From tkikuchi at is.kochi-u.ac.jp Wed Dec 1 02:07:57 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Wed Dec 1 02:08:06 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <1101668779.19175.5.camel@presto.wooz.org> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> Message-ID: <41AD196D.2040805@is.kochi-u.ac.jp> Hi Barry, Sorry my response is slow :-) Barry Warsaw wrote: > On Thu, 2004-11-25 at 08:10, Tokio Kikuchi wrote: > > >>Since I took charge of CVS committer this September, I belive we could >>fix number of bugs, merged a few new small-but-nice features, and the >>code became fairly stable. And, I write 'fixed in CVS' many times >>answering bug reports these days. Although I have some new features to >>be added in mind in a longer time scale, I think it is time to take the >>schedule of new release into consideration. I would like you the >>developers to download the current source from the CVS >>(Release_2_1-maint) and test on your testing/working sites before Barry >>can arrange the time schedule of releasing 2.1.6. > > > I'd love to see a 2.1.6 release "soon-ish". I will have some time near > Christmas to work toward this (testing, docs, spinning tarballs, > updating web sites, etc.). It would be nice if we could get 2.1.6 out > before the first of the year. Do you think that's feasible? It's good to hear this. I think we have enough time to fix a few more tiny bugs and announce the translators for updating their languages. > > AS for longer term, bigger new features, it probably makes more sense to > start that work on the CVS trunk, targeting a Mailman 2.2 release. Of > course, merging the 2.1 branch back to the trunk is going to be a "fun" > job. Yeah, I think I can contribute 2.2 while you are at 3.0. Looking back the design notes, we have already some of 2.2 features in 2.1.6. http://zope.org/Members/bwarsaw/MailmanDesignNotes/MailmanTwoDotTwo May be we can go forward to requirement of Python 2.4 because CJK codecs are integreted there. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From stephen at xemacs.org Wed Dec 1 10:30:55 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed Dec 1 10:31:05 2004 Subject: [Mailman-Developers] Status of bug #974290 unknown encoding crashes qrunner? In-Reply-To: <41AC7314.7090907@is.kochi-u.ac.jp> (Tokio Kikuchi's message of "Tue, 30 Nov 2004 22:18:12 +0900") References: <87llcjoc03.fsf@tleepslib.sk.tsukuba.ac.jp> <41AC7314.7090907@is.kochi-u.ac.jp> Message-ID: <87fz2qmkkw.fsf@tleepslib.sk.tsukuba.ac.jp> >>>>> "Tokio" == Tokio Kikuchi writes: > What is the status of these bugs? > bug #974290 unknown encoding crashes qrunner > bug #926034 crashes on encoding errors Tokio> Well, these problems are essentially from absence of codecs Tokio> for the charset used. I was afraid of that. I'll submit a patch in a few days. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From tkikuchi at is.kochi-u.ac.jp Wed Dec 1 13:14:36 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Wed Dec 1 13:14:42 2004 Subject: [Mailman-Developers] Status of bug #974290 unknown encoding crashes qrunner? In-Reply-To: <87fz2qmkkw.fsf@tleepslib.sk.tsukuba.ac.jp> References: <87llcjoc03.fsf@tleepslib.sk.tsukuba.ac.jp> <41AC7314.7090907@is.kochi-u.ac.jp> <87fz2qmkkw.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <41ADB5AC.6020501@is.kochi-u.ac.jp> Hi, Stephen J. Turnbull wrote: >>>>>>"Tokio" == Tokio Kikuchi writes: > > >>What is the status of these bugs? >> bug #974290 unknown encoding crashes qrunner >> bug #926034 crashes on encoding errors > > > Tokio> Well, these problems are essentially from absence of codecs > Tokio> for the charset used. > > I was afraid of that. > > I'll submit a patch in a few days. > Try the latest source from CVS before start hacking. CookHeaders.py in question is heavily patched for inclusion of sequence number in subject_prefix. The bug may be fixed as a side effect. ;-) If you feel trouble downloading from CVS, here is an unofficial release of mailman-2.1.6a: http://mm.tkikuchi.net/mailman-2.1.6a.tgz Cheers, -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From barry at python.org Wed Dec 1 15:05:20 2004 From: barry at python.org (Barry Warsaw) Date: Wed Dec 1 15:05:23 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <41AD196D.2040805@is.kochi-u.ac.jp> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> Message-ID: <1101909920.27003.27.camel@presto.wooz.org> On Tue, 2004-11-30 at 20:07, Tokio Kikuchi wrote: > Sorry my response is slow :-) No worries! > Yeah, I think I can contribute 2.2 while you are at 3.0. Looking back > the design notes, we have already some of 2.2 features in 2.1.6. > http://zope.org/Members/bwarsaw/MailmanDesignNotes/MailmanTwoDotTwo > > May be we can go forward to requirement of Python 2.4 because CJK codecs > are integreted there. I have no problems requiring Python 2.4 for Mailman 2.2, although I would like to get some feedback from the community before we decide for sure. I wouldn't be opposed to requiring at least Python 2.3, but I definitely think we should drop support for earlier Pythons since nothing earlier than 2.3 is being maintained any more. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041201/7d24ca0e/attachment.pgp From jwblist at olympus.net Wed Dec 1 17:49:43 2004 From: jwblist at olympus.net (John W. Baxter) Date: Wed Dec 1 17:49:56 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <1101909920.27003.27.camel@presto.wooz.org> Message-ID: On 12/1/2004 6:05, "Barry Warsaw" wrote: > I have no problems requiring Python 2.4 for Mailman 2.2, although I > would like to get some feedback from the community before we decide for > sure. I wouldn't be opposed to requiring at least Python 2.3, but I > definitely think we should drop support for earlier Pythons since > nothing earlier than 2.3 is being maintained any more. The Debian part of the community in particular (of which I am not part). I wonder when Python 2.4 will wander into a Debian release. Perhaps a query on the -users list about requiring Python 2.4 with Mailman 2.2 would produce a solid reason not to. --John From stephen at xemacs.org Wed Dec 1 18:30:22 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed Dec 1 18:30:33 2004 Subject: [Mailman-Developers] Status of bug #974290 unknown encoding crashes qrunner? In-Reply-To: <41ADB5AC.6020501@is.kochi-u.ac.jp> (Tokio Kikuchi's message of "Wed, 01 Dec 2004 21:14:36 +0900") References: <87llcjoc03.fsf@tleepslib.sk.tsukuba.ac.jp> <41AC7314.7090907@is.kochi-u.ac.jp> <87fz2qmkkw.fsf@tleepslib.sk.tsukuba.ac.jp> <41ADB5AC.6020501@is.kochi-u.ac.jp> Message-ID: <871xeakjtd.fsf@tleepslib.sk.tsukuba.ac.jp> >>>>> "Tokio" == Tokio Kikuchi writes: Tokio> Try the latest source from CVS before start Tokio> hacking. CookHeaders.py in question is heavily patched for Tokio> inclusion of sequence number in subject_prefix. The bug may Tokio> be fixed as a side effect. ;-) I don't have that choice; it's not my installation. Seems a pretty unlikely side effect, anyway, since CookHeaders.py isn't in some of the traces for me. (I just noticed that on the most recent SHUNT.) What's happening is that outside of the try that catches the LookupError for the explicit call to unicode(), there is a call h.append(s,c) or so, which comes from email.Header, which is _not_ protected. All of the traces I've seen so far have h.append() in them. There's at least one more of these crashes in CommandRunner.py, due to a call to make_header(). Basically, I'd say that anything that calls into email.Header is at risk. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From dallas at dreamhost.com Wed Dec 1 19:39:01 2004 From: dallas at dreamhost.com (Dallas Bethune) Date: Wed Dec 1 19:39:07 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: References: Message-ID: <45295204-43C8-11D9-A7F9-0003935AE200@dreamhost.com> On Dec 1, 2004, at 8:49 AM, John W. Baxter wrote: > On 12/1/2004 6:05, "Barry Warsaw" wrote: > >> I have no problems requiring Python 2.4 for Mailman 2.2, although I >> would like to get some feedback from the community before we decide >> for >> sure. I wouldn't be opposed to requiring at least Python 2.3, but I >> definitely think we should drop support for earlier Pythons since >> nothing earlier than 2.3 is being maintained any more. > > The Debian part of the community in particular (of which I am not > part). I > wonder when Python 2.4 will wander into a Debian release. > > Perhaps a query on the -users list about requiring Python 2.4 with > Mailman > 2.2 would produce a solid reason not to. We use Debian so this would be of some concern. It looks like the newest version of python provided by any version of Debian is 2.3.4 at the moment, and the stable version still includes only 2.1.3. Compiling a python binary is an option, but it would add some extra overhead to the upgrade. If you all think it's the best way to get a good stable set of features for Mailman, we're willing to do it, though. Dallas From jdennis at redhat.com Wed Dec 1 21:29:45 2004 From: jdennis at redhat.com (John Dennis) Date: Wed Dec 1 21:29:55 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <1101909920.27003.27.camel@presto.wooz.org> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: <1101932985.16995.120.camel@finch.boston.redhat.com> On Wed, 2004-12-01 at 09:05, Barry Warsaw wrote: > > May be we can go forward to requirement of Python 2.4 because CJK codecs > > are integreted there. > > I have no problems requiring Python 2.4 for Mailman 2.2, although I > would like to get some feedback from the community before we decide for > sure. Red Hat is currently shipping 2.3 in FC2 and FC3. 2.4 won't show up till FC4 which is at least 6 months out. RHEL3 is still shipping with 2.2. RHEL4, which has not yet shipped will have 2.3. Python 2.3 is going to be installed version of python on Red Hat systems for a while and 2.2 is also common. I have a suggestion. My understanding is that python 2.4 is desired because the CJK codecs are part of the official python distribution in 2.4. Up to this point mailman installed its own CJK codecs. The proper course of action in my view would be to continue to ship mailman's private copy of the codecs, add a check to "configure" to test for 2.4, if its available use the python version, if not fallback to the previous private method. Sound like a plan? -- John Dennis From mailman-developers-subscription at moritz-naumann.com Thu Dec 2 01:15:40 2004 From: mailman-developers-subscription at moritz-naumann.com (Moritz Naumann) Date: Thu Dec 2 01:15:43 2004 Subject: [Mailman-Developers] How are you, Mailman? Message-ID: <41AE5EAC.70000@moritz-naumann.com> Hi! I just realized that there items in the queue of *open* bugs on the sf.net tracker which date back to year 2000 and that there is a total of at least *270 bugs with status "open"* on the BTS. If I wouldn't know that Mailman is actually under regular development, this would make me think it was not, rather make me think it was an abandoned project. I'm sure everyone involved in Mailman development is a busy person as good developers are rare and busy by definition. So please do not take it as an insult when I suggest that you spend more time on working out these bugs. It's not my intention to flame you but to improve the usability of the software which - to me - includes (but is not limited to) a proactively maintained BTS. Maybe, if that's possible, have a BTS happening weekend and try to comment (as a first step towards a solution) on as many bugs as possible. I'm not involved in the Mailman project at all nor am engaged in any other project of this size, so I may be missing some obvious reasons for this situation. I've set my subscription preferences to not receive email from this list, so please CC to mailman-developers-subscription-replies AT moritz-naumann D0T com Thank you. Greetings, Moritz Naumann From iane at sussex.ac.uk Thu Dec 2 11:47:25 2004 From: iane at sussex.ac.uk (Ian Eiloart) Date: Thu Dec 2 11:47:15 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <1101909920.27003.27.camel@presto.wooz.org> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: --On Wednesday, December 1, 2004 09:05:20 GMT -0500 Barry Warsaw wrote: > On Tue, 2004-11-30 at 20:07, Tokio Kikuchi wrote: > >> Sorry my response is slow :-) > > No worries! > >> Yeah, I think I can contribute 2.2 while you are at 3.0. Looking back >> the design notes, we have already some of 2.2 features in 2.1.6. >> http://zope.org/Members/bwarsaw/MailmanDesignNotes/MailmanTwoDotTwo >> >> May be we can go forward to requirement of Python 2.4 because CJK codecs >> are integreted there. > > I have no problems requiring Python 2.4 for Mailman 2.2, although I > would like to get some feedback from the community before we decide for > sure. I wouldn't be opposed to requiring at least Python 2.3, but I > definitely think we should drop support for earlier Pythons since > nothing earlier than 2.3 is being maintained any more. > > -Barry > Here's some feedback: We're running python 2.2.3 on Solaris, but we only use python for Mailman, so a forced upgrade wouldn't be too painful. However, MacOSX and MacOSX Server have python Python 2.3 (#1, Sep 13 2003, 00:49:11), so requiring 2.4 could cause pain for anyone with a Mac installation of Mailman. Now, I know someone is going to point out that Apple provide a much hacked version of Mailman - but that's a red herring. I'm referring to people who put vanilla mailman on top of MacOSX - as we plan to do. We're migrating our mail servers to MacOSX, but we're using Exim, not the Apple provided server. -- Ian Eiloart Servers Team Sussex University ITS From simmosiil at hotmail.com Thu Dec 2 13:22:15 2004 From: simmosiil at hotmail.com (Simmo Siil) Date: Thu Dec 2 13:24:39 2004 Subject: [Mailman-Developers] Non-member filters Message-ID: List of non-member addresses whose postings should be automatically accepted. How can i but there @domeen.com? without a name? like '@domeen.com' -- how to get it work? now i can use only single aadresses like name@domeen.com Can you help me? Saapakusti _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From terri at zone12.com Thu Dec 2 17:23:20 2004 From: terri at zone12.com (Terri Oda) Date: Thu Dec 2 17:23:09 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: References: Message-ID: <7B112CCE-447E-11D9-B70B-000D934FBF38@zone12.com> On Dec 2, 2004, at 7:22 AM, Simmo Siil wrote: > How can i but there @domeen.com? without a name? > like '@domeen.com' -- how to get it work? > now i can use only single aadresses like name@domeen.com Have you tried .*@domeen.com ? If I recall correctly, that field allows regular expressions. Terri From brad at stop.mail-abuse.org Fri Dec 3 01:15:45 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Fri Dec 3 01:42:15 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: At 10:47 AM +0000 2004-12-02, Ian Eiloart wrote: > Now, I know someone is going to point out that Apple provide a much > hacked version of Mailman - but that's a red herring. I'm referring to > people who put vanilla mailman on top of MacOSX - as we plan to do. If you're going to put vanilla Mailman on top of MacOS X, then you could also install Python 2.4 as well. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From kentrak at sonic.net Fri Dec 3 02:05:29 2004 From: kentrak at sonic.net (Kevan Benson) Date: Fri Dec 3 02:05:36 2004 Subject: [Mailman-Developers] Site-wide confirmed opt in setting? Message-ID: <200412021705.29635.kentrak@sonic.net> Any plans to include a feature where the server administrator can force lists to be confirmed opt-in? I administer a server that allows free mailing lists to customers of our ISP, and forcing opt-in behavior is useful as it allows tangible benefits with spam lists. I ask here because I haven't seen it mentioned in the wiki or feature lists for 2.1 or 2.2. We ended up hacking it a bit to make it work how we needed, but it's still sub-optimal at best, and it's a feature I think that could be useful to quite a few admins. Also, is there a policy reason why the return address and address listed in the template of the password reminders is the main list owner (first list created) and not the list owner of the list that address is associated with? -Kevan From tkikuchi at is.kochi-u.ac.jp Fri Dec 3 02:36:55 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Fri Dec 3 02:37:02 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: <41AFC337.9040305@is.kochi-u.ac.jp> Hi again, Brad Knowles wrote: > If you're going to put vanilla Mailman on top of MacOS X, then you > could also install Python 2.4 as well. > And also, mailman 2.2 will no be out before next summer. I expect many venders are including Python 2.4 by that time. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From jwt at OnJapan.net Fri Dec 3 02:40:30 2004 From: jwt at OnJapan.net (Jim Tittsler) Date: Fri Dec 3 02:40:20 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: <7B112CCE-447E-11D9-B70B-000D934FBF38@zone12.com> References: <7B112CCE-447E-11D9-B70B-000D934FBF38@zone12.com> Message-ID: <20041203014030.GB614@server.onjapan.net> On Thu, Dec 02, 2004 at 11:23:20AM -0500, Terri Oda wrote: > On Dec 2, 2004, at 7:22 AM, Simmo Siil wrote: > >How can i but there @domeen.com? without a name? > >like '@domeen.com' -- how to get it work? > >now i can use only single aadresses like name@domeen.com > > Have you tried .*@domeen.com ? > > If I recall correctly, that field allows regular expressions. It does, but remember to prefix the string with a '^' to have it recognized as a regular expression: ^.*@domeen.com -- Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6 Python Starship http://Starship.Python.net/ Ringo MUG Tokyo http://www.ringo.net/rss.html From msapiro at value.net Fri Dec 3 04:08:34 2004 From: msapiro at value.net (Mark Sapiro) Date: Fri Dec 3 04:08:40 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: <20041203014030.GB614@server.onjapan.net> Message-ID: Jim Tittsler wrote: >On Thu, Dec 02, 2004 at 11:23:20AM -0500, Terri Oda wrote: >> On Dec 2, 2004, at 7:22 AM, Simmo Siil wrote: >> >How can i but there @domeen.com? without a name? >> >like '@domeen.com' -- how to get it work? >> >now i can use only single aadresses like name@domeen.com >> >> Have you tried .*@domeen.com ? >> >> If I recall correctly, that field allows regular expressions. > >It does, but remember to prefix the string with a '^' to have >it recognized as a regular expression: >^.*@domeen.com And while Jim's RE will certainly work, some may suggest that it could allow more than wanted and would suggest ^[^@]+@domeen\.com$ See http://docs.python.org/lib/re-syntax.html for info about Python REs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From sub1.dev.mailman at msquared.id.au Fri Dec 3 04:59:43 2004 From: sub1.dev.mailman at msquared.id.au (Msquared) Date: Fri Dec 3 04:59:47 2004 Subject: [Mailman-Developers] real virtual domain support - possible implementation? Message-ID: <20041203035943.GA25726@sliderule.msquared.com.au> Hi guys! (and gals :) ) I remember when I first installed Majordomo and experiencing majordisappointment that it didn't truly support virtual mail domains. It suffered the same limitation that Mailman currently does: foo@1.example.com and foo@2.example.com are the same list. I managed to work around this by using Sendmail's virtusertable to create different aliases for each domain. The aliases worked their magic by simply invoking Majordomo with a different configuration file for each domain. The configuration file ensured that each domain's configuration, archives, resend lists, etc, were independent of one another, as they were stored in different subdirectories, named after the domain they were configured for. This magic was acheived using M4 macros, to make my life easier. I build my virtusertable and aliases from the one config file and the M4 macros. It's easy to modify the macros to call Mailman from different domains, and could even pass a different configuration parameter, or domain name identifier, or whatever, to the Mailman mail wrapper, just like I did to the Majordomo wrapper. Is there a way to call the Mailman mail wrapper in such a way as to have it use a different Defaults and/or mm-cfg file on each invocation? How about the cgi scripts and commandline scripts? It'd be kind of kludgy, but it would work well, I think. There seems to be discussion and requests for real virtual domain support on the list from time to time, and I think this would be a simple way to achieve it. Regards, Msquared... From fehwalker at gmail.com Fri Dec 3 05:03:54 2004 From: fehwalker at gmail.com (Bryan Fullerton) Date: Fri Dec 3 05:03:57 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <41AFC337.9040305@is.kochi-u.ac.jp> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> <41AFC337.9040305@is.kochi-u.ac.jp> Message-ID: <35de0c300412022003ee94c60@mail.gmail.com> On Fri, 03 Dec 2004 10:36:55 +0900, Tokio Kikuchi wrote: > > And also, mailman 2.2 will no be out before next summer. I expect many > venders are including Python 2.4 by that time. As a perhaps extraneous data point supporting this, the FreeBSD lang/python port was bumped from 2.3.4 to 2.4 on Dec 1st (and lo, there was much updating). So any future versions of FreeBSD will have Python 2.4 (or newer) -- FreeBSD 4.11 is aimed for late January 2005, 5.4 will be sometime later in 2005. Bryan From stephen at xemacs.org Fri Dec 3 05:41:10 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri Dec 3 05:41:22 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: (Ian Eiloart's message of "Thu, 02 Dec 2004 10:47:25 +0000") References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> >>>>> "Ian" == Ian Eiloart writes: Ian> However, MacOSX and MacOSX Server have python Python 2.3 (#1, Ian> Sep 13 2003, 00:49:11), so requiring 2.4 could cause pain for Ian> anyone with a Mac installation of Mailman. I'm not going to deprecate someone else's pain, but (1) Apple already has a couple of "multi-version" applications standard (in particular, GCC, see the gcc_select utility), and (2) I'm currently having no problem with coexistence among the Apple-provided Python, two Fink versions (2.2 and 2.3), and a DarwinPorts version (2.3). I don't know about Fink, but DarwinPorts has been providing a 2.4 package since the alphas started (and maybe before). Both Fink and DarwinPorts have their issues, but so far Python isn't one of them. (Actually, only ghc and the X distributions have given me any trouble at all in DarwinPorts, and my issues with Fink mostly are of the form "too many applications that don't need to be linked to GNOME are linked to GNOME".) So it may not be all that difficult for admins of Apple boxes to work around this. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From stephen at xemacs.org Fri Dec 3 05:59:14 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri Dec 3 05:59:28 2004 Subject: [Mailman-Developers] Require 2.4? No thanks [was: Maybe it's time to release 2.1.6] In-Reply-To: <1101909920.27003.27.camel@presto.wooz.org> (Barry Warsaw's message of "Wed, 01 Dec 2004 09:05:20 -0500") References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> Message-ID: <87653kf04b.fsf_-_@tleepslib.sk.tsukuba.ac.jp> >>>>> "BAW" == Barry Warsaw writes: BAW> On Tue, 2004-11-30 at 20:07, Tokio Kikuchi wrote: >> May be we can go forward to requirement of Python 2.4 because >> CJK codecs are integreted there. BAW> I have no problems requiring Python 2.4 for Mailman 2.2, BAW> although I would like to get some feedback from the community BAW> before we decide for sure. I'm not in favor of bumping the Python requirement for Mailman to greater than 2.3 any time soon. If you really need something in 2.4 to robustly fix a bug or provide new features, that's one thing. And if you could get rid of crocky homebrew infrastructure in favor of shiny new well-defined Python APIs, that's another. (Eg, I think the new Mailman3 architecture, based on Twisted, is just wickedly cool.) But at one point my Debian system _insisted_ on _four_ different versions of Python (1.5, 2.1, 2.2, and 2.3) being installed (1.5 is now gone, and I think 2.1 can finally be dispensed with), because of various prerequisites stated by different packages. Besides that, at various points at least two versions of Perl, and two versions of Ruby (and I didn't know I had any Ruby-requiring applications installed!), two versions of autoconf, three versions of automake, ... you get the drift. Pretty yucky. And it's shameful to be outdone by Perl!! In the case in point, the reason explicitly advanced for moving to 2.4 is that it includes the CJK codecs. That is, there's a bug that someone doesn't feel like addressing properly, so you're going to cover it up. This just ain't right. IMO, this particular bug goes a lot deeper than the tracebacks in #974290 and #926034, inter alia. I'm currently tracing another bug where Cc contents are being trashed, probably in AvoidDuplicates, but there's similar, redundant (?) code in CookHeaders. This whole notion of cooking headers is pretty bogus, in my opinion, and the reason that unknown coding systems crash the runners is also bogus: Mailman in many places assumes that the headers will be readable and proceeds to try to read them (ie, translate to Unicode). In some places it even assumes that the header will be in ASCII! My host's error log is full of entries like Dec 02 17:25:57 2004 (17826) SHUNTING: 1102026356.809988+4f78036cea165d4e72f6ed3 5943a75961cc7da67 Dec 02 17:33:36 2004 (17826) Uncaught runner exception: 'ascii' codec can't decode byte 0xa4 in position 0: ordinal not in range(128) Dec 02 17:33:36 2004 (17826) Traceback (most recent call last): [OMITTED, but FYI it's make_headers() -> h.append() again] UnicodeDecodeError: 'ascii' codec can't decode byte 0xa4 in position 0: ordinal not in range(128) NB: this one can't be worked around by adding the CJK codecs. :-/ What to do? Well, let's get radical and actually think about what's going on here from the beginning. Mailman is really a special-purpose MTA. So ... Offhand, I can't think of any reason why I would _ever_ want Mailman to _change_ an _existing_ header. I understand that there are a large number of uneducated perverts with asthmatic MUAs who want Reply-To munging out there, and that there are broken MUAs that produce broken (ie, redundant) Cc headers, and the like. I can almost sympathize with Subject munging (although the List-ID header makes list names redundant). But I don't need any of that, and it's really annoying that Mailman does some of those things behind my back, especially when the implementation is buggy. Similarly, the only reason I can think of why _I_ would want Mailman to _read_ any headers is to parse out an address (eg, for dupe suppression), to handle the Approved header, and to handle admin requests. Well, if RFC 2822 parsing (which is hard enough as it is) isn't good enough, that's not Mailman's problem---it's going to baffle the snot out of Sendmail, too. So I see no _need_ for conversion of any headers to Unicode by default! (I think of ToArchive as calling a separate application, not as part of Mailman.) I conclude that the default pipeline should Just Say No to I18N in the headers. "We don' need no steenkin' Unicode here." (I18N for the UI and the message headers/footers is a completely different issue, of course.) Optional Handlers? Of course. Do you want CC coalescing? Add a Handler to the pipeline. (Note that this can be implemented simply by s/^cc:/, /i and appending the result to the previous Cc header, then folding as necessary; no need even to parse out the content, let alone translate it to Unicode.) Do you want Reply-To munging? Ditto. Do you want to sanity check addresses as a service to posters? Add a Handler. Still no need for I18N, though. Do you want Subject munging? OK, ya got me. Here we do want I18N. But you can still do it with a separate Handler, and you can make it plain that Here Be Dragons by calling it MungeSubject_I18N or even MungeSubject_TimeBomb or MungeSubject_MUA (where the last is intended to indicate that Mailman has gone well beyond its MTA Buddha-nature and become entangled in dealing with the illusions of Samsara). The only real implementation problems I can see are if the email module goes out of its way to parse headers rather than simply storing contents until they are requested, and that the Mailman admin UI currently doesn't provide for munging the list pipeline. Dealing with the former could be hard, but the latter could be handled for 2.1.6/2.2 by making Handlers that simply return successfully without doing any processing if they are disabled. Enabling/disabling to be done via list-specific and mm_cfg variables. For the future (Mailman3?), one could use a precedence naming scheme (to make sorting the Handlers directory easy) and a checkbox list for basic configuration: Mailman Handler Pipeline: [ ] 00_SpamDetect [ ] 01_Approve [ ] 05_Replybot [ ] 10_Moderate [ ] 15_Hold [ ] 20_MimeDel [ ] 25_Emergency [ ] 30_Tagger [ ] 45_CalcRecips [ ] 60_AvoidDuplicates [ ] 70_Cleanse [ ] 75_CookHeaders [ ] 80_ToDigest [ ] 85_ToArchive [ ] 90_ToUsenet [ ] 95_AfterDelivery [ ] 98_Acknowledge [ ] 99_ToOutgoing (Of course one would suppress the numbering and include docstrings in the web UI, I'm just using this to indicate the idea.) Alternatively, there could be a pipeline_default_order list, which would have _all_ known (standard) Handlers in it, copy that to the pipeline_default and delete the Handlers that are disabled by default. You'd still have to use bin/withlist to change the order, but since order is often significant, that's probably a Feature, not a Bug. I'd volunteer to implement a prototype, at least, but I can't do it on the schedule proposed for 2.1.6, sorry. (Note that I don't even know how broken the email module is in this respect yet. :( ) I will get around to submitting bug reports on the issues mentioned above, maybe top of next week? -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From Dale at Newfield.org Fri Dec 3 06:31:33 2004 From: Dale at Newfield.org (Dale Newfield) Date: Fri Dec 3 06:31:16 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <41AFFA35.1050404@Newfield.org> Stephen J. Turnbull wrote: > (1) Apple already has a couple of "multi-version" applications > standard (in particular, GCC, see the gcc_select utility) gcc_select is completely broken, and doesn't work. It assumes that the only 3.x is 3.1 and fails even at what it claims to do. I have tried and failed to fix the script, eventually doing all (I hope) the appropriate re-linking by hand. > Both Fink and DarwinPorts have their issues, but so far Python isn't > one of them. I definitely agree with you on Fink (doesn't work at all right now because of gcc issue above, and it always had problems with various X implementations, but when it does work it's pretty nice), and only learned about DarwinPorts just now, so thank you! > So it may not be all that difficult for admins of Apple boxes to work > around this. Oh, yeah, back to the topic. Guess I don't have anything to add except to say that requiring all these bolt-on tools in order to install mailman is a bit harsh for non-admins... -Dale From brad at stop.mail-abuse.org Fri Dec 3 10:16:22 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Fri Dec 3 10:54:26 2004 Subject: [Mailman-Developers] Site-wide confirmed opt in setting? In-Reply-To: <200412021705.29635.kentrak@sonic.net> References: <200412021705.29635.kentrak@sonic.net> Message-ID: At 5:05 PM -0800 2004-12-02, Kevan Benson wrote: > Any plans to include a feature where the server administrator can force lists > to be confirmed opt-in? I administer a server that allows free mailing lists > to customers of our ISP, and forcing opt-in behavior is useful as it allows > tangible benefits with spam lists. I'm not personally aware of any such plans, no. But this is a very good idea. Could we ask you to add this via the Request For Enhancement tracker at ? > Also, is there a policy reason why the return address and address listed in > the template of the password reminders is the main list owner (first list > created) and not the list owner of the list that address is associated with? I'm not sure I understand the question. Could you be more specific, or perhaps give us an example? -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From brad at stop.mail-abuse.org Fri Dec 3 10:24:32 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Fri Dec 3 10:54:52 2004 Subject: [Mailman-Developers] real virtual domain support - possible implementation? In-Reply-To: <20041203035943.GA25726@sliderule.msquared.com.au> References: <20041203035943.GA25726@sliderule.msquared.com.au> Message-ID: At 11:59 AM +0800 2004-12-03, Msquared wrote: > Is there a way to call the Mailman mail wrapper in such a way as to have > it use a different Defaults and/or mm-cfg file on each invocation? How > about the cgi scripts and commandline scripts? Good question. So far as I know, all the intelligence regarding this topic for Mailman is found in FAQ 4.47. If there's anything else that has been missed, please let us know. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From brad at stop.mail-abuse.org Fri Dec 3 10:31:42 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Fri Dec 3 10:54:54 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <41AFFA35.1050404@Newfield.org> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> <41AFFA35.1050404@Newfield.org> Message-ID: At 11:31 PM -0600 2004-12-02, Dale Newfield wrote: > Oh, yeah, back to the topic. Guess I don't have anything to add except > to say that requiring all these bolt-on tools in order to install mailman > is a bit harsh for non-admins... So, every package written in Perl should include a complete Perl implementation of its very own? Every package written in Python should include a complete Python implementation? Am I missing something here, or have I completely misunderstood you? If I have not misunderstood you, then I think that this way lies madness. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From iane at sussex.ac.uk Fri Dec 3 11:07:37 2004 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri Dec 3 11:07:21 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: --On Friday, December 3, 2004 13:41:10 GMT +0900 "Stephen J. Turnbull" wrote: >>>>>> "Ian" == Ian Eiloart writes: > > Ian> However, MacOSX and MacOSX Server have python Python 2.3 (#1, > Ian> Sep 13 2003, 00:49:11), so requiring 2.4 could cause pain for > Ian> anyone with a Mac installation of Mailman. > > I'm not going to deprecate someone else's pain, but (1) Apple already > has a couple of "multi-version" applications standard (in particular, > GCC, see the gcc_select utility), and (2) I'm currently having no > problem with coexistence among the Apple-provided Python, two Fink > versions (2.2 and 2.3), and a DarwinPorts version (2.3). I don't know > about Fink, but DarwinPorts has been providing a 2.4 package since the > alphas started (and maybe before). > > Both Fink and DarwinPorts have their issues, but so far Python isn't > one of them. (Actually, only ghc and the X distributions have given > me any trouble at all in DarwinPorts, and my issues with Fink mostly > are of the form "too many applications that don't need to be linked to > GNOME are linked to GNOME".) > > So it may not be all that difficult for admins of Apple boxes to work > around this. Yes, of course it isn't a show stopper. Of course there are ways around the problem. However, the OP asked if requiring 2.4 would cause problems for anyone. The answer is yes: for users of MacOSX, and some other platforms apparently, the requirement would create extra work, and therefore inhibit some people from upgrading. For each of those platforms, no doubt, there are workarounds. However, its not enough just to do the workaround. I have to be sure that some Apple update is not going to undo the workaround. I have to document the workaround, and educate my colleagues to understand it. I have to be sure that *I'm* going to remember what I did in six months time. Yes, that's all doable, and I probably would do it. For some people though, it will be a show stopper. For others it will delay their implementation. For these reasons, it is necessary to be cautious about upping the install requirements. -- Ian Eiloart Servers Team Sussex University ITS From iane at sussex.ac.uk Fri Dec 3 11:36:20 2004 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri Dec 3 11:36:04 2004 Subject: [Mailman-Developers] Feature request Message-ID: Hi, I had a complaint from a user yesterday that a listinfo page was misleading. It says something like "To post a message to all the list members, send email to foo@example.com", when the list in question is actually an announcement only list - so not even list members can do that. Not such a problem, except that right above is the notice "To see the collection of prior postings to the list, visit the FOO Archives. (The current archive is only available to the list members.)". Now, this implies that the listinfo page is being smart about what people can and cannot do. Indeed it is smart about warning that subscriptions, archives, and membership lists are restricted - but not about posting. It would be useful if the listinfo page could check whether non-members can post (generic_nonmember_action), and check for additional restrictions on postings (like default_member_moderation), and say something like: "To post a message to all the list members, send email to foo@example.com (posts from non-members may|will be accepted|moderated|rejected|discarded)", where accepted|moderated|rejected|discarded is the setting from generic_non_member_action and may|will is "will" iff accept_these_nonmembers etc, are not set. I guess that inspecting the list of *_these_nonmembers settings will give a list of possible responses to a non-member posting. "To post a message to all the list members, send email to foo@example.com (permitted posters only)", as appropriate. -- Ian Eiloart Servers Team Sussex University ITS From Dale at Newfield.org Fri Dec 3 16:34:03 2004 From: Dale at Newfield.org (Dale Newfield) Date: Fri Dec 3 16:33:50 2004 Subject: [Mailman-Developers] Maybe it's time to release 2.1.6 In-Reply-To: References: <41A5D9D1.70808@is.kochi-u.ac.jp> <1101668779.19175.5.camel@presto.wooz.org> <41AD196D.2040805@is.kochi-u.ac.jp> <1101909920.27003.27.camel@presto.wooz.org> <87acswf0yh.fsf@tleepslib.sk.tsukuba.ac.jp> <41AFFA35.1050404@Newfield.org> Message-ID: <41B0876B.9060208@Newfield.org> Brad Knowles wrote: > So, every package written in Perl should include a complete Perl > implementation of its very own? You have misunderstood me. I'm not talking about the languages, I'm talking about fink and darwinPorts. If the only clean way to get multiple language versions to play well together is to use them, then we're basically saying to anyone that wants to install mailman should install those first, and while they're great for unix-geeks like most of us on this list, they're quite heavy tools for someone that just wants a mailing list manager. -Dale From bob at nleaudio.com Fri Dec 3 16:48:19 2004 From: bob at nleaudio.com (bob@nleaudio.com) Date: Fri Dec 3 16:47:31 2004 Subject: [Mailman-Developers] Qrunner dying Message-ID: <41B08AC3.5050807@nleaudio.com> I had a server recently that was running 2.1.5 in which the qrunner process would die approximately once a week. Could never find any real error being logged, and I would just restart it. Ended up retiring that machine, and replaed it with a newer Mandrake 9.2 box. Installed Mailman 2.1.5, and that has been running nicely until a couple days ago, where once again, qrunner stopped. The only thing I can see is that there was a message that was posted to one of the lists that generated this: Nov 29 02:08:27 web1 postfix/local[32487]: F2FDB1C6015: to=, orig_to=, relay=local, delay=2, status=bounced (Command died with status 1: "/home/mailman/mail/mailman bounces list") I see no corresponding entry in the errors log. Has anyone else seen this happen? Bob From gustavorfranco at gmail.com Fri Dec 3 19:30:53 2004 From: gustavorfranco at gmail.com (Gustavo Franco) Date: Fri Dec 3 19:30:55 2004 Subject: [Mailman-Developers] Feature request In-Reply-To: References: Message-ID: <5fabd6fd04120310305f070d9f@mail.gmail.com> I agree Ian, but i think that these type of "features" aren't being included in Mailman 2.x. I suggest you to forward this request to MM 3[0] if nobody here say anything against this idea. Have you time/skills to write a patch for Mailman 2.1.5 with it? If yes, you can submit it through sourceforge.net and there's no doubt that they will look and comment about. [0] = http://www.zope.org/Members/bwarsaw/MailmanDesignNotes/MailmanThreePointOh Hope that helps, Gustavo Franco -- From kentrak at sonic.net Fri Dec 3 21:55:11 2004 From: kentrak at sonic.net (Kevan Benson) Date: Fri Dec 3 21:55:17 2004 Subject: [Mailman-Developers] Site-wide confirmed opt in setting? In-Reply-To: References: <200412021705.29635.kentrak@sonic.net> Message-ID: <200412031255.11362.kentrak@sonic.net> On Friday 03 December 2004 01:16 am, Brad Knowles wrote: > At 5:05 PM -0800 2004-12-02, Kevan Benson wrote: > > Any plans to include a feature where the server administrator can force > > lists to be confirmed opt-in? I administer a server that allows free > > mailing lists to customers of our ISP, and forcing opt-in behavior is > > useful as it allows tangible benefits with spam lists. > > I'm not personally aware of any such plans, no. But this is a > very good idea. > > Could we ask you to add this via the Request For Enhancement > tracker at ? Done. Request ID 1078589 > > Also, is there a policy reason why the return address and address listed > > in the template of the password reminders is the main list owner (first > > list created) and not the list owner of the list that address is > > associated with? > > I'm not sure I understand the question. Could you be more > specific, or perhaps give us an example? Attached is an example message (the password's been changed so it's not compromised, even though it is a test list). The _site_ list is "mailman", the list the address belongs to is "testlistcboyce". The password reminder is from "mailman-owner@listman.sonic.net", and they are prompted to send "questions, problems, comments, etc" to this address in the body as well. A simple template change can fix the body (if I can figure out the variable for the right address), but the From: address portion is a bit harder. The main issue with this is we currently have 140 lists on the server, and I'm about to programmatically migrate another 600-800 lists from our aging majordomo server. So on the first of every month, for every list that has password reminders set to go out, any replies to these thousands of messages (which invariably are unsubscribe requests) go to mailman-owner, which as I understand it is the site admin, and shouldn't be hit with unsubscribe requests for individual lists. -Kevan -------------- next part -------------- An embedded message was scrubbed... From: unknown sender Subject: no subject Date: no date Size: 3349 Url: http://mail.python.org/pipermail/mailman-developers/attachments/20041203/ed43fd20/password_reminder.mht From rmg at terc.edu Fri Dec 3 22:04:07 2004 From: rmg at terc.edu (Robby Griffin) Date: Fri Dec 3 22:04:11 2004 Subject: [Mailman-Developers] Site-wide confirmed opt in setting? In-Reply-To: <200412031255.11362.kentrak@sonic.net> References: <200412021705.29635.kentrak@sonic.net> <200412031255.11362.kentrak@sonic.net> Message-ID: On Dec 3, 2004, at 15:55, Kevan Benson wrote: > The main issue with this is we currently have 140 lists on the server, > and I'm > about to programmatically migrate another 600-800 lists from our aging > majordomo server. So on the first of every month, for every list that > has > password reminders set to go out, any replies to these thousands of > messages > (which invariably are unsubscribe requests) go to mailman-owner, which > as I > understand it is the site admin, and shouldn't be hit with unsubscribe > requests for individual lists. So you're saying if Joe User is on 300 of those lists, they should receive 300 separate reminders from your server each month? --Robby From kentrak at sonic.net Fri Dec 3 22:46:48 2004 From: kentrak at sonic.net (Kevan Benson) Date: Fri Dec 3 22:46:54 2004 Subject: [Mailman-Developers] Site-wide confirmed opt in setting? In-Reply-To: References: <200412021705.29635.kentrak@sonic.net> <200412031255.11362.kentrak@sonic.net> Message-ID: <200412031346.48605.kentrak@sonic.net> On Friday 03 December 2004 01:04 pm, Robby Griffin wrote: > On Dec 3, 2004, at 15:55, Kevan Benson wrote: > > The main issue with this is we currently have 140 lists on the server, > > and I'm > > about to programmatically migrate another 600-800 lists from our aging > > majordomo server. So on the first of every month, for every list that > > has > > password reminders set to go out, any replies to these thousands of > > messages > > (which invariably are unsubscribe requests) go to mailman-owner, which > > as I > > understand it is the site admin, and shouldn't be hit with unsubscribe > > requests for individual lists. > > So you're saying if Joe User is on 300 of those lists, they should > receive 300 separate reminders from your server each month? Hmm, that's a good point. The reasoning behind the behavior is much more apparant now. I wasn't thinking of one notice being sent for multiple list memberships. Since this seems to be something more of a problem to our particular setup, I'll work on a custom solution (such as using an informative autoresponse). Thanks, -Kevan From brad at stop.mail-abuse.org Sat Dec 4 00:31:27 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Sat Dec 4 01:15:45 2004 Subject: [Mailman-Developers] Feature request In-Reply-To: References: Message-ID: At 10:36 AM +0000 2004-12-03, Ian Eiloart wrote: > It would be useful if the listinfo page could check whether non-members > can post (generic_nonmember_action), and check for additional restrictions > on postings (like default_member_moderation), and say something like: Could you post this on the Mailman RFE tracker at ? Thanks! -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From tkikuchi at is.kochi-u.ac.jp Sat Dec 4 03:41:40 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat Dec 4 03:41:50 2004 Subject: [Mailman-Developers] Re: [Mailman-Users] Tracebacks with 2.1.5 since upgrading to Python 2.4 In-Reply-To: <35de0c3004120304582340ccec@mail.gmail.com> References: <35de0c3004120304582340ccec@mail.gmail.com> Message-ID: <41B123E4.1020601@is.kochi-u.ac.jp> Bryan Fullerton wrote: > Howdy, > > I'm running Mailman 2.1.5 and upgraded to Python 2.4 yesterday. Since > then I've gotten 9 tracebacks in the error log as below, with ~130 > bounces processed during that time. I've never seen this error before > with Mailman that I can remember. > (snip) > Dec 03 07:48:21 2004 qrunner(47971): File > "/home/mailman-2.1/Mailman/Bouncer.py", line 131, in registerBounce > Dec 03 07:48:21 2004 qrunner(47971): time.strftime('%d-%b-%Y', > day + (0,)*6)) > Dec 03 07:48:21 2004 qrunner(47971): ValueError : day of year out of range > > Do I need to do something with Mailman after updating to Python 2.4, > or is this a bug? time.strftime('%d-%b-%Y', day + (0,)*6)) should be something like: time.strftime('%d-%b-%Y', day + (0,0,0,0,1,0)) Looks like we should care 2.4 compatibilty first before jumping in it. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From dallas at dreamhost.com Sat Dec 4 07:29:53 2004 From: dallas at dreamhost.com (Dallas Bethune) Date: Sat Dec 4 07:30:00 2004 Subject: [Mailman-Developers] real virtual domain support - possible implementation? In-Reply-To: References: <20041203035943.GA25726@sliderule.msquared.com.au> Message-ID: On Dec 3, 2004, at 1:24 AM, Brad Knowles wrote: > At 11:59 AM +0800 2004-12-03, Msquared wrote: > >> Is there a way to call the Mailman mail wrapper in such a way as to >> have >> it use a different Defaults and/or mm-cfg file on each invocation? >> How >> about the cgi scripts and commandline scripts? > > Good question. So far as I know, all the intelligence regarding this > topic for Mailman is found in FAQ 4.47. If there's anything else that > has been missed, please let us know. From my experience, it seems as if all of this configuration information is compiled directly into the wrapper. For what it's worth, I have managed to get the 'true-virtualhost' patch mentioned on that FAQ entry working with Mailman 2.1.5. It didn't require that many changes. That patch: http://sourceforge.net/tracker/index.php? func=detail&aid=943827&group_id=103&atid=300103 Unfortunately that patch is not really what I would consider complete. I have been working on more changes to provide virtual domain support for the web interface as well as the email interface and have made some progress, but it's not anything releasable to the public at this point. If anyone has done any work on this themselves, let me know! Our users have started screaming louder about this functionality lately so it's become more of a priority. Dallas (@ dreamhost.com) From simmosiil at hotmail.com Sat Dec 4 11:50:00 2004 From: simmosiil at hotmail.com (Simmo Siil) Date: Sat Dec 4 11:51:06 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: Message-ID: Thanks, it worked. > >^.*@domeen.com >^[^@]+@domeen\.com$ But now i have new problem. I have 3 lists, which are in@domeen.com out@domeen.com office@domeen.com and they all are in all@domeen.com. When i send email to all@domeen.com whitch has the users in,out & office, then i get next message form all of them: post from name@domeen.com requires approval Reason: Message has implicit destination When i aprove the message it will sent. how i can solve this problem? And then second question. If i send mail to the all@domeen.com and have prefixes then it will look like that: [office] [all] How i can to so that if i send email to all then it has only [all] but when i send to office then it also has [office] prefix. Or is ther eny other way how i can make lists with sub lists (listes under lists) all@domeen = in@domeen, out@domeen, office@domeen in@domeen = xxx@domeen + users (user@domeen) xxx@domeen = users (user@domeen) out & office@domeen = users (user@domeen) I hope you understand my bad english. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From msapiro at value.net Sat Dec 4 17:30:56 2004 From: msapiro at value.net (Mark Sapiro) Date: Sat Dec 4 17:31:03 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: Message-ID: Simmo Siil wrote: > >But now i have new problem. >I have 3 lists, which are in@domeen.com out@domeen.com office@domeen.com >and they all are in all@domeen.com. >When i send email to all@domeen.com whitch has the users in,out & office, >then i get next message form all of them: > post from name@domeen.com requires approval >Reason: Message has implicit destination >When i aprove the message it will sent. how i can solve this problem? You can enable full personalization on the all list which isn't expensive if the other three lists are the only members. This requires OWNERS_CAN_ENABLE_PERSONALIZATION = Yes in mm_cfg.py to make the list settings available. Or, you can go to Privacy options...->Recipient filters for the in, out and office lists and either turn off require_explicit_destination or add all@domeen.com or a regular expression to acceptable_aliases. >And then second question. >If i send mail to the all@domeen.com and have prefixes then it will >look like that: >[office] [all] >How i can to so that if i send email to all then it has only [all] >but when i send to office then it also has [office] prefix. I don't know a way to do this. >Or is ther eny other way how i can make lists with sub lists (listes under >lists) >all@domeen = in@domeen, out@domeen, office@domeen >in@domeen = xxx@domeen + users (user@domeen) >xxx@domeen = users (user@domeen) >out & office@domeen = users (user@domeen) Visit the mailman FAQ at http://www.python.org/cgi-bin/faqw-mm.py and see article 3.5 for other suggestions. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From terri at zone12.com Sat Dec 4 19:25:49 2004 From: terri at zone12.com (Terri Oda) Date: Sat Dec 4 19:25:45 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: References: Message-ID: On Dec 4, 2004, at 5:50 AM, Simmo Siil wrote: > I have 3 lists, which are in@domeen.com out@domeen.com > office@domeen.com > and they all are in all@domeen.com. > When i send email to all@domeen.com whitch has the users in,out & > office, > then i get next message form all of them: > post from name@domeen.com requires approval > Reason: Message has implicit destination > When i aprove the message it will sent. how i can solve this problem? If you haven't already done so, you may need to list all@domeen.com as a valid alternative address for in, out, and office. Otherwise, you're getting caught by the rule that says that anything not actually addressed to this list should be held (mostly in case it's spam). From jacsib at lutecium.org Sun Dec 5 09:46:12 2004 From: jacsib at lutecium.org (Jacques B. Siboni) Date: Sun Dec 5 09:46:57 2004 Subject: [Mailman-Developers] Inserting code in subscribe Message-ID: <41B2CAD4.DFAF0CA9@lutecium.org> Hi all, I had put this question on the mailman-users mailing list but it were probably too sharp as i received no answers. Therefore i talk the the developers of mailman now: On a mailing list I'm running I need to include some code after the subscribe form and after the unsubscribe form. The new subscribe form has to interact with the user. You can have a hint of what is expected at http://www.lutecium.org/subscribe.html The unsubscribe process has to run a simple batch. Where do you think is the best place to include these codes? Thanks in advance Jacques -- Dr. Jacques B. Siboni mailto:jacsib@Lutecium.org 8 pass. Charles Albert, F75018 Paris, France Tel. & Fax: 33 (0) 1 42 28 76 78 Home Page: http://www.lutecium.org/jacsib/ From jacsib at lutecium.org Sun Dec 5 09:47:54 2004 From: jacsib at lutecium.org (Jacques B. Siboni) Date: Sun Dec 5 10:15:01 2004 Subject: [Mailman-Developers] Where are the data? Message-ID: <41B2CB3A.603AB4C3@lutecium.org> Hi all, Another question which had been put on the mailman-users group ... Where and how can I access to the user data, which are the email address, the name, and the password? Thanks in advance Jacques -- Dr. Jacques B. Siboni mailto:jacsib@Lutecium.org 8 pass. Charles Albert, F75018 Paris, France Tel. & Fax: 33 (0) 1 42 28 76 78 Home Page: http://www.lutecium.org/jacsib/ From msapiro at value.net Sun Dec 5 17:22:44 2004 From: msapiro at value.net (Mark Sapiro) Date: Sun Dec 5 17:22:59 2004 Subject: [Mailman-Developers] Where are the data? In-Reply-To: <41B2CB3A.603AB4C3@lutecium.org> Message-ID: Jacques B. Siboni wrote: > >Another question which had been put on the mailman-users group ... Sorry, I would have answered that one, but for some reason I didn't understand it when I read it the first time. >Where and how can I access to the user data, which are the email address, the >name, and the password? All these data as well as all the list settings are stored as a Python pickle in lists//config.pck You can use bin/dumpdb to see all the information. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From barry at python.org Sun Dec 5 17:59:16 2004 From: barry at python.org (Barry Warsaw) Date: Sun Dec 5 17:59:18 2004 Subject: [Mailman-Developers] Re: [Mailman-Users] Tracebacks with 2.1.5 since upgrading to Python 2.4 In-Reply-To: <41B123E4.1020601@is.kochi-u.ac.jp> References: <35de0c3004120304582340ccec@mail.gmail.com> <41B123E4.1020601@is.kochi-u.ac.jp> Message-ID: <1102265955.29528.79.camel@presto.wooz.org> On Fri, 2004-12-03 at 21:41, Tokio Kikuchi wrote: > time.strftime('%d-%b-%Y', day + (0,)*6)) should be something like: > time.strftime('%d-%b-%Y', day + (0,0,0,0,1,0)) > > Looks like we should care 2.4 compatibilty first before jumping in it. Definitely. We should not release 2.1.6 until we're confident about Python 2.4 compatibility. I'll probably be testing this out on my own lists over the next few weeks. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041205/919f8f0e/attachment.pgp From simmosiil at hotmail.com Mon Dec 6 08:03:10 2004 From: simmosiil at hotmail.com (Simmo Siil) Date: Mon Dec 6 08:04:10 2004 Subject: [Mailman-Developers] Non-member filters Message-ID: Hi, again. I have 3 lists and they all are in all@domeen.com. When user is in 2 sub list and i send email all then the uesr get-s 2 emails. How can it be done so that, he will get only one, but still will be in both lists? Saapakusti. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From les at 2pi.org Mon Dec 6 10:03:08 2004 From: les at 2pi.org (Les Niles) Date: Mon Dec 6 10:03:13 2004 Subject: [Mailman-Developers] Hole in subscription confirmation? Message-ID: <20041206090308.448C8714AF@mutiny.2pi.org> We're running 2.1.4 in production. Last week, a couple of our lists got subscribed to a mail-archiver service, apparently by a subscriber to those lists. The mail archiving service doesn't do any subscription confirmations, and the subscriptions to it were confirmed via the web interface. I don't quite see how this could happen. The mail archiver and the place where the confirmations came from are a continent and an ocean apart, so collusion is unlikely. Any ideas? Is there a way for someone submitting a subscription request to get a copy of the confirmation email from mailman? If so, there could be a hole to for maliciously-generated subscriptions. -les From fw at deneb.enyo.de Mon Dec 6 10:13:30 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Mon Dec 6 10:13:35 2004 Subject: [Mailman-Developers] Hole in subscription confirmation? In-Reply-To: <20041206090308.448C8714AF@mutiny.2pi.org> (Les Niles's message of "Mon, 6 Dec 2004 01:03:08 -0800 (PST)") References: <20041206090308.448C8714AF@mutiny.2pi.org> Message-ID: <871xe34wn9.fsf@deneb.enyo.de> * Les Niles: > We're running 2.1.4 in production. Last week, a couple of our > lists got subscribed to a mail-archiver service, apparently by a > subscriber to those lists. The mail archiving service doesn't do > any subscription confirmations, and the subscriptions to it were > confirmed via the web interface. Didn't the mail archiving service archive the confirmation email sent by Mailman? From brad at stop.mail-abuse.org Mon Dec 6 11:58:26 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Mon Dec 6 12:04:33 2004 Subject: [Mailman-Developers] Hole in subscription confirmation? In-Reply-To: <20041206090308.448C8714AF@mutiny.2pi.org> References: <20041206090308.448C8714AF@mutiny.2pi.org> Message-ID: At 1:03 AM -0800 2004-12-06, Les Niles wrote: > I don't quite see how this could happen. The mail archiver and the > place where the confirmations came from are a continent and an > ocean apart, so collusion is unlikely. Actually, collusion is highly likely. > Any ideas? There are many easy ways to do this. One would be for the person who is doing the confirmations to be sent all "unusual" e-mails by the mail archiving service. When a subscription confirmation comes in, the mail archiving service doesn't recognize it and forwards it on to them, they confirm the subscription via the web, and then finish the configuration of the mail archiving service so that it recognizes future postings as "normal". There are many other ways to skin this cat. > Is there a way > for someone submitting a subscription request to get a copy of the > confirmation email from mailman? If they control the remote end, that would be very easy. They just set up an alias which points to the real address plus their own. > If so, there could be a hole to > for maliciously-generated subscriptions. I'm sure there are all sorts of creative ways to abuse this process. We've trapped the most straightforward methods to abusively subscribe someone else to something, but I'm sure that there are others that we have missed -- there always are. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From msapiro at value.net Mon Dec 6 16:08:04 2004 From: msapiro at value.net (Mark Sapiro) Date: Mon Dec 6 16:08:12 2004 Subject: [Mailman-Developers] Non-member filters In-Reply-To: Message-ID: Simmo Siil wrote: >I have 3 lists and they all are in all@domeen.com. >When user is in 2 sub list and i send email all >then the uesr get-s 2 emails. How can it be done >so that, he will get only one, but still will be in both lists? See FAQ at http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.005.htp for suggested ways to work around this problem. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shaikli at yahoo.com Mon Dec 6 21:03:28 2004 From: shaikli at yahoo.com (Nadim Shaikli) Date: Mon Dec 6 21:03:31 2004 Subject: [Mailman-Developers] Encoding & html pages Message-ID: <20041206200328.98019.qmail@web14922.mail.yahoo.com> Greetings, let me prefix this with "I'm not familiar enough with Python" and proceed with my question. Having looked at the code briefly to see how I can have Mailman default to displaying my html pages with the 'UTF-8' encoding, I was able to see that one can affect the encoding (programatically) via changing the "lang" (or as its noted the variable 'DEFAULT_SERVER_LANGUAGE' in Defaults.py/mm_cfg.py). I'm also guessing that this affects the localization of the displayed text, etc (which I don't want to do). I then looked into the Defaults.py file which notes 'DEFAULT_CHARSET' but that looks like its related to pipermail only (which I'm not using, MHonARC fits me better). If my assumptions are correct this variable should be renamed to 'ARCHIVER_DEFAULT_CHARSET' to better fit with all the other related variables (while at it maybe 'VERBATIM_ENCODING' should also be 'ARCHIVER_VERBATIM_ENCODING'). I then looked into Defaults.py where various languages are listed and their supplied encodings (again this is related to localization and I'm not looking to affect/change that). Yet it seems to me that someone using 'en' as a language might still want to use "UTF-8" as the default encoding on all the HTML pages and I wasn't able to figure out how to do that. If this is currently not possible, may I suggest the creation of a 'DEFAULT_SERVER_ENCODING' that would take precedence over anything defaulted. In other words, if the _SERVER_ENCODING is set then it will be used even instead of what is listed in the localization list else mailman ought to do what its doing now. In passing, you might want to have Mailman default to UTF-8 instead of 'us-ascii' since many mailman users are now serving multiple language lists. Just a thought. Using - mailman-2.1.5-4 (debian) Regards, - Nadim __________________________________ Do you Yahoo!? Take Yahoo! Mail with you! Get it on your mobile phone. http://mobile.yahoo.com/maildemo From msapiro at value.net Mon Dec 6 22:17:19 2004 From: msapiro at value.net (Mark Sapiro) Date: Mon Dec 6 22:17:39 2004 Subject: [Mailman-Developers] Encoding & html pages In-Reply-To: <20041206200328.98019.qmail@web14922.mail.yahoo.com> Message-ID: Nadim Shaikli wrote: > >I then looked into Defaults.py where various languages are >listed and their supplied encodings (again this is related to >localization and I'm not looking to affect/change that). Yet >it seems to me that someone using 'en' as a language might still >want to use "UTF-8" as the default encoding on all the HTML pages >and I wasn't able to figure out how to do that. Have you tried def _(s): return s add_language('en', _('English (USA)'), 'utf-8') del _ or maybe just add_language('en', 'English (USA)', 'utf-8') in mm_cfg.py -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shaikli at yahoo.com Mon Dec 6 23:18:15 2004 From: shaikli at yahoo.com (Nadim Shaikli) Date: Mon Dec 6 23:18:19 2004 Subject: [Mailman-Developers] Encoding & html pages In-Reply-To: Message-ID: <20041206221816.11868.qmail@web14924.mail.yahoo.com> --- Mark Sapiro wrote: > Nadim Shaikli wrote: > > > >I then looked into Defaults.py where various languages are > >listed and their supplied encodings (again this is related to > >localization and I'm not looking to affect/change that). Yet > >it seems to me that someone using 'en' as a language might still > >want to use "UTF-8" as the default encoding on all the HTML pages > >and I wasn't able to figure out how to do that. > > Have you tried > > add_language('en', 'English (USA)', 'utf-8') > > in mm_cfg.py That did the trick - thanks. My suggestion on renaming those variables still stands as it would lessen any potential confusion. Thanks. - Nadim __________________________________ Do you Yahoo!? The all-new My Yahoo! - What will yours do? http://my.yahoo.com From msapiro at value.net Tue Dec 7 23:56:47 2004 From: msapiro at value.net (Mark Sapiro) Date: Tue Dec 7 23:56:55 2004 Subject: [Mailman-Developers] Private archive specific message URL lost in authorization Message-ID: I just submitted the subject bug report to sourceforge.net at http://sourceforge.net/tracker/index.php?func=detail&aid=1080943&group_id=103&atid=100103 The description is If a user without an authorization cookie goes to a URL such as http://www.example.com/mailman/private/list-name/yyyy-Month/nnnnnn.html the user will get the private archives authorization page and after filling in e-mail address and password and clicking Let me in... will be taken to the main index for the list at http://www.example.com/mailman/private/list-name/ instead of to the original URL. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From ddewey at cyberthugs.com Wed Dec 8 03:57:24 2004 From: ddewey at cyberthugs.com (Dave Dewey) Date: Wed Dec 8 03:57:29 2004 Subject: [Mailman-Developers] config.pck password encryption inconsistencies Message-ID: <20041208025724.GA8189@meatwad.cyberthugs.com> Hello; I currently run Mailman 2.1.5 on one server, and have web archives using MHonArc running on a different webserver. I have shell access to both. These archives are private, for list subscribers only. I am trying to implement .htaccess authentication using the instructions here: http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.007.htp I have this script working although it required minor modifications to run under 2.1.5. This is a Fedora Core 2 install from source. The modified script creates the .htpasswd database on the mailmain server and scp's it to the webserver over a private net. Here's the issue I can't solve. It is clear that SOME user passwords in the lists' config.pck file are encrypted, and some aren't. This is within the SAME config.pck, I'm only running one list. When using 'dumpdb' to investigate the the users email/passwords, some of the passwords are definitely clear text. However, others (including all of my own, for various test subscriptions) are encrypted. The problem is that when I then use htpasswd to create the .htpasswd file, the encrypted passwords are re-encrypted again for use by apache. Therefore the only acceptable password for logging into the archives is the encrypted form. Here's an example using fake text: User passwd: Config.pck entry: .htpasswd: Accepted by Apache: tree Uasdf!d ljkjkld Uasdf!d When the user's password is in UN-encrypted form in config.pck, everything works great, eg: User passwd: Config.pck entry: .htpasswd: Accepted by Apache: rock rock Oad;int rock Using htpasswd's -p switch to add the passwords in clear text doesn't work either. Same problem, in that now the Apache password is the then as in the config.pck, which may or may not be encrypted. I hope this makes sense. Any suggestions for dealing with this? Obviously users can't be expected to know what the encrypted version of their password is or might be... Is this the expected behavior (some passwords clear, others encrypted?). Is this documented anywhere? dave From ddewey at cyberthugs.com Wed Dec 8 16:16:30 2004 From: ddewey at cyberthugs.com (Dave Dewey) Date: Wed Dec 8 16:16:48 2004 Subject: [Mailman-Developers] config.pck password encryption inconsistencies In-Reply-To: <20041208025724.GA8189@meatwad.cyberthugs.com> References: <20041208025724.GA8189@meatwad.cyberthugs.com> Message-ID: <20041208151630.GA32000@meatwad.cyberthugs.com> Quoting Dave Dewey (ddewey@cyberthugs.com): > Here's the issue I can't solve. It is clear that SOME user passwords in the > lists' config.pck file are encrypted, and some aren't. This is within the > SAME config.pck, I'm only running one list. When using 'dumpdb' to > investigate the the users email/passwords, some of the passwords are > definitely clear text. However, others (including all of my own, for > various test subscriptions) are encrypted. More info: it appears that only passwords that were chosen at time of subscription are encrypted. If a user then goes in and changes the password, it is stored unencrypted in config.pck. dave From msapiro at value.net Thu Dec 9 02:58:40 2004 From: msapiro at value.net (Mark Sapiro) Date: Thu Dec 9 02:58:51 2004 Subject: [Mailman-Developers] config.pck password encryptioninconsistencies In-Reply-To: <20041208151630.GA32000@meatwad.cyberthugs.com> Message-ID: Dave Dewey wrote: >Quoting Dave Dewey (ddewey@cyberthugs.com): > >> Here's the issue I can't solve. It is clear that SOME user passwords in the >> lists' config.pck file are encrypted, and some aren't. This is within the >> SAME config.pck, I'm only running one list. When using 'dumpdb' to >> investigate the the users email/passwords, some of the passwords are >> definitely clear text. However, others (including all of my own, for >> various test subscriptions) are encrypted. > >More info: it appears that only passwords that were chosen at time of >subscription are encrypted. If a user then goes in and changes the >password, it is stored unencrypted in config.pck. Are you sure they are encrypted and not just encoded (e.g. unicode)? What do you see in monthly password reminders? I looked through the code somewhat, particularly the code that produces password reminders, and I can't see anywhere where there is any encryption/decryption of passwords going on. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From barry at python.org Thu Dec 9 15:02:47 2004 From: barry at python.org (Barry Warsaw) Date: Thu Dec 9 15:02:52 2004 Subject: [Mailman-Developers] config.pck password encryptioninconsistencies In-Reply-To: References: Message-ID: <1102600966.5092.27.camel@geddy.wooz.org> On Wed, 2004-12-08 at 20:58, Mark Sapiro wrote: > I looked through the code somewhat, particularly the code that produces > password reminders, and I can't see anywhere where there is any > encryption/decryption of passwords going on. Correct. Mailman does not encrypt or hash member passwords, and they are stored in the clear in the config.pck file (this is actually not good, but it's the way it is). Owner and moderator passwords are generally hashed, typically these days with sha1. I have no idea where your passwords are getting changed. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041209/297345f9/attachment.pgp From barry at python.org Thu Dec 9 15:09:41 2004 From: barry at python.org (Barry Warsaw) Date: Thu Dec 9 15:09:45 2004 Subject: [Mailman-Developers] Re: Mailman problem... In-Reply-To: <001501c4dd1f$1a711600$1e00a8c0@direzione> References: <001501c4dd1f$1a711600$1e00a8c0@direzione> Message-ID: <1102601381.5091.39.camel@geddy.wooz.org> On Wed, 2004-12-08 at 07:11, epigrottero wrote: > Hi, excuse me for my english, i have installed a Mandrake 9.2 (in the > package there is Mailman 2.1.2 included) but when i try the creation > of a new list i receive this message: > > Bug in Mailman version 2.1.2 Mailman 2.1.2 is fairly old. You should try to at least upgrade to 2.1.5 and see if your problem is fixed. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041209/fdb91e56/attachment.pgp From ddewey at cyberthugs.com Thu Dec 9 15:43:35 2004 From: ddewey at cyberthugs.com (Dave Dewey) Date: Thu Dec 9 15:43:41 2004 Subject: [Mailman-Developers] config.pck password encryption inconsistencies In-Reply-To: <1102600966.5092.27.camel@geddy.wooz.org> References: <1102600966.5092.27.camel@geddy.wooz.org> Message-ID: <20041209144335.GE32270@meatwad.cyberthugs.com> Quoting Barry Warsaw (barry@python.org): > Correct. Mailman does not encrypt or hash member passwords, and they > are stored in the clear in the config.pck file (this is actually not > good, but it's the way it is). Owner and moderator passwords are > generally hashed, typically these days with sha1. I have no idea where > your passwords are getting changed. Gotcha. I believe that's where I was drawing my erroneous conclusions from. I only have information about my own passwords, and they are clearly encrypted since I know what the values are. My own accounts are ALSO all either owners or moderators, so that explains it perfectly. The rest of the users passwords were either values I could recognize and therefore were cleartext passwords or random strings, and it's impossible to tell whether those are encrypted or just random by simply looking at them. I now assume they are random. Thanks for the information! I did see the references to the sha1 encryption in the code, further drawing me down the wrong path. Case closed... dave From barry at python.org Thu Dec 9 16:17:35 2004 From: barry at python.org (Barry Warsaw) Date: Thu Dec 9 16:17:42 2004 Subject: [Mailman-Developers] config.pck password encryption inconsistencies In-Reply-To: <20041209144335.GE32270@meatwad.cyberthugs.com> References: <1102600966.5092.27.camel@geddy.wooz.org> <20041209144335.GE32270@meatwad.cyberthugs.com> Message-ID: <1102605455.16867.3.camel@geddy.wooz.org> On Thu, 2004-12-09 at 09:43, Dave Dewey wrote: > Gotcha. I believe that's where I was drawing my erroneous conclusions from. > I only have information about my own passwords, and they are clearly > encrypted since I know what the values are. My own accounts are ALSO all > either owners or moderators, so that explains it perfectly. Just for clarification (because my explanation was perhaps imprecise): Moderator and owner passwords are kept in separate keys in the config.pck dictionary, so even if you are both a member and an owner of a list, your member password will be cleartext but the (shared) owner password will be hashed (same goes for the moderator password). -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041209/50c0128b/attachment.pgp From grantbow at grantbow.com Fri Dec 10 21:57:25 2004 From: grantbow at grantbow.com (Grant Bowman) Date: Fri Dec 10 21:57:31 2004 Subject: [Mailman-Developers] Custom Welcome Message Message-ID: <20041210205725.GA11645@grantbow.com> Hello, I'm looking for feedback about the attached one line patch, It uses existing capabilities to allow the editing of subscribeack.txt. If this is the right approach I would be happy to follow up with additional patches to help support this capability. The first thing that comes to mind adjusting the text of the HTML selection page. If this isn't the right approach to provide this capability then what are the alternatives? Thanks, -- -- Grant Bowman --- Mailman/Cgi/edithtml.py.orig 2001-11-30 00:00:18.000000000 -0800 +++ Mailman/Cgi/edithtml.py 2004-12-10 12:09:31.000000000 -0800 @@ -42,6 +42,7 @@ template_data = ( ('listinfo.html', _('General list information page')), ('subscribe.html', _('Subscribe results page')), + ('subscribeack.txt', _('Welcome email text file')), ('options.html', _('User specific options page')), ) From tkikuchi at is.kochi-u.ac.jp Sat Dec 11 02:35:01 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat Dec 11 02:35:07 2004 Subject: [Mailman-Developers] mailman-2.1.6a2 is out Message-ID: <41BA4EC5.7070801@is.kochi-u.ac.jp> Hi Developers and I18Ners, I've bumped version number of mailman to 2.1.6a2 (a1 was not announced) and made a tarball at my mailman-japanese site. Please get it at: http://mm.tkikuchi.net/mailman-2.1.6a2.tgz Mailman 2.1.6 should be compatible with Python 2.4 and including some nice new features such as numbering in subject prefix and filtering attachments by filename extensions. Please download and test it and help us fixing bugs. Cheers, -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From relson at osagesoftware.com Sat Dec 11 03:23:00 2004 From: relson at osagesoftware.com (David Relson) Date: Sat Dec 11 03:23:02 2004 Subject: [Mailman-Developers] mailman-2.1.6a2 is out In-Reply-To: <41BA4EC5.7070801@is.kochi-u.ac.jp> References: <41BA4EC5.7070801@is.kochi-u.ac.jp> Message-ID: <20041210212300.19dd3339@osage.osagesoftware.com> On Sat, 11 Dec 2004 10:35:01 +0900 Tokio Kikuchi wrote: > Hi Developers and I18Ners, > > I've bumped version number of mailman to 2.1.6a2 (a1 was not announced) > and made a tarball at my mailman-japanese site. Please get it at: > http://mm.tkikuchi.net/mailman-2.1.6a2.tgz > > Mailman 2.1.6 should be compatible with Python 2.4 and including some > nice new features such as numbering in subject prefix and filtering > attachments by filename extensions. Tokio, Does that mean it's _not_ compatible with older versions of python ??? David From tkikuchi at is.kochi-u.ac.jp Sat Dec 11 03:49:18 2004 From: tkikuchi at is.kochi-u.ac.jp (Tokio Kikuchi) Date: Sat Dec 11 03:49:24 2004 Subject: [Mailman-Developers] mailman-2.1.6a2 is out In-Reply-To: <20041210212300.19dd3339@osage.osagesoftware.com> References: <41BA4EC5.7070801@is.kochi-u.ac.jp> <20041210212300.19dd3339@osage.osagesoftware.com> Message-ID: <41BA602E.5000808@is.kochi-u.ac.jp> David Relson wrote: > > Does that mean it's _not_ compatible with older versions of python ??? > It _is_ compatible with Python 2.1.3 and higher, I believe. It includes compatibility fix for the newer Python 2.4. -- Tokio Kikuchi, tkikuchi@ is.kochi-u.ac.jp http://weather.is.kochi-u.ac.jp/ From barry at python.org Sat Dec 11 04:43:22 2004 From: barry at python.org (Barry Warsaw) Date: Sat Dec 11 04:43:25 2004 Subject: [Mailman-Developers] mailman-2.1.6a2 is out In-Reply-To: <20041210212300.19dd3339@osage.osagesoftware.com> References: <41BA4EC5.7070801@is.kochi-u.ac.jp> <20041210212300.19dd3339@osage.osagesoftware.com> Message-ID: <1102736601.9394.34.camel@geddy.wooz.org> On Fri, 2004-12-10 at 21:23, David Relson wrote: > Does that mean it's _not_ compatible with older versions of python ??? I think it's fair to say we want to continue Python 2.1 compatibility with the Mailman 2.1 series. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041210/3000fca8/attachment.pgp From relson at osagesoftware.com Sat Dec 11 05:23:30 2004 From: relson at osagesoftware.com (David Relson) Date: Sat Dec 11 05:23:32 2004 Subject: [Mailman-Developers] mailman-2.1.6a2 is out In-Reply-To: <41BA602E.5000808@is.kochi-u.ac.jp> References: <41BA4EC5.7070801@is.kochi-u.ac.jp> <20041210212300.19dd3339@osage.osagesoftware.com> <41BA602E.5000808@is.kochi-u.ac.jp> Message-ID: <20041210232330.191bf682@osage.osagesoftware.com> On Sat, 11 Dec 2004 11:49:18 +0900 Tokio Kikuchi wrote: > David Relson wrote: > > > > > > Does that mean it's _not_ compatible with older versions of python > > ??? > > It _is_ compatible with Python 2.1.3 and higher, I believe. It > includes compatibility fix for the newer Python 2.4. The clarification is appreciated. When I saw 2.4 mentioned, I wanted to be sure whether it was a requirement or not. Thanks. David From kyrian-list at ore.org Mon Dec 13 19:46:26 2004 From: kyrian-list at ore.org (Kyrian (List)) Date: Mon Dec 13 19:46:47 2004 Subject: [Mailman-Developers] MySQL member adaptor update. Message-ID: <20041213184626.12523a78.kyrian-list@ore.org> Folks, Just a quick heads-up to say that I've finally uploaded a new version of this thing to the relevant discussion thread on sourceforge. Thanks to the CC'd persons for their input, and also to Barry for his thoughts, which I've implemented where possible, given my sparse knowledge of Python thus far. I've turned it into a tarball (coz I'm sick of uploading multiple files through sourceforge's somewhat klunky interface), added the option to use a 'flat', or 'wide' table structure, updated the docs, added some misc contribs, and applied some fixes to the data structure and SQL code used as per various suggestions. As mentioned on the discussion thread, it's untested, until I can prod $client into testing it on their server, although it ought to compile and work as far as I can tell. It's long, long overdue, hence the release in this manner. https://sourceforge.net/tracker/index.php?func=detail&aid=839386&group_id=103&atid=300103 Lastly, if anyone can offer any resources on how to get eg. Pychecker working, or an IDE which supports Python, C, HTML, perl, etc. on Fedora then I'd appreciate the info, because my current development environment basically sucks for, well, everything. K. -- Kev Green, aka Kyrian. E: kyrian@ore.org WWW: http://kyrian.ore.org/ ISP/Perl/PHP/Linux/Security Contractor, via http://www.orenet.co.uk/ DJ via http://www.hellnoise.co.uk/ From jdennis at redhat.com Wed Dec 15 17:37:57 2004 From: jdennis at redhat.com (John Dennis) Date: Wed Dec 15 17:38:00 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] Message-ID: <1103128676.16574.31.camel@finch.boston.redhat.com> This was forwarded to me by our security officer. I believe the original author, Florian Weimer, intended to reach this list but did not know how to and instead went through his security contacts. Perhaps Florian's concerns would best be addressed in MM 3.0 and maybe this should be added to the MM 3.0 feature list. BTW, is there an independent MM 3.0 list? I thought I had heard such a beast existed, but my recollection is hazy. -- John Dennis -------------- next part -------------- An embedded message was scrubbed... From: Florian Weimer Subject: [vendor-sec] Weak auto-generated passwords in Mailman Date: Tue, 14 Dec 2004 18:34:27 +0100 Size: 8721 Url: http://mail.python.org/pipermail/mailman-developers/attachments/20041215/be238297/attachment.mht From grantbow at grantbow.com Thu Dec 16 21:19:23 2004 From: grantbow at grantbow.com (Grant Bowman) Date: Thu Dec 16 21:19:33 2004 Subject: [Mailman-Developers] Custom Welcome Message In-Reply-To: <20041210205725.GA11645@grantbow.com> References: <20041210205725.GA11645@grantbow.com> Message-ID: <20041216201923.GD26649@grantbow.com> bug id# 1085501 http://sourceforge.net/tracker/index.php?func=detail&aid=1085501&group_id=103&atid=300103 -- -- Grant Bowman * Grant Bowman [041210 13:01]: > Hello, > > I'm looking for feedback about the attached one line patch, It uses > existing capabilities to allow the editing of subscribeack.txt. If this > is the right approach I would be happy to follow up with additional > patches to help support this capability. The first thing that comes to > mind adjusting the text of the HTML selection page. If this isn't the > right approach to provide this capability then what are the > alternatives? > > Thanks, > > -- > -- Grant Bowman > > > --- Mailman/Cgi/edithtml.py.orig 2001-11-30 00:00:18.000000000 -0800 > +++ Mailman/Cgi/edithtml.py 2004-12-10 12:09:31.000000000 -0800 > @@ -42,6 +42,7 @@ > template_data = ( > ('listinfo.html', _('General list information page')), > ('subscribe.html', _('Subscribe results page')), > + ('subscribeack.txt', _('Welcome email text file')), > ('options.html', _('User specific options page')), > ) From stephen at xemacs.org Fri Dec 17 12:03:36 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri Dec 17 12:03:50 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <1103128676.16574.31.camel@finch.boston.redhat.com> (John Dennis's message of "Wed, 15 Dec 2004 11:37:57 -0500") References: <1103128676.16574.31.camel@finch.boston.redhat.com> Message-ID: <87is719ofr.fsf@tleepslib.sk.tsukuba.ac.jp> >>>>> "John" == John Dennis writes: John> The idea of storing sensitive data in Mailman archives seems John> to be a bit crazy, but unfortunately, it is common practice. Not only that, but if you're incautious about the archive setup, 3rd parties may stash sensitive data there. Somebody (@163.com, according to the received trail) noticed that a certain Chinese spam was getting through my filters, and sent us an apparent copy that was actually a cache of credit card data several pages down. :-( It's a public list, so there's nothing we want to do about the authentication of users problem discussed here; but watch those archives, guys. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From simmosiil at hotmail.com Mon Dec 20 11:06:37 2004 From: simmosiil at hotmail.com (Simmo Siil) Date: Mon Dec 20 11:07:08 2004 Subject: [Mailman-Developers] Problem Message-ID: I changed subdomeen nad i need that mailman would run http://mail.domeen.com/mailman/ now it runs only http://www.domeen.com/admin/ If i open list then i cant change enyting i open it http://mail.domeen.com/mailman/ address but if i wanna open link, then is that address http://www.domeen.com/mailman/admin/in/general Where i need to change www to mail ? Saapakusti. _________________________________________________________________ Express yourself instantly with MSN Messenger! Download today it's FREE! http://messenger.msn.click-url.com/go/onm00200471ave/direct/01/ From msapiro at value.net Mon Dec 20 20:49:47 2004 From: msapiro at value.net (Mark Sapiro) Date: Mon Dec 20 20:50:50 2004 Subject: [Mailman-Developers] Problem In-Reply-To: Message-ID: Simmo Siil wrote > >I changed subdomeen nad i need that mailman would run >http://mail.domeen.com/mailman/ > >now it runs only http://www.domeen.com/admin/ >If i open list then i cant change enyting >i open it http://mail.domeen.com/mailman/ address >but if i wanna open link, then is that address >http://www.domeen.com/mailman/admin/in/general > >Where i need to change www to mail ? See http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq04.029.htp Be sure to see the "Existing versus new lists" section. Note - the mailman-users@python.org list is probably more appropriate for this type of question. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From alan at batie.org Tue Dec 21 09:08:09 2004 From: alan at batie.org (Alan Batie) Date: Tue Dec 21 09:08:13 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: References: Message-ID: <41C7D9E9.8040903@batie.org> I had my mailman up and quit working last week, possibly related to someone removing a couple of lists, but I can find no clue as to why. I installed a fresh 2.1.5 (I think the previous was at 2.1.3), to no avail. I'm not asking for help debugging the problem, as not only is this not the right place, but short of getting someone to root around my system, I don't think it would even be possible. What I would like is a pointer to some sort of architectural overview, so *I* can root around my system myself, with a better idea of where I'm headed than tracing the code line by line. http://zope.org/Members/bwarsaw/MailmanDesignNotes/SplittingQrunner gave some hints, but I couldn't find anything more detailed... Thanks! -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3196 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041221/0f5302dc/smime.bin From dallas at dreamhost.com Tue Dec 21 20:57:56 2004 From: dallas at dreamhost.com (Dallas Bethune) Date: Tue Dec 21 20:58:08 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: <41C7D9E9.8040903@batie.org> References: <41C7D9E9.8040903@batie.org> Message-ID: <9BA5AC1A-538A-11D9-9140-000A95AA76E0@dreamhost.com> The error logs are usually pretty helpful when I'm trying to debug a problem. Have you checked there for any useful messages? Dallas On Dec 21, 2004, at 12:08 AM, Alan Batie wrote: > I had my mailman up and quit working last week, possibly related to > someone removing a couple of lists, but I can find no clue as to why. > I installed a fresh 2.1.5 (I think the previous was at 2.1.3), to no > avail. I'm not asking for help debugging the problem, as not only is > this not the right place, but short of getting someone to root around > my system, I don't think it would even be possible. What I would like > is a pointer to some sort of architectural overview, so *I* can root > around my system myself, with a better idea of where I'm headed than > tracing the code line by line. > http://zope.org/Members/bwarsaw/MailmanDesignNotes/SplittingQrunner > gave some hints, but I couldn't find anything more detailed... > Thanks! > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Unsubscribe: > http://mail.python.org/mailman/options/mailman-developers/ > dallas%40dreamhost.com From msapiro at value.net Tue Dec 21 20:58:55 2004 From: msapiro at value.net (Mark Sapiro) Date: Tue Dec 21 20:59:04 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: <41C7D9E9.8040903@batie.org> Message-ID: Alan Batie wrote: > >What I would like is a >pointer to some sort of architectural overview, so *I* can root around >my system myself, with a better idea of where I'm headed than tracing >the code line by line. >http://zope.org/Members/bwarsaw/MailmanDesignNotes/SplittingQrunner gave >some hints, but I couldn't find anything more detailed... Thanks! I know this isn't what you asked for, and you may have already seen it, but you might find http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq03.014.htp of some use. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From terri at zone12.com Wed Dec 22 00:47:06 2004 From: terri at zone12.com (Terri Oda) Date: Wed Dec 22 00:46:45 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <1103128676.16574.31.camel@finch.boston.redhat.com> References: <1103128676.16574.31.camel@finch.boston.redhat.com> Message-ID: <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> On Dec 15, 2004, at 11:37 AM, John Dennis wrote: > This was forwarded to me by our security officer. I believe the > original > author, Florian Weimer, intended to reach this list but did not know > how > to and instead went through his security contacts. Perhaps Florian's > concerns would best be addressed in MM 3.0 and maybe this should be > added to the MM 3.0 feature list. BTW, is there an independent MM 3.0 > list? I thought I had heard such a beast existed, but my recollection > is > hazy. The list for 3.0 is http://mail.python.org/mailman/listinfo/mailman3-dev More information can also be found on the wiki http://zope.org/Members/bwarsaw/MailmanDesignNotes/FrontPage First off -- as far as I know, the mailman password generation algorithm was never intended for significant security. It was intended to generate nearly-pronouncable (and thus easier to remember) passwords as a mild deterrent to attackers. I wouldn't really characterize this is a security bug so much as a design choice that you may or may not agree with. I'm not sure it makes sense to worry about the auto-generated passwords when we're plaintexting them (and any archive data, and any email) across the Internet. If you're storing sensitive archives in Mailman you should probably be looking at something beyond Mailman for security, including an https server. Perhaps a short term fix would be to double-authenticate somehow. >The idea of storing sensitive data in Mailman archives >seems to be a bit crazy, but unfortunately, it is common practice. The idea of sending sensitive data *by unencrypted email* is a bit crazy. Doesn't mean it's not done, but I don't want to spend a whole lot of time designing a more secure mailman only to have people complain that their email still isn't secure. If you're really storing sensitive documents, maybe you need to look at some PGP extensions to Mailman as well... Despite these considerations that make the whole idea more complex, it might be worth looking at some secure mailman options for 3.0 (assuming you've got a certified https server and all that jazz), and incorporating some of these suggestions for their other benefits (eg: disallowing user-selected passwords means people can't accidentally use trusted passwords for mailing lists). But we're going to have to do a lot more thinking and designing if we want to claim that Mailman's safe for sensitive documents. Terri From stephen at xemacs.org Wed Dec 22 08:52:13 2004 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed Dec 22 08:52:25 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: <41C7D9E9.8040903@batie.org> (Alan Batie's message of "Tue, 21 Dec 2004 00:08:09 -0800") References: <41C7D9E9.8040903@batie.org> Message-ID: <87sm5yrcr6.fsf@tleepslib.sk.tsukuba.ac.jp> >>>>> "Alan" == Alan Batie writes: Alan> What I would like is a pointer to some sort of architectural Alan> overview, so *I* can root around my system myself, with a Alan> better idea of where I'm headed than tracing the code line Alan> by line. I haven't looked at the web code, but when I went in and did some surgery a couple months ago, I found the architecture of the mail-handling code is pretty well reflected in the directory structure. Also, looking at the backtraces in error messages is quite informative about structure, although it only tells you about the one path to the leaf. So I found it fairly easy to find the stuff of interest. You might also want to look at some of the notes for Mailman3 in the Mailman3 tree, and compare its source tree structure to Mailman2. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. From alan at batie.org Wed Dec 22 09:25:26 2004 From: alan at batie.org (Alan Batie) Date: Wed Dec 22 09:25:25 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: <87sm5yrcr6.fsf@tleepslib.sk.tsukuba.ac.jp> References: <41C7D9E9.8040903@batie.org> <87sm5yrcr6.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <41C92F76.5080205@batie.org> Stephen J. Turnbull wrote: > You might also want to look at some of the notes for Mailman3 in the > Mailman3 tree, and compare its source tree structure to Mailman2. Thanks for all the pointers; I haven't had a chance to dig in yet, but I did get the mail flowing again by moving out a large batch of messages that were in the out queue for a particular list. The list-owner had been twiddling a bunch of the moderation settings to basically make it an announce only list, and had also had some complaints about message duplication on a large scale. With the lists working again, it'll be lower priority, but I'll see what I can make out of things... -------------- next part -------------- A non-text attachment was scrubbed... Name: smime.p7s Type: application/x-pkcs7-signature Size: 3196 bytes Desc: S/MIME Cryptographic Signature Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041222/c71421c1/smime.bin From fw at deneb.enyo.de Wed Dec 22 11:04:17 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed Dec 22 11:04:20 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <1103128676.16574.31.camel@finch.boston.redhat.com> (John Dennis's message of "Wed, 15 Dec 2004 11:37:57 -0500") References: <1103128676.16574.31.camel@finch.boston.redhat.com> Message-ID: <87wtva1wf2.fsf@deneb.enyo.de> * John Dennis: > This was forwarded to me by our security officer. I believe the original > author, Florian Weimer, intended to reach this list but did not know how > to and instead went through his security contacts. Of course I went through my security contacts because I thought (and still think) that this is a security issue. I didn't want to disclose it on a public mailing list such as this one before a fix (as described in the message) was implemented. Feedback from selected, trustworthy Mailman users indicates that Mailman users also think that this is a security bug. From fw at deneb.enyo.de Wed Dec 22 11:36:08 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed Dec 22 11:36:18 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> (Terri Oda's message of "Tue, 21 Dec 2004 18:47:06 -0500") References: <1103128676.16574.31.camel@finch.boston.redhat.com> <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> Message-ID: <87oegm1uxz.fsf@deneb.enyo.de> * Terri Oda: > First off -- as far as I know, the mailman password generation > algorithm was never intended for significant security. It was intended > to generate nearly-pronouncable (and thus easier to remember) passwords > as a mild deterrent to attackers. I wouldn't really characterize this > is a security bug so much as a design choice that you may or may not > agree with. Your users disagree. As I wrote in the message forwarded by John, the brute-force attack is entirely pratical and leads to real-world security breaches. > I'm not sure it makes sense to worry about the auto-generated passwords > when we're plaintexting them (and any archive data, and any email) > across the Internet. It does. The Internet is pretty resilent against casual eavesdropping. It takes much more effort to intercept passwords in an email message than to run some script to recover the Mailman-assigned password of a list member whose email address is known. > The idea of sending sensitive data *by unencrypted email* is a bit > crazy. Doesn't mean it's not done, but I don't want to spend a whole > lot of time designing a more secure mailman only to have people > complain that their email still isn't secure. If you're really storing > sensitive documents, maybe you need to look at some PGP extensions to > Mailman as well... Last time I checked, Mailman lables its member-only archives "private", and the implicit promise to keep things posted to the list private is not kept if the software assigns easily guessed to new members. I can only repeat that Mailman's current behavior surprises your users *a* *lot*, and leads to security breaches. From fw at deneb.enyo.de Wed Dec 22 11:40:20 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed Dec 22 11:40:21 2004 Subject: [Mailman-Developers] Handling potential security bugs Message-ID: <87fz1y1uqz.fsf@deneb.enyo.de> Hi, where should I submit security bugs? There are two more in my queue (minor ones, admittedly, as no server-side code execution is involved). Shall I post them to this mailing list, and notify full-disclosure &c at the same time? (Terri will prove that these two bugs are non-issues as well, and propose to defer fixing them to 3.0 anyway, so I doubt that I private discussion would get us anywhere.) Florian From barry at python.org Wed Dec 22 15:43:18 2004 From: barry at python.org (Barry Warsaw) Date: Wed Dec 22 15:43:21 2004 Subject: [Mailman-Developers] Handling potential security bugs In-Reply-To: <87fz1y1uqz.fsf@deneb.enyo.de> References: <87fz1y1uqz.fsf@deneb.enyo.de> Message-ID: <1103726597.17298.188.camel@presto.wooz.org> On Wed, 2004-12-22 at 05:40, Florian Weimer wrote: > where should I submit security bugs? There are two more in my queue > (minor ones, admittedly, as no server-side code execution is > involved). As a general rule, you can post security issues to mailman-cabal@python.org, which is a closed distribution list. I will try to find some time in the next few days to respond to the previous password issue. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041222/811e0c3e/attachment.pgp From fw at deneb.enyo.de Wed Dec 22 15:46:45 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed Dec 22 15:46:48 2004 Subject: [Mailman-Developers] Handling potential security bugs In-Reply-To: <1103726597.17298.188.camel@presto.wooz.org> (Barry Warsaw's message of "Wed, 22 Dec 2004 09:43:18 -0500") References: <87fz1y1uqz.fsf@deneb.enyo.de> <1103726597.17298.188.camel@presto.wooz.org> Message-ID: <871xdiwfu2.fsf@deneb.enyo.de> * Barry Warsaw: > On Wed, 2004-12-22 at 05:40, Florian Weimer wrote: > >> where should I submit security bugs? There are two more in my queue >> (minor ones, admittedly, as no server-side code execution is >> involved). > > As a general rule, you can post security issues to > mailman-cabal@python.org, which is a closed distribution list. Thanks. > I will try to find some time in the next few days to respond to the > previous password issue. As this bug is now publicly documented, I've submitted a patch to the Debian BTS: Unfortunately, this patch is not portable because it relies on the existence of /dev/urandom. From terri at zone12.com Wed Dec 22 17:17:58 2004 From: terri at zone12.com (Terri Oda) Date: Wed Dec 22 17:17:35 2004 Subject: [Mailman-Developers] Handling potential security bugs In-Reply-To: <87fz1y1uqz.fsf@deneb.enyo.de> References: <87fz1y1uqz.fsf@deneb.enyo.de> Message-ID: <0B49B0E6-5435-11D9-B097-000D934FBF38@zone12.com> On Dec 22, 2004, at 5:40 AM, Florian Weimer wrote: > Shall I post them to this mailing list, and notify full-disclosure &c > at the same time? (Terri will prove that these two bugs are > non-issues as well, and propose to defer fixing them to 3.0 anyway, so > I doubt that I private discussion would get us anywhere.) Hey! I wasn't trying to say that they're a non-issue. It's just that I think if we want to make claims of security, we should probably fix more than what you suggested and make it more clear to users what attack vectors there are. If we're talking about larger architectural changes to make things better, then such a fix would naturally fall into 3.0, where it could be done properly. However, if users already have this expectation of security, then you're right, it makes sense to try to meet it as soon as possible. To be honest, I've encountered really few users who thought mailman archives were secure (I think I've encountered one in the years I've been working with mailman) so I was assuming this was a known flaw to most users. From lists05 at equinephotoart.com Wed Dec 22 21:07:25 2004 From: lists05 at equinephotoart.com (JC Dill) Date: Wed Dec 22 21:07:28 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <87oegm1uxz.fsf@deneb.enyo.de> References: <1103128676.16574.31.camel@finch.boston.redhat.com> <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> <87oegm1uxz.fsf@deneb.enyo.de> Message-ID: <41C9D3FD.1070305@equinephotoart.com> Florian Weimer wrote: >Last time I checked, Mailman lables its member-only archives >"private", and the implicit promise to keep things posted to the list >private is not kept if the software assigns easily guessed to new >members. > >I can only repeat that Mailman's current behavior surprises your users >*a* *lot*, > I disagree. So called "private" archives are only kept from prying eyes until those eyes subscribe at which time they are then visible. As I see it, the point of Mailman's security measures is not to keep anyone "else" from ever viewing the archives, it is to keep random web browsers and web spiders from accessing the archives. If someone has the ability to script a password guessing algorithm to try to guess an acceptable username/password pair to access the archives, they can more easily script a program to subscribe, confirm, and then access the archives as a subscriber. Plus, no matter how simple or secure the password, if you are scripting a password cracker then it's just a matter of time, the more easily guessed password is cracked *faster* (on average) but even "secure" passwords will be cracked eventually. If your mailing list archives need greater security than this, then you need a different system. I don't think it is necessary or useful for Mailman to be the system that meets those needs, especially at the cost of making Mailman less useful for others who don't need such strong security measures for their list archives. >and leads to security breaches. > I would love to see a cite for your claim of "leads to security breaches". Do you know of actual cases where someone has gained access to private archives by cracking a mailman generated semi-random password rather than by simply subscribing, or by gaining access to a single password thru intercept or social engineering means? jc From bob at nleaudio.com Wed Dec 22 21:06:20 2004 From: bob at nleaudio.com (Bob Puff@NLE) Date: Wed Dec 22 21:12:07 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <41C9D3FD.1070305@equinephotoart.com> References: <1103128676.16574.31.camel@finch.boston.redhat.com> <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> <87oegm1uxz.fsf@deneb.enyo.de> <41C9D3FD.1070305@equinephotoart.com> Message-ID: <41C9D3BC.9060901@nleaudio.com> While I agree that on the average, the passwords aren't that critical, I do have a few lists that are set to require the admin's approval for subscription. Here, security is a little tighter. I do routinely disable the monthly password reminders though - there's enough in the web admin that people can retrieve their passwords if they really need them. Bob JC Dill wrote: > Florian Weimer wrote: > >> Last time I checked, Mailman lables its member-only archives >> "private", and the implicit promise to keep things posted to the list >> private is not kept if the software assigns easily guessed to new >> members. >> >> I can only repeat that Mailman's current behavior surprises your users >> *a* *lot*, > > I disagree. > So called "private" archives are only kept from prying eyes until those > eyes subscribe at which time they are then visible. As I see it, the > point of Mailman's security measures is not to keep anyone "else" from > ever viewing the archives, it is to keep random web browsers and web > spiders from accessing the archives. If someone has the ability to > script a password guessing algorithm to try to guess an acceptable > username/password pair to access the archives, they can more easily > script a program to subscribe, confirm, and then access the archives as > a subscriber. Plus, no matter how simple or secure the password, if you > are scripting a password cracker then it's just a matter of time, the > more easily guessed password is cracked *faster* (on average) but even > "secure" passwords will be cracked eventually. > If your mailing list archives need greater security than this, then you > need a different system. I don't think it is necessary or useful for > Mailman to be the system that meets those needs, especially at the cost > of making Mailman less useful for others who don't need such strong > security measures for their list archives. > >> and leads to security breaches. >> > I would love to see a cite for your claim of "leads to security > breaches". Do you know of actual cases where someone has gained access > to private archives by cracking a mailman generated semi-random password > rather than by simply subscribing, or by gaining access to a single > password thru intercept or social engineering means? > > jc > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers@python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Unsubscribe: > http://mail.python.org/mailman/options/mailman-developers/bob%40nleaudio.com > > From fw at deneb.enyo.de Wed Dec 22 22:25:33 2004 From: fw at deneb.enyo.de (Florian Weimer) Date: Wed Dec 22 22:25:37 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <41C9D3FD.1070305@equinephotoart.com> (JC Dill's message of "Wed, 22 Dec 2004 12:07:25 -0800") References: <1103128676.16574.31.camel@finch.boston.redhat.com> <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> <87oegm1uxz.fsf@deneb.enyo.de> <41C9D3FD.1070305@equinephotoart.com> Message-ID: <87k6ram3ea.fsf@deneb.enyo.de> * JC Dill: > Florian Weimer wrote: > >>Last time I checked, Mailman lables its member-only archives >>"private", and the implicit promise to keep things posted to the list >>private is not kept if the software assigns easily guessed to new >>members. >> >>I can only repeat that Mailman's current behavior surprises your users >> *a* *lot*, >> > I disagree. > > So called "private" archives are only kept from prying eyes until those > eyes subscribe at which time they are then visible. Moderating subscription is also supported and heavily used. List administrators expect that it keeps out unwanted guests. If this is not the case, you really should put a big fat warning somewhere on the list configuration page. >>and leads to security breaches. > I would love to see a cite for your claim of "leads to security > breaches". Do you know of actual cases where someone has gained access > to private archives by cracking a mailman generated semi-random password > rather than by simply subscribing, or by gaining access to a single > password thru intercept or social engineering means? Yes, see the leaked message. From jwblist at olympus.net Wed Dec 22 22:56:13 2004 From: jwblist at olympus.net (John W. Baxter) Date: Wed Dec 22 22:56:26 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <9F82D4B6-53AA-11D9-B097-000D934FBF38@zone12.com> Message-ID: On 12/21/2004 15:47, "Terri Oda" wrote: > On Dec 15, 2004, at 11:37 AM, John Dennis wrote: > >> This was forwarded to me by our security officer. I believe the >> original >> author, Florian Weimer, intended to reach this list but did not know >> how >> to and instead went through his security contacts. Perhaps Florian's >> concerns would best be addressed in MM 3.0 and maybe this should be >> added to the MM 3.0 feature list. BTW, is there an independent MM 3.0 >> list? I thought I had heard such a beast existed, but my recollection >> is >> hazy. > The underlying problem may be that Mailman refers to the access tokens as "passwords". They are not "passwords" in the sense a security office would think of (they travel around in cleartext; they are stored in cleartext; they are gratuitously or by unauthenticated request mailed out, etc. The expectation level should be implicit in the text from the listinfo page: "You may enter a privacy password below. This provides only mild security, but should prevent others from messing with your subscription. Do not use a valuable password as it will occasionally be emailed back to you in cleartext." Designing an archiving system such that only people who were subscribed at the time a message was posted and have been subscribed continuously since can see that message would certainly be possible (if the problems of email address changes are solved, which probably implies that an email address is no longer an identifier), along with "better" passwords. I would think it would be an option, not the new "way things are." --John From barry at python.org Wed Dec 22 23:49:28 2004 From: barry at python.org (Barry Warsaw) Date: Wed Dec 22 23:49:32 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <1103128676.16574.31.camel@finch.boston.redhat.com> References: <1103128676.16574.31.camel@finch.boston.redhat.com> Message-ID: <1103755768.9377.61.camel@geddy.wooz.org> So let me try to address some of the issues raised here. There's two things: what we can do for Mailman 2.1, and what we can do for Mailman 3.0 (yes, it is still alive ;). For the most part, passwords are one big PITA all around. I'd love to see mechanisms in MM3 that would eliminate passwords altogether. I don't know if that's possible, but one option might be to drop cookies after completing a web-based confirmation, or possibly pubkey based authentication for email communications. There needs to be /a lot/ of thought into this, including issues of usability vs. security, and what level of security we actually want to assert. For MM2.1, we long ago did a risk assessment on the assets that the password protects and we decided on the current scheme based on the value of those assets, which we deemed to be fairly low. I still think that's true except perhaps for private archives. Understand also that the bundled archiver, called Pipermail, was never intended to be ultimately secure, nor for that matter, highly scalable, robust, etc. Its primary use case was for public mailing lists, and to provide zero effort archiving. So my standard answer if you don't like Pipermail is, use some other archiver. They are easy to integrate with Mailman. I know that a number of large sites are doing this. The question is, outside of private Pipermail archives, do you feel that the user friendly, but not very secure passwords are adequate given the value of the asset they protect? We certainly felt they were when we designed the current system (which includes all the other ways to crack the password, including plaintext password reminders and storage of plaintext passwords in config.pck file). BTW, I believe Python 2.4 has an interface to /dev/urandom, and we could certainly add some optional support for more cryptographically secure password generation for Mailman 2.1. It should not be the default because I don't believe the majority of users would benefit from more secure but less user friendly passwords. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041222/c0a8dd32/attachment.pgp From brad at stop.mail-abuse.org Thu Dec 23 03:27:20 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Thu Dec 23 03:47:32 2004 Subject: [Mailman-Developers] [Fwd: [vendor-sec] Weak auto-generated passwords in Mailman] In-Reply-To: <87wtva1wf2.fsf@deneb.enyo.de> References: <1103128676.16574.31.camel@finch.boston.redhat.com> <87wtva1wf2.fsf@deneb.enyo.de> Message-ID: At 11:04 AM +0100 2004-12-22, Florian Weimer wrote: > Feedback from selected, trustworthy Mailman users indicates that > Mailman users also think that this is a security bug. I agree that it's a security issue, but I think that there are other issues that are higher in the priority list for future updates to the 2.1.x tree as well as the all-new code for Mailman3. You'd have to get the official answer from Barry and Tokio for their respective trees as to what it would take to get the priority boosted, but I don't know that you're going to have much luck. In the future, if you feel that you have sensitive security issues with Mailman, it's probably better to contact Barry directly, and he can at least give you an indicator as to whether or not it he feels it would be appropriate to discuss amongst a broader group of people, and where he feels that discussion should/could take place. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From barry at python.org Thu Dec 23 06:06:40 2004 From: barry at python.org (Barry Warsaw) Date: Thu Dec 23 06:06:46 2004 Subject: [Mailman-Developers] Updated web sites Message-ID: <1103778400.17301.264.camel@presto.wooz.org> I've finally regained access to all three websites, list.org, mailman.sf.net, and the GNU mirror, so I've pushed out the latest updates. There are the usual additions to the list of users, but much more importantly there's Terri's new user documentation, and my recent consolidation of the installation documentation. There's also a very incomplete list administrator's guide on the site (volunteers to help polish this up are welcome!). Please poke around the site, read the documentation and let us know if you find any errors. Note that the GNU mirror always lags a bit behind the other two sites. http://www.list.org should be up-to-date. Enjoy, -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041223/5bb20ced/attachment.pgp From foobar at eh.net Thu Dec 23 16:57:23 2004 From: foobar at eh.net (Foo Bar) Date: Thu Dec 23 16:57:26 2004 Subject: [Mailman-Developers] Editing messages held for moderation Message-ID: Hello, I run a mid-sized website (http://eh.net) for the Economic History Association, with some associated mailing lists. These lists have traditionally been very "moderated" (since we switched to Mailman, they've been left in "emergency" moderation mode) and our moderators insist on being able to edit the messages waiting in the moderation queue. I have already put together a terribly ugly little hack to manage this: I've added a link on the moderation page to edit a particular message; this passes the message's ID to a Python script entirely out of Mailman (protected by regular HTTP authentication) which proceeds to read the pickled file and display the message and certain key fields in a form, which another Python script will read and modify the original messages. (There's a little more going on here, actually, but if I told you the exact details you'd make fun of it. Heck, I make fun of it.) This method is suboptimal, particularly when it's fed messages in certain encoding schemes. And my unholy scheme for passing these data around between scripts is nigh unto reaching its limits. Now, the first item on Mailman's Wishlist for list administration is "Allow the moderator to edit posts being held for approval". I would like to reimplement this in a more clean fashion, prefrably properly integrated with Mailman. Taking a look at the developer wiki, however, I'm not quite sure where I should get started, and I'm note quite sure how up to date it is (due to little tidbits like "The current plan is to release Mailman 2.1 final by the end of 2002. It's been long overdue. Sigh.") There's also talk of Mailman 3. So... I'd just like to know what Mailman developers (presumably with more experience than I have) think about the best way to proceed, what versions of Mailman would be most amenable to this sort of a modification, if there's any sort of "Getting Started Hacking Mailman" or architectural overview of which I am not aware... whether I should bother with the IRC channels... and, to be specific on at least one topic, how the CGI wrappers in the mailman/cgi-bin/ directory are set up and operated. From scrib at afn.org Thu Dec 23 19:28:21 2004 From: scrib at afn.org (Steven Kuck) Date: Thu Dec 23 19:28:28 2004 Subject: [Mailman-Developers] Dates again In-Reply-To: References: Message-ID: <41CB0E45.3000301@afn.org> I've been off for a bit, but... >> On Sat, Nov 20, 2004 at 10:42:24AM +0100, Brad Knowles wrote: >> >>> If there were a way to effectively detect when a "Date:" header >>> was wrong and when it was okay, then I might be willing to allow the >>> system to correct the "Date:" header in those particular cases. If >>> you've got a patch or additional code that can do that, I'd like to >>> see it, although I can't promise it would be accepted by the Mailman >>> developers for inclusion in an upcoming version. >> As I've said, I don't speak Python. I submitted the hack I created, and while it was rightly criticized for it's lack of subtlety, no one pointed out that those changes would have unintended consequences that would break the software. THAT was of great comfort. It has -intended- consequences that you might not like, but I've been running with it for more than a month now and what had been a regular issue with mis-dated messages is GONE. Completely. There has not been a single complaint, or even a mention, that the dates were changed out from under the author. The date is important, but I don't know any author who considers it part of their composition. My hope was that other people more fluent in Python might pick up the gauntlet. For me, the hack works and it's simple enough to re-hack once in a while for a new version release. There have been a couple proposals for the algorithm - nothing from the future, messages can't come from before a message they reference... While I could probably learn to do a Python future date compare in a few minutes, I don't know how to look up the date of a referenced message. I would also be happy with an option to bounce messages from the future or from too far in the past, but again, I don't know enough Python. Even if I did I wouldn't want to redo that code for a new release. The beauty of the simple hack is that it is SIMPLE. An elegant solution should be part of a release. I can help pseudo-code an algorithm, but implementation and testing in Python is not in the cards right now. Ian Eiloart wrote: > Why would anyone want to sort a list by date? The date of a posting > isn't really relevant except: > 1. So that we can understand the currency of the information. For > example, I don't want to be reading 1998 postings if I'm looking for > information on the latest version of - say - Apache. For that it > doesn't matter much that a date might be a few hours out. This is exactly my main problem - message currency. For my users, if email is more than two weeks old, it might as well be ancient history. Threads of discussion (while important) are less important than "what's new today." I'm a data pack-rat, so I like the archives, but my users will only glance at them rarely to verify claims. Old newspapers can be used to line birdcages, old emails are less useful. A new message with an old date can be important AND disregarded. That's the biggest danger I face. In general, my users: 1. Sort their inbox by date (even if their mail client CAN sort by order received). 2. Don't read all of the messages that come through, only the ones with subjects relevant to them. 3. Don't keep their inboxes (or the destination folders) very clean. So what happens? They (and sometimes I) don't notice that the "New Message" counter went up by 20 today, but there are only 19 displaying for today. Important messages can slip through the cracks. I'm not using MailMan to write a FAQ or host a conversation thread, but to keep users up to date on NEWS. If the message gets buried for a few days until someone cleans their inbox (if they do it that often) the message may as well not have been sent. > 2. Location in a conversational thread..... [deleted] > I think that development focus should be on displaying threads > properly, not on "fixing" dates that the system can't possibly know > are right or wrong. Obviously, we have different priorities. My users aren't "looking for" the latest info on anything, they are sending out notices of the latest info to the rest of the list. This is the latest price on XYZ corp stock! Act on it now. What was it yesterday? Who cares. (No, we're not doing financials - it's just an exaggerated example I think people will grok.) Terri Oda wrote: > [snip several good reasons] > 3. Helping users sort the email in their inboxes. This can be > important to some people, since I know when we had one user posting > from 1980, many other list members weren't noticing her posts because > their mail clients put those messages where the date: header said they > should be. Yep. See? > That said, I think this is something that is better handled by mail > clients and the original senders, not Mailman. But in the past, I've > been asked for this feature for this reason, so I imagine other people > want it for similar reasons. > Terri Well, thanks a lot, Terri :) Unfortunately for me, I'm volunteering for an organization that is state-wide but county-based. Florida has 67 counties, and every one has their own operation. I cannot even TRY to THINK about enforcing some kind of standard on all those independent (and often volunteer) groups. Dear So and So, Please fix your clock. "I don't know how." What OS are you using on your computer? "Dell, I think." -> Implement Hack <- That's why I chose to come to this forum, where I'm the ignorant rube hoping to be educated on how to fix my problem. My problem is the 3 item "general user" description above. If ANYONE can tell me how to fix them, that would be great (but my omnipotency isn't working right now). Alternately, if enough people have similar problems with similar users, maybe a solution can be found. Steven Kuck - scrib@afn.org From ulisavi at tin.it Fri Dec 24 05:09:53 2004 From: ulisavi at tin.it (Ulisse) Date: Fri Dec 24 05:09:13 2004 Subject: [Mailman-Developers] Complex code such as header and footer in the messages sent by mailman Message-ID: <009b01c4e96e$88b0d0a0$02e7fea9@system> In past, i have posted about the capability to insert html code or banner such as header and footer in the messages sent by mailman mailing lists. In fact for a production site it is not good the limit to insert simple test or link in header and footer. Have someone news about an hack patch, rpm, instructions or similar about the capability to insert complex code such as header and footer ? I think to put in a Freelancer site (http://www.getacoder.com/ , http://www.getafreelancer.com/ , http://freelanceauctionnetwork.com/ or similar ) a bid about this problem, but i have a limitate budget. Is it difficult to make this type of modification ? ............................. I have to say I have the same questions. I think this is a valid question and the stuff on these links only confuses me more. I love this system, and I only vaguely seem to remember about 11 subliminal messages that basically tell you no - that this system isn't designed for those frills. If that's not the case, could someone please answer this question in a way people like me can understand? I am not a programmer, and I think a lot of these links are confusing to non-programmers. I still have a list of questions I can't seem to get answered (for myself), but am still thrilled with the system and have been making it work in a way that I love. For instance: 1) Can you add an html header to the emails? I still don't get it. I read the links you provided, and their sub-links. 2) Is there a way so people subscribing don't go back into that archaic interface - when it asks them to accept or decline the list it's flat out confusing - text overwhelm - my user base is consumers and not programmers. Why should a) they have too choose or deny when they are clicking on a link to confirm? It should just confirm them without another button text and w/o text overwhelm. and b) it takes them back to a list of all my lists, which I hate, or at least would like to have the option of avoiding, if I am not intending to mix all my subscribers. I don't want them to have the option of joining other groups unless I intend to give it to them. 3) I don't understand if you can attach PDFs where it says, i.e. to new subscribers, etc. When I attach one, it just inserts garble into the text box once the PDF file is uploaded. I can't tell if this is an error, or what, and if I can include additional text. Thanks, guys! Jonathan On Aug 16, 2004, at 3:01 AM, [EMAIL PROTECTED] wrote: At 10:04 PM +0200 2004-08-15, Ulisse wrote: At the moment i can insert, such as header and footer, in the messages sent via Mailman Mailing lists only pure text and links. Is it possible, for the administrator/moderator of the lists, to insert images, html code, banner, java feed or other complex code, such as header and footer, in every message sent via Mailman Mailing lists ??? If you had bothered to follow the instructions at , you should have been able to find (without too much trouble) the FAQ entry at . If yes. If it is possible... What is the system ??? Have you some instructions ? A link ? Exist an rpm or a modification ??? See above. From brad at stop.mail-abuse.org Fri Dec 24 05:25:32 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Fri Dec 24 05:46:54 2004 Subject: [Mailman-Developers] Complex code such as header and footer in the messages sent by mailman In-Reply-To: <009b01c4e96e$88b0d0a0$02e7fea9@system> References: <009b01c4e96e$88b0d0a0$02e7fea9@system> Message-ID: At 5:09 AM +0100 2004-12-24, Ulisse wrote: > 1) Can you add an html header to the emails? No. > I still don't get it. I read the links you provided, and their sub-links. I guess the explanations are too complex, but the result is the same. What you are asking for is impossible. If you spent enough money trying to do this (i.e., you were Microsoft), you might be able to get reasonably complete coverage of most Microsoft clients. But then you wouldn't be able to cover everyone else. Since this mailing list is for Mailman developers, please feel free to contribute whatever code you've got that solves this problem. > 2) Is there a way so people subscribing don't go back into that archaic > interface - when it asks them to accept or decline the list it's flat > out confusing - text overwhelm - my user base is consumers and not > programmers. I don't know how you could make it simpler. Again, feel free to contribute code. > 3) I don't understand if you can attach PDFs where it says, i.e. to > new subscribers, etc. When I attach one, it just inserts garble into > the text box once the PDF file is uploaded. I can't tell if this is > an error, or what, and if I can include additional text. PDFs?!? Uh, no. That's not going to work. Stick to plain text. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From barry at python.org Tue Dec 28 03:49:51 2004 From: barry at python.org (Barry Warsaw) Date: Tue Dec 28 03:49:54 2004 Subject: [Mailman-Developers] Dates again In-Reply-To: <41CB0E45.3000301@afn.org> References: <41CB0E45.3000301@afn.org> Message-ID: <1104202191.9102.226.camel@presto.wooz.org> On Thu, 2004-12-23 at 13:28, Steven Kuck wrote: > As I've said, I don't speak Python. I submitted the hack I created, and > while it was rightly criticized for it's lack of subtlety, no one > pointed out that those changes would have unintended consequences that > would break the software. THAT was of great comfort. It has -intended- > consequences that you might not like, but I've been running with it for > more than a month now and what had been a regular issue with mis-dated > messages is GONE. Completely. There has not been a single complaint, > or even a mention, that the dates were changed out from under the > author. The date is important, but I don't know any author who > considers it part of their composition. > > My hope was that other people more fluent in Python might pick up the > gauntlet. For me, the hack works and it's simple enough to re-hack once > in a while for a new version release. There have been a couple > proposals for the algorithm - nothing from the future, messages can't > come from before a message they reference... While I could probably > learn to do a Python future date compare in a few minutes, I don't know > how to look up the date of a referenced message. This is the beauty of open source. Personally, I'd rather not have this option in standard Mailman for a number of reasons, but because it's all free software, who cares what I think? :) You don't have to, because you can make this pile of stuff do whatever you want, if the itch is annoying enough! My reasons include a strong adherence to the least-munge rule, and the aversion to ever more options. Every option or configuration variable you add increases the maintenance burden, opportunity for bugs, and cognitive overhead for understanding and documenting the system. These days I don't think it's particularly difficult to set your computer's clock to a reasonably accurate time. -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041227/1020c51d/attachment.pgp From barry at python.org Tue Dec 28 03:58:35 2004 From: barry at python.org (Barry Warsaw) Date: Tue Dec 28 03:58:37 2004 Subject: [Mailman-Developers] Mailman contractors Message-ID: <1104202714.9110.235.camel@presto.wooz.org> From time to time I get requests for Mailman installation or customization help, often for compensation. This is not something I do so I usually have to turn people down cold, or tell them to email these two mailing lists. However, such requests are coming in more often these days, so I wonder if it makes sense to try to collect a list of people willing to provide Mailman services. I would not be willing to recommend anyone specifically, but I would be happy to point such requests at say, a wiki page where people can self-register. What do you think? We can either use the FAQ or we can use the Python.org wiki. I'd rather not be in the loop so I don't want to use the static list.org pages. I think we as a community can self-regulate this list. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041227/482fdc2f/attachment.pgp From barry at python.org Tue Dec 28 04:07:54 2004 From: barry at python.org (Barry Warsaw) Date: Tue Dec 28 04:07:56 2004 Subject: [Mailman-Developers] Arch docs? In-Reply-To: <41C7D9E9.8040903@batie.org> References: <41C7D9E9.8040903@batie.org> Message-ID: <1104203274.9102.248.camel@presto.wooz.org> On Tue, 2004-12-21 at 03:08, Alan Batie wrote: > I had my mailman up and quit working last week, possibly related to > someone removing a couple of lists, but I can find no clue as to why. I > installed a fresh 2.1.5 (I think the previous was at 2.1.3), to no > avail. I'm not asking for help debugging the problem, as not only is > this not the right place, but short of getting someone to root around my > system, I don't think it would even be possible. What I would like is a > pointer to some sort of architectural overview, so *I* can root around > my system myself, with a better idea of where I'm headed than tracing > the code line by line. > http://zope.org/Members/bwarsaw/MailmanDesignNotes/SplittingQrunner gave > some hints, but I couldn't find anything more detailed... Thanks! I wish we had them. What's around is quite scattered, which is probably par for the course for most FOSS projects (but makes my commercial project manager skin crawl ;). Alas, I'm still waiting for that rich uncle to help us do things right. :) That said, another semi-useful source of information is the big comment at the top of IncomingRunner.py, which shows how mail messages flow through the system -- somewhat. Plus, I'm offended that you don't consider our code so beautifully transparent that the elegance of our architectural sand sculpture is not immediately evident simply through osmosis. The noive of some people. (Kidding of course! :) -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041227/0f755bcd/attachment.pgp From barry at python.org Tue Dec 28 04:37:01 2004 From: barry at python.org (Barry Warsaw) Date: Tue Dec 28 04:37:04 2004 Subject: [Mailman-Developers] Handling potential security bugs In-Reply-To: <871xdiwfu2.fsf@deneb.enyo.de> References: <87fz1y1uqz.fsf@deneb.enyo.de> <1103726597.17298.188.camel@presto.wooz.org> <871xdiwfu2.fsf@deneb.enyo.de> Message-ID: <1104205021.9105.255.camel@presto.wooz.org> On Wed, 2004-12-22 at 09:46, Florian Weimer wrote: > * Barry Warsaw: > > > On Wed, 2004-12-22 at 05:40, Florian Weimer wrote: > > > >> where should I submit security bugs? There are two more in my queue > >> (minor ones, admittedly, as no server-side code execution is > >> involved). > > > > As a general rule, you can post security issues to > > mailman-cabal@python.org, which is a closed distribution list. > > Thanks. > > > I will try to find some time in the next few days to respond to the > > previous password issue. > > As this bug is now publicly documented, I've submitted a patch to the > Debian BTS: > > Unfortunately, this patch is not portable because it relies on the > existence of /dev/urandom. Can you send me (via mailman-cabal) the patch -- I don't want to have to cut and paste it out of the referenced bug report. If you do this, I will include the change_pw script for Mailman 2.1.6 and make a /dev/urandom based password optional based on an mm_cfg.py variable. I'm not sure exactly how to handle the listinfo text, but I'll think of something. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041227/252179bc/attachment.pgp From barry at python.org Tue Dec 28 05:08:26 2004 From: barry at python.org (Barry Warsaw) Date: Tue Dec 28 05:08:29 2004 Subject: [Mailman-Developers] Custom Welcome Message In-Reply-To: <20041216201923.GD26649@grantbow.com> References: <20041210205725.GA11645@grantbow.com> <20041216201923.GD26649@grantbow.com> Message-ID: <1104206906.9105.270.camel@presto.wooz.org> On Thu, 2004-12-16 at 15:19, Grant Bowman wrote: > bug id# 1085501 > > http://sourceforge.net/tracker/index.php?func=detail&aid=1085501&group_id=103&atid=300103 This knocks off such a persistent FAQ, that I've applied it to 2.1.6. Thanks! -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041227/f3796a61/attachment.pgp From brad at stop.mail-abuse.org Tue Dec 28 06:56:24 2004 From: brad at stop.mail-abuse.org (Brad Knowles) Date: Tue Dec 28 07:13:57 2004 Subject: [Mailman-Developers] Mailman contractors In-Reply-To: <1104202714.9110.235.camel@presto.wooz.org> References: <1104202714.9110.235.camel@presto.wooz.org> Message-ID: At 9:58 PM -0500 2004-12-27, Barry Warsaw wrote: > What do you think? We can either use the FAQ or we can use the > Python.org wiki. I'd rather not be in the loop so I don't want to use > the static list.org pages. I think we as a community can self-regulate > this list. I think a wiki would be a good way to handle this situation. We already do this for sites that do Mailman hosting, right? Why not apply the same solution here? -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. From hesco at greens.org Wed Dec 29 06:46:38 2004 From: hesco at greens.org (Hugh Esco) Date: Wed Dec 29 06:45:31 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help Message-ID: Hey folks: I and a cohort wrote a script to facilitate list subscriptions to multiple lists provided by our campaign. (for details, check out: http://cgi.votecobb.org/supporters.cgi?function=subscribe). As a part of this, my friend developed a perl module which he describes in the perldoc notes saying: "The MailingList class is not yet a generic mailing-list subscription engine, but hopefully it will move in that direction." It provides an object oriented methods to subscribe to lists for not just mailman, but also majordomo, yahoo, sympa, etc. After collecting the data from our form, the script uses wget to post web form submissions against the mailman subscription forms, which generates a confirmation message sent back to the user. The script generates a random password for the form, using a perl script, pw (copyright by University of Illinois) which generates output looking like: Of/QiBDZ OfUmuOXfjg2to Those first eight letters are the password. The rest of the string after the space is an encrypted hash of those first eight characters. I wrote a subroutine to generate the password, using this pw script, which truncates the output using a substring function to pull those first eight characters. However, instead of calling the subroutine which returns the eight characters, I made a shell call directly to the pw script and used the password+hash string instead. That setup was used to subscribe over 3,000 folks to various lists. Now that space in the middle is giving me fits. No one can log in or change their password to something that will permit a login. I have command line access as root in a BSD jail to this installation. I need to know: is there anyway I can automate the resetting of every password for every subscriber on this installation, with the new password sent out in an email to the subscriber, and causing as little confusion and disruption as possible? All help is appreciated. Thanks, -- Hugh Esco From barry at python.org Thu Dec 30 23:55:36 2004 From: barry at python.org (Barry Warsaw) Date: Thu Dec 30 23:55:38 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: References: Message-ID: <1104447336.10292.35.camel@presto.wooz.org> On Wed, 2004-12-29 at 00:46, Hugh Esco wrote: > I have command line access as root in a BSD jail to this > installation. > > I need to know: is there anyway I can automate the resetting > of every password for every subscriber on this installation, > with the new password sent out in an email to the subscriber, > and causing as little confusion and disruption as possible? You're timing is impeccable! I just checked in a script called 'reset_pw' which was based on a contribution by Florien Weimer. This script is intended to be run under bin/withlist and can be used to reset the passwords for all the members of a list (or all members of all lists, using withlist's -a option). After you've reset the passwords, you'd want to run cron/mailpasswds manually to send out new reminders containing the new passwords. While the script has been checked into CVS, it hasn't undergone much testing, so caveat emptor (read: make backups first!). If you don't have CVS access and can't wait until Mailman 2.1.6, look here: http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/bin/?only_with_tag=Release_2_1-maint but remember that the SourceForge CVS delay means the script isn't visible yet. Cheers, -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041230/268ea162/attachment.pgp From hesco at greens.org Fri Dec 31 03:21:56 2004 From: hesco at greens.org (hesco@greens.org) Date: Fri Dec 31 03:21:40 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: <1104447336.10292.35.camel@presto.wooz.org> Message-ID: <20041231022156.5275.qmail@greens.org> Holly: This relates to addressing the password issue. Barry: Or should I say that YOUR timing is impeccable. Do I only need to install that one new script? Or would I have to upgrade entirely to the cvs to make this happen? I think we're running 2.1.5 on the relevant server. Or 2.1.3. Can't really remember. I handle all or pieces of four different mailman installations. Thank you folks so much for a great product. It has served our work well. -- Hugh >From barry@python.org Thu Dec 30 22:56:22 2004 Subject: Re: [Mailman-Developers] Need to reset passwords en masse, pls help From: Barry Warsaw To: hesco@greens.org Cc: mailman-developers@python.org On Wed, 2004-12-29 at 00:46, Hugh Esco wrote: > I have command line access as root in a BSD jail to this > installation. >=20 > I need to know: is there anyway I can automate the resetting > of every password for every subscriber on this installation, > with the new password sent out in an email to the subscriber, > and causing as little confusion and disruption as possible? You're timing is impeccable! I just checked in a script called 'reset_pw' which was based on a contribution by Florien Weimer. This script is intended to be run under bin/withlist and can be used to reset the passwords for all the members of a list (or all members of all lists, using withlist's -a option). After you've reset the passwords, you'd want to run cron/mailpasswds manually to send out new reminders containing the new passwords. While the script has been checked into CVS, it hasn't undergone much testing, so caveat emptor (read: make backups first!). If you don't have CVS access and can't wait until Mailman 2.1.6, look here: http://cvs.sourceforge.net/viewcvs.py/mailman/mailman/bin/?only_with_tag=3D= Release_2_1-maint but remember that the SourceForge CVS delay means the script isn't visible yet. Cheers, -Barry From barry at python.org Fri Dec 31 04:09:17 2004 From: barry at python.org (Barry Warsaw) Date: Fri Dec 31 04:09:20 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: <20041231022156.5275.qmail@greens.org> References: <20041231022156.5275.qmail@greens.org> Message-ID: <1104462557.10291.292.camel@presto.wooz.org> On Thu, 2004-12-30 at 21:21, hesco@greens.org wrote: > Do I only need to install that one new script? Or would > I have to upgrade entirely to the cvs to make this happen? > I think we're running 2.1.5 on the relevant server. Or 2.1.3. > Can't really remember. The reset_pw.py script itself is pretty simple, and it should work with 2.1.3 or 2.1.5 (although I've only tested it with current CVS). > I handle all or pieces of four different mailman installations. > Thank you folks so much for a great product. It has served > our work well. I'm really glad about that! -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041230/4822f236/attachment.pgp From barry at python.org Fri Dec 31 04:10:40 2004 From: barry at python.org (Barry Warsaw) Date: Fri Dec 31 04:10:41 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: <1104462281.41d4c1c981441@webmail1.its.uiowa.edu> References: <20041231022156.5275.qmail@greens.org> <1104462281.41d4c1c981441@webmail1.its.uiowa.edu> Message-ID: <1104462640.10297.295.camel@presto.wooz.org> On Thu, 2004-12-30 at 22:04, hhart@blue.weeg.uiowa.edu wrote: > Thanks for cc'ing me on this, Hugh. Does this mean all those subscribed ot > the recount lsits will get new passwords automatically sent to them? You'll have to run cron/mailpasswds manually to get the new passwords sent out. This is the script that normally runs once a month to send out password reminders. You might want to edit templates/en/cronpass.txt to some more relevant message before you run cron/mailpasswds manually. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041230/07db4f90/attachment.pgp From jwt at onjapan.net Fri Dec 31 05:22:52 2004 From: jwt at onjapan.net (Jim Tittsler) Date: Fri Dec 31 05:22:37 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: <1104462640.10297.295.camel@presto.wooz.org> References: <20041231022156.5275.qmail@greens.org> <1104462281.41d4c1c981441@webmail1.its.uiowa.edu> <1104462640.10297.295.camel@presto.wooz.org> Message-ID: On Dec 31, 2004, at 12:10, Barry Warsaw wrote: > You'll have to run cron/mailpasswds manually to get the new passwords > sent out. This is the script that normally runs once a month to send > out password reminders. You might want to edit > templates/en/cronpass.txt to some more relevant message before you run > cron/mailpasswds manually. You may also want to hack a special version of mailpasswds that skips the checks for disabling password reminders (on by-list and by-user-subscription basis) if you want the mail to go to ALL subscribers. (Or assume they have disabled the reminders for a reason and are clever enough to use the password reminder button when the time comes for them to need it.) -- Jim Tittsler http://www.OnJapan.net/ GPG: 0x01159DB6 Python Starship http://Starship.Python.net/ Ringo MUG Tokyo http://www.ringo.net/rss.html From barry at python.org Fri Dec 31 05:55:40 2004 From: barry at python.org (Barry Warsaw) Date: Fri Dec 31 05:55:43 2004 Subject: [Mailman-Developers] Need to reset passwords en masse, pls help In-Reply-To: References: <20041231022156.5275.qmail@greens.org> <1104462281.41d4c1c981441@webmail1.its.uiowa.edu> <1104462640.10297.295.camel@presto.wooz.org> Message-ID: <1104468940.10291.306.camel@presto.wooz.org> On Thu, 2004-12-30 at 23:22, Jim Tittsler wrote: > On Dec 31, 2004, at 12:10, Barry Warsaw wrote: > > > You'll have to run cron/mailpasswds manually to get the new passwords > > sent out. This is the script that normally runs once a month to send > > out password reminders. You might want to edit > > templates/en/cronpass.txt to some more relevant message before you run > > cron/mailpasswds manually. > > You may also want to hack a special version of mailpasswds that skips > the checks for disabling password reminders (on by-list and > by-user-subscription basis) if you want the mail to go to ALL > subscribers. (Or assume they have disabled the reminders for a reason > and are clever enough to use the password reminder button when the time > comes for them to need it.) Good point, thanks. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 307 bytes Desc: This is a digitally signed message part Url : http://mail.python.org/pipermail/mailman-developers/attachments/20041230/9b63d370/attachment.pgp From vaez_ha at yahoo.com Fri Dec 31 20:02:56 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 20:02:58 2004 Subject: [Mailman-Developers] Bug when canceling invites... In-Reply-To: Message-ID: <20041231190256.33564.qmail@web54002.mail.yahoo.com> Carson Gaspar wrote: If the invited person uses the link included in an invite and tries to cancel the invitation themselves, this happens.... Bug in Mailman version 2.1.5 We're sorry, we hit a bug! If you would like to help us identify the problem, please email a copy of this page to the webmaster for this site with a description of what happened. Thanks! Traceback: Traceback (most recent call last): File "/Tools/SunOS_5.9_i86pc/mailman-2.1.5/scripts/driver", line 87, in run_main main() File "/Tools/SunOS_5.9_i86pc/mailman-2.1.5/Mailman/Cgi/confirm.py", line 114, in main subscription_cancel(mlist, doc, cookie) File "/Tools/SunOS_5.9_i86pc/mailman-2.1.5/Mailman/Cgi/confirm.py", line 312, in subscription_cancel userdesc = mlist.pend_confirm(cookie)[1] File "/Tools/SunOS_5.9_i86pc/mailman-2.1.5/Mailman/Pending.py", line 141, in pend_confirm assert self.Locked() AssertionError Python information: Variable Value sys.version 2.3.4 (#1, Oct 5 2004, 07:57:49) [C] _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? All your favorites on one personal page – Try My Yahoo! From vaez_ha at yahoo.com Fri Dec 31 20:51:17 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 20:51:22 2004 Subject: [Mailman-Developers] Re: [Mailman-Users] new feature request (was: Re: setting a list for no daily reminders?) In-Reply-To: Message-ID: <20041231195117.44951.qmail@web54002.mail.yahoo.com> Brad Knowles wrote:At 1:30 PM -0500 2004-11-22, Mark wrote: > Seeing that there is no way to do this without > changing the code, and that many Mailman users are not Python > programmers or do not have the permission to make such changes on the > server they are using, I think it would be best if this was made an > option that could be set through the web interface for each list. If you want this to actually get on the list of requested feature enhancements, you should use the Mailman RFE page at to submit your request. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Dress up your holiday email, Hollywood style. Learn more. From vaez_ha at yahoo.com Fri Dec 31 21:04:41 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:04:44 2004 Subject: [Mailman-Developers] Re: [Mailman-Users] new feature request (was: Re: setting a list for no daily reminders?) In-Reply-To: Message-ID: <20041231200441.47732.qmail@web54002.mail.yahoo.com> Brad Knowles wrote:At 1:30 PM -0500 2004-11-22, Mark wrote: > Seeing that there is no way to do this without > changing the code, and that many Mailman users are not Python > programmers or do not have the permission to make such changes on the > server they are using, I think it would be best if this was made an > option that could be set through the web interface for each list. If you want this to actually get on the list of requested feature enhancements, you should use the Mailman RFE page at to submit your request. -- Brad Knowles, "Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety." -- Benjamin Franklin (1706-1790), reply of the Pennsylvania Assembly to the Governor, November 11, 1755 SAGE member since 1995. See for more info. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Jazz up your holiday email with celebrity designs. Learn more. From vaez_ha at yahoo.com Fri Dec 31 21:12:44 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:12:49 2004 Subject: [Mailman-Developers] Re: ffffffffffffffffff In-Reply-To: Message-ID: <20041231201244.60656.qmail@web54005.mail.yahoo.com> Mark wrote: Thanks to everyone who responded. Please forgive this crosspost to the developers group. Seeing that there is no way to do this without changing the code, and that many Mailman users are not Python programmers or do not have the permission to make such changes on the server they are using, I think it would be best if this was made an option that could be set through the web interface for each list. That way administrators could choose immediate notifications, daily summaries, or both. THANX!! :) On 11/20/04, Mark Sapiro put forth: >Mark wrote: > > > >I am running a list set to immediately send administrative requests > >(admin_immed_notify set to yes), but I am getting daily notices as > >well. I don't want to receive daily notices. The immediate notices > >are sufficient. Nor do I see the logic in filling my inbox with > >daily notices when I'm not around or haven't had a chance to process > >the immediate notices that are already sitting there. > > > >Is there any way to change this?? > >You could delete the checkdbs entry from crontab, but this would affect >all lists and also would have the side effect of never clearing stale >entries from hold_and_cmd_autoresponses[] (I don't think this is >serious because I don't think there is ever more than one entry per >user - stale entries get "reused"). > >The only other way and the only way to do it per list is to change the >code in checkdbs. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? The all-new My Yahoo! – What will yours do? From vaez_ha at yahoo.com Fri Dec 31 21:14:01 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:14:03 2004 Subject: [Mailman-Developers] Re: gggggggggg In-Reply-To: <20041122101112.FJC7692.amsfep18-int.chello.nl@home> Message-ID: <20041231201401.30739.qmail@web54008.mail.yahoo.com> Luke Hilton wrote:Hi All, I am very new to Linux, but will tell you what I can. I am trying to diagnose a problem on a. Linux Redhat server Mailman version 2.1.4 Spamassassin Squirrelmail The particular mailing list has over 20,000 members. The list is being sent to on a on a monthly basis one way. A mass mail (80k - html) was sent out to the 20,000 members approximately 2 weeks ago. All seemed to go fine. I was alerted that the server performance had dropped dramatically so I checked the obvious and then bounced it. The following day I received approx. 3000 unsubscribe notices. This is highly irregular as in the past only a few unsubscribe notices come in per month. I checked these entries in the Membership list and they are still there, but the 'nomail' box is now checked and reason 'B' displayed. A colleague of mine restarted the server again yesterday and I have just received another huge amount of unsubscribe notices again. I followed the following faq yesterday in an attempt to diagnose. http://www.python.org/cgi-bin/faqw-mm.py?req=show &file=faq03.014.htp 1. Permissions seemed fine 2. Cron daemon was running 3. Aliases are in /etc/aliases + did a 'newaliases' 4. I checked the mailman/locks and there are a number of locks from around the time the list was sent 5. I checked to see if the processes are still around for the above locks and they are Should I delete the locks? If so how do I do this safely? Has anyone heard of this type of problem happening before? I want to make sure there are no pending mailman tasks to complete and that if another restart occurs I won't get bombarded by another wad of unsubscribes. I have a copy of the membership list and was thinking I could create 3 new mailing lists and divide the 20000 people over the 4 lists. Is this worth it? Should mailman be able to send 20,000 mails easily? Any help with this would be fantastic. Luke _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Send holiday email and support a worthy cause. Do good. From vaez_ha at yahoo.com Fri Dec 31 21:17:09 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:17:12 2004 Subject: [Mailman-Developers] Dates again In-Reply-To: <873bz26xmz.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <20041231201709.61355.qmail@web54005.mail.yahoo.com> "Stephen J. Turnbull" wrote:>>>>> "Steven" == Steven Kuck writes: >> At 3:31 AM -0500 2004-11-20, Steven Kuck wrote: >>> Since all of these messages are, in fact, being sent by my >>> server I think it quite reasonable to change the "Date" to >>> reflect the time that it was processed and changed by the >>> server. It's equally reasonable to disobey "no trespassing" signs if you plan to avoid making a mess. In both cases, however, you're using a facility that is somebody else's property, and in both cases you may inadvertantly cause problems for the person who has the right to use it. Steven> Can you point me to the definitive text for mail header Steven> definitions? RFC 733 only defines the format - it doesn't Steven> say they are any more inviolate than the "Subject" line. That's true. In fact, they're equally property of the author(s) (in the wording of RFC 822 and reaffirmed by 2822), and I detest mailing lists that insist on munging the Subject header, too. Even this one. If an MUA can't do the right thing based on the List-* headers, I want no part of it, not even to share a mailing list with it. Of course, unlike "no trespassing", there are no courts to enforce the RFCs. But don't let that fool you. They are "legislation", the product of the skull sweat of dozens of "representatives" far more competent and hardworking than my Congresszombie, tested in practice, introduced and maintained through the cooperation and hard work of hundreds or thousands of programmers, distributors, and sys admins. The social contract says "These headers are for the use of authors", and you (as a list admin) want to hijack the "Date" header. You say "well, it would be very convenient if I could use these facilities for my own purposes". I can't blame you for _wishing_; still, an honest man would create an appropriate header _for the use of the mailing list manager_, and then lobby and write the software to get it accepted and diffused through the community. Specifically, you could use either an X-List-Sequence-Number header or an X-List-Receipt-Date header for your purpose. Teach the archivers about them (and the versions without "X-", since of course you'll submit an RFC, right?) for the benefit of web readers. Re your examples: Steven> Why do I care if the message was stuck (unless it's my Steven> server) or if the user's clock is wrong? You don't. You've already proved that. But authors will care, if they are not responsible for the stuckage, and they look like idiots because their post was written without the benefit of a week's worth of further information, but nonetheless appears with a current date. Steven> As I said, I can guarantee messages from the future are Steven> wrong. Disagree? Depends on what you mean by "wrong". Your server may very well change the interval between, or even the order of, two posts from the same (ie, consistently translated) future. Whether this information is interesting or not is another question; you are, however, destroying it, and there's nothing in the RFCs that permits you to do that. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Send holiday email and support a worthy cause. Do good. From vaez_ha at yahoo.com Fri Dec 31 21:17:20 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:17:23 2004 Subject: [Mailman-Developers] Dates again In-Reply-To: <873bz26xmz.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <20041231201720.50798.qmail@web54002.mail.yahoo.com> "Stephen J. Turnbull" wrote:>>>>> "Steven" == Steven Kuck writes: >> At 3:31 AM -0500 2004-11-20, Steven Kuck wrote: >>> Since all of these messages are, in fact, being sent by my >>> server I think it quite reasonable to change the "Date" to >>> reflect the time that it was processed and changed by the >>> server. It's equally reasonable to disobey "no trespassing" signs if you plan to avoid making a mess. In both cases, however, you're using a facility that is somebody else's property, and in both cases you may inadvertantly cause problems for the person who has the right to use it. Steven> Can you point me to the definitive text for mail header Steven> definitions? RFC 733 only defines the format - it doesn't Steven> say they are any more inviolate than the "Subject" line. That's true. In fact, they're equally property of the author(s) (in the wording of RFC 822 and reaffirmed by 2822), and I detest mailing lists that insist on munging the Subject header, too. Even this one. If an MUA can't do the right thing based on the List-* headers, I want no part of it, not even to share a mailing list with it. Of course, unlike "no trespassing", there are no courts to enforce the RFCs. But don't let that fool you. They are "legislation", the product of the skull sweat of dozens of "representatives" far more competent and hardworking than my Congresszombie, tested in practice, introduced and maintained through the cooperation and hard work of hundreds or thousands of programmers, distributors, and sys admins. The social contract says "These headers are for the use of authors", and you (as a list admin) want to hijack the "Date" header. You say "well, it would be very convenient if I could use these facilities for my own purposes". I can't blame you for _wishing_; still, an honest man would create an appropriate header _for the use of the mailing list manager_, and then lobby and write the software to get it accepted and diffused through the community. Specifically, you could use either an X-List-Sequence-Number header or an X-List-Receipt-Date header for your purpose. Teach the archivers about them (and the versions without "X-", since of course you'll submit an RFC, right?) for the benefit of web readers. Re your examples: Steven> Why do I care if the message was stuck (unless it's my Steven> server) or if the user's clock is wrong? You don't. You've already proved that. But authors will care, if they are not responsible for the stuckage, and they look like idiots because their post was written without the benefit of a week's worth of further information, but nonetheless appears with a current date. Steven> As I said, I can guarantee messages from the future are Steven> wrong. Disagree? Depends on what you mean by "wrong". Your server may very well change the interval between, or even the order of, two posts from the same (ie, consistently translated) future. Whether this information is interesting or not is another question; you are, however, destroying it, and there's nothing in the RFCs that permits you to do that. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we. From vaez_ha at yahoo.com Fri Dec 31 21:17:41 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:17:43 2004 Subject: [Mailman-Developers] Re: hhhhhhhhhh In-Reply-To: <873bz26xmz.fsf@tleepslib.sk.tsukuba.ac.jp> Message-ID: <20041231201741.61417.qmail@web54005.mail.yahoo.com> "Stephen J. Turnbull" wrote: >>>>> "Steven" == Steven Kuck writes: >> At 3:31 AM -0500 2004-11-20, Steven Kuck wrote: >>> Since all of these messages are, in fact, being sent by my >>> server I think it quite reasonable to change the "Date" to >>> reflect the time that it was processed and changed by the >>> server. It's equally reasonable to disobey "no trespassing" signs if you plan to avoid making a mess. In both cases, however, you're using a facility that is somebody else's property, and in both cases you may inadvertantly cause problems for the person who has the right to use it. Steven> Can you point me to the definitive text for mail header Steven> definitions? RFC 733 only defines the format - it doesn't Steven> say they are any more inviolate than the "Subject" line. That's true. In fact, they're equally property of the author(s) (in the wording of RFC 822 and reaffirmed by 2822), and I detest mailing lists that insist on munging the Subject header, too. Even this one. If an MUA can't do the right thing based on the List-* headers, I want no part of it, not even to share a mailing list with it. Of course, unlike "no trespassing", there are no courts to enforce the RFCs. But don't let that fool you. They are "legislation", the product of the skull sweat of dozens of "representatives" far more competent and hardworking than my Congresszombie, tested in practice, introduced and maintained through the cooperation and hard work of hundreds or thousands of programmers, distributors, and sys admins. The social contract says "These headers are for the use of authors", and you (as a list admin) want to hijack the "Date" header. You say "well, it would be very convenient if I could use these facilities for my own purposes". I can't blame you for _wishing_; still, an honest man would create an appropriate header _for the use of the mailing list manager_, and then lobby and write the software to get it accepted and diffused through the community. Specifically, you could use either an X-List-Sequence-Number header or an X-List-Receipt-Date header for your purpose. Teach the archivers about them (and the versions without "X-", since of course you'll submit an RFC, right?) for the benefit of web readers. Re your examples: Steven> Why do I care if the message was stuck (unless it's my Steven> server) or if the user's clock is wrong? You don't. You've already proved that. But authors will care, if they are not responsible for the stuckage, and they look like idiots because their post was written without the benefit of a week's worth of further information, but nonetheless appears with a current date. Steven> As I said, I can guarantee messages from the future are Steven> wrong. Disagree? Depends on what you mean by "wrong". Your server may very well change the interval between, or even the order of, two posts from the same (ie, consistently translated) future. Whether this information is interesting or not is another question; you are, however, destroying it, and there's nothing in the RFCs that permits you to do that. -- Institute of Policy and Planning Sciences http://turnbull.sk.tsukuba.ac.jp University of Tsukuba Tennodai 1-1-1 Tsukuba 305-8573 JAPAN Ask not how you can "do" free software business; ask what your business can "do for" free software. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses. From vaez_ha at yahoo.com Fri Dec 31 21:25:10 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:25:12 2004 Subject: gggggggggg [Mailman-Developers] In-Reply-To: <20041231201401.30739.qmail@web54008.mail.yahoo.com> Message-ID: <20041231202510.10504.qmail@web54003.mail.yahoo.com> "VAEZ(daneshjooye sharif)" wrote: Luke Hilton wrote:Hi All, I am very new to Linux, but will tell you what I can. I am trying to diagnose a problem on a. Linux Redhat server Mailman version 2.1.4 Spamassassin Squirrelmail The particular mailing list has over 20,000 members. The list is being sent to on a on a monthly basis one way. A mass mail (80k - html) was sent out to the 20,000 members approximately 2 weeks ago. All seemed to go fine. I was alerted that the server performance had dropped dramatically so I checked the obvious and then bounced it. The following day I received approx. 3000 unsubscribe notices. This is highly irregular as in the past only a few unsubscribe notices come in per month. I checked these entries in the Membership list and they are still there, but the 'nomail' box is now checked and reason 'B' displayed. A colleague of mine restarted the server again yesterday and I have just received another huge amount of unsubscribe notices again. I followed the following faq yesterday in an attempt to diagnose. http://www.python.org/cgi-bin/faqw-mm.py?req=show &file=faq03.014.htp 1. Permissions seemed fine 2. Cron daemon was running 3. Aliases are in /etc/aliases + did a 'newaliases' 4. I checked the mailman/locks and there are a number of locks from around the time the list was sent 5. I checked to see if the processes are still around for the above locks and they are Should I delete the locks? If so how do I do this safely? Has anyone heard of this type of problem happening before? I want to make sure there are no pending mailman tasks to complete and that if another restart occurs I won't get bombarded by another wad of unsubscribes. I have a copy of the membership list and was thinking I could create 3 new mailing lists and divide the 20000 people over the 4 lists. Is this worth it? Should mailman be able to send 20,000 mails easily? Any help with this would be fantastic. Luke _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Send holiday email and support a worthy cause. Do good. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Read only the mail you want - Yahoo! Mail SpamGuard. From vaez_ha at yahoo.com Fri Dec 31 21:25:29 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:25:32 2004 Subject: gggggggggg [Mailman-Developers] In-Reply-To: <20041231201401.30739.qmail@web54008.mail.yahoo.com> Message-ID: <20041231202530.62956.qmail@web54005.mail.yahoo.com> "VAEZ(daneshjooye sharif)" wrote: Luke Hilton wrote:Hi All, I am very new to Linux, but will tell you what I can. I am trying to diagnose a problem on a. Linux Redhat server Mailman version 2.1.4 Spamassassin Squirrelmail The particular mailing list has over 20,000 members. The list is being sent to on a on a monthly basis one way. A mass mail (80k - html) was sent out to the 20,000 members approximately 2 weeks ago. All seemed to go fine. I was alerted that the server performance had dropped dramatically so I checked the obvious and then bounced it. The following day I received approx. 3000 unsubscribe notices. This is highly irregular as in the past only a few unsubscribe notices come in per month. I checked these entries in the Membership list and they are still there, but the 'nomail' box is now checked and reason 'B' displayed. A colleague of mine restarted the server again yesterday and I have just received another huge amount of unsubscribe notices again. I followed the following faq yesterday in an attempt to diagnose. http://www.python.org/cgi-bin/faqw-mm.py?req=show &file=faq03.014.htp 1. Permissions seemed fine 2. Cron daemon was running 3. Aliases are in /etc/aliases + did a 'newaliases' 4. I checked the mailman/locks and there are a number of locks from around the time the list was sent 5. I checked to see if the processes are still around for the above locks and they are Should I delete the locks? If so how do I do this safely? Has anyone heard of this type of problem happening before? I want to make sure there are no pending mailman tasks to complete and that if another restart occurs I won't get bombarded by another wad of unsubscribes. I have a copy of the membership list and was thinking I could create 3 new mailing lists and divide the 20000 people over the 4 lists. Is this worth it? Should mailman be able to send 20,000 mails easily? Any help with this would be fantastic. Luke _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Send holiday email and support a worthy cause. Do good. _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. From vaez_ha at yahoo.com Fri Dec 31 21:27:06 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:27:08 2004 Subject: ertgfgadfgfdgfdgsdfg[Mailman-Developers]sedrewtfeafgtertfg In-Reply-To: <20041231202510.10504.qmail@web54003.mail.yahoo.com> Message-ID: <20041231202706.63890.qmail@web54006.mail.yahoo.com> sdfsdafsaf --------------------------------- Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. From vaez_ha at yahoo.com Fri Dec 31 21:28:29 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:28:33 2004 Subject: [Mailman-Developers] sssssssssMailman-Developersffffffffffffffffffff In-Reply-To: <20041231202706.63890.qmail@web54006.mail.yahoo.com> Message-ID: <20041231202829.30623.qmail@web54010.mail.yahoo.com> dfgdsg --------------------------------- Do you Yahoo!? Yahoo! Mail - now with 250MB free storage. Learn more. From vaez_ha at yahoo.com Fri Dec 31 21:36:03 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:36:05 2004 Subject: [Mailman-Developers] hi all Message-ID: <20041231203603.33184.qmail@web54010.mail.yahoo.com> thank you for suffering. --------------------------------- Do you Yahoo!? The all-new My Yahoo! – What will yours do? From vaez_ha at yahoo.com Fri Dec 31 21:37:55 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:37:59 2004 Subject: [Mailman-Developers] hi all Message-ID: <20041231203755.12764.qmail@web54003.mail.yahoo.com> thank you for suffering --------------------------------- Do you Yahoo!? Send a seasonal email greeting and help others. Do good. From vaez_ha at yahoo.com Fri Dec 31 21:43:51 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:43:55 2004 Subject: [Mailman-Developers] salam Message-ID: <20041231204352.17497.qmail@web54009.mail.yahoo.com> momkene ye nafar az iranihaa be man komak kone? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From vaez_ha at yahoo.com Fri Dec 31 21:54:48 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 21:54:50 2004 Subject: [Mailman-Developers] salam In-Reply-To: <20041231204352.17497.qmail@web54009.mail.yahoo.com> Message-ID: <20041231205448.69855.qmail@web54006.mail.yahoo.com> soalet chi hast? "VAEZ(daneshjooye sharif)" wrote:momkene ye nafar az iranihaa be man komak kone? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com _______________________________________________ Mailman-Developers mailing list Mailman-Developers@python.org http://mail.python.org/mailman/listinfo/mailman-developers Unsubscribe: http://mail.python.org/mailman/options/mailman-developers/vaez_ha%40yahoo.com --------------------------------- Do you Yahoo!? Send a seasonal email greeting and help others. Do good. From vaez_ha at yahoo.com Fri Dec 31 22:07:40 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:07:43 2004 Subject: [Mailman-Developers] yek soal Message-ID: <20041231210740.22603.qmail@web54007.mail.yahoo.com> mailing list dar loghat yani chi? --------------------------------- Do you Yahoo!? The all-new My Yahoo! – What will yours do? From vaez_ha at yahoo.com Fri Dec 31 22:15:48 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:15:51 2004 Subject: [Mailman-Developers] mailing list yani chi? Message-ID: <20041231211548.43705.qmail@web54008.mail.yahoo.com> mailing list yani chi? __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com From vaez_ha at yahoo.com Fri Dec 31 22:19:27 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:19:29 2004 Subject: [Mailman-Developers] mailing list yani chi? Message-ID: <20041231211927.75576.qmail@web54006.mail.yahoo.com> mailing list yani chi? --------------------------------- Do you Yahoo!? All your favorites on one personal page – Try My Yahoo! From vaez_ha at yahoo.com Fri Dec 31 22:21:11 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:21:14 2004 Subject: [Mailman-Developers] che....? Message-ID: <20041231212111.74999.qmail@web54005.mail.yahoo.com> che karhaayi ba mailing list mishe kard? --------------------------------- Do you Yahoo!? Yahoo! Mail - Easier than ever with enhanced search. Learn more. From vaez_ha at yahoo.com Fri Dec 31 22:26:02 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:26:05 2004 Subject: [Mailman-Developers] haddeaksar...? Message-ID: <20041231212603.76906.qmail@web54006.mail.yahoo.com> haddaksar chand nafar mitoonan ozve mailing list beshan? --------------------------------- Do you Yahoo!? Yahoo! Mail - You care about security. So do we. From vaez_ha at yahoo.com Fri Dec 31 22:31:09 2004 From: vaez_ha at yahoo.com (VAEZ(daneshjooye sharif)) Date: Fri Dec 31 22:31:12 2004 Subject: [Mailman-Developers] chi shod? Message-ID: <20041231213109.76876.qmail@web54005.mail.yahoo.com> --------------------------------- Do you Yahoo!? Yahoo! Mail - Helps protect you from nasty viruses.