From 1702664 at bugs.launchpad.net Thu Jul 6 06:48:00 2017 From: 1702664 at bugs.launchpad.net (Moritz Baumann) Date: Thu, 06 Jul 2017 10:48:00 -0000 Subject: [Bug 1702664] [NEW] RFE: have a default for discard_these_nonmembers Message-ID: <149933808052.26516.15002551561416380689.malonedeb@chaenomeles.canonical.com> Public bug reported: I would like to have a DEFAULT_DISCARD_THESE_NONMEMBERS = [] in mm_cfg.py / Defaults.py and under /usr/lib/mailman/Mailman# diff MailList.py MailList.py.bak 397c397 < self.discard_these_nonmembers = mm_cfg.DEFAULT_DISCARD_THESE_NONMEMBERS --- > self.discard_these_nonmembers = [] /usr/lib/mailman/Mailman# diff versions.py versions.py.bak 114c114 < l.discard_these_nonmembers = mm_cfg.DEFAULT_DISCARD_THESE_NONMEMBERS --- > l.discard_these_nonmembers = [] ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1702664 Title: RFE: have a default for discard_these_nonmembers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1702664/+subscriptions From mark at msapiro.net Thu Jul 6 10:50:01 2017 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 06 Jul 2017 14:50:01 -0000 Subject: [Bug 1702664] Re: RFE: have a default for discard_these_nonmembers References: <149933808052.26516.15002551561416380689.malonedeb@chaenomeles.canonical.com> Message-ID: <149935260240.15740.2540501177198593484.malone@wampee.canonical.com> My initial reaction is twofold: 1) Why not all *_these_nonmembers? 2) I don't think this will be of sufficient general interest to justify adding yet more configuration settings. Please provide more information about your use case so I can see that it might be of general interest. ** Changed in: mailman Importance: Undecided => Wishlist ** Changed in: mailman Status: New => Incomplete -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1702664 Title: RFE: have a default for discard_these_nonmembers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1702664/+subscriptions From 1702664 at bugs.launchpad.net Fri Jul 7 07:41:53 2017 From: 1702664 at bugs.launchpad.net (Moritz Baumann) Date: Fri, 07 Jul 2017 11:41:53 -0000 Subject: [Bug 1702664] Re: RFE: have a default for discard_these_nonmembers References: <149933808052.26516.15002551561416380689.malonedeb@chaenomeles.canonical.com> Message-ID: <149942771311.26197.11390792034549177607.malone@chaenomeles.canonical.com> I don't understand your question 1) We will be using a spamfiltering solution called mailcleaner (https://www.mailcleaner.net/) which will send a spam report about which mails are in quarantaine to each destination email it sees. So as soon as mailinglist mails get routed through there this spam report will be sent to the whole list. We want this to be discarded by default but give the list-owner the option to remove this discard. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1702664 Title: RFE: have a default for discard_these_nonmembers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1702664/+subscriptions From 1702664 at bugs.launchpad.net Fri Jul 7 07:44:13 2017 From: 1702664 at bugs.launchpad.net (Moritz Baumann) Date: Fri, 07 Jul 2017 11:44:13 -0000 Subject: [Bug 1702664] Re: RFE: have a default for discard_these_nonmembers References: <149933808052.26516.15002551561416380689.malonedeb@chaenomeles.canonical.com> Message-ID: <149942785326.6148.3850042905808916064.malone@gac.canonical.com> a now I see what you mean by 1). Well the others would not hurt either. It's just that we only need discard_these_nonmembers -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1702664 Title: RFE: have a default for discard_these_nonmembers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1702664/+subscriptions From 1702664 at bugs.launchpad.net Fri Jul 7 07:47:35 2017 From: 1702664 at bugs.launchpad.net (Moritz Baumann) Date: Fri, 07 Jul 2017 11:47:35 -0000 Subject: [Bug 1702664] Re: RFE: have a default for discard_these_nonmembers References: <149933808052.26516.15002551561416380689.malonedeb@chaenomeles.canonical.com> Message-ID: <149942805600.24347.7660562390579128784.malone@soybean.canonical.com> The problem with the report to be sent to the mailing list is that there is an admin link for this quarantine mailbox (and if the list is public) everyone would see this and might modify white/blacklist etc. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1702664 Title: RFE: have a default for discard_these_nonmembers To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1702664/+subscriptions From mark at msapiro.net Fri Jul 21 12:12:31 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 21 Jul 2017 16:12:31 -0000 Subject: [Bug 1705736] [NEW] The SETGID wrappers should pass only needed evvironment variables. Message-ID: <150065355134.6684.13999818607230157219.malonedeb@gac.canonical.com> Public bug reported: Currently, the wrappers remove several variables from the environment they pass to the called scripts. They should instead only pass those variables that are needed by the called scripts. ** Affects: mailman Importance: Medium Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1705736 Title: The SETGID wrappers should pass only needed evvironment variables. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions From 1705736 at bugs.launchpad.net Fri Jul 21 12:17:42 2017 From: 1705736 at bugs.launchpad.net (Launchpad Bug Tracker) Date: Fri, 21 Jul 2017 16:17:42 -0000 Subject: [Bug 1705736] Re: The SETGID wrappers should pass only needed evvironment variables. References: <150065355134.6684.13999818607230157219.malonedeb@gac.canonical.com> Message-ID: <150065386426.14207.18349968414391563953.launchpad@ackee.canonical.com> ** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1705736 Title: The SETGID wrappers should pass only needed evvironment variables. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions From mark at msapiro.net Fri Jul 21 12:23:14 2017 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 21 Jul 2017 16:23:14 -0000 Subject: [Bug 1705736] Re: The SETGID wrappers should pass only needed evvironment variables. References: <150065355134.6684.13999818607230157219.malonedeb@gac.canonical.com> Message-ID: <150065419529.26587.17732336803784557105.launchpad@chaenomeles.canonical.com> ** Changed in: mailman Status: In Progress => Fix Committed -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1705736 Title: The SETGID wrappers should pass only needed evvironment variables. To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1705736/+subscriptions From nick.moffitt at canonical.com Wed Jul 26 10:11:44 2017 From: nick.moffitt at canonical.com (Nick Moffitt) Date: Wed, 26 Jul 2017 14:11:44 -0000 Subject: [Bug 1706659] [NEW] subscribe address spam floods confirmation queue Message-ID: <150107830454.19940.12147630230227413528.malonedeb@chaenomeles.canonical.com> Public bug reported: A spammer sent tons of mail to the -subscribe address of a mailing list, causing a large number of pending confirmations to back up in the pending.pck. We need a better tool to flush those out when they occur. ** Affects: mailman Importance: Undecided Status: New -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706659 Title: subscribe address spam floods confirmation queue To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706659/+subscriptions From mark at msapiro.net Wed Jul 26 10:57:34 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 26 Jul 2017 14:57:34 -0000 Subject: [Bug 1706659] Re: subscribe address spam floods confirmation queue References: <150107830454.19940.12147630230227413528.malonedeb@chaenomeles.canonical.com> Message-ID: <150108105417.19980.3545083278280445868.malone@chaenomeles.canonical.com> What exactly do you want to see? My experience with this is the addresses in these mass subscriptions match a pattern. Mailman now (since 2.1.21) has a GLOBAL_BAN_LIST feature to block these once they have started and the pattern is recognized. To address those that have arrived prior to being banned, there is a script at https://www.msapiro.net/scripts/erase (mirrored at https://fog.ccsf.edu/~msapiro/scripts/erase ) that is described by: "Remove an address or all addresses matching a regexp from the installation. I.e. for every list, if the address is a member, it is removed. If there are any held posts or (un)subscription requests from the address, they are removed too. Optionally, any subscription requests from the address waiting user confirmation are also removed." Is this the kind of tool you're looking for? Note that if the only pending requests for a list are these, you can just remove the pending.pck file. Mailman will create a new one when needed. -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706659 Title: subscribe address spam floods confirmation queue To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706659/+subscriptions From mark at msapiro.net Wed Jul 26 12:55:24 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 26 Jul 2017 16:55:24 -0000 Subject: [Bug 1706714] [NEW] A list's config.pck should be accessible only to Mailman's group Message-ID: <150108812509.19833.9153572635133235692.malonedeb@chaenomeles.canonical.com> Public bug reported: Mailman's SETGID wrappers allow authorized non-Mailman groups to run Mailman code as Mailman's group. This can result in a list's config.pck being created by an unprivileged non-Mailman user. This user should not have access to the config.pck other than via the SETGID wrappers. ** Affects: mailman Importance: Low Assignee: Mark Sapiro (msapiro) Status: In Progress -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706714 Title: A list's config.pck should be accessible only to Mailman's group To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions From mark at msapiro.net Wed Jul 26 14:38:49 2017 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 26 Jul 2017 18:38:49 -0000 Subject: [Bug 1706714] Re: A list's config.pck should be accessible only to Mailman's group References: <150108812509.19833.9153572635133235692.malonedeb@chaenomeles.canonical.com> Message-ID: <150109433008.2732.17663280657586953733.launchpad@wampee.canonical.com> ** Changed in: mailman Milestone: 2.1.25 => None -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1706714 Title: A list's config.pck should be accessible only to Mailman's group To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1706714/+subscriptions From rick at linuxmafia.com Sat Jul 29 17:48:29 2017 From: rick at linuxmafia.com (Rick Moen) Date: Sat, 29 Jul 2017 21:48:29 -0000 Subject: [Bug 1707447] [NEW] Roster should not lowercase addresses Message-ID: <150136490935.13176.17602161189216759968.malonedeb@soybean.canonical.com> Public bug reported: Within the WebUI pages, e.g., https://temp.balug.org/cgi- bin/mailman/admin/balug-test/members , the subscriber addresses are shown correctly with preserved letter case, e.g., my fellow list admin Michael Paoli's address is shown as entered, as Michael.Paoli at cal.berkeley.edu . By contrast, the roster at https://temp.balug.org/cgi-bin/mailman/roster/balug-test shows his address with lettercase converted to lower, as "michael.paoli at cal.berkeley.edu". This is with a new installation of Mailman 2.1.8, and I've confirmed the same behaviour with several prior 2.1.x installations. Admittedly, mixed lettercase in the local parts of e-mail addresses has no functional importance on _most_ SMTP systems, there is nothing in the RFCs requiring case-insignificance for local parts (only for FQDNs), so this loss of entered data could cause some users difficulties. ** Affects: mailman Importance: Undecided Status: New ** Tags: lettercase lowercase roster -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1707447 Title: Roster should not lowercase addresses To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions From 1707447 at bugs.launchpad.net Sun Jul 30 20:39:11 2017 From: 1707447 at bugs.launchpad.net (Launchpad Bug Tracker) Date: Mon, 31 Jul 2017 00:39:11 -0000 Subject: [Bug 1707447] Re: Roster should not lowercase addresses References: <150136490935.13176.17602161189216759968.malonedeb@soybean.canonical.com> Message-ID: <150146155476.7549.797501149259378510.launchpad@ackee.canonical.com> ** Branch linked: lp:mailman/2.1 -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1707447 Title: Roster should not lowercase addresses To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions From mark at msapiro.net Sun Jul 30 20:55:33 2017 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 31 Jul 2017 00:55:33 -0000 Subject: [Bug 1707447] Re: Roster should not lowercase addresses References: <150136490935.13176.17602161189216759968.malonedeb@soybean.canonical.com> Message-ID: <150146253394.21500.15734898063947829288.malone@wampee.canonical.com> Thank you for your report. If you want to patch it, it's a one-line addition - http://bazaar.launchpad.net/~mailman-coders/mailman/2.1/revision/1721 ** Changed in: mailman Importance: Undecided => Low ** Changed in: mailman Status: New => Fix Committed ** Changed in: mailman Milestone: None => 2.1.25 ** Changed in: mailman Assignee: (unassigned) => Mark Sapiro (msapiro) -- You received this bug notification because you are a member of Mailman Coders, which is subscribed to GNU Mailman. https://bugs.launchpad.net/bugs/1707447 Title: Roster should not lowercase addresses To manage notifications about this bug go to: https://bugs.launchpad.net/mailman/+bug/1707447/+subscriptions