From p at state-of-mind.de Mon Jun 1 23:25:14 2009 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Mon, 1 Jun 2009 23:25:14 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction Message-ID: <20090601212514.GG5037@state-of-mind.de> We, the Python.org postmasters, received about 2.200 bounces at Mailman day from monthly password reminders that did not reach the recipient. Ralf said such bounces do not increase a mailing list members bounce score. Is this correct? If it is, can we add such behaviour to the MM3 feature list? Any objections? p at rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From barry at list.org Tue Jun 2 00:04:21 2009 From: barry at list.org (Barry Warsaw) Date: Mon, 1 Jun 2009 18:04:21 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090601212514.GG5037@state-of-mind.de> References: <20090601212514.GG5037@state-of-mind.de> Message-ID: <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> On Jun 1, 2009, at 5:25 PM, Patrick Ben Koetter wrote: > We, the Python.org postmasters, received about 2.200 bounces at > Mailman day > from monthly password reminders that did not reach the recipient. > > Ralf said such bounces do not increase a mailing list members bounce > score. > Is this correct? If it is, can we add such behaviour to the MM3 > feature list? > Any objections? I believe that's right because the password reminders come from the site list. Because of the mailing list silos in MM2.x, it's not feasible to map those onto all the lists the email address could be a member of. Remember that monthly reminders are a thing of the past. They won't be in MM3 and IIRC, they've already been removed from the MM2.2 tree also. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From mark at msapiro.net Tue Jun 2 00:09:28 2009 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 1 Jun 2009 15:09:28 -0700 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090601212514.GG5037@state-of-mind.de> Message-ID: Patrick Ben Koetter wrote: >We, the Python.org postmasters, received about 2.200 bounces at Mailman day >from monthly password reminders that did not reach the recipient. > >Ralf said such bounces do not increase a mailing list members bounce score. >Is this correct? If it is, can we add such behaviour to the MM3 feature list? The reminders go away in Mailman 3.0 as does the site list, so the problem goes away. See the FAQ at for a description of the issues and why this is happening. I agree that 2200 bounces is a huge number to deal with manually. I'm willing to work with you to find a way to deal with these programmatically if you wish. Just incrementing the bounce score for such a user on all lists of which she is a member will not work, because as the FAQ notes, her list delivery is probably disabled so the only bounces are the password reminder, and likely, last month's bounce is stale when this one arrives. Removing the member from all lists is often the right thing, but consider a member who is actually active on lists, but bounces un-whitelisted mail and forgets to whitelist the site list. Then the password reminder bounces and he is removed from all lists. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From p at state-of-mind.de Tue Jun 2 00:40:35 2009 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Tue, 2 Jun 2009 00:40:35 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> Message-ID: <20090601224034.GH5037@state-of-mind.de> * Mark Sapiro : > Patrick Ben Koetter wrote: > > >We, the Python.org postmasters, received about 2.200 bounces at Mailman day > >from monthly password reminders that did not reach the recipient. > > > >Ralf said such bounces do not increase a mailing list members bounce score. > >Is this correct? If it is, can we add such behaviour to the MM3 feature list? > > > The reminders go away in Mailman 3.0 as does the site list, so the > problem goes away. Fine. > See the FAQ at for a description of the > issues and why this is happening. > > I agree that 2200 bounces is a huge number to deal with manually. I'm > willing to work with you to find a way to deal with these > programmatically if you wish. Thanks for the offer. Ralf already took care of it and he's not the kind of guy to use his hands if a script can do it. I haven't asked, but I guess he used some awk magic... > Just incrementing the bounce score for such a user on all lists of > which she is a member will not work, because as the FAQ notes, her > list delivery is probably disabled so the only bounces are the > password reminder, and likely, last month's bounce is stale when this > one arrives. > > Removing the member from all lists is often the right thing, but > consider a member who is actually active on lists, but bounces > un-whitelisted mail and forgets to whitelist the site list. Then the > password reminder bounces and he is removed from all lists. Yes, I understand that very well. My mail was more about "doing the right thing" than about what exactly should be done. Since the cause will be removed the problem should be gone in MM3. p at rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From chris at zankel.net Tue Jun 2 04:30:05 2009 From: chris at zankel.net (Chris Zankel) Date: Mon, 01 Jun 2009 19:30:05 -0700 Subject: [Mailman-Developers] Creating a new mailing list - Bug in Mailman version 2.1.5 In-Reply-To: <4A248BD5.1030509@tensilica.com> References: <4A248BD5.1030509@tensilica.com> Message-ID: <4A248EAD.2070402@zankel.net> Hi Piet, Yes, I had the same error. Nevertheless, the mailing list itself was created but not the aliases entries in /etc/aliases. I simply created them manually (copying them from one of the other ones). That seemed to have worked. -Chris Piet Delaney wrote: > Hi Christian: > > I tried creating a new mailing list for xocd and got the error > shown below. You recently created new mailing list, so I thought > you might know about this land mine that I just stepped on while > using the std gui interface: > --------------------------------------------------------------- > http://lists.linux-xtensa.org/mailman/create > --------------------------------------------------------------- > Bug in Mailman version 2.1.5 > > We're sorry, we hit a bug! > > Please inform the webmaster for this site of this problem. > Printing of traceback and other system information has been > explicitly inhibited, but the webmaster can find this > information in the Mailman error logs. > --------------------------------------------------------------- > The admin web page mentions having proper authority. > Is it possibly that I just don't know the List creators > (authentication) password? > > BTW, any thoughts on the openembedded effort we discussed earlier? > > I'm wrapping up some work on AES and hope to get back to submitting > xtensa kernel patches for xtensa as a part time project. > > -piet From karlis.repsons at gmail.com Mon Jun 1 10:09:33 2009 From: karlis.repsons at gmail.com (=?utf-8?q?K=C4=81rlis_Repsons?=) Date: Mon, 1 Jun 2009 08:09:33 +0000 Subject: [Mailman-Developers] a question about documentation Message-ID: <200906010809.33731.Karlis.Repsons@gmail.com> Hello, could someone let me know about how was mailman-install.pdf manual generated? CC to me... K. From Ralf.Hildebrandt at charite.de Mon Jun 1 23:34:18 2009 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 1 Jun 2009 23:34:18 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090601212514.GG5037@state-of-mind.de> References: <20090601212514.GG5037@state-of-mind.de> Message-ID: <20090601213418.GJ5375@charite.de> * Patrick Ben Koetter

: > We, the Python.org postmasters, received about 2.200 bounces at Mailman day > from monthly password reminders that did not reach the recipient. These were VERPified, thus could easily be matched to the original recipient. A retarded task I did manually. -- Ralf Hildebrandt Gesch?ftsbereich IT | Abteilung Netzwerk Charit? - Universit?tsmedizin Berlin Campus Benjamin Franklin Hindenburgdamm 30 | D-12200 Berlin Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962 Ralf.Hildebrandt at charite.de | http://www.charite.de From pdelaney at tensilica.com Tue Jun 2 04:17:57 2009 From: pdelaney at tensilica.com (Piet Delaney) Date: Mon, 1 Jun 2009 19:17:57 -0700 Subject: [Mailman-Developers] Creating a new mailing list - Bug in Mailman version 2.1.5 Message-ID: <4A248BD5.1030509@tensilica.com> Hi Christian: I tried creating a new mailing list for xocd and got the error shown below. You recently created new mailing list, so I thought you might know about this land mine that I just stepped on while using the std gui interface: --------------------------------------------------------------- http://lists.linux-xtensa.org/mailman/create --------------------------------------------------------------- Bug in Mailman version 2.1.5 We're sorry, we hit a bug! Please inform the webmaster for this site of this problem. Printing of traceback and other system information has been explicitly inhibited, but the webmaster can find this information in the Mailman error logs. --------------------------------------------------------------- The admin web page mentions having proper authority. Is it possibly that I just don't know the List creators (authentication) password? BTW, any thoughts on the openembedded effort we discussed earlier? I'm wrapping up some work on AES and hope to get back to submitting xtensa kernel patches for xtensa as a part time project. -piet From bob at nleaudio.com Tue Jun 2 06:16:39 2009 From: bob at nleaudio.com (Bob Puff) Date: Tue, 2 Jun 2009 00:16:39 -0400 Subject: [Mailman-Developers] very large lists Message-ID: <20090602041336.M82171@nleaudio.com> Hi gang, I have a customer who wants a one-way distribution list set up that will handle millions of recipients... like 10 million. It is a double opt-in, and its not spam.. I'm thinking this is probably too much for MM 2 to handle. Will MM3 be able to scale to this size? If anyone has suggestions for me for current software that can do this, feel free to email me off-list. Bounce processing is important, as is user management. Bob From Ralf.Hildebrandt at charite.de Tue Jun 2 07:08:05 2009 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 2 Jun 2009 07:08:05 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> Message-ID: <20090602050805.GB20033@charite.de> * Barry Warsaw : > I believe that's right because the password reminders come from the site > list. Because of the mailing list silos in MM2.x, it's not feasible to > map those onto all the lists the email address could be a member of. > > Remember that monthly reminders are a thing of the past. They won't be in > MM3 and IIRC, they've already been removed from the MM2.2 tree also. What else is there to remind the users? From terri at zone12.com Tue Jun 2 06:51:08 2009 From: terri at zone12.com (Terri Oda) Date: Tue, 02 Jun 2009 00:51:08 -0400 Subject: [Mailman-Developers] a question about documentation In-Reply-To: <200906010809.33731.Karlis.Repsons@gmail.com> References: <200906010809.33731.Karlis.Repsons@gmail.com> Message-ID: <4A24AFBC.2070000@zone12.com> K?rlis Repsons wrote: > Hello, > could someone let me know about how was mailman-install.pdf manual generated? > CC to me... All the pdfs are generated from LaTeX files (.tex) that can be found in the source tree under... uh.. probably doc/ or maybe admin/doc. Look for mailman-install.tex. There may be a makefile there too, otherwise you can use latex to generate a pdf (texi2pdf or latex --output=pdf depending on your installation) That said, I'm trying to keep the most recent documents in the wiki now, with the plan to eventually phase out the latex, so you may wish to use the wiki as the source in the future. Terri From Ralf.Hildebrandt at charite.de Tue Jun 2 07:10:09 2009 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 2 Jun 2009 07:10:09 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> Message-ID: <20090602051009.GC20033@charite.de> * Mark Sapiro : > See the FAQ at for a description of the > issues and why this is happening. Yes, that's why > I agree that 2200 bounces is a huge number to deal with manually. I'm > willing to work with you to find a way to deal with these > programmatically if you wish. I already scripted that > Just incrementing the bounce score for such a user on all lists of > which she is a member will not work, because as the FAQ notes, her > list delivery is probably disabled so the only bounces are the > password reminder, and likely, last month's bounce is stale when this > one arrives. Ahhh. Good point. > Removing the member from all lists is often the right thing, but > consider a member who is actually active on lists, but bounces > un-whitelisted mail and forgets to whitelist the site list. Then the > password reminder bounces and he is removed from all lists. Hm. I guess they'll have to live with that :) From iane at sussex.ac.uk Tue Jun 2 11:49:39 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Tue, 02 Jun 2009 10:49:39 +0100 Subject: [Mailman-Developers] very large lists In-Reply-To: <20090602041336.M82171@nleaudio.com> References: <20090602041336.M82171@nleaudio.com> Message-ID: <23B86786C892B6311E49EEB7@lewes.staff.uscs.susx.ac.uk> --On 2 June 2009 00:16:39 -0400 Bob Puff wrote: > Hi gang, > > I have a customer who wants a one-way distribution list set up that will > handle millions of recipients... like 10 million. It is a double opt-in, > and its not spam.. > > I'm thinking this is probably too much for MM 2 to handle. Will MM3 be > able to scale to this size? > > If anyone has suggestions for me for current software that can do this, > feel free to email me off-list. Bounce processing is important, as is > user management. You've not specified the problem very clearly. How frequently do you expect to send messages to this list? Do you have several lists? How urgent are the messages? Do they need to be delivered in the space of a few minutes, hours, or days? If you don't need personalised messages, then you can do the VERP in your MTA. That should make it much more feasible. Configure Mailman with several parallel queue runners to prevent messages to large lists from holding up messages to small lists. > > Bob > > _______________________________________________ > Mailman-Developers mailing list > Mailman-Developers at python.org > http://mail.python.org/mailman/listinfo/mailman-developers > Mailman FAQ: http://wiki.list.org/x/AgA3 > Searchable Archives: > http://www.mail-archive.com/mailman-developers%40python.org/ Unsubscribe: > http://mail.python.org/mailman/options/mailman-developers/iane%40sussex.a > c.uk > > Security Policy: http://wiki.list.org/x/QIA9 -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From barry at list.org Tue Jun 2 13:08:12 2009 From: barry at list.org (Barry Warsaw) Date: Tue, 2 Jun 2009 07:08:12 -0400 Subject: [Mailman-Developers] a question about documentation In-Reply-To: <4A24AFBC.2070000@zone12.com> References: <200906010809.33731.Karlis.Repsons@gmail.com> <4A24AFBC.2070000@zone12.com> Message-ID: <928F50B6-ECE4-4CF0-8ACD-8EA012C32EC3@list.org> On Jun 2, 2009, at 12:51 AM, Terri Oda wrote: > That said, I'm trying to keep the most recent documents in the wiki > now, with the plan to eventually phase out the latex, so you may > wish to use the wiki as the source in the future. This is a great plan, thanks Terri. Note that wiki pages can be turned into PDF, IIRC. Any text based file system documentation we include going forward should probably be in restructured text (reST) format, since there are now excellent toolchains available to turn this into good printed and online documentation (Sphinx). I think we can now claim reST is the standard documentation format for Python code. All of MM3's doctests are in reST for example. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From barry at list.org Tue Jun 2 13:09:55 2009 From: barry at list.org (Barry Warsaw) Date: Tue, 2 Jun 2009 07:09:55 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090602050805.GB20033@charite.de> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> Message-ID: On Jun 2, 2009, at 1:08 AM, Ralf Hildebrandt wrote: > * Barry Warsaw : > >> I believe that's right because the password reminders come from the >> site >> list. Because of the mailing list silos in MM2.x, it's not >> feasible to >> map those onto all the lists the email address could be a member of. >> >> Remember that monthly reminders are a thing of the past. They >> won't be in >> MM3 and IIRC, they've already been removed from the MM2.2 tree also. > > What else is there to remind the users? There isn't anything I think. Are you asking because you think the monthly reminders still have a valid use case? I'd love to keep them killed off since I think the headache they introduce (especially for admins) far outweighs any benefit to users. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From Ralf.Hildebrandt at charite.de Tue Jun 2 13:12:30 2009 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 2 Jun 2009 13:12:30 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> Message-ID: <20090602111230.GE27404@charite.de> * Barry Warsaw : >> What else is there to remind the users? > > There isn't anything I think. Are you asking because you think the > monthly reminders still have a valid use case? I'd love to keep them > killed off since I think the headache they introduce (especially for > admins) far outweighs any benefit to users. Pro: They could be used to weed out undeliverables on low traffic announce lists Con: they add unwanted traffic for low traffic announce lists headache for admins From iane at sussex.ac.uk Tue Jun 2 14:11:20 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Tue, 02 Jun 2009 13:11:20 +0100 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> Message-ID: --On 2 June 2009 07:09:55 -0400 Barry Warsaw wrote: > > There isn't anything I think. Are you asking because you think the > monthly reminders still have a valid use case? I'd love to keep them > killed off since I think the headache they introduce (especially for > admins) far outweighs any benefit to users. Of course, site admins ought to be able to disable them or change the default for the site, specific lists or users. List admins should be able to disable them or change the default for their lists, or specific users. Users should be able to disable them or enable them per list (where they're permitted to). The use case. If I'm changing an email address - eg moving jobs, I'll set up forwarding for a while, and change my subscriptions accordingly. If I don't get a message from a list before the old account is disabled, then I stop getting mail from that list. There must be other use cases. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From bob at nleaudio.com Tue Jun 2 16:11:44 2009 From: bob at nleaudio.com (Bob Puff) Date: Tue, 2 Jun 2009 10:11:44 -0400 Subject: [Mailman-Developers] very large lists In-Reply-To: <23B86786C892B6311E49EEB7@lewes.staff.uscs.susx.ac.uk> References: <20090602041336.M82171@nleaudio.com> <23B86786C892B6311E49EEB7@lewes.staff.uscs.susx.ac.uk> Message-ID: <20090602140540.M72030@nleaudio.com> ---------- Original Message ----------- From: Ian Eiloart To: Bob Puff , Mailman-Developers at python.org Sent: Tue, 02 Jun 2009 10:49:39 +0100 Subject: Re: [Mailman-Developers] very large lists > --On 2 June 2009 00:16:39 -0400 Bob Puff wrote: > > > Hi gang, > > > > I have a customer who wants a one-way distribution list set up that will > > handle millions of recipients... like 10 million. It is a double opt-in, > > and its not spam.. > > > > I'm thinking this is probably too much for MM 2 to handle. Will MM3 be > > able to scale to this size? > > > > If anyone has suggestions for me for current software that can do this, > > feel free to email me off-list. Bounce processing is important, as is > > user management. > > You've not specified the problem very clearly. How frequently do you > expect to send messages to this list? Do you have several lists? How > urgent are the messages? Do they need to be delivered in the space > of a few minutes, hours, or days? Hi Ian, The problem I've seen is that with the "large" lists I have now (up to 10,000), python is the dominate process taking up time. I recall there being some discussion about how the list data files are locked during bounce processing, preventing parallel processes from doing much. I'm not sure its physically possible to deliver a million emails in a matter of a few minutes or even a few hours, unless its a bot-net! :-) Even on a 100mb link, I would expect more on the order of many hours. Messages would be sent at a maximum of one per week. > If you don't need personalised messages, then you can do the VERP in > your MTA. That should make it much more feasible. Configure Mailman > with several parallel queue runners to prevent messages to large > lists from holding up messages to small lists. What and where would be the config statement specifying the number of queue runners? Bob From iane at sussex.ac.uk Tue Jun 2 17:37:55 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Tue, 02 Jun 2009 16:37:55 +0100 Subject: [Mailman-Developers] very large lists In-Reply-To: <20090602140540.M72030@nleaudio.com> References: <20090602041336.M82171@nleaudio.com> <23B86786C892B6311E49EEB7@lewes.staff.uscs.susx.ac.uk> <20090602140540.M72030@nleaudio.com> Message-ID: <2A3FAB9FA374DDFE1A7D254F@lewes.staff.uscs.susx.ac.uk> --On 2 June 2009 10:11:44 -0400 Bob Puff wrote: > > > > ---------- Original Message ----------- > From: Ian Eiloart > To: Bob Puff , Mailman-Developers at python.org > Sent: Tue, 02 Jun 2009 10:49:39 +0100 > Subject: Re: [Mailman-Developers] very large lists > >> --On 2 June 2009 00:16:39 -0400 Bob Puff wrote: >> >> > Hi gang, >> > >> > I have a customer who wants a one-way distribution list set up that >> > will handle millions of recipients... like 10 million. It is a double >> > opt-in, and its not spam.. >> > >> > I'm thinking this is probably too much for MM 2 to handle. Will MM3 be >> > able to scale to this size? >> > >> > If anyone has suggestions for me for current software that can do this, >> > feel free to email me off-list. Bounce processing is important, as is >> > user management. >> >> You've not specified the problem very clearly. How frequently do you >> expect to send messages to this list? Do you have several lists? How >> urgent are the messages? Do they need to be delivered in the space >> of a few minutes, hours, or days? > > Hi Ian, > > The problem I've seen is that with the "large" lists I have now (up to > 10,000), python is the dominate process taking up time. I recall there > being some discussion about how the list data files are locked during > bounce processing, preventing parallel processes from doing much. If your messages aren't personalised, you can do the verp in your MTA. Then your Mailman server could deliver one message per recipient _domain_, instead of one per recipient. And, if you're out of server resource, you could build a cluster. If it's CPU bound, then multiple queue runners may help if you have multiple processor cores. We got huge improvements delivering mail when we introduced parallel q runners. Our problem was that delivery to small but time sensitive lists was held up when someone sent mail to a large list. So, it still takes a while to deliver to a large list, but other jobs aren't held up. > I'm not sure its physically possible to deliver a million emails in a > matter of a few minutes or even a few hours, unless its a bot-net! :-) > Even on a 100mb link, I would expect more on the order of many hours. > Messages would be sent at a maximum of one per week. Well, you didn't say that your client wasn't gmail, for example! >> If you don't need personalised messages, then you can do the VERP in >> your MTA. That should make it much more feasible. Configure Mailman >> with several parallel queue runners to prevent messages to large >> lists from holding up messages to small lists. > > What and where would be the config statement specifying the number of > queue runners? we have this, in mm_cfg.py: # Which queues should the qrunner master watchdog spawn? This is a list of # 2-tuples containing the name of the qrunner class (which must live in a # module of the same name within the Mailman.Queue package), and the number of # parallel processes to fork for each qrunner. If more than one process is # used, each will take an equal subdivision of the hash space. # BAW: Eventually we may support weighted hash spaces. # BAW: Although not enforced, the # of slices must be a power of 2 QRUNNERS = [ ('ArchRunner', 4), # messages for the archiver ('BounceRunner', 4), # for processing the qfile/bounces directory ('CommandRunner', 4), # commands and bounces from the outside world ('IncomingRunner', 4), # posts from the outside world ('NewsRunner', 4), # outgoing messages to the nntpd ('OutgoingRunner', 32), # outgoing messages to the smtpd ('VirginRunner', 4), # internally crafted (virgin birth) messages ('RetryRunner', 4), # retry temporarily failed deliveries ] > > Bob > -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From mark at msapiro.net Wed Jun 3 05:02:43 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Jun 2009 20:02:43 -0700 Subject: [Mailman-Developers] a question about documentation In-Reply-To: <4A24AFBC.2070000@zone12.com> Message-ID: Terri Oda wrote: > >All the pdfs are generated from LaTeX files (.tex) that can be found in >the source tree under... uh.. probably doc/ or maybe admin/doc. Just a technical note - the .tex files haven't been included in the last few Mailman releases. The entire documentation package is available at . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Jun 3 05:46:19 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Jun 2009 20:46:19 -0700 Subject: [Mailman-Developers] Creating a new mailing list - Bug in Mailmanversion 2.1.5 In-Reply-To: <4A248BD5.1030509@tensilica.com> Message-ID: Piet Delaney wrote: > > I tried creating a new mailing list for xocd and got the error >shown below. You recently created new mailing list, so I thought >you might know about this land mine that I just stepped on while >using the std gui interface: >--------------------------------------------------------------- > http://lists.linux-xtensa.org/mailman/create >--------------------------------------------------------------- >Bug in Mailman version 2.1.5 > >We're sorry, we hit a bug! > >Please inform the webmaster for this site of this problem. >Printing of traceback and other system information has been >explicitly inhibited, but the webmaster can find this >information in the Mailman error logs. >--------------------------------------------------------------- >The admin web page mentions having proper authority. >Is it possibly that I just don't know the List creators >(authentication) password? That wouldn't be the reason for the "bug", even in ancient 2.1.5. If you're posting to Mailman Developers because you want help or to report the "bug", please provide the full log entry from Mailman's error log. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Jun 3 06:31:25 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Jun 2009 21:31:25 -0700 Subject: [Mailman-Developers] very large lists In-Reply-To: <2A3FAB9FA374DDFE1A7D254F@lewes.staff.uscs.susx.ac.uk> Message-ID: Ian Eiloart wrote: > >We got huge improvements delivering mail when we introduced parallel q >runners. Our problem was that delivery to small but time sensitive lists >was held up when someone sent mail to a large list. So, it still takes a >while to deliver to a large list, but other jobs aren't held up. It is only partly true that other jobs are not held up. When you slice a qrunner, you don't get "one queue/many servers". You get "many queues/many servers" any specific message still has a 1/n chance of being behind one with a long service time. I note that you have 32 outgoing runner slices, so it's probably rare that a message is waiting in the same queue slice as the one to 10,000 recipients, but it can happen. Bob, As far as the millions of recipients is concerned, with a default Mailman 2.x. the size of the lists/LISTNAME/config.pck is going to be huge. I think you'd need to break it into several subset lists and an umbrella. I also think you'd want to investigate alternate MemberAdaptors, although the MySQL ones (see thread at are the only ones I am aware of that support bounce processing. With some changes like this, it might be feasable in Mailman 2.1/2.2. This is somewhat uncharted territory, all though 100K lists are not unheard of. See the FAQ at . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Jun 3 06:50:31 2009 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Jun 2009 21:50:31 -0700 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090602051009.GC20033@charite.de> Message-ID: Ralf Hildebrandt wrote: > >* Mark Sapiro : > >> Removing the member from all lists is often the right thing, but >> consider a member who is actually active on lists, but bounces >> un-whitelisted mail and forgets to whitelist the site list. Then the >> password reminder bounces and he is removed from all lists. > >Hm. I guess they'll have to live with that :) OK, but FYI, here's perhaps a better reason direct from BounceRunner XXX We used to classify bounces to the site list as bounce events for every list, but this caused severe problems. Here's the scenario: aperson at example.com is a member of 4 lists, and a list owner of the foo list. example.com has an aggressive spam filter which rejects any message that is spam or contains spam as an attachment. Now, a spambot sends a piece of spam to the foo list, but since that spambot is not a member, the list holds the message for approval, and sends a notification to aperson at example.com as list owner. That notification contains a copy of the spam. Now example.com rejects the message, causing a bounce to be sent to the site list's bounce address. The bounce runner would then dutifully register a bounce for all 4 lists that aperson at example.com was a member of, and eventually that person would get disabled on all their lists. So now we ignore site list bounces. Ce La Vie for password reminder bounces. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From skip at pobox.com Wed Jun 3 15:12:02 2009 From: skip at pobox.com (skip at pobox.com) Date: Wed, 3 Jun 2009 08:12:02 -0500 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> Message-ID: <18982.30370.314247.863121@montanaro.dyndns.org> Barry> Remember that monthly reminders are a thing of the past. They Barry> won't be in MM3 and IIRC, they've already been removed from the Barry> MM2.2 tree also. Thank you. As the person who maintains the mail.python.org spam filters the volume of held messages I have to wade through is huge around the first of the month because of bouncing reminders. Skip From p at state-of-mind.de Wed Jun 3 15:43:23 2009 From: p at state-of-mind.de (Patrick Ben Koetter) Date: Wed, 3 Jun 2009 15:43:23 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <18982.30370.314247.863121@montanaro.dyndns.org> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <18982.30370.314247.863121@montanaro.dyndns.org> Message-ID: <20090603134323.GD4194@state-of-mind.de> * skip at pobox.com : > > Barry> Remember that monthly reminders are a thing of the past. They > Barry> won't be in MM3 and IIRC, they've already been removed from the > Barry> MM2.2 tree also. > > Thank you. As the person who maintains the mail.python.org spam filters the > volume of held messages I have to wade through is huge around the first of > the month because of bouncing reminders. I will definitely miss Mailman Day. ;) p at rick -- state of mind Digitale Kommunikation http://www.state-of-mind.de Franziskanerstra?e 15 Telefon +49 89 3090 4664 81669 M?nchen Telefax +49 89 3090 4666 Amtsgericht M?nchen Partnerschaftsregister PR 563 From nico at tekNico.net Tue Jun 2 15:39:26 2009 From: nico at tekNico.net (Nicola Larosa) Date: Tue, 02 Jun 2009 15:39:26 +0200 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> Message-ID: <4A252B8E.4010105@tekNico.net> Barry Warsaw wrote: > Are you asking because you think the monthly reminders still have a > valid use case? I'd love to keep them killed off since I think the > headache they introduce (especially for admins) far outweighs any > benefit to users. Being on by default is a headache for users too. Every time I subscribe to a mailing list, I have to go into settings just to disable the damn thing. Should you reintroduce them in MM3, please set them off by default. Thanks. :-) -- Nicola Larosa - http://www.tekNico.net/ (the 1:30AM bossanova guitar player ;-) ) From barry at list.org Thu Jun 4 14:11:12 2009 From: barry at list.org (Barry Warsaw) Date: Thu, 4 Jun 2009 08:11:12 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> Message-ID: <8A1C1BA3-E2B6-4081-AE54-1E525B75C7A0@list.org> On Jun 2, 2009, at 8:11 AM, Ian Eiloart wrote: > The use case. If I'm changing an email address - eg moving jobs, > I'll set up forwarding for a while, and change my subscriptions > accordingly. If I don't get a message from a list before the old > account is disabled, then I stop getting mail from that list. There > must be other use cases. I hope that we can address this through two new "features". First, you'll be able to associate multiple email addresses with your account, and if one starts bouncing, Mailman can just flip over to the next enabled one on your list. Second, you'll be able to get password resets (not reminders -- the passwords will now be encrypted!) just like for every other site you're on. Of course, I also plan to support OpenID so you won't have to remember a bazillion passwords. There is the case where you just don't remember you're on a mailing list until it's too late (i.e. your old email has expired). Once you remember this, you should be able to log into your account, e.g. via OpenID, and associate a new email address with it, then verify it and get your deliveries working again. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From barry at list.org Thu Jun 4 14:13:00 2009 From: barry at list.org (Barry Warsaw) Date: Thu, 4 Jun 2009 08:13:00 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: Message-ID: On Jun 3, 2009, at 12:50 AM, Mark Sapiro wrote: > XXX We used to classify bounces to the site list as bounce events > for every list, but this caused severe problems. Here's the > scenario: aperson at example.com is a member of 4 lists, and a list > owner of the foo list. example.com has an aggressive spam filter > which rejects any message that is spam or contains spam as an > attachment. Now, a spambot sends a piece of spam to the foo list, > but since that spambot is not a member, the list holds the message > for approval, and sends a notification to aperson at example.com as > list owner. That notification contains a copy of the spam. Now > example.com rejects the message, causing a bounce to be sent to the > site list's bounce address. The bounce runner would then dutifully > register a bounce for all 4 lists that aperson at example.com was a > member of, and eventually that person would get disabled on all > their lists. So now we ignore site list bounces. Ce La Vie for > password reminder bounces. I hope we've all learned by now never to bounce spam back to the "original" sender! -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From barry at list.org Thu Jun 4 14:13:51 2009 From: barry at list.org (Barry Warsaw) Date: Thu, 4 Jun 2009 08:13:51 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <20090603134323.GD4194@state-of-mind.de> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <18982.30370.314247.863121@montanaro.dyndns.org> <20090603134323.GD4194@state-of-mind.de> Message-ID: On Jun 3, 2009, at 9:43 AM, Patrick Ben Koetter wrote: > * skip at pobox.com : >> >> Barry> Remember that monthly reminders are a thing of the past. >> They >> Barry> won't be in MM3 and IIRC, they've already been removed >> from the >> Barry> MM2.2 tree also. >> >> Thank you. As the person who maintains the mail.python.org spam >> filters the >> volume of held messages I have to wade through is huge around the >> first of >> the month because of bouncing reminders. > > I will definitely miss Mailman Day. ;) Y'know, if we could only make those fun and viral, we'd all be rich! :) -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From barry at list.org Thu Jun 4 14:14:49 2009 From: barry at list.org (Barry Warsaw) Date: Thu, 4 Jun 2009 08:14:49 -0400 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: <4A252B8E.4010105@tekNico.net> References: <20090601212514.GG5037@state-of-mind.de> <779CE739-0280-4F7D-8C70-AD94B9418EB8@list.org> <20090602050805.GB20033@charite.de> <4A252B8E.4010105@tekNico.net> Message-ID: <8755BFF5-1B2F-42CE-8F00-3B5088F36FF9@list.org> On Jun 2, 2009, at 9:39 AM, Nicola Larosa wrote: > Barry Warsaw wrote: >> Are you asking because you think the monthly reminders still have a >> valid use case? I'd love to keep them killed off since I think the >> headache they introduce (especially for admins) far outweighs any >> benefit to users. > > Being on by default is a headache for users too. Every time I > subscribe > to a mailing list, I have to go into settings just to disable the > damn thing. > > Should you reintroduce them in MM3, please set them off by default. > Thanks. :-) Indeed. But I think they should stay dead. > Nicola Larosa - http://www.tekNico.net/ > (the 1:30AM bossanova guitar player ;-) ) Which was excellent btw! :) -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From iane at sussex.ac.uk Fri Jun 5 10:46:36 2009 From: iane at sussex.ac.uk (Ian Eiloart) Date: Fri, 05 Jun 2009 09:46:36 +0100 Subject: [Mailman-Developers] monthly password reminder bounce reaction In-Reply-To: References: Message-ID: --On 4 June 2009 08:13:00 -0400 Barry Warsaw wrote: > > I hope we've all learned by now never to bounce spam back to the > "original" sender! > Except when you have a positive spf lookup result. In which case the "original" sender probably is in a position to stop spamming you. -- Ian Eiloart IT Services, University of Sussex 01273-873148 x3148 For new support requests, see http://www.sussex.ac.uk/its/help/ From brad at shub-internet.org Sun Jun 7 23:08:42 2009 From: brad at shub-internet.org (Brad Knowles) Date: Sun, 07 Jun 2009 16:08:42 -0500 Subject: [Mailman-Developers] [Mailman-Users] openID enabled mailman In-Reply-To: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> Message-ID: <4A2C2C5A.9080709@shub-internet.org> on 6/7/09 12:14 PM, Malveeka Tewari said: > I want to know if there's already an openID enabled version of > mailman available And what files would I need to make changes to > include openID support in mailman The OpenID project uses Mailman themselves, and they have hacked it to allow OpenID logins. They even shared with us the code that they have. I took a look at trying to bring this into the main codebase, and I was not able to figure out how to do that -- when they put in OpenID, they broke everything else, and I could never figure out how to get the two to co-exist at the same time. IMO, this may be a better question to ask on their mailing lists, or to ask the people who maintain their mailing lists. -- Brad Knowles LinkedIn Profile: From malveeka at gmail.com Sun Jun 7 19:14:20 2009 From: malveeka at gmail.com (Malveeka Tewari) Date: Sun, 7 Jun 2009 19:14:20 +0200 Subject: [Mailman-Developers] openID enabled mailman Message-ID: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> Hi I am working on implementing openID server for the mailman setup I am running. I have started using mailman only recently and need help/feedback on my approach. We want to provide the list users an option whether or not to have enable openID. On the "" page, the users will see an option for 1. Enable/Disable openID login for your subscription 2. Sign in with existing openID login for your subscription *1. Enable/Disable openID login for your subscription* *account* For enabling and diabling the openID feature, the users login their subscribed accounts as they do now for changing any of the subcription options. On this page if they enable the openID feature, they recieve an automated reply with their openID identifier. The password for the openID identifier is the same as that for the subscription accounts. If they change their subscription passwords, their openID password gets changed too. *2. Sign in with existing openID login* The user gets redirected to a page where it enters it's openID identifer and the password and can now manage its account settings with the openID identifier. This authentication and further logging, modification of subscription configurations will be handled by the openID server. As I understand, the *changes that need to be made to the existing mailman code* include the following: Changing the MemberAdaptor.py and UserDesc.py for including information whether or not openID identifier is enabled for a paricular user. Propogating changes made to openID-identified-accounts to the subscription configurations. Changing the webpage interfaces for provinding and allowing users to access these options I want to know if there's already an openID enabled version of mailman available And what files would I need to make changes to include openID support in mailman Thanks Malveeka From davidoff at lindenlab.com Sat Jun 13 01:43:50 2009 From: davidoff at lindenlab.com (Andrew Davidoff) Date: Fri, 12 Jun 2009 16:43:50 -0700 Subject: [Mailman-Developers] Global accept_these_nonmembers? Message-ID: <7468C852-9BDC-4FE1-A771-E861D599EA45@lindenlab.com> Hello All, Is there any reason something like DEFAULT_ACCEPT_THESE_NONMEMBERS hasn't been pushed up into MailList.py? It would be handy for me to apply such a default, though I realize I may be in the minority. I am considering applying a small patch to support this, but would like to know if something like this might be implemented in the future by your team. I communicated briefly with msapiro in #mailman on freenode and it sounded like some work on mailman 3 (styles / templates) might be an area this would fall into. This email is mostly a follow up to see if any one else has any thoughts on this. Thanks. Andrew Davidoff From barry at list.org Sat Jun 13 02:36:33 2009 From: barry at list.org (Barry Warsaw) Date: Fri, 12 Jun 2009 20:36:33 -0400 Subject: [Mailman-Developers] Global accept_these_nonmembers? In-Reply-To: <7468C852-9BDC-4FE1-A771-E861D599EA45@lindenlab.com> References: <7468C852-9BDC-4FE1-A771-E861D599EA45@lindenlab.com> Message-ID: <85772267-0E26-44E0-A2E6-E0318296E961@list.org> On Jun 12, 2009, at 7:43 PM, Andrew Davidoff wrote: > Is there any reason something like DEFAULT_ACCEPT_THESE_NONMEMBERS > hasn't been pushed up into MailList.py? It would be handy for me to > apply such a default, though I realize I may be in the minority. I > am considering applying a small patch to support this, but would > like to know if something like this might be implemented in the > future by your team. > > I communicated briefly with msapiro in #mailman on freenode and it > sounded like some work on mailman 3 (styles / templates) might be an > area this would fall into. This email is mostly a follow up to see > if any one else has any thoughts on this. Things are different in MM3 (there are none of the _nonmembers attributes), but they way it's designed now, you'll have similar functionality and it can be tied to the mailing list. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From stephen at xemacs.org Sat Jun 13 12:03:53 2009 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Sat, 13 Jun 2009 19:03:53 +0900 Subject: [Mailman-Developers] openID enabled mailman In-Reply-To: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> Message-ID: <87iqj0wiuu.fsf@uwakimon.sk.tsukuba.ac.jp> Malveeka Tewari writes: > 2. Sign in with existing openID login for your subscription > > *1. Enable/Disable openID login for your subscription* *account* > For enabling and diabling the openID feature, the users login their > subscribed accounts as they do now for changing any of the subcription > options. > On this page if they enable the openID feature, they recieve an automated > reply with their openID identifier. > > The password for the openID identifier is the same as that for the > subscription accounts. If they change their subscription passwords, their > openID password gets changed too. I don't understand what you're trying to do. The whole point of open ID is delegating authorization to a third party. If you want, you can provide that service as well, but once you've enabled OpenID, you shouldn't need a password for Mailman. In fact, the Mailman password should be disabled, as it is certainly less secure than OpenID at this point in time. > I want to know if there's already an openID enabled version of > mailman available The OpenID project has OpenID-enabled Mailman lists, but according to Brad Knowles in the process of adapting Mailman to OpenID they broke a lot of other features, and integrating their changes is non-trivial. From malveeka at gmail.com Sat Jun 13 12:43:26 2009 From: malveeka at gmail.com (Malveeka Tewari) Date: Sat, 13 Jun 2009 12:43:26 +0200 Subject: [Mailman-Developers] openID enabled mailman In-Reply-To: <87iqj0wiuu.fsf@uwakimon.sk.tsukuba.ac.jp> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> <87iqj0wiuu.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <68779e050906130343q5ba71fa4r87b5c43f3a438aaf@mail.gmail.com> Hi Stephen Thanks for your reply. W want to implement the OpenID Provider for the mailman set up we are running on our servers. The idea is to use OpenID with mailman to provide single sign on for our other user accounts like our wiki etc. Our focus is on providing Single Sign On but we do not want to delegate authentication to a third party. Hence we want to implement OpenID provider for our Mailman service. and OpenID relying party for our wiki etc. Now for the OpenID provider we may choose to have new passwords or use the mailman passwords. For ease of users, we want to use the mailman passwords for the OpenID provider. I hope I have conveyed what I am trying to do. I will be thankful for any suggestions Thanks Malveeka On Sat, Jun 13, 2009 at 12:03 PM, Stephen J. Turnbull wrote: > Malveeka Tewari writes: > > > 2. Sign in with existing openID login for your subscription > > > > *1. Enable/Disable openID login for your subscription* *account* > > For enabling and diabling the openID feature, the users login their > > subscribed accounts as they do now for changing any of the subcription > > options. > > On this page if they enable the openID feature, they recieve an > automated > > reply with their openID identifier. > > > > The password for the openID identifier is the same as that for the > > subscription accounts. If they change their subscription passwords, > their > > openID password gets changed too. > > I don't understand what you're trying to do. The whole point of open > ID is delegating authorization to a third party. If you want, you can > provide that service as well, but once you've enabled OpenID, you > shouldn't need a password for Mailman. In fact, the Mailman password > should be disabled, as it is certainly less secure than OpenID at this > point in time. > > > I want to know if there's already an openID enabled version of > > mailman available > > The OpenID project has OpenID-enabled Mailman lists, but according to > Brad Knowles in the process of adapting Mailman to OpenID they broke a > lot of other features, and integrating their changes is non-trivial. > From stephen at xemacs.org Sat Jun 13 13:37:51 2009 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Sat, 13 Jun 2009 20:37:51 +0900 Subject: [Mailman-Developers] [Mailman-Users] openID enabled mailman In-Reply-To: <68779e050906130343q5ba71fa4r87b5c43f3a438aaf@mail.gmail.com> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> <87iqj0wiuu.fsf@uwakimon.sk.tsukuba.ac.jp> <68779e050906130343q5ba71fa4r87b5c43f3a438aaf@mail.gmail.com> Message-ID: <87hbykwei8.fsf@uwakimon.sk.tsukuba.ac.jp> Malveeka Tewari writes: > Our focus is on providing Single Sign On but we do not want to delegate > authentication to a third party. Hence we want to implement OpenID provider > for our Mailman service. I don't think this is a good idea. Mailman is designed to deliver single messages to multiple parties, which it does very well, and to manage member lists, which it does tolerably well for many purposes. It is not designed to keep secrets. You may not now particularly care, but it could be very annoying later if you decide you want more security and need to switch your system. Better to put your provider in a separate place from Mailman, and have Mailman rely on and trust only your provider. You could do them on the same host if necessary but in the long run you might want to have the provider on a dedicated host, depending on how serious you become about security. > and OpenID relying partyOD for our wiki etc. > > Now for the OpenID provider we may choose to have new passwords or use the > mailman passwords. For ease of users, we want to use the mailman passwords > for the OpenID provider. Again, Mailman is not very secure. In the default configuration, passwords are mailed out in cleartext over non-secure channels (and even so-called secure mail is pretty tricky -- it's much easier to secure a web application). The passwords are also stored in the clear. This means that if you want to set up OpenID for existing users by transferring their passwords, it should be possible (I don't know how offhand, though). I don't recommend that, either. Normally, people don't care that much as there's not much damage that can be done via a mailing list, except spamming, and most lists have additional defenses against that. But you plan to rely on these passwords to secure multiple services, making the value of cracking one that much higher. I would ask my own users to set new passwords in this situation. Of course, all these issues depend on a lot of factors. You may have better security than the default for the Internet in place, or much more careful users, etc. From malveeka at gmail.com Sat Jun 13 16:16:15 2009 From: malveeka at gmail.com (Malveeka Tewari) Date: Sat, 13 Jun 2009 16:16:15 +0200 Subject: [Mailman-Developers] [Mailman-Users] openID enabled mailman In-Reply-To: <4A2C2C5A.9080709@shub-internet.org> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> <4A2C2C5A.9080709@shub-internet.org> Message-ID: <68779e050906130716g2efc888cu1b219ce7de10c7e7@mail.gmail.com> Hi Brad, Can I also take a look at the code that the OpenID folks sent you? It'll be great if you can send me any pointers to that code. I asked on their mailing lists too but haven't received any promising response. Looking at the code might give me an idea about how to start implementing openID support fr the mailman setup I am running, Thanks Malveeka On Sun, Jun 7, 2009 at 11:08 PM, Brad Knowles wrote: > on 6/7/09 12:14 PM, Malveeka Tewari said: > > I want to know if there's already an openID enabled version of >> mailman available And what files would I need to make changes to >> include openID support in mailman >> > > The OpenID project uses Mailman themselves, and they have hacked it to > allow OpenID logins. They even shared with us the code that they have. I > took a look at trying to bring this into the main codebase, and I was not > able to figure out how to do that -- when they put in OpenID, they broke > everything else, and I could never figure out how to get the two to co-exist > at the same time. > > IMO, this may be a better question to ask on their mailing lists, or to ask > the people who maintain their mailing lists. > > -- > Brad Knowles > LinkedIn Profile: > From brad at shub-internet.org Sat Jun 13 19:25:08 2009 From: brad at shub-internet.org (Brad Knowles) Date: Sat, 13 Jun 2009 12:25:08 -0500 Subject: [Mailman-Developers] [Mailman-Users] openID enabled mailman In-Reply-To: <68779e050906130716g2efc888cu1b219ce7de10c7e7@mail.gmail.com> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> <4A2C2C5A.9080709@shub-internet.org> <68779e050906130716g2efc888cu1b219ce7de10c7e7@mail.gmail.com> Message-ID: <4A33E0F4.7020508@shub-internet.org> on 6/13/09 9:16 AM, Malveeka Tewari said: > Can I also take a look at the code that the OpenID folks sent you? > It'll be great if you can send me any pointers to that code. > I asked on their mailing lists too but haven't received any promising > response. They never made any attempt to build an OpenID provider in Mailman. All they did was hack in some OpenID Relyer code, and in the process they broke any other kind of authentication. Mailman is the wrong place to put an OpenID provider. That needs to go somewhere else, and then you can put in code that allows Mailman to be an OpenID Relyer. > Looking at the code might give me an idea about how to start implementing > openID support fr the mailman setup I am running, I really don't think so. They and you seem to have very different ideas as to where the OpenID provider code should go. -- Brad Knowles LinkedIn Profile: From barry at list.org Wed Jun 17 13:13:46 2009 From: barry at list.org (Barry Warsaw) Date: Wed, 17 Jun 2009 07:13:46 -0400 Subject: [Mailman-Developers] [Mailman-Users] openID enabled mailman In-Reply-To: <4A33E0F4.7020508@shub-internet.org> References: <68779e050906071014s65115496ncf94b2c675efccb9@mail.gmail.com> <4A2C2C5A.9080709@shub-internet.org> <68779e050906130716g2efc888cu1b219ce7de10c7e7@mail.gmail.com> <4A33E0F4.7020508@shub-internet.org> Message-ID: <7725B8CE-9039-426F-972B-23749ED86087@list.org> On Jun 13, 2009, at 1:25 PM, Brad Knowles wrote: > Mailman is the wrong place to put an OpenID provider. That needs to > go somewhere else, and then you can put in code that allows Mailman > to be an OpenID Relyer. Well put, and I could not agree more. What would be very helpful would be adding the necessary support to Mailman 2.2 and 3 so that it can be a relying party, and perhaps we can finally deprecate or kill off the stupid user passwords. -Barry -------------- next part -------------- A non-text attachment was scrubbed... Name: PGP.sig Type: application/pgp-signature Size: 832 bytes Desc: This is a digitally signed message part URL: From raffenet at mcs.anl.gov Thu Jun 18 21:00:54 2009 From: raffenet at mcs.anl.gov (Kenneth Raffenetti) Date: Thu, 18 Jun 2009 14:00:54 -0500 Subject: [Mailman-Developers] should i be able to set a default accept_these_nonmembers? Message-ID: <4A3A8EE6.4010307@mcs.anl.gov> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I recently had a request to make it so a Mailman domain I had setup would include a default set of email addresses in the accept_these_nonmembers field of each list. I thought it was a reasonable request as these people are responsible essentially all things in that domain. Default.py and mm_cfg.py are not currently setup to allow this. Does anyone think this is a reasonable feature request? Thanks, Ken Raffenetti -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko6juQACgkQvRJB9CBtvwhDlgCdFPxxSTrh8On2u+xo4u1dhtOU 6+IAnirHyuwxaiHlDKDnDGp595/iRUQM =m5JJ -----END PGP SIGNATURE----- From adam-mailman at amyl.org.uk Fri Jun 19 19:19:29 2009 From: adam-mailman at amyl.org.uk (Adam McGreggor) Date: Fri, 19 Jun 2009 18:19:29 +0100 Subject: [Mailman-Developers] should i be able to set a default accept_these_nonmembers? In-Reply-To: <4A3A8EE6.4010307@mcs.anl.gov> References: <4A3A8EE6.4010307@mcs.anl.gov> Message-ID: <20090619171929.GF12458@amyl.org.uk> On Thu, Jun 18, 2009 at 02:00:54PM -0500, Kenneth Raffenetti wrote: > I recently had a request to make it so a Mailman domain I had setup > would include a default set of email addresses in the > accept_these_nonmembers field of each list. I thought it was a > reasonable request as these people are responsible essentially all > things in that domain. Default.py and mm_cfg.py are not currently setup > to allow this. > > Does anyone think this is a reasonable feature request? Yes, and no. Yes, in that I can see some advantages/cases where it may be useful to this, but no for a couple of reasons/prejudices: (a) if something's worthy of a list's attention, the poster should have the courtesy to be a member of the list (assuming these are other people, not, say, functional aliases, or whatever); (b) i'd imagine this may be a case of cross-posting. Which infuriates me. (How about having one list for everyone that needs to be on it, and if appropriate send *those* list's messages to other lists?) In my instances, after creating new lists, i subscribe a series of address (+ trusted domains) to the list -- or rather my list-creating and configuring script does that for me (I like to do some customizations with withlist: and am quite lazy.). -- ``Odd things, animals. Dogs look up to you. Cats look down to you. Only pigs see you as an equal.'' (Churchill) From raffenet at mcs.anl.gov Mon Jun 22 17:24:21 2009 From: raffenet at mcs.anl.gov (Kenneth Raffenetti) Date: Mon, 22 Jun 2009 10:24:21 -0500 Subject: [Mailman-Developers] should i be able to set a default accept_these_nonmembers? In-Reply-To: <20090619171929.GF12458@amyl.org.uk> References: <4A3A8EE6.4010307@mcs.anl.gov> <20090619171929.GF12458@amyl.org.uk> Message-ID: <4A3FA225.5080006@mcs.anl.gov> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Adam McGreggor wrote: > On Thu, Jun 18, 2009 at 02:00:54PM -0500, Kenneth Raffenetti wrote: >> I recently had a request to make it so a Mailman domain I had setup >> would include a default set of email addresses in the >> accept_these_nonmembers field of each list. I thought it was a >> reasonable request as these people are responsible essentially all >> things in that domain. Default.py and mm_cfg.py are not currently setup >> to allow this. >> >> Does anyone think this is a reasonable feature request? > > Yes, and no. > > Yes, in that I can see some advantages/cases where it may be useful to > this, but no for a couple of reasons/prejudices: > > (a) if something's worthy of a list's attention, the poster > should have the courtesy to be a member of the list (assuming > these are other people, not, say, functional aliases, or > whatever); > (b) i'd imagine this may be a case of cross-posting. Which > infuriates me. (How about having one list for everyone that > needs to be on it, and if appropriate send *those* list's > messages to other lists?) > > In my instances, after creating new lists, i subscribe a series of > address (+ trusted domains) to the list -- or rather my list-creating > and configuring script does that for me (I like to do some > customizations with withlist: and am quite lazy.). > > I considered setting up a quick wrapper to do this from the command-line (in fact I did something similar to retroactively add addresses to all the lists), but that would only work for those of us using the CLI. We generally hand off list creation to our helpdesk staffers, whom we prefer use the web interface rather than give elevated privileges on the actual server. Ken -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAko/oiMACgkQvRJB9CBtvwgnsACffqbRrUwiAp9cmt68CtGMwkPc QBwAnizln783vkUslHzD9by0JK6+KxPZ =nw/R -----END PGP SIGNATURE----- From framstag at rus.uni-stuttgart.de Sun Jun 28 13:02:07 2009 From: framstag at rus.uni-stuttgart.de (Ulli Horlacher) Date: Sun, 28 Jun 2009 13:02:07 +0200 Subject: [Mailman-Developers] connecting F*EX and mailman Message-ID: <20090628110207.GG30240@fex.rus.uni-stuttgart.de> Perhaps you are interested: I have written a mailman authentification CGI for F*EX (Frams' Fast File Exchange http://fex.rus.uni-stuttgart.de/) The F*EX adminstrator can enable mailman mailing lists for using F*EX. The mailing list user then can use F*EX for sending arbitrary big files to any other user. You can see such a F*EX mailman authentification on http://fex.rus.uni-stuttgart.de:8080/mma -- Ullrich Horlacher Server- und Arbeitsplatzsysteme Rechenzentrum E-Mail: horlacher at rus.uni-stuttgart.de Universitaet Stuttgart Tel: ++49-711-685-65868 Allmandring 30 Fax: ++49-711-682357 70550 Stuttgart (Germany) WWW: http://www.rus.uni-stuttgart.de/