapiro.net> On 4/22/19 1:18 AM, Kiffin Gish wrote: > I'm implementing a frontend for accessing the mailman-core via the REST > interface. This list is primarily for support of Mailman 2.1. While some of us who read this list are also involved with Mailman 3, some Mailman 3 developers do not read this list. The preferred lists for Mailman 3 are mailman-users at mailman3.org and mailman-developers at python.org . > Two problems arise, and both are related to the fact that in the json > response the mailman_id and the user_id are big integers. > > As the values are greater than the maximum json integer format they > appear as exponential values with the last digits truncated. I don't see this. Perhaps you can give specific url's that return these large integers. I see things like: curl -urestadmin:restpass http://localhost:9001/3.1/users {"entries": [{"created_on": "2005-08-01T07:49:23", "http_etag": "\"2bf857a70410d149964152eb539a9f2e65167589\"", "is_server_owner": false, "self_link": "http://localhost:9001/3.1/users/00000000000000000000000000000001", "user_id": "00000000000000000000000000000001"}], "http_etag": "\"8b70aea0b2faf3427ee675a899bbfe01bd35940b\"", "start": 0, "total_size": 1} and curl -urestadmin:restpass http://localhost:9001/3.0/users {"entries": [{"created_on": "2005-08-01T07:49:23", "http_etag": "\"eb591d9720aa0ac944b49315b6af1c950410b54c\"", "is_server_owner": false, "self_link": "http://localhost:9001/3.0/users/1", "user_id": 1}], "http_etag": "\"cf73b75814e4f44e603170b39d65b5120218e52e\"", "start": 0, "total_size": 1} Granted this installation has only one user and on an installation with many users, I do see things like {"created_on": "2019-04-23T01:28:24.579274", "is_server_owner": false, "self_link": "http://localhost:8001/3.0/users/163692196465132998753332423763098956585", "user_id": 163692196465132998753332423763098956585, "password": "elided", "http_etag": "\"be49870d5d7cb722fc9e6852ed6a62a83efa088d\""} with a large integer for user_id with API 3.0, but with API 3.1, I get a string {"created_on": "2019-04-23T01:28:24.579274", "is_server_owner": false, "self_link": "http://localhost:8001/3.1/users/7b25f8647f6343efac82f831674d7329", "user_id": "7b25f8647f6343efac82f831674d7329", "password": "elided", "http_etag": "\"a4c24cd3178e9d9c2361eb011496911f2fd12951\""} > I was just wondering if there is a proper way to handle this and/or it > is possible for the REST API to return these values as strings rather > than numbers. Are you using API 3.1. If not, try it. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From kiffin.gish at planet.nl Tue Apr 23 07:02:24 2019 From: kiffin.gish at planet.nl (Kiffin Gish) Date: Tue, 23 Apr 2019 13:02:24 +0200 (CEST) Subject: [Mailman-Users] Prevent users from changing email address Message-ID: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> Is it possible to configure mailman so that it is not possible for users to change their email address, e.g. disabling the option and including the service desk contact information instead? -- Kiffin Gish Gouda, The Netherlands From mark at bradakis.com Tue Apr 23 11:13:15 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Tue, 23 Apr 2019 09:13:15 -0600 Subject: [Mailman-Users] Frustrating web page issues Message-ID: So a couple of days ago I had a server just up and die.? It was put in place about 12 years ago, if not more.? Luckily I was working on replacing it, so I had? a new box under construction almost ready to take its place.? But the old server dies before I could make a smooth transition and get everything working on the new server. Got the new server on line, up and running, the email lists are doing just fine.? But for some reason there are problems with the web pages, like http://autox.team.net/mailman/listinfo will not work.? And I don't know why.? Here's the relevant lines from the httpd config file: ScriptAlias /mailman/ "/local/mailman/teamnet/cgi-bin/" ????????? Require all granted ????????? Options ExecCGI This was enough to work on the old server.? New server is Fedora 29, mailman version is mailman-2.1.29, Apache: Server version: Apache/2.4.39 (Fedora)? I have gone over the mailman installation instructions, and can't figure out what is going on.? I must be missing something really basic and obvious, but what?? Maybe I am just getting old and senile, I? solved problems like this for a quarter of a century as a sys admin at the U of Utah Computer Science department, must be really rusty and out of practice. Fun fun fun. mjb. From heller at deepsoft.com Tue Apr 23 11:53:39 2019 From: heller at deepsoft.com (Robert Heller) Date: Tue, 23 Apr 2019 11:53:39 -0400 (EDT) Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: References: Message-ID: <20190423155339.5A42326C000D@sharky3.deepsoft.com> At Tue, 23 Apr 2019 09:13:15 -0600 Mark J Bradakis wrote: > > So a couple of days ago I had a server just up and die.?? It was put in > place about 12 years ago, if not more.?? Luckily I was working on > replacing it, so I had?? a new box under construction almost ready to > take its place.?? But the old server dies before I could make a smooth > transition and get everything working on the new server. > > Got the new server on line, up and running, the email lists are doing > just fine.?? But for some reason there are problems with the web pages, > like http://autox.team.net/mailman/listinfo will not work.?? And I don't Define "will not work". Is the page coming up? Giving a 500 or 404 or 403 or some other error? Are you just getting a blank screen? Did you have a look at Apache's error_log? Some posibilities (guesses): What version of Python is installed? 2 or 3? What are the mailman settings WRT domain names? Do they match the new server's domain name (eg is the new server's domain the same or different from the old server)? Is selinux installed? Enabled? Permissive? > know why.?? Here's the relevant lines from the httpd config file: > > > ScriptAlias /mailman/ "/local/mailman/teamnet/cgi-bin/" > > > ?????????????????? Require all granted > ?????????????????? Options ExecCGI > > > > This was enough to work on the old server.?? New server is Fedora 29, > mailman version is mailman-2.1.29, Apache: Server version: Apache/2.4.39 > (Fedora)?? I have gone over the mailman installation instructions, and > can't figure out what is going on.?? I must be missing something really > basic and obvious, but what??? Maybe I am just getting old and senile, I?? > solved problems like this for a quarter of a century as a sys admin at > the U of Utah Computer Science department, must be really rusty and out > of practice. > > Fun fun fun. > > mjb. > > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller at deepsoft.com -- Webhosting Services From kiffin.gish at planet.nl Tue Apr 23 14:24:02 2019 From: kiffin.gish at planet.nl (Kiffin Gish) Date: Tue, 23 Apr 2019 20:24:02 +0200 Subject: [Mailman-Users] REST API user_id and mailman_id are big integers In-Reply-To: <2f2b9e98-4e1d-13f9-b578-0d713b298088@msapiro.net> References: <92b33cff-f30b-2829-7f0b-8fbe1c3736e2@planet.nl> <2f2b9e98-4e1d-13f9-b578-0d713b298088@msapiro.net> Message-ID: <4eb718e8-b538-264b-912b-bc34ac4b8049@planet.nl> Thanks, using v3.1 instead of v3.0 solved my problems! You might want to check the docs where 3.0 is still being used. -- Kiffin Gish Gouda, The Netherlands On 4/23/19 6:35 AM, Mark Sapiro wrote: > On 4/22/19 1:18 AM, Kiffin Gish wrote: >> I'm implementing a frontend for accessing the mailman-core via the REST >> interface. > > This list is primarily for support of Mailman 2.1. While some of us who > read this list are also involved with Mailman 3, some Mailman 3 > developers do not read this list. > > The preferred lists for Mailman 3 are mailman-users at mailman3.org > > and mailman-developers at python.org > . > > >> Two problems arise, and both are related to the fact that in the json >> response the mailman_id and the user_id are big integers. >> >> As the values are greater than the maximum json integer format they >> appear as exponential values with the last digits truncated. > > I don't see this. Perhaps you can give specific url's that return these > large integers. > > I see things like: > > curl -urestadmin:restpass http://localhost:9001/3.1/users > {"entries": [{"created_on": "2005-08-01T07:49:23", "http_etag": > "\"2bf857a70410d149964152eb539a9f2e65167589\"", "is_server_owner": > false, "self_link": > "http://localhost:9001/3.1/users/00000000000000000000000000000001", > "user_id": "00000000000000000000000000000001"}], "http_etag": > "\"8b70aea0b2faf3427ee675a899bbfe01bd35940b\"", "start": 0, "total_size": 1} > > and > > curl -urestadmin:restpass http://localhost:9001/3.0/users > {"entries": [{"created_on": "2005-08-01T07:49:23", "http_etag": > "\"eb591d9720aa0ac944b49315b6af1c950410b54c\"", "is_server_owner": > false, "self_link": "http://localhost:9001/3.0/users/1", "user_id": 1}], > "http_etag": "\"cf73b75814e4f44e603170b39d65b5120218e52e\"", "start": 0, > "total_size": 1} > > Granted this installation has only one user and on an installation with > many users, I do see things like > > {"created_on": "2019-04-23T01:28:24.579274", "is_server_owner": false, > "self_link": > "http://localhost:8001/3.0/users/163692196465132998753332423763098956585", > "user_id": 163692196465132998753332423763098956585, "password": > "elided", "http_etag": "\"be49870d5d7cb722fc9e6852ed6a62a83efa088d\""} > > with a large integer for user_id with API 3.0, but with API 3.1, I get a > string > > {"created_on": "2019-04-23T01:28:24.579274", "is_server_owner": false, > "self_link": > "http://localhost:8001/3.1/users/7b25f8647f6343efac82f831674d7329", > "user_id": "7b25f8647f6343efac82f831674d7329", "password": "elided", > "http_etag": "\"a4c24cd3178e9d9c2361eb011496911f2fd12951\""} > > >> I was just wondering if there is a proper way to handle this and/or it >> is possible for the REST API to return these values as strings rather >> than numbers. > > Are you using API 3.1. If not, try it. > From mark at msapiro.net Tue Apr 23 15:07:50 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Apr 2019 12:07:50 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <20190423155339.5A42326C000D@sharky3.deepsoft.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> Message-ID: <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> On 4/23/19 8:53 AM, Robert Heller wrote: > At Tue, 23 Apr 2019 09:13:15 -0600 Mark J Bradakis wrote: > >> >> Got the new server on line, up and running, the email lists are doing >> just fine.? But for some reason there are problems with the web pages, >> like http://autox.team.net/mailman/listinfo will not work.? And I don't > > Define "will not work". Is the page coming up? Giving a 500 or 404 or 403 or > some other error? Are you just getting a blank screen? Did you have a look at > Apache's error_log? The above URL returns: Service Unavailable The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later. Have you run Mailman's bin/check_perms? I suspect some kind of permissions error on the wrappers in /local/mailman/teamnet/cgi-bin/, but do check Apache's error.log which should have more information. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Apr 23 18:28:39 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Apr 2019 15:28:39 -0700 Subject: [Mailman-Users] Prevent users from changing email address In-Reply-To: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> References: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> Message-ID: <404d40d4-e1dc-3041-aa94-0841f4450d9f@msapiro.net> On 4/23/19 4:02 AM, Kiffin Gish wrote: > Is it possible to configure mailman so that it is not possible for users to change their email address, e.g. disabling the option and including the service desk contact information instead? Had you not just recently posted to this list with a Mailman 3 question, I would assume this is a Mailman 2.1 question. Please post Mailman 3 questions to mailman-users at mailman3.org Anyway, the answer for either Mailman is "not without modifying the code". -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From gtaylor at tnetconsulting.net Tue Apr 23 22:25:28 2019 From: gtaylor at tnetconsulting.net (Grant Taylor) Date: Tue, 23 Apr 2019 20:25:28 -0600 Subject: [Mailman-Users] Prevent users from changing email address In-Reply-To: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> References: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> Message-ID: <44e54cd7-9210-ac0d-8402-a184465bad91@spamtrap.tnetconsulting.net> On 4/23/19 5:02 AM, Kiffin Gish wrote: > Is it possible to configure mailman so that it is not possible for users > to change their email address, e.g. disabling the option and including > the service desk contact information instead? What will prevent users from unsubscribing with the old address and resubscribing with the new address? -- Grant. . . . unix || die -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/pkcs7-signature Size: 4008 bytes Desc: S/MIME Cryptographic Signature URL: From kiffin.gish at planet.nl Wed Apr 24 06:23:28 2019 From: kiffin.gish at planet.nl (Kiffin Gish) Date: Wed, 24 Apr 2019 12:23:28 +0200 (CEST) Subject: [Mailman-Users] REST API get template contents Message-ID: <6228119.8121.1556101408963.JavaMail.defaultUser@defaultHost> Is it possible to use the Mailman REST API to query the contents of a given template? For example: GET /api/domains/example.org/templates/lang/list:user:action:subscribe I would like to do this to allow the administrator to edit existing as a reference point. -- Kiffin Gish Gouda, The Netherlands From turnbull.stephen.fw at u.tsukuba.ac.jp Wed Apr 24 08:28:26 2019 From: turnbull.stephen.fw at u.tsukuba.ac.jp (Stephen J. Turnbull) Date: Wed, 24 Apr 2019 21:28:26 +0900 Subject: [Mailman-Users] Prevent users from changing email address In-Reply-To: <44e54cd7-9210-ac0d-8402-a184465bad91@spamtrap.tnetconsulting.net> References: <20089440.8693.1556017344203.JavaMail.defaultUser@defaultHost> <44e54cd7-9210-ac0d-8402-a184465bad91@spamtrap.tnetconsulting.net> Message-ID: <23744.22122.487595.184989@turnbull.sk.tsukuba.ac.jp> Grant Taylor via Mailman-Users writes: > On 4/23/19 5:02 AM, Kiffin Gish wrote: > > Is it possible to configure mailman so that it is not possible for users > > to change their email address, e.g. disabling the option and including > > the service desk contact information instead? I'll have to trust Mark that it requires code changes. But if a list's subscribe_policy and unsubscribe_policy require approval, I would expect that changing an existing address would end up on the moderator's desk, too. I'd call that a defect. WDOT? > What will prevent users from unsubscribing with the old address and > resubscribing with the new address? You can configure Mailman 2 so that both subscription and unsubscription require administrator approval. If this is a Mailman 3 question as Mark suggests, I believe that is still true. To Kiffen: isn't that better than sending the user to a page that requires them to go to the service desk and enter a ticket? Steve From mark at msapiro.net Wed Apr 24 10:00:15 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 07:00:15 -0700 Subject: [Mailman-Users] REST API get template contents In-Reply-To: <6228119.8121.1556101408963.JavaMail.defaultUser@defaultHost> References: <6228119.8121.1556101408963.JavaMail.defaultUser@defaultHost> Message-ID: <10ef6b4c-217e-aba3-f68b-b8250f35c9f7@msapiro.net> On 4/24/19 3:23 AM, Kiffin Gish wrote: > Is it possible to use the Mailman REST API to query the contents of a given template? > For example: GET /api/domains/example.org/templates/lang/list:user:action:subscribe > I would like to do this to allow the administrator to edit existing as a reference point. Please join the mailman-users at mailman3.org list at and post your Mailman 3 questions there. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at bradakis.com Wed Apr 24 14:10:42 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Wed, 24 Apr 2019 12:10:42 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> Message-ID: <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> On 4/23/19 1:07 PM, Mark Sapiro wrote: > > The above URL returns: > > Service Unavailable > > The server is temporarily unable to service your request due to > maintenance downtime or capacity problems. Please try again later. > > > Have you run Mailman's bin/check_perms? I suspect some kind of > permissions error on the wrappers in /local/mailman/teamnet/cgi-bin/, > but do check Apache's error.log which should have more information. > Yes, I have run check_perms, no problems there.? All the other web pages at autox.team.net seem to work just fine, it is only the mailman pages that give the 503 unavailable error.? Frustrating because some pages work, some don't and the Apache error logs are of no help in trying to determine if this is an Apache problem or a mailman problem. mjb. From mark at bradakis.com Wed Apr 24 15:55:31 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Wed, 24 Apr 2019 13:55:31 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> Message-ID: <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> So digging through the logs I found this: [authz_core:error] [pid 31549:tid 139863772874496] [client 50.198.190.18:46884] AH01630: client denied by server configuration: So I added an AuthType None to the httpd.conf file.? Now I still get the Server unavailable page, but a different err: [Wed Apr 24 13:52:47.955661 2019] [cgid:error] [pid 16974:tid 140524686079744] (13)Permission denied: [client 50.198.190.18:45928] AH01257: unable to connect to cgi daemon after multiple tries: /local/mailman/teamnet/cgi-bin/listinfo, referer: http://autox.team.net/ So at least I can focus on something specific now. mjb. From mark at msapiro.net Wed Apr 24 16:18:25 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 13:18:25 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> Message-ID: <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> On 4/24/19 11:10 AM, Mark J Bradakis via Mailman-Users wrote: > > Yes, I have run check_perms, no problems there.? All the other web pages > at autox.team.net seem to work just fine, it is only the mailman pages > that give the 503 unavailable error.? Frustrating because some pages > work, some don't and the Apache error logs are of no help in trying to > determine if this is an Apache problem or a mailman problem. What does ls -l /local/mailman/teamnet/cgi-bin/ show? And, what's in the Apache error log for one of these 503 errors. I know you say it's no help, but helpful or not, what does it say? If it says something about a script exiting with status = x, 2 <= x <= 8, we know what those mean. Also, what is the result from sudo -u xxx /local/mailman/teamnet/cgi-bin/listinfo where xxx is the user that Apache runs as? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Apr 24 16:32:55 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 13:32:55 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> Message-ID: <2b9e22e6-9e10-fe30-c918-cd30458bd0b3@msapiro.net> On 4/24/19 12:55 PM, Mark J Bradakis via Mailman-Users wrote: > > [Wed Apr 24 13:52:47.955661 2019] [cgid:error] [pid 16974:tid > 140524686079744] (13)Permission denied: [client 50.198.190.18:45928] > AH01257: unable to connect to cgi daemon after multiple tries: > /local/mailman/teamnet/cgi-bin/listinfo, referer: http://autox.team.net/ > > So at least I can focus on something specific now. I'm still interested in ls -l /local/mailman/teamnet/cgi-bin/ and sudo -u xxx /local/mailman/teamnet/cgi-bin/listinfo where xxx is the user that Apache runs as? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From heller at deepsoft.com Wed Apr 24 16:41:12 2019 From: heller at deepsoft.com (Robert Heller) Date: Wed, 24 Apr 2019 16:41:12 -0400 (EDT) Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> Message-ID: <20190424204112.6559326C0012@sharky3.deepsoft.com> At Wed, 24 Apr 2019 13:55:31 -0600 Mark J Bradakis wrote: > > So digging through the logs I found this: > > [authz_core:error] [pid 31549:tid 139863772874496] [client > 50.198.190.18:46884] AH01630: client denied by server configuration: > > So I added an AuthType None to the httpd.conf file.?? Now I still get the > Server unavailable page, but a different err: > > [Wed Apr 24 13:52:47.955661 2019] [cgid:error] [pid 16974:tid > 140524686079744] (13)Permission denied: [client 50.198.190.18:45928] > AH01257: unable to connect to cgi daemon after multiple tries: > /local/mailman/teamnet/cgi-bin/listinfo, referer: http://autox.team.net/ > > So at least I can focus on something specific now. Is selinux installed? What is its settings? What is the selinux context for /local/mailman/teamnet/...? > > mjb. > > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > https://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: https://mail.python.org/mailman/options/mailman-users/heller%40deepsoft.com > > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller at deepsoft.com -- Webhosting Services From heller at deepsoft.com Wed Apr 24 16:41:12 2019 From: heller at deepsoft.com (Robert Heller) Date: Wed, 24 Apr 2019 16:41:12 -0400 (EDT) Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> Message-ID: <20190424204118.6C49E26C000B@sharky3.deepsoft.com> At Wed, 24 Apr 2019 13:18:25 -0700 Mark Sapiro wrote: > > On 4/24/19 11:10 AM, Mark J Bradakis via Mailman-Users wrote: > > > > Yes, I have run check_perms, no problems there.?? All the other web pages > > at autox.team.net seem to work just fine, it is only the mailman pages > > that give the 503 unavailable error.?? Frustrating because some pages > > work, some don't and the Apache error logs are of no help in trying to > > determine if this is an Apache problem or a mailman problem. > > > What does > > ls -l /local/mailman/teamnet/cgi-bin/ And if selinux is installed and enabled: ls -Z /local/mailman/teamnet/cgi-bin/ and what does getenforce show? > > show? > > And, what's in the Apache error log for one of these 503 errors. I know > you say it's no help, but helpful or not, what does it say? If it says > something about a script exiting with status = x, 2 <= x <= 8, we know > what those mean. > > Also, what is the result from > > sudo -u xxx /local/mailman/teamnet/cgi-bin/listinfo > > where xxx is the user that Apache runs as? > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller at deepsoft.com -- Webhosting Services From mark at bradakis.com Wed Apr 24 16:53:12 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Wed, 24 Apr 2019 14:53:12 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> Message-ID: [root at autox cgi-bin]# ls -Z . system_u:object_r:default_t:s0 admin system_u:object_r:default_t:s0 options system_u:object_r:default_t:s0 admindb system_u:object_r:default_t:s0 private system_u:object_r:default_t:s0 confirm system_u:object_r:default_t:s0 rmlist system_u:object_r:default_t:s0 create system_u:object_r:default_t:s0 roster system_u:object_r:default_t:s0 edithtml system_u:object_r:default_t:s0 subscribe system_u:object_r:default_t:s0 listinfo [root at autox cgi-bin]# sudo -u web-data ./listinfo sudo: unknown user: web-data sudo: unable to initialize policy plugin [root at autox cgi-bin]# ^web^www sudo -u www-data ./listinfo Content-type: text/html Bug in Mailman version 2.1.29

Bug in Mailman version 2.1.29

We're sorry, we hit a bug!

Please inform the webmaster for this site of this problem.? Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. And SELinux is disabled. mjb. From mark at msapiro.net Wed Apr 24 17:01:26 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 14:01:26 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> Message-ID: <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> On 4/24/19 1:53 PM, Mark J Bradakis via Mailman-Users wrote: > > [root at autox cgi-bin]# ls -Z . > system_u:object_r:default_t:s0 admin system_u:object_r:default_t:s0 options > system_u:object_r:default_t:s0 admindb system_u:object_r:default_t:s0 > private > system_u:object_r:default_t:s0 confirm system_u:object_r:default_t:s0 > rmlist > system_u:object_r:default_t:s0 create system_u:object_r:default_t:s0 roster > system_u:object_r:default_t:s0 edithtml system_u:object_r:default_t:s0 > subscribe > system_u:object_r:default_t:s0 listinfo I'm still interested in 'ls -l' > sudo -u www-data ./listinfo > Content-type: text/html > > Bug in Mailman version 2.1.29 >

Bug in Mailman version 2.1.29

>

We're sorry, we hit a bug!

> >

Please inform the webmaster for this site of this > problem.? Printing of traceback and other system information has been > explicitly inhibited, but the webmaster can find this information in the > Mailman error logs or the web server logs. And what's in Mailman's error log. Although, this is not what's happening when Apache tries to run it. If it were, you would see that output in your browser. > And SELinux is disabled. OK -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at bradakis.com Wed Apr 24 17:10:49 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Wed, 24 Apr 2019 15:10:49 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> Message-ID: <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> On 4/24/19 3:01 PM, Mark Sapiro wrote: > > I'm still interested in 'ls -l' [root at autox cgi-bin]# ls -l total 352 -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admin -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admindb -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 confirm -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 create -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 edithtml -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 listinfo -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 options -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 private -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 rmlist -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 roster -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 subscribe > And what's in Mailman's error log. > Apr 24 14:45:09 2019 admin(23315): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ admin(23315): [----- Mailman Version: 2.1.29 -----] admin(23315): [----- Traceback ------] admin(23315): Traceback (most recent call last): admin(23315):?? File "/local/mailman/teamnet/scripts/driver", line 111, in run_main admin(23315):???? if not request_method.lower() in ['get', 'post', 'head']: admin(23315): AttributeError: 'NoneType' object has no attribute 'lower' admin(23315): [----- Python Information -----] admin(23315): sys.version???? =?? 2.7.15 (default, Oct 15 2018, 15:26:09) [GCC 8.2.1 20180801 (Red Hat 8.2.1-2)] admin(23315): sys.executable? =?? /usr/bin/python admin(23315): sys.prefix????? =?? /usr admin(23315): sys.exec_prefix =?? /usr admin(23315): sys.path??????? = ['/local/mailman/teamnet/pythonlib', '/local/mailman/teamnet', '/local/mailman/teamnet/scripts', '/local/mailman/teamnet', '/usr/lib/python27.zip', '/usr/lib64/python2.7', '/usr/lib64/python2.7/plat-linux2', '/usr/lib64/python2.7/lib-tk', '/usr/lib64/python2.7/lib-old', '/usr/lib64/python2.7/lib-dynload', '/usr/lib/python2.7/site-packages', '/usr/lib/python2.7/dist-packages'] admin(23315): sys.platform??? =?? linux2 admin(23315): [----- Environment Variables -----] admin(23315): ??? PYTHONPATH: /local/mailman/teamnet admin(23315): ??? LOGNAME: www-data admin(23315): ??? USER: www-data mjb. From bernie at fantasyfarm.com Wed Apr 24 17:22:26 2019 From: bernie at fantasyfarm.com (Bernie Cosell) Date: Wed, 24 Apr 2019 17:22:26 -0400 Subject: [Mailman-Users] authorizing posts to a moderated list Message-ID: <16a513a7250.2796.742cd0bcba90c1f7f640db99bf6503c5@fantasyfarm.com> I've discovered that putting someone in the "approved to post" in the list config doesn't override the fact that the email is still MOD in the members list prevents them from posting. seems that it'd be more convenient to have the configuration setting override the list member list. as it is, as i authorize and deauthorize people i have to mess with both and that feels like unnecessary work. /b\ Bernie Cosell bernie at fantasyfarm. com ? Too many people, too few sheep ? From mark at msapiro.net Wed Apr 24 17:54:47 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 14:54:47 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> Message-ID: <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> On 4/24/19 2:10 PM, Mark J Bradakis via Mailman-Users wrote: > On 4/24/19 3:01 PM, Mark Sapiro wrote: >> >> I'm still interested in 'ls -l' > > [root at autox cgi-bin]# ls -l > total 352 > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admin > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admindb > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 confirm > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 create > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 edithtml > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 listinfo > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 options > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 private > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 rmlist > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 roster > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 subscribe OK. Those look good. >> And what's in Mailman's error log. >> > Apr 24 14:45:09 2019 admin(23315): > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > admin(23315): [----- Mailman Version: 2.1.29 -----] > admin(23315): [----- Traceback ------] > admin(23315): Traceback (most recent call last): > admin(23315):?? File "/local/mailman/teamnet/scripts/driver", line 111, > in run_main > admin(23315):???? if not request_method.lower() in ['get', 'post', 'head']: > admin(23315): AttributeError: 'NoneType' object has no attribute 'lower' I understand what's happening here. The driver script want's to see a REQUEST_METHOD of 'get', 'post' or 'head' in the passed environment, and when it's invoked from the command line, that isn't set. It worked for me when I tested because I didn't use the web user id and got a group mismatch. The fact that you got the bug page means there wasn't a group mismatch which is good. It really looks like a selinux or apparmor or some kind of security manager issue. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Apr 24 18:00:40 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 15:00:40 -0700 Subject: [Mailman-Users] authorizing posts to a moderated list In-Reply-To: <16a513a7250.2796.742cd0bcba90c1f7f640db99bf6503c5@fantasyfarm.com> References: <16a513a7250.2796.742cd0bcba90c1f7f640db99bf6503c5@fantasyfarm.com> Message-ID: On 4/24/19 2:22 PM, Bernie Cosell wrote: > I've discovered that putting someone in the "approved to post" in the > list config doesn't override the fact that the email is still MOD in the > members > list prevents them from posting. What do you mean by "approved to post"? Are you talking about Privacy options... -> Sender filters -> accept_these_nonmembers? If so, that only applies to posts from addresses that are not members. For members, the member's moderation flag is what applies. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at mailmanlists.net Wed Apr 24 18:15:30 2019 From: mark at mailmanlists.net (Mark Dale) Date: Thu, 25 Apr 2019 08:15:30 +1000 Subject: [Mailman-Users] archtoc and archtocnombox Message-ID: <9bb47429-9b9c-74cc-56f7-67ac487816ac@mailmanlists.net> Hi All, Small archives seem to use "archtoc.html" which has the link to download the full raw archive (mbox). Larger lists appear to use "archtocnombox.html" which is minus the link. Is there a threshold (filesize) somewhere that determines which gets used? or am I barking up the wrong tree completely? /etc/mailman/en/archtoc.html You can get [more information about this list] or you can [download the full raw archive] (). /etc/mailman/en/archtocnombox.html You can get [more information about this list]. Thanks, Mark From heller at deepsoft.com Wed Apr 24 18:27:24 2019 From: heller at deepsoft.com (Robert Heller) Date: Wed, 24 Apr 2019 18:27:24 -0400 (EDT) Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> Message-ID: <20190424222724.91CC126C0012@sharky3.deepsoft.com> At Wed, 24 Apr 2019 14:54:47 -0700 Mark Sapiro wrote: > > On 4/24/19 2:10 PM, Mark J Bradakis via Mailman-Users wrote: > > On 4/24/19 3:01 PM, Mark Sapiro wrote: > >> > >> I'm still interested in 'ls -l' > > > > [root at autox cgi-bin]# ls -l > > total 352 > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admin > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 admindb > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 confirm > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 create > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 edithtml > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 listinfo > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 options > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 private > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 rmlist > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 roster > > -rwxr-sr-x. 1 mailman mailman 31496 Apr 20 09:36 subscribe > > > OK. Those look good. > > > >> And what's in Mailman's error log. > >> > > Apr 24 14:45:09 2019 admin(23315): > > @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > > admin(23315): [----- Mailman Version: 2.1.29 -----] > > admin(23315): [----- Traceback ------] > > admin(23315): Traceback (most recent call last): > > admin(23315):???? File "/local/mailman/teamnet/scripts/driver", line 111, > > in run_main > > admin(23315):???????? if not request_method.lower() in ['get', 'post', 'head']: > > admin(23315): AttributeError: 'NoneType' object has no attribute 'lower' > > > I understand what's happening here. The driver script want's to see a > REQUEST_METHOD of 'get', 'post' or 'head' in the passed environment, and > when it's invoked from the command line, that isn't set. > > It worked for me when I tested because I didn't use the web user id and > got a group mismatch. The fact that you got the bug page means there > wasn't a group mismatch which is good. > > It really looks like a selinux or apparmor or some kind of security > manager issue. Yes, selinux. The OP has the mailman scripts in an "odd" place (not under /var/www/... or whatever his linux distro expects web apps (CGI scripts, etc.) to live. He needs the selinux context to be something like this: unconfined_u:object_r:httpd_sys_content_t:s0 (He should do a ls -Z someplace where web pages are working, esp. CGI scripts and see what the setting it - the above was on a CentOS 6 box and his distro might be different.) > -- Robert Heller -- 978-544-6933 Deepwoods Software -- Custom Software Services http://www.deepsoft.com/ -- Linux Administration Services heller at deepsoft.com -- Webhosting Services From mark at msapiro.net Wed Apr 24 18:31:39 2019 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Apr 2019 15:31:39 -0700 Subject: [Mailman-Users] archtoc and archtocnombox In-Reply-To: <9bb47429-9b9c-74cc-56f7-67ac487816ac@mailmanlists.net> References: <9bb47429-9b9c-74cc-56f7-67ac487816ac@mailmanlists.net> Message-ID: <4e468c38-87d1-abc8-10d9-922591b29528@msapiro.net> On 4/24/19 3:15 PM, Mark Dale wrote: > Hi All, > > Small archives seem to use "archtoc.html" which has the link to download > the full raw archive (mbox). > > Larger lists appear to use "archtocnombox.html" which is minus the link. > > Is there a threshold (filesize) somewhere that determines which gets > used? or am I barking up the wrong tree completely? This is controlled by the mm_cfg setting PUBLIC_MBOX. If it is True, the list's index.html file is built with archtoc.html and if False, with archtocnombox.html. If some lists have one and some the other it's because the PUBLIC_MBOX setting has been changed and those lists that reflect the prior setting haven't been posted to since the change. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at mailmanlists.net Wed Apr 24 19:05:41 2019 From: mark at mailmanlists.net (Mark Dale) Date: Thu, 25 Apr 2019 09:05:41 +1000 Subject: [Mailman-Users] archtoc and archtocnombox In-Reply-To: <4e468c38-87d1-abc8-10d9-922591b29528@msapiro.net> References: <9bb47429-9b9c-74cc-56f7-67ac487816ac@mailmanlists.net> <4e468c38-87d1-abc8-10d9-922591b29528@msapiro.net> Message-ID: <4ad997a1-5f49-3043-dcdb-57d461f639b4@mailmanlists.net> > On 4/24/19 3:15 PM, Mark Dale wrote: >> Small archives seem to use "archtoc.html" which has the link to download >> the full raw archive (mbox). >> >> Larger lists appear to use "archtocnombox.html" which is minus the link. >> >> Is there a threshold (filesize) somewhere that determines which gets >> used? or am I barking up the wrong tree completely? On 25/4/19 8:31 am, Mark Sapiro wrote: > This is controlled by the mm_cfg setting PUBLIC_MBOX. If it is True, the > list's index.html file is built with archtoc.html and if False, with > archtocnombox.html. > > If some lists have one and some the other it's because the PUBLIC_MBOX > setting has been changed and those lists that reflect the prior setting > haven't been posted to since the change. > Many thanks for the clarity Mark. /var/lib/mailman/Mailman/Defaults.py:478 # When the archive is public, should Mailman also make the raw Unix mbox file publically available? PUBLIC_MBOX = No From mark at bradakis.com Wed Apr 24 20:26:57 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Wed, 24 Apr 2019 18:26:57 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <20190424222724.91CC126C0012@sharky3.deepsoft.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> <20190424222724.91CC126C0012@sharky3.deepsoft.com> Message-ID: On 4/24/19 4:27 PM, Robert Heller wrote: > > Yes, selinux. > [root at autox teamnet]# getenforce Disabled Selinux should not be a factor here. mjb. From futatuki at poem.co.jp Wed Apr 24 21:23:45 2019 From: futatuki at poem.co.jp (Yasuhito FUTATSUKI) Date: Thu, 25 Apr 2019 10:23:45 +0900 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2e69f794-d208-8ca6-4101-79737d02a6ee@bradakis.com> Message-ID: <3db590a8-98a1-04b6-ee66-69897e6ec6cc@poem.co.jp> Hi, On 4/25/19 4:55 AM, Mark J Bradakis via Mailman-Users wrote: > So digging through the logs I found this: > > [authz_core:error] [pid 31549:tid 139863772874496] [client 50.198.190.18:46884] AH01630: client denied by server configuration: > > So I added an AuthType None to the httpd.conf file.? Now I still get the Server unavailable page, but a different err: > > [Wed Apr 24 13:52:47.955661 2019] [cgid:error] [pid 16974:tid 140524686079744] (13)Permission denied: [client 50.198.190.18:45928] AH01257: unable to connect to cgi daemon after multiple tries: /local/mailman/teamnet/cgi-bin/listinfo, referer: http://autox.team.net/ > It seems that the lisinfo CGI is executed as FastCGI. Is it supported? -- Yasuhito FUTATSUKI From mark at bradakis.com Sat Apr 27 20:25:31 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Sat, 27 Apr 2019 18:25:31 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> <20190424222724.91CC126C0012@sharky3.deepsoft.com> Message-ID: <7cd0b2f5-55ef-c4f2-ebdf-dd43a83a7c76@bradakis.com> Progress!? Well, I guess, at least a differnet error.? Changed some Apache configs regarding cgi and now when I go to http://autox.team.net/mailman/listinfo I get Bug in Mailman version 2.1.29 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs or the web server logs. So hopefully there is some useful info in the logs tp track this down. mjb. From mark at msapiro.net Sun Apr 28 00:56:20 2019 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 27 Apr 2019 21:56:20 -0700 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <7cd0b2f5-55ef-c4f2-ebdf-dd43a83a7c76@bradakis.com> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> <20190424222724.91CC126C0012@sharky3.deepsoft.com> <7cd0b2f5-55ef-c4f2-ebdf-dd43a83a7c76@bradakis.com> Message-ID: <10ee9ecb-1f60-f578-a185-3223821f669f@msapiro.net> On 4/27/19 5:25 PM, Mark J Bradakis via Mailman-Users wrote: > Progress!? Well, I guess, at least a differnet error.? Changed some > Apache configs regarding cgi and now when I go to > > http://autox.team.net/mailman/listinfo > > I get > > > ?? Bug in Mailman version 2.1.29 ... > So hopefully there is some useful info in the logs tp track this down. And if you post one of those tracebacks here, we'd be happy to help -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at bradakis.com Sun Apr 28 04:35:18 2019 From: mark at bradakis.com (Mark J Bradakis) Date: Sun, 28 Apr 2019 02:35:18 -0600 Subject: [Mailman-Users] Frustrating web page issues In-Reply-To: <10ee9ecb-1f60-f578-a185-3223821f669f@msapiro.net> References: <20190423155339.5A42326C000D@sharky3.deepsoft.com> <33d62c94-cb21-a300-fc62-17831c990aa1@msapiro.net> <0a1ea227-7fc8-3931-f093-81e79b2a0571@bradakis.com> <2d8b1ebe-0ef9-d4ce-cf2e-c6654466dd6a@msapiro.net> <539212d7-06e9-02ed-a932-c082a1c49770@msapiro.net> <03fa6d86-e0b5-8439-5882-1c3075e027e0@bradakis.com> <81bd768c-f7ce-4367-4e23-9952b7c635f0@msapiro.net> <20190424222724.91CC126C0012@sharky3.deepsoft.com> <7cd0b2f5-55ef-c4f2-ebdf-dd43a83a7c76@bradakis.com> <10ee9ecb-1f60-f578-a185-3223821f669f@msapiro.net> Message-ID: <1867e981-a995-8946-1dee-3331104d3ca7@bradakis.com> On 4/27/19 10:56 PM, Mark Sapiro wrote: > On 4/27/19 5:25 PM, Mark J Bradakis via Mailman-Users wrote: > > > And if you post one of those tracebacks here, we'd be happy to help > No need to, the fix was easy.? I had changed some permissions and ownership of the mailman cgi files while trying to figure out the proble, just needed to change them back.? The problem was the difference in the Apache CGI modules.? If you use prefork MPM ( Multi Processing Modul ) you need to use mod_cgi.? If you use worker MPM you need to use mod_cgid.? The reverse combinations do not work.? One will actually give you an error and not start the daemon, the other combination, which I had, will start the server and give no indication whatsoever about any problem, other than the 503 Service Unavailable code when trying to execute CGI programs. All works now, I can finally get to the 2,761 held messages that have been building up for the last week. mjb. From drew.tenenholz at isid.org Mon Apr 29 11:24:31 2019 From: drew.tenenholz at isid.org (Drew Tenenholz) Date: Mon, 29 Apr 2019 15:24:31 +0000 Subject: [Mailman-Users] Bulk subscription with specific password Message-ID: <9DA029B1-2D05-453B-8D1A-7AAE2E13E097@contoso.com> All -- You know how, despite insisting that you really need to upgrade and reconfigure some critical systems, there is always something even more pressing so it doesn't get done and then the whole thing catches on fire? That's what has happened to our custom-build Mailman subscription system. We had (and will soon have restored) a setup that allows people to choose from our 10+ announce-only style lists that takes care of some of the mundane details and records their mailman 2.x list memberships in a central database. While the system has been offline for the past few weeks, we did set up a simple 'web survey form' to allow people to at least tell us which list(s) they wanted to get on or off of. Processing the removals was pretty simple, but processing the new subscriptions is going to be more difficult. From the 900+ responses collected, I can generate a list of email addresses that are to be added to a specific list (one set for nodigest, one set for digest) and can see some ways to add them, but nothing is fully satisfactory, and I could use some suggestions. I could use the built-in web management page to 'mass subscribe'. This is straightforward, and allows users to skip the 'confirm' step which is a usual part of the subscription process. I suppose I can set the list default option to 'digest', then add that set and switch it back to the 'nodigest' option and import that set to get the correct subscribers. The problem is that the custom process assigns a password to the user which is also stored in the database system so that when they return to the signup, I can have the database send emails to mailman on the user's behalf. If I mass subscribe, each user gets a random (and unknown) password. I know I can use some scripts from .../mailman/bin/ to change passwords for ALL subscribers and set them to specific values, but that will break pre-existing subscribers' passwords, and I can't do that. I know I could walk through each subscription from the admin interface and set the password. That's going to be 3-4 clicks for well over 1000 subscription requests. Doable but tedious and ripe for human error. Does anyone have a script or tool that would allow me to add a set of users and their passwords all at once? Thanks, Drew From drew.tenenholz at isid.org Mon Apr 29 11:49:29 2019 From: drew.tenenholz at isid.org (Drew Tenenholz) Date: Mon, 29 Apr 2019 15:49:29 +0000 Subject: [Mailman-Users] Bulk subscription with specific password Message-ID: <494A3113-4858-4D58-8E5B-127C61771562@isid.org> ..... thinking out loud.... We usually send an email to mailman (which includes the pre-defined password) for each subscription and use the 'confirm' option in mailman so the user gets a confirming email and I know their password. But, would it work to reset the list to 'approve', send the email command, and then 'approve all'? Sure, that would be two steps, but if they are two steps that can act upon the entire subset of new subscribers, that would be a lot fewer steps than changing 900+ passwords individually. -- Drew From steve at pearwood.info Tue Apr 30 22:55:38 2019 From: steve at pearwood.info (Steven D'Aprano) Date: Wed, 1 May 2019 12:55:38 +1000 Subject: [Mailman-Users] Auto-discard emails Message-ID: <20190501025538.GL12773@ando.pearwood.info> I'm not sure if this is the right place to ask my second question, if not apologies in advance. I run an announcement-only mailing list which has become the target of a lot of spam, so I've set unsubscribed emails to be immediately discarded. 99% of the discarded emails are spam, but unfortunately there is a very small number of ham emails that get sent to the list by non-members, which I need to be made aware of so I can contact them off-list. So I have turned on the option for discard messages to go to the list-admin (me), and I get sent the "Auto-discard notification" messages which includes enough information for me to tell at a glance whether I need to contect the sender. Great! This is the question which is definitely on-topic: am I doing it right, or is there a better way I haven't thought of? Now, the second part which may be off-topic... My mail server uses spamassassin, and nearly all of the auto-discard messages are flagged as spam and filtered into junk mailboxes which I consistently forget to check. Out of sight, out of mind. I've found a few ham messages from mailman in my spam folders, months after they were received. I tried to whitelist emails from the mailing list by editing /etc/mail/spamassassin/local.cf and I added the line: whitelist_from_rcvd mailman-bounces at mydomain server.mydomain where I have my actual domain in place of "mydomain". I expected that this would mean spam assassin would whitelist emails from mailman-bounces, and not check them, but it seems to still be doing so: the auto-discard messages still get spam header lines and a spam score. Am I doing something wrong? Thanks in advance. -- Steven From mark at msapiro.net Tue Apr 30 23:41:59 2019 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Apr 2019 20:41:59 -0700 Subject: [Mailman-Users] Auto-discard emails In-Reply-To: <20190501025538.GL12773@ando.pearwood.info> References: <20190501025538.GL12773@ando.pearwood.info> Message-ID: <6cb6df54-f784-905f-4d5b-2f25f2e2e2c1@msapiro.net> On 4/30/19 7:55 PM, Steven D'Aprano wrote: > I'm not sure if this is the right place to ask my second question, if > not apologies in advance. > > I run an announcement-only mailing list which has become the target of a > lot of spam, so I've set unsubscribed emails to be immediately > discarded. 99% of the discarded emails are spam, but unfortunately there > is a very small number of ham emails that get sent to the list by > non-members, which I need to be made aware of so I can contact them > off-list. > > So I have turned on the option for discard messages to go to the > list-admin (me), and I get sent the "Auto-discard notification" messages > which includes enough information for me to tell at a glance whether I > need to contect the sender. Great! > > This is the question which is definitely on-topic: am I doing it right, > or is there a better way I haven't thought of? I think that's good. I can't think of a better way as long as you need to actually review the messages to find the few potentially good ones. > Now, the second part which may be off-topic... It is but... > My mail server uses spamassassin, and nearly all of the auto-discard > messages are flagged as spam and filtered into junk mailboxes which I > consistently forget to check. Out of sight, out of mind. I've found a > few ham messages from mailman in my spam folders, months after they were > received. > > I tried to whitelist emails from the mailing list by editing > > /etc/mail/spamassassin/local.cf > > and I added the line: > > whitelist_from_rcvd mailman-bounces at mydomain server.mydomain I don't think you can use whitelist_from_rcvd this way. According to , the string (your server.mydomain) "is matched against the reverse DNS lookup used during the handover from the internet to your internal network's mail exchangers." I.e. it is the sending server in the last Received: header from outside your domain. It will never match because any Received: header with sending server server.mydomain is already in your internal network. I think you have to use whitelist_from mailman-bounces at mydomain Or you could do something more complex like header _MM_BOUNCE_1 Return-Path =~ // header _MM_BOUNCE_2 Received =~ /from server.mydomain/ meta MM_BOUNCE _MM_BOUNCE_1 && _MM_BOUNCE_2 score MM_BOUNCE -20 -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan