From Rose.Futchko at INFORMS.ORG Mon Oct 1 05:03:29 2012 From: Rose.Futchko at INFORMS.ORG (Futchko, Rose) Date: Sun, 30 Sep 2012 23:03:29 -0400 Subject: [Mailman-Users] {Spam?} RE: Question regarding SPAM In-Reply-To: References: <050C37C3BC21CC4483AC395BAFEC94E505D792D8@mail1.informs.org> Message-ID: <050C37C3BC21CC4483AC395BAFEC94E506287792@mail1.informs.org> Sapiro, Mark wrote: > Then again, how did the post reach the list in the first place. >>Non-member posts are discarded and you said the list is moderated which I think means that member posts are held for moderation, so how does a spam post get to the list? >>Does the list have some unmoderated members? If so, if a post contains one of these member addresses in any of a From:, Reply-To: or Sender: >>header or as the envelope sender, the post may be accepted (see the documentation for SENDER_HEADERS in Defaults.py). Not that I am aware of that setting or subscriber (over 2000) for that particular list. I saw email messages sent in the POSTFIX maillog to the individual from the spamfilter (spamassasin) that was installed to work with Postfix. Trying to work backwards, I have removed Spamassassin from Postfix and restarted. While not sure and do not have any proof, I wanted to eliminate this as a potential cause. One question: is there a report or command that I can run to see how many members where unsubscribed from any list on our Mailman service for a period of time. My reason is if this individual was unsubscribed, I am not sure how many other subscribers may have been lost. Therefore, I would like to reinstate all subscribers lost over the past two week period. Thank you, Rose From mark at msapiro.net Mon Oct 1 06:38:20 2012 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 30 Sep 2012 21:38:20 -0700 Subject: [Mailman-Users] {Spam?} RE: Question regarding SPAM In-Reply-To: <050C37C3BC21CC4483AC395BAFEC94E506287792@mail1.informs.org> References: <050C37C3BC21CC4483AC395BAFEC94E505D792D8@mail1.informs.org> <050C37C3BC21CC4483AC395BAFEC94E506287792@mail1.informs.org> Message-ID: <50691E3C.4070405@msapiro.net> On 9/30/2012 8:03 PM, Futchko, Rose wrote: > > One question: is there a report or command that I can run to see how > many members where unsubscribed from any list on our Mailman service for > a period of time. The information is in Mailman's bounce and subscribe logs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From geoff at QuiteLikely.com Mon Oct 1 19:46:08 2012 From: geoff at QuiteLikely.com (Geoff Shang) Date: Mon, 1 Oct 2012 19:46:08 +0200 (IST) Subject: [Mailman-Users] Mailman and Postfix-style Virtual Domains (not a problem, only a question!) In-Reply-To: <50684EBE.8030200@yahoo.de> References: <50684EBE.8030200@yahoo.de> Message-ID: On Sun, 30 Sep 2012, Norbert Aschendorff wrote: > I'm maintaining a server with Postfix and Mailman including > Postfix-style virtual domains. This works fine so far. > But is it normal that the creation of a list for a virtual subdomain > ($prefix/bin/newlist -e subdomain listname) not only creates entries in > $prefix/data/virtual-mailman, but also in the aliases file for the > "main" domain ($prefix/data/aliases)? I didn't find anything on the web, > there are only issues related to non-found hash DBs or missing virtual > domains etc. Yes, this is normal. Compare and contrast the following example from virtual-mailman staff at mintfm.net staff staff-admin at mintfm.net staff-admin staff-bounces at mintfm.net staff-bounces staff-confirm at mintfm.net staff-confirm staff-join at mintfm.net staff-join staff-leave at mintfm.net staff-leave staff-owner at mintfm.net staff-owner staff-request at mintfm.net staff-request staff-subscribe at mintfm.net staff-subscribe staff-unsubscribe at mintfm.net staff-unsubscribe with the equivalent from aliases: staff: "|/var/lib/mailman/mail/mailman post staff" staff-admin: "|/var/lib/mailman/mail/mailman admin staff" staff-bounces: "|/var/lib/mailman/mail/mailman bounces staff" staff-confirm: "|/var/lib/mailman/mail/mailman confirm staff" staff-join: "|/var/lib/mailman/mail/mailman join staff" staff-leave: "|/var/lib/mailman/mail/mailman leave staff" staff-owner: "|/var/lib/mailman/mail/mailman owner staff" staff-request: "|/var/lib/mailman/mail/mailman request staff" staff-subscribe: "|/var/lib/mailman/mail/mailman subscribe staff" staff-unsubscribe: "|/var/lib/mailman/mail/mailman unsubscribe staff" The first one maps from the actual Email address (including domain) to the alias for the list. The second points these aliases to the commands they actually need to run. > But in mailman-install.pdf which I used for the installation, there's > the following sentence: "Mailman?s support of virtual domains is limited > in that list names must be globally unique within a single Mailman > instance, i.e., two lists may not have the same name even if they are in > different domains." Right. If I made another staff list in a different domain, the stock Mailman would still point it to the alias "staff". > Is that related? Or am I doing something wrong? Providing you aren't wanting to make two lists with the same name in two different domains, you're doing just fine. Geoff. From mark at msapiro.net Mon Oct 1 22:00:08 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 1 Oct 2012 13:00:08 -0700 Subject: [Mailman-Users] Unable to create new list In-Reply-To: <5068308D.7070402@sixhop.net> Message-ID: Andreas Nitsche wrote: > >Can you tell me with which user this command gets executed? I had a look >at the aliases file: > >-rw-rw----. 1 mailman-zaubert.net nobody 2159 30. Sep 13:33 aliases >-rw-r-----. 1 mailman-zaubert.net nobody 49152 30. Sep 13:33 aliases.db These ownerships and permissions are wrong. Both files should be have group = Mailman's group for this instance (mailman-zaubert.net?), not group nobody, and aliases.db should be group writable. The owner of aliases.db must also be Mailman's group for this instance as it appears to be. The owner of aliases is immaterial. Usually is is the user who last created a list with newlist or the web server user. I don't know how these files got the ownership and permissions they have, but I think this is the issue. To answer your specigik question, the web create process runs with user = the web server user and group = Mailman's group for that instance. >I looked at the audit.log, because SELinux is enabled, but it's empty. Once you fix the above, you may run into SELinux issues, but the above needs to be fixed first. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Steven.Jones at vuw.ac.nz Tue Oct 2 04:22:16 2012 From: Steven.Jones at vuw.ac.nz (Steven Jones) Date: Tue, 2 Oct 2012 02:22:16 +0000 Subject: [Mailman-Users] recording mailman list changes. Message-ID: <833D8E48405E064EBC54C84EC6B36E40546E162F@STAWINCOX10MBX1.staff.vuw.ac.nz> Hi Does mailman record who and when settings were changed for a list? regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 From mark at msapiro.net Tue Oct 2 04:28:26 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 01 Oct 2012 19:28:26 -0700 Subject: [Mailman-Users] recording mailman list changes. In-Reply-To: <833D8E48405E064EBC54C84EC6B36E40546E162F@STAWINCOX10MBX1.staff.vuw.ac.nz> References: <833D8E48405E064EBC54C84EC6B36E40546E162F@STAWINCOX10MBX1.staff.vuw.ac.nz> Message-ID: <506A514A.7000901@msapiro.net> On 10/1/2012 7:22 PM, Steven Jones wrote: > > Does mailman record who and when settings were changed for a list? No. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From andi at sixhop.net Tue Oct 2 09:07:04 2012 From: andi at sixhop.net (Andreas Nitsche) Date: Tue, 02 Oct 2012 09:07:04 +0200 Subject: [Mailman-Users] Unable to create new list In-Reply-To: References: Message-ID: <506A9298.90806@sixhop.net> Hello Mark, thanks for your answer. I didn't see any SELinux issues, therefore I didn't thought it would be a SELinux issue. But since I turned off SELinux everything works fine with exactly this permissions. The thing is: while I have a setup for several domains and each of them has their own mailman instance I need to seperate the users. So the user for the domain zaubert.net is called mailman-zaubert.net. I compiled mailman with these settings. Even the webserver is running with this user. greetings Andi Am 01.10.12 22:00, schrieb Mark Sapiro: > Andreas Nitsche wrote: >> Can you tell me with which user this command gets executed? I had a look >> at the aliases file: >> >> -rw-rw----. 1 mailman-zaubert.net nobody 2159 30. Sep 13:33 aliases >> -rw-r-----. 1 mailman-zaubert.net nobody 49152 30. Sep 13:33 aliases.db > > These ownerships and permissions are wrong. Both files should be have > group = Mailman's group for this instance (mailman-zaubert.net?), not > group nobody, and aliases.db should be group writable. > > The owner of aliases.db must also be Mailman's group for this instance > as it appears to be. The owner of aliases is immaterial. Usually is is > the user who last created a list with newlist or the web server user. > > I don't know how these files got the ownership and permissions they > have, but I think this is the issue. > > To answer your specigik question, the web create process runs with user > = the web server user and group = Mailman's group for that instance. > > >> I looked at the audit.log, because SELinux is enabled, but it's empty. > > Once you fix the above, you may run into SELinux issues, but the above > needs to be fixed first. > From Chuck at WildRice.com Mon Oct 1 22:02:14 2012 From: Chuck at WildRice.com (Chuck Rice) Date: Mon, 1 Oct 2012 15:02:14 -0500 Subject: [Mailman-Users] Is there a way to strip incoming images and replace them with a link? Message-ID: <2BB9F320-387A-4A51-8AFE-E2A0F2E48936@WildRice.com> I am new to Mailman. I converted my lists from Surgemail to Mailman a week a go. I seem to have things running so far, but I have a question. If there is a place to read about this, Just point me to the correct document. I would like to find the spot in Mailman where incoming messages get stopped for moderation and remove all images from the post. But instead of just tossing them, and if the moderator approves them, I would like to save the image to a webserver directory and replace the image in the post with a link to the saved image. So my questions are: 1) Can this be done at all? 2) Can it be done safely? 3) Has it already been done? 4) Where should I focus my reading if I want to do it? Thanks for any pointers you can give me. -Chuck- From Ralf.Hildebrandt at charite.de Tue Oct 2 14:56:19 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 2 Oct 2012 14:56:19 +0200 Subject: [Mailman-Users] Is there a way to strip incoming images and replace them with a link? In-Reply-To: <2BB9F320-387A-4A51-8AFE-E2A0F2E48936@WildRice.com> References: <2BB9F320-387A-4A51-8AFE-E2A0F2E48936@WildRice.com> Message-ID: <20121002125619.GF16275@charite.de> * Chuck Rice : > > I am new to Mailman. I converted my lists from Surgemail to Mailman a week a go. I seem to have things running so far, but I have a question. If there is a place to read about this, Just point me to the correct document. > > I would like to find the spot in Mailman where incoming messages get stopped for moderation and remove all images from the post. But instead of just tossing them, and if the moderator approves them, I would like to save the image to a webserver directory and replace the image in the post with a link to the saved image. > > So my questions are: > > 1) Can this be done at all? Yes > 2) Can it be done safely? Yes > 3) Has it already been done? Yes > 4) Where should I focus my reading if I want to do it? Non-Digest options -> scrub_nondigest -> Yes From mark at msapiro.net Tue Oct 2 15:00:30 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 02 Oct 2012 06:00:30 -0700 Subject: [Mailman-Users] Is there a way to strip incoming images and replace them with a link? In-Reply-To: <2BB9F320-387A-4A51-8AFE-E2A0F2E48936@WildRice.com> References: <2BB9F320-387A-4A51-8AFE-E2A0F2E48936@WildRice.com> Message-ID: <188feff8-c4fe-4b5b-89b5-e360e491286b@email.android.com> Chuck Rice wrote: > >I would like >to save the image to a webserver directory and replace the image in the >post with a link to the saved image. See the web admin interface Non-digest options -> scrub_nondigest. -- Mark Sapiro Sent from my Android phone with K-9 Mail. Please excuse my brevity. From norbert.aschendorff at yahoo.de Tue Oct 2 17:10:38 2012 From: norbert.aschendorff at yahoo.de (Norbert Aschendorff) Date: Tue, 02 Oct 2012 17:10:38 +0200 Subject: [Mailman-Users] Mailman and Postfix-style Virtual Domains (not a problem, only a question!) In-Reply-To: References: <50684EBE.8030200@yahoo.de> Message-ID: <506B03EE.1080807@yahoo.de> Thanks. I did not notice this mappings. :) --Norbert From cwieland at uci.edu Tue Oct 2 20:18:44 2012 From: cwieland at uci.edu (Con Wieland) Date: Tue, 2 Oct 2012 11:18:44 -0700 Subject: [Mailman-Users] more prune_arch errors In-Reply-To: <50646239.1000704@msapiro.net> References: <50646239.1000704@msapiro.net> Message-ID: back at trying this. I now get: ./prune_arch -l mgsa-l -d 1095 -bpnv Processing mgsa-l mailbox Traceback (most recent call last): File "./prune_arch", line 191, in ? main() File "./prune_arch", line 156, in main mdate = mktime_tz(parsedate_tz(msg['date'])) File "/usr/local/mailman/pythonlib/email/_parseaddr.py", line 140, in mktime_tz if data[9] is None: TypeError: unsubscriptable object thanks for the help con On Sep 27, 2012, at 7:27 AM, Mark Sapiro wrote: > I have updated the scripts at > and > again. The script > will now skip unparseable messages and messages with missing or > unparseable Date: headers and report the same. > > It only reports the sequence number of the message in the mbox, but if > you run the script with the -b or --backup option, you can find the > skipped message(s) in the listname.mbox.bak file with something like > > grep "^From " listname.mbox.bak | grep -n . | grep ^xxx: > > where xxx is the sequence number of a skipped message. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman-users/cwieland%40uci.edu From dap1 at bellsouth.net Wed Oct 3 01:06:32 2012 From: dap1 at bellsouth.net (Dennis Putnam) Date: Tue, 02 Oct 2012 19:06:32 -0400 Subject: [Mailman-Users] Automate Moderator Functions In-Reply-To: References: Message-ID: <506B7378.60105@bellsouth.net> I am getting back to this and I have a question about maintenance. What is the correct way to modify this so that it will not get destroyed by updates? Also does this same procedure apply to other automatic rejections such as implicit destination? Thanks. On 9/24/2012 8:43 PM, Mark Sapiro wrote: > Dennis Putnam wrote: >> The same might be true for >> exceeding the size limit. > > To automatically reject or discard messages that exceed the list's size > limit, find the section of the Mailman/Handlers/Hold.py that ends with > the lines > > > if bodylen/1024.0 > mlist.max_message_size: > hold_for_approval(mlist, msg, msgdata, > MessageTooBig(bodylen, > mlist.max_message_size)) > # no return > > (there is one wrapped line in the above) and replace > > hold_for_approval(mlist, msg, msgdata, > MessageTooBig(bodylen, > mlist.max_message_size)) > > with > > rej = MessageTooBig(bodylen, mlist.max_message_size)) > raise Errors.RejectMessage, rej.reason_notice > > to reject the message or with > > raise Errors.DiscardMessage > > to discard the message. Note that this will not honor the list's > forward_auto_discards setting. to do that you would need to put > > from Mailman.Handlers.Moderate import do_discard > > with the other imports near the beginning of the > Mailman.Handlers.hold.py module and then replace the lines with > > do_discard(mlist, msg) > > If you are actually going to do any of the above, I suggest you also > put the following in mm_cfg.py for the stated reason > > # > # Put MimeDel ahead of Hold so "too big" is based on content filtered > # message. > # > GLOBAL_PIPELINE.remove('MimeDel') > GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') > > > Instead of modifying Hold.py, you could make a custom handler (see > ) to deal with oversized messages and put > it ahead of Hold in the pipeline or possibly just replace Hold.py with > a custom version. > -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 257 bytes Desc: OpenPGP digital signature URL: From mark at msapiro.net Wed Oct 3 02:20:09 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Oct 2012 17:20:09 -0700 Subject: [Mailman-Users] more prune_arch errors In-Reply-To: Message-ID: Con Wieland wrote: >back at trying this. I now get: > >./prune_arch -l mgsa-l -d 1095 -bpnv >Processing mgsa-l mailbox >Traceback (most recent call last): > File "./prune_arch", line 191, in ? > main() > File "./prune_arch", line 156, in main > mdate =3D mktime_tz(parsedate_tz(msg['date'])) > File "/usr/local/mailman/pythonlib/email/_parseaddr.py", line 140, in = >mktime_tz > if data[9] is None: >TypeError: unsubscriptable object You do not have the latest version of the script. The version I installed on my web site on Sept 27 at 06:52 PDT (before posting the message you quote) catches and displays information about this exception. Either you got the script before that or you got an older, browser cached version. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Oct 3 02:46:20 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 2 Oct 2012 17:46:20 -0700 Subject: [Mailman-Users] Automate Moderator Functions In-Reply-To: <506B7378.60105@bellsouth.net> Message-ID: Dennis Putnam wrote: > >I am getting back to this and I have a question about maintenance. What >is the correct way to modify this so that it will not get destroyed by >updates? There are two ways to proceed. You can modify Mailman/Handlers/Hold.py itself, but before overwriting it, make a "diff -u" between the base Hold.py and your modified version to use as a patch to apply after any upgrade. A better way is to leave Hold.py unchanged and make your own edited version as say Mailman/Handlers/MyHold.py. Then you can replace the base Hold.py Module with your MyHold.py by putting GLOBAL_PIPELINE[GLOBAL_PIPELINE.index('Hold')] = 'MyHold' in mm_cfg.py. Note that if you are going to do this, and you want also to move MimeDel before Hold, you must either put the above line after the lines GLOBAL_PIPELINE.remove('MimeDel') GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') in mm_cfg.py or put it before, but then also change GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') to GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('MyHold'), 'MimeDel') I recommend the former as in # # Put MimeDel ahead of Hold so "too big" is based on content filtered # message. # GLOBAL_PIPELINE.remove('MimeDel') GLOBAL_PIPELINE.insert(GLOBAL_PIPELINE.index('Hold'), 'MimeDel') # # Replace Hold with local version # GLOBAL_PIPELINE[GLOBAL_PIPELINE.index('Hold')] = 'MyHold' Since mm_cfg.py survives upgrades, this should survive. >Also does this same procedure apply to other automatic rejections such >as implicit destination? >On 9/24/2012 8:43 PM, Mark Sapiro wrote: >> >> To automatically reject or discard messages that exceed the list's size >> limit, find the section of the Mailman/Handlers/Hold.py that ends with >> the lines >> >> >> if bodylen/1024.0 > mlist.max_message_size: >> hold_for_approval(mlist, msg, msgdata, >> MessageTooBig(bodylen, >> mlist.max_message_size)) >> # no return >> >> (there is one wrapped line in the above) and replace >> >> hold_for_approval(mlist, msg, msgdata, >> MessageTooBig(bodylen, >> mlist.max_message_size)) >> >> with >> >> rej = MessageTooBig(bodylen, mlist.max_message_size)) >> raise Errors.RejectMessage, rej.reason_notice >> >> to reject the message or with >> >> raise Errors.DiscardMessage >> >> to discard the message. Note that this will not honor the list's >> forward_auto_discards setting. to do that you would need to put >> >> from Mailman.Handlers.Moderate import do_discard >> >> with the other imports near the beginning of the >> Mailman.Handlers.hold.py module and then replace the lines with >> >> do_discard(mlist, msg) Yes, similar changes would apply to other holds in Hold.py. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Oct 3 03:08:42 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 02 Oct 2012 18:08:42 -0700 Subject: [Mailman-Users] Unable to create new list In-Reply-To: <506A9298.90806@sixhop.net> References: <506A9298.90806@sixhop.net> Message-ID: <506B901A.3020004@msapiro.net> On 10/2/2012 12:07 AM, Andreas Nitsche wrote: > Hello Mark, > > But since I turned off > SELinux everything works fine with exactly this permissions. The thing > is: while I have a setup for several domains and each of them has their > own mailman instance I need to seperate the users. So the user for the > domain zaubert.net is called mailman-zaubert.net. I compiled mailman > with these settings. Even the webserver is running with this user. It only works with the permissions you have because this instance of the web server is running as the Mailman user. It really should be controlled by group. See . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dap1 at bellsouth.net Thu Oct 4 19:37:06 2012 From: dap1 at bellsouth.net (Dennis Putnam) Date: Thu, 04 Oct 2012 13:37:06 -0400 Subject: [Mailman-Users] Suspend a Subscriber Message-ID: <506DC942.4050703@bellsouth.net> Is there a way to suspend or otherwise prevent a subscriber from posting to a list and send a notice of same, without actually unsubscribing and officially banning them? Suppose I have a user that is abusing a list rule. I don't want to ban them yet but I want them to be forced to contact the list owner in order to be reinstated. I know I can add them to the ban list, but what happens to their subscription settings? Are they also automatically unsubscribed or do they just get a banned message when they post while the subscription information remains in tact? TIA. -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 257 bytes Desc: OpenPGP digital signature URL: From brad at fineby.me.uk Thu Oct 4 20:12:04 2012 From: brad at fineby.me.uk (Brad Rogers) Date: Thu, 4 Oct 2012 19:12:04 +0100 Subject: [Mailman-Users] Suspend a Subscriber In-Reply-To: <506DC942.4050703@bellsouth.net> References: <506DC942.4050703@bellsouth.net> Message-ID: <20121004191204.2a9a900d@abydos.stargate.org.uk> On Thu, 04 Oct 2012 13:37:06 -0400 Dennis Putnam wrote: Hello Dennis, >Is there a way to suspend or otherwise prevent a subscriber from posting Put them on 'moderation', which means all their posts have to be approved before they go out to the list. I know that means work, but you could just ignore them or simply discard them. >to a list and send a notice of same, without actually unsubscribing and IDK whether mailman notifies the user that they're on moderation, but you only need send that message to them once. At the same time, you can ask them to explain their actions, and what they're going to do about getting back in to good standing. Personally, if they've been persistently breaking the rules, I'd ban 'em anyway. It's not likely they're going to change, despite your previous warnings. -- Regards _ / ) "The blindingly obvious is / _)rad never immediately apparent" I hit the ground, boy have I arrived! The History Of The World (Part 1) - The Damned -------------- next part -------------- A non-text attachment was scrubbed... Name: signature.asc Type: application/pgp-signature Size: 490 bytes Desc: not available URL: From stephen at xemacs.org Fri Oct 5 04:21:39 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri, 05 Oct 2012 11:21:39 +0900 Subject: [Mailman-Users] Suspend a Subscriber In-Reply-To: <506DC942.4050703@bellsouth.net> References: <506DC942.4050703@bellsouth.net> Message-ID: <87y5jlk6a4.fsf@uwakimon.sk.tsukuba.ac.jp> Dennis Putnam writes: > Is there a way to suspend or otherwise prevent a subscriber from posting > to a list and send a notice of same, without actually unsubscribing and > officially banning them? 1. In the Membership page, set the member to moderated. 2. In the Privacy | Sender Filters page, set the member_moderation_action to "Reject" (*not* "Discard"). 3. Edit the member_moderation_notice to taste. You cannot make the notice itself member-specific (although it can be personalized with the usual %(variable) substitutions I suppose), so make sure it is generic enough to cover all the cases that you envision. The contact for reinstatement requests should probably not be a personal address. The LIST-owner address is a good candidate. This is totally automatic, and the ball stays in their court. Alternatively (suggested elsewhere, repeated here for completeness), 2'. Set member_moderation_action to "Hold". 3'. N/A (I don't know any way to change the standard hold notice). In this case, you will (1) need to review the post in the moderation page, and (2) directly contact the member regarding the possibility of disabling moderation for them (see 3', above). Personally, I favor the totally automatic method for a truly abusive member, as it sends a stronger message. I also use "Hold"-style moderation, but this is more for a situation where several members each feel the need to have the last word on some topic (typically an off-topic :-). If I'm in doubt about whether the member is truly abusive or just unclear about the rules, I use Hold and engage them off-list. I only give one warning, though. In the rare case that I need to do both, that sucks, but I just use Hold and then manually reject the abuser, cutting and pasting the automatic reject message. Obviously this is pretty staff-intensive; I wouldn't want to do it if I were supervising a lot of lists with random memberships. Most of my lists are quite cohesive, though, so any of the above is pretty unusual. > I know I can add them to the ban list, but what happens to their > subscription settings? Are they also automatically unsubscribed or > do they just get a banned message when they post while the > subscription information remains in tact? TIA. AFAIK, "ban" means "ban". They are unsubscribed and prevented from resubscribing. This is a last resort. If the list is open-subscription, banning is not very effective for hardened miscreants; they just get a throwaway address at hotmail and start in again. HTH, Steve From mark at msapiro.net Fri Oct 5 04:47:52 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 4 Oct 2012 19:47:52 -0700 Subject: [Mailman-Users] Suspend a Subscriber In-Reply-To: <87y5jlk6a4.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: Stephen J. Turnbull wrote: > >AFAIK, "ban" means "ban". They are unsubscribed and prevented from >resubscribing. This is a last resort. The ban_list has no effect whatsoever on current list members unless and until they request an address change or unsubscribe and attempt to resubscribe. It has no effect on posting. The ban_list only affects invitations, subscriptions and changes of address. That's why it's under Privacy options... -> Subscription rules. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From fmouse-mailman at fmp.com Fri Oct 5 04:43:23 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Thu, 04 Oct 2012 21:43:23 -0500 Subject: [Mailman-Users] List moving and renaming Message-ID: <1349405003.14396.8.camel@indra.fmp.com> I'm both moving and renaming a customer's list. The list's current name resembles frobniz at lists.fmp.com. After the move, on the new Mailman installation, it will be called something like fblist at frobniz.com. Forwarding mail addressed to the old list to the new list address is no problem. The list administrator will announce to the subscribers that the list's name will change, but there will inevitably be subscribers who will miss the announcement and send mail to the old list address. Will Mailman on the new server reject redirected email if addressed to the old list name, even if the sender's address is in the subscriber list? If so, is there any way to get around this? -- Lindsay Haisley | "We have met the enemy and he is us." FMP Computer Services | 512-259-1190 | -- Pogo http://www.fmp.com | From mark at msapiro.net Fri Oct 5 04:58:22 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 04 Oct 2012 19:58:22 -0700 Subject: [Mailman-Users] List moving and renaming In-Reply-To: <1349405003.14396.8.camel@indra.fmp.com> References: <1349405003.14396.8.camel@indra.fmp.com> Message-ID: <506E4CCE.6050206@msapiro.net> On 10/4/2012 7:43 PM, Lindsay Haisley wrote: > > Will Mailman on > the new server reject redirected email if addressed to the old list > name, even if the sender's address is in the subscriber list? If so, is > there any way to get around this? Mailman will hold the post for moderator action if Privacy options... -> Recipient filters -> require_explicit_destination is Yes and the old address is not in acceptable_aliases. If require_explicit_destination is No or the old list posting address is in acceptable_aliases, Mailman will will not hold the post for this reason. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From nobozo at gmail.com Thu Oct 4 23:02:22 2012 From: nobozo at gmail.com (Jon Forrest) Date: Thu, 04 Oct 2012 14:02:22 -0700 Subject: [Mailman-Users] Using Google Search Appliance With Mailman Archives? Message-ID: <506DF95E.1010705@gmail.com> I'm in the process of migrating from ezmlm to mailman. So far everything is working great. I've even been able to migrate ezmlm list archives to mailman so that I can see the messages via the mailman web interface. One of the goals of this migration is to be able to use a Google Search Appliance to search the list archives. What I've found is that the archive for each list is in /var/lib/mailman/archives/private/listname, and in this directory are 1) a directory for each month containing the messages submitted during the month in HTML format. 2) a file for each month containing all the messages for the month in text format concatenated together. I'm trying to figure out the best way to search the archive with a GSA. I'm worried that if I search #1 I'll find what I want but it will be in HTML format which won't be very easy to read. If I search #2 I'll find what I want but I'll see the whole file, which will also contain a bunch of stuff I'm not looking for. Has anybody worked through these issues with a GSA? I'd be interested in hearing how you did it. Cordially, Jon Forrest From jdanield at free.fr Fri Oct 5 09:32:22 2012 From: jdanield at free.fr (jdanield) Date: Fri, 05 Oct 2012 09:32:22 +0200 Subject: [Mailman-Users] include eml files in archive Message-ID: <506E8D06.2020109@free.fr> Hello, Due to my error, I lost several month of mailing list archives. One of my subscribers sent me the hole lost files in eml format (individual mails). Is there a way to add this to the mailman archives? (at least as html pages, I could insert manually)? thanks jdd -- http://dodin.org From mark at msapiro.net Fri Oct 5 17:30:00 2012 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 5 Oct 2012 08:30:00 -0700 Subject: [Mailman-Users] include eml files in archive In-Reply-To: <506E8D06.2020109@free.fr> Message-ID: jdanield wrote: > >Is there a way to add this to the mailman archives? >(at least as html pages, I could insert manually)? Did you also lose the archives/private/LISTNAME.mbox/LISTNAME.mbox file, or did you perhaps lose archives by having turned off archiving? If your archives/private/LISTNAME.mbox/LISTNAME.mbox file is complete, you could just rebuild the archive with Mailman's "bin/arch --wipe LISTNAME". Otherwise, you could concatenate the .eml files, adding "From " separators to make an mbox format file and process that with "bin/arch LISTNAME /path/to/mbox/file" to add the messages to the archive. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Oct 5 17:49:36 2012 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 5 Oct 2012 08:49:36 -0700 Subject: [Mailman-Users] Using Google Search Appliance With Mailman Archives? In-Reply-To: <506DF95E.1010705@gmail.com> Message-ID: Jon Forrest wrote: >What I've found is that the archive for >each list is in /var/lib/mailman/archives/private/listname, >and in this directory are > > 1) a directory for each month containing the messages > submitted during the month in HTML format. > > 2) a file for each month containing all the messages > for the month in text format concatenated together. > >I'm trying to figure out the best way to search the archive >with a GSA. I'm worried that if I search #1 I'll find what >I want but it will be in HTML format which won't be very >easy to read. Actually, the message portion of an HTML archive file is just plain text surrounded by

tags so it is easy to read. >Has anybody worked through these issues with a GSA? I'd be >interested in hearing how you did it. Not with a GSA, but see the FAQs at and . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From jdanield at free.fr Fri Oct 5 18:39:21 2012 From: jdanield at free.fr (jdd) Date: Fri, 05 Oct 2012 18:39:21 +0200 Subject: [Mailman-Users] include eml files in archive In-Reply-To: References: Message-ID: <506F0D39.1030302@free.fr> Le 05/10/2012 17:30, Mark Sapiro a ?crit : > jdanield wrote: >> Is there a way to add this to the mailman archives? >> (at least as html pages, I could insert manually)? > > Did you also lose the archives/private/LISTNAME.mbox/LISTNAME.mbox > file, or did you perhaps lose archives by having turned off archiving? yes in fact I lost the server and had to reinstall from old backup :-( > Otherwise, you could concatenate the .eml files, adding "From " > separators to make an mbox format file and process that with "bin/arch > LISTNAME /path/to/mbox/file" to add the messages to the archive. > I will try this, thanks jdd -- http://dodin.org From shirishag75 at gmail.com Fri Oct 5 10:04:29 2012 From: shirishag75 at gmail.com (=?UTF-8?B?c2hpcmlzaCDgpLbgpL/gpLDgpYDgpLc=?=) Date: Fri, 5 Oct 2012 13:34:29 +0530 Subject: [Mailman-Users] GNU Mailman, admins and passwords Message-ID: Hi all, Newbie on the list. First of all thank you for making GNU Mailman and making prospective mods. and admins life easier. Secondly, please CC me if somebody answers to this query as I have stopped mail delivery from the list (Mailman can simply deluge my inbox as it has quite some activity) as well as I am subscribed to too many lists (where also I have done the above), the idea being to limit intake wherever I can. I am also not a python geek but have played a bit with python. Am comfortable on console/terminal. Anyways, onto the query/issue. Recently on one of the mailing lists I have been upgraded to adminship on one of the mailing lists . While I understand that being an administrator means you have earned the trust of fellow admins. I also saw that all the admins share a common password for admin purposes. If one of the admins. does something naughty/mischievous thing I assume it could be found out by the IP Address and if some event escalates then do tracing of of as to who had the IP Address at that point in time. Internally I feel it *probably* uses either a cookie/token or something like that but have no idea what it does. What I want to know if administrators can have some sort of own unique passwords which Mailman can authenticate as to who took what steps ? I looked up both the archives and the wiki to see if something similar was asked before but somehow wasn't able to get any clear answers. I got the following results but they seem to be different and unsatisfactory :- https://www.gnu.org/software/mailman/site.html http://www.mail-archive.com/mailman-users at python.org/msg50419.html I also looked up the wiki but ended up none the wiser . Looking forward to help or/and direction in this regard. -- Regards, Shirish Agarwal ????? ??????? My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 From tengai650 at gmail.com Sat Oct 6 01:34:49 2012 From: tengai650 at gmail.com (Patrick) Date: Fri, 5 Oct 2012 16:34:49 -0700 Subject: [Mailman-Users] Upgrade from 2.1.14-1 to 2.1.15 - Authorization failed. Message-ID: Hello, I?m in the process of upgrading a mailman 2.1.14-1 installation to a 2.1.15 installation. Basically I have a 2.1.14 and 2.1.15 in their own folders and created a symbolic link to name ?mailman? when switching between the two. In addition I?ve centralized my ?archives? and ?lists? folders and have symbolic links in the 2.1.14 and 2.1.15 folders to share these folders. When I attempt to login to a private list using 2.1.14 I?m able to get to the list with my password. However, if I switch over to 2.1.15 I get an ?Authorization failed.? error. Interestingly on my test machine I have an identical configuration, just the host name is different. And switch between 2.1.14 & 2.1.15 do not get the ?Authorization failed.? error. Anyone have any idea in what I might check to resolve this error with the password? thanks, Patrick From ddodell at mac.com Mon Oct 8 01:34:11 2012 From: ddodell at mac.com (David Dodell) Date: Sun, 07 Oct 2012 16:34:11 -0700 Subject: [Mailman-Users] Virtual Domain Hosting Message-ID: <1CEBE1E0-3979-4631-9BDB-A996EA2B26A2@mac.com> I finally have Mailman working well on my OSX box ... as long as the domain I'm hosting the list is the main one for the box. I setup a testlist today under the name virtualtest at virtualdomain.org I host virtualdomain.org on my box. However, when mail is sent to virtualtest at virtualdomain.org; it is rejected as an unknown user. Do I need to do something in postfix to get mailman to recognize these when the mailman list is virtual? Thanks David From mark at msapiro.net Mon Oct 8 05:44:55 2012 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 7 Oct 2012 20:44:55 -0700 Subject: [Mailman-Users] Virtual Domain Hosting In-Reply-To: <1CEBE1E0-3979-4631-9BDB-A996EA2B26A2@mac.com> Message-ID: David Dodell wrote: > >Do I need to do something in postfix to get mailman to recognize these when the mailman list is virtual? See . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Oct 8 06:12:49 2012 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 07 Oct 2012 21:12:49 -0700 Subject: [Mailman-Users] GNU Mailman, admins and passwords In-Reply-To: References: Message-ID: <507252C1.1070204@msapiro.net> On 10/5/2012 1:04 AM, shirish ????? wrote: > > Secondly, please CC > me if somebody answers to this query as I have stopped mail delivery > from the list. Then you should read the list archives on the web to see your post and any replies. Some people Cc the poster routinely for various reasons, and some do not, but you don't need to ask people do do things they wouldn't ordinarily do when there is a simple alternative. > What I want to know if administrators can have some sort of own unique > passwords which Mailman can authenticate as to who took what steps ? Not in Mailman 2.1, but this will be the case in Mailman 3, at least the unique password part. > I > looked up both the archives and the wiki to see if something similar > was asked before but somehow wasn't able to get any clear answers. > > I got the following results but they seem to be different and unsatisfactory :- > > https://www.gnu.org/software/mailman/site.html I don't know to which specific part of this you are referring. > http://www.mail-archive.com/mailman-users at python.org/msg50419.html The author of this post is confused. One can authenticate for private archive access with the list admin password and any or no email address (the email address is ignored for authentication via the list admin password unless the admin password is coincidentally the same as the member password for the provided email address), but members authenticate with their own email address and member password. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Oct 8 06:17:10 2012 From: mark at msapiro.net (Mark Sapiro) Date: Sun, 07 Oct 2012 21:17:10 -0700 Subject: [Mailman-Users] Upgrade from 2.1.14-1 to 2.1.15 - Authorization failed. In-Reply-To: References: Message-ID: <507253C6.4090403@msapiro.net> On 10/5/2012 4:34 PM, Patrick wrote: > > When I attempt to login to a private list using 2.1.14 I?m able to get > to the list with my password. > > However, if I switch over to 2.1.15 I get an ?Authorization failed.? error. > > Interestingly on my test machine I have an identical configuration, > just the host name is different. And switch between 2.1.14 & 2.1.15 do > not get the ?Authorization failed.? error. > > Anyone have any idea in what I might check to resolve this error with > the password? Look at the action URL in the form tag on the login page. Is it what you expect? is it a URL that is redirected in your web server? See the FAQs at and . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From shirishag75 at gmail.com Mon Oct 8 16:45:10 2012 From: shirishag75 at gmail.com (=?UTF-8?B?c2hpcmlzaCDgpLbgpL/gpLDgpYDgpLc=?=) Date: Mon, 8 Oct 2012 20:15:10 +0530 Subject: [Mailman-Users] GNU Mailman, admins and passwords In-Reply-To: <507252C1.1070204@msapiro.net> References: <507252C1.1070204@msapiro.net> Message-ID: in-line :- On Mon, Oct 8, 2012 at 9:42 AM, Mark Sapiro wrote: > On 10/5/2012 1:04 AM, shirish ????? wrote: >> >> Secondly, please CC >> me if somebody answers to this query as I have stopped mail delivery >> from the list. > > > Then you should read the list archives on the web to see your post and > any replies. Some people Cc the poster routinely for various reasons, > and some do not, but you don't need to ask people do do things they > wouldn't ordinarily do when there is a simple alternative. Hi all, Thank you first of all Mark for taking time to answer my queries. I do note your point but my experience has been the above works (most of the time) . It is a compromise but then we all have only so much time that can be used between competing interests and I found out that the above works for me. >> What I want to know if administrators can have some sort of own unique >> passwords which Mailman can authenticate as to who took what steps ? > > > Not in Mailman 2.1, but this will be the case in Mailman 3, at least the > unique password part. Cool, looking forward to it. >> I >> looked up both the archives and the wiki to see if something similar >> was asked before but somehow wasn't able to get any clear answers. >> >> I got the following results but they seem to be different and unsatisfactory :- >> >> https://www.gnu.org/software/mailman/site.html > > > I don't know to which specific part of this you are referring. > > >> http://www.mail-archive.com/mailman-users at python.org/msg50419.html > My apologies here. I guess I forgot to clarify what I had done. I tried looking for the query framed as 'unique listadmin password' both on the wiki as well http://www.mail-archive.com/mailman-users at python.org/ search function to see if some prior discussions had taken before on the same/similar topic but did not get any exact results. The only remotely similar email I got was the link I shared before :- http://www.mail-archive.com/mailman-users at python.org/msg50419.html > The author of this post is confused. One can authenticate for private > archive access with the list admin password and any or no email address > (the email address is ignored for authentication via the list admin > password unless the admin password is coincidentally the same as the > member password for the provided email address), but members > authenticate with their own email address and member password. I do know the difference between authenticating as a member and as an admin but as already answered the feature I'm looking for is coming in MM 3. Thank you once again. > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan -- Regards, Shirish Agarwal ????? ??????? My quotes in this email licensed under CC 3.0 http://creativecommons.org/licenses/by-nc/3.0/ http://flossexperiences.wordpress.com 065C 6D79 A68C E7EA 52B3 8D70 950D 53FB 729A 8B17 From mark at msapiro.net Tue Oct 9 03:37:57 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 08 Oct 2012 18:37:57 -0700 Subject: [Mailman-Users] GNU Mailman, admins and passwords In-Reply-To: References: <507252C1.1070204@msapiro.net> Message-ID: <50737FF5.4090608@msapiro.net> On 10/8/2012 7:45 AM, shirish ????? wrote: > in-line :- > > On Mon, Oct 8, 2012 at 9:42 AM, Mark Sapiro wrote: >> >> Then you should read the list archives on the web to see your post and >> any replies. Some people Cc the poster routinely for various reasons, >> and some do not, but you don't need to ask people do do things they >> wouldn't ordinarily do when there is a simple alternative. > > Hi all, > Thank you first of all Mark for taking time to answer my queries. I do > note your point but my experience has been the above works (most of > the time) . It is a compromise but then we all have only so much time > that can be used between competing interests and I found out that the > above works for me. Do you understand what I'm saying above? I am not saying that you should not set your subscription to "no mail". I am saying that if you make this choice, you should not place the burden of this choice upon others by asking them to Cc you on replies. You should assume the burden of this choice yourself by reading replies in the list's archives. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From stephen at xemacs.org Tue Oct 9 05:11:46 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Tue, 09 Oct 2012 12:11:46 +0900 Subject: [Mailman-Users] GNU Mailman, admins and passwords In-Reply-To: <50737FF5.4090608@msapiro.net> References: <507252C1.1070204@msapiro.net> <50737FF5.4090608@msapiro.net> Message-ID: <87d30s8hl9.fsf@uwakimon.sk.tsukuba.ac.jp> Mark Sapiro writes: > Do you understand what I'm saying above? > > I am not saying that you should not set your subscription to "no mail". > I am saying that if you make this choice, you should not place the > burden of this choice upon others by asking them to Cc you on replies. > You should assume the burden of this choice yourself by reading replies > in the list's archives. Note that it's not just a burden, but has a potentially large benefit. I don't know how many of us oldtimers are left, but such requests used to be widely considered extremely rude, and posters who made them were often (silently!) ignored or given greatly reduced priority by the most experienced and knowledgable members. From walter at psybernet.co.nz Tue Oct 9 23:11:17 2012 From: walter at psybernet.co.nz (Walter Logeman) Date: Wed, 10 Oct 2012 10:11:17 +1300 Subject: [Mailman-Users] Archives stopped being created Message-ID: Hi All I looked at the archives for an active group we have and they stopped in Julyou. The archives were set to yearly but appear to now show a monthly view. Any ideas? Cheers, Walter From mark at msapiro.net Tue Oct 9 23:21:45 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 9 Oct 2012 14:21:45 -0700 Subject: [Mailman-Users] Archives stopped being created In-Reply-To: Message-ID: Walter Logeman wrote: > >I looked at the archives for an active group we have and they stopped in Julyou. > >The archives were set to yearly but appear to now show a monthly view. > >Any ideas? Check the list's Archiving Options settings. If that doesn't solve your issue, make sure ArchRunner is running and check Mailman's error and qrunner logs. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From tengai650 at gmail.com Thu Oct 11 01:29:34 2012 From: tengai650 at gmail.com (Patrick) Date: Wed, 10 Oct 2012 16:29:34 -0700 Subject: [Mailman-Users] Upgrade from 2.1.14-1 to 2.1.15 - Authorization failed. In-Reply-To: <507253C6.4090403@msapiro.net> References: <507253C6.4090403@msapiro.net> Message-ID: > Look at the action URL in the form tag on the login page. Is it what you > expect? Yes, it is correct. A fully qualified name. Apache is not doing any redirection. I've tried: $prefix/bin/withlist -l -r fix_url listname and arch --wipe listname Can you please point to what .py file and section I might add some debug output so I might better understand what's being evaluated to cause a "Authorization failed" error? Thanks! On Sun, Oct 7, 2012 at 9:17 PM, Mark Sapiro wrote: > On 10/5/2012 4:34 PM, Patrick wrote: >> >> When I attempt to login to a private list using 2.1.14 I?m able to get >> to the list with my password. >> >> However, if I switch over to 2.1.15 I get an ?Authorization failed.? error. >> >> Interestingly on my test machine I have an identical configuration, >> just the host name is different. And switch between 2.1.14 & 2.1.15 do >> not get the ?Authorization failed.? error. >> >> Anyone have any idea in what I might check to resolve this error with >> the password? > > > Look at the action URL in the form tag on the login page. Is it what you > expect? is it a URL that is redirected in your web server? See the FAQs > at and . > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > From mark at msapiro.net Thu Oct 11 02:05:22 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 10 Oct 2012 17:05:22 -0700 Subject: [Mailman-Users] Upgrade from 2.1.14-1 to 2.1.15 - Authorization failed. In-Reply-To: References: <507253C6.4090403@msapiro.net> Message-ID: <50760D42.9030004@msapiro.net> On 10/10/2012 4:29 PM, Patrick wrote: > > I've tried: [...] > > arch --wipe listname This wouldn't help as the "Authorization failed" error occurs before any attempt has been made to access the archive files. > Can you please point to what .py file and section I might add some > debug output so I might better understand what's being evaluated to > cause a "Authorization failed" error? In Mailman/Cgi/private.py, look for the following lines: if not mlist.WebAuthenticate((mm_cfg.AuthUser, mm_cfg.AuthListModerator, mm_cfg.AuthListAdmin, mm_cfg.AuthSiteAdmin), password, username): if cgidata.has_key('submit'): # This is a re-authorization attempt message = Bold(FontSize('+1', _('Authorization failed.'))).Format() # give an HTTP 401 for authentication failure print 'Status: 401 Unauthorized' and change the single line (wrapped here) message = Bold(FontSize('+1', _('Authorization failed.'))).Format() to the three lines message = Bold(FontSize('+1', _("""Authorization failed. User = '%(username)s'; Password = '%(password)s'"""))).Format() This will display the Email address and Password being validated. If you think the password, and Email address if the context is for a list member, should be valid as a list member, moderator, owner or site admin, look at the WebAuthenticate method in Mailman/SecurityManager.py. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From pvantony at singnet.com.sg Thu Oct 11 09:23:14 2012 From: pvantony at singnet.com.sg (P.V.Anthony) Date: Thu, 11 Oct 2012 15:23:14 +0800 Subject: [Mailman-Users] Virtual Domain Hosting In-Reply-To: References: Message-ID: <507673E2.9030904@singnet.com.sg> On 08/10/2012 11:44, Mark Sapiro wrote: > David Dodell wrote: >> >> Do I need to do something in postfix to get mailman to recognize these when the mailman list is virtual? > > See . When to the link above and found the following paragraph. ------------- start -------------------- Note: This section describes how to integrate Mailman with Postfix for automatic generation of Postfix virtual_alias_maps for Mailman list addresses. Mailman's support of virtual domains is limited in that list names must be globally unique within a single Mailman instance, i.e., two lists may not have the same name even if they are in different domains. ------------- end -------------------- Is this true for all versions of mailman? So there is no way to have mailling list called support at example.com and support at example_two.com on the same server. Is there some work around? P.V.Anthony From webmaster at gothamnetworking.com Thu Oct 11 03:13:43 2012 From: webmaster at gothamnetworking.com (Gotham Webmaster) Date: Wed, 10 Oct 2012 21:13:43 -0400 Subject: [Mailman-Users] Help with Mailman Message-ID: <4A9BE42A-07F3-40CD-8528-CDBF0B3787DA@gothamnetworking.com> I manage a website http://www.gothamnetworking.com that uses Mailman as it's listserv We have over 775 members, 40 groups and run about 146 separate mailing lists Once list in particular is not working and I don't know why. I could use some help. Thanks, Mitch Tobol Gotham Webmaster webmaster at gothamnetworking.com 631-842-4600 From bsfinkel at att.net Thu Oct 11 16:14:14 2012 From: bsfinkel at att.net (Barry S. Finkel) Date: Thu, 11 Oct 2012 09:14:14 -0500 Subject: [Mailman-Users] Help with Mailman In-Reply-To: <4A9BE42A-07F3-40CD-8528-CDBF0B3787DA@gothamnetworking.com> References: <4A9BE42A-07F3-40CD-8528-CDBF0B3787DA@gothamnetworking.com> Message-ID: <5076D436.2080400@att.net> On 10/10/2012 8:13 PM, Gotham Webmaster wrote: > I manage a website > http://www.gothamnetworking.com > that uses Mailman as it's listserv > > We have over 775 members, 40 groups and run about 146 separate mailing lists > > Once list in particular is not working and I don't know why. I could use some help. > > Thanks, > > Mitch Tobol > Gotham Webmaster > webmaster at gothamnetworking.com > 631-842-4600 > First, "Listserv" is a registered trademark of the product from L-soft; it is not a generic term that describes mailing list management software. Second, define "is not working". Many things could be happening, but without more details, we have no idea what fixes to suggest. --Barry Finkel From stephen at xemacs.org Thu Oct 11 18:29:01 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri, 12 Oct 2012 01:29:01 +0900 Subject: [Mailman-Users] Virtual Domain Hosting In-Reply-To: <507673E2.9030904@singnet.com.sg> References: <507673E2.9030904@singnet.com.sg> Message-ID: <87vceh6khe.fsf@uwakimon.sk.tsukuba.ac.jp> P.V.Anthony writes: > Is this true for all versions of mailman? All versions so far released by this project, yes. cPanel and maybe some other third-party distributions have patched versions of Mailman that allow one instance of Mailman to handle multiple domains with independent namespaces for lists. The patch is a kludge, not easy to get your hands on, and cPanel Mailman itself is a high price to pay (once you mention cPanel, you have to put up with references to the FAQ explaining why we often can't help with cPanel problems in every reply you get, and you probably lose a lot of people who wold otherwise be helpful as soon as you mention cPanel). There's another third-party patch, I believe; probably mentioned in the FAQ somewhere. Also a kludge, which looks fragile and has not been proved in heavy testing in practice (it's actually not as common a need as you might think, what with hosting on virtual machines). So despite occasional requests, it has never been added to the Mailman 2 distribution (the developers would rather devote the effort to Mailman 3). Speaking of which ... the virtual domain issue will be dealt with differently in Mailman 3. The whole infrastructure for dealing with lists and with users has been redesigned from the ground up. But Mailman 3 is most likely not ready for you -- come back in about a year. > So there is no way to have mailling list called support at example.com and > support at example_two.com on the same server. That's right. However, here, "server" refers to a set of OS processes and its associated metadata. You can serve multiple domains from a single *host* without worrying about namespace collisions, by keeping multiple installations of Mailman, one for each domain, and starting a new set of processes to serve each one. It might even be possible to have a single shared instance of Mailman, and arrange that host configuration data be private to each Mailman process. But that would be a little fragile, I think, and might require minor code changes. I would guess it probably scales to a few-score domains on the same hardware that would adequately support a given number of lists. The common case of a single server supporting a commercial domain and an open source domain for users without support contracts would be no sweat for this setup, even if you have a couple of products with their own domains. Steve From pvantony at singnet.com.sg Thu Oct 11 18:33:45 2012 From: pvantony at singnet.com.sg (P.V.Anthony) Date: Fri, 12 Oct 2012 00:33:45 +0800 Subject: [Mailman-Users] Virtual Domain Hosting In-Reply-To: <87vceh6khe.fsf@uwakimon.sk.tsukuba.ac.jp> References: <507673E2.9030904@singnet.com.sg> <87vceh6khe.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <5076F4E9.9010206@singnet.com.sg> On 12/10/2012 00:29, Stephen J. Turnbull wrote: > I would guess it probably scales to a few-score domains on the same > hardware that would adequately support a given number of lists. The > common case of a single server supporting a commercial domain and an > open source domain for users without support contracts would be no > sweat for this setup, even if you have a couple of products with their > own domains. Thank you very much for the clear and detailed reply. I do appreciate it. P.V.Anthony From karra.etc at gmail.com Sat Oct 13 19:41:38 2012 From: karra.etc at gmail.com (Sriram Karra) Date: Sat, 13 Oct 2012 23:11:38 +0530 Subject: [Mailman-Users] Simplified mailman installation setup for corporate internal list server Message-ID: Hi, I am exploring deploying a simple mailman setup for the small company I work at. By simplified I mean the following: 1. All users are authenticated already using a single sign on. No password should be required for any activity. 2. Any user should be able to create lists (only owners can administer lists). We will still have private and public lists. 3. A user on logon should be able to manage her subscriptions using a simple "on/off" click, without per-list passwords, or confirmation emails and stuff. Another way to put it is I want a "/mailman/userinfo" script in addition to the /mailman/listinfo interface. I am quite sure someone else has also thought of this sort of a deployment. Is there any code or customization sample I can look and explore. If no such instances are known, what do you think is the best way for me to start exploring my own implementation. I can hack a little python. Regards, Karra From sfeng at stanford.edu Mon Oct 15 21:22:20 2012 From: sfeng at stanford.edu (Xueshan Feng) Date: Mon, 15 Oct 2012 12:22:20 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue Message-ID: Is it safe to move files in and out of the mailman's qfile/in, qfile/out directory while the qrunners are running? We are having an empty 'in' queue, but huge out queue. There might be bad messages stuck somewhere. I saw some posts in past that you can move files to another place, move them back in batches and try to identify which is bad. Can you do that (drop in files, or move the files out), while the service is running, without crashing service or lost data? Thanks! Xueshan -- Xueshan Feng Infrastructure Delivery Group, IT Services Stanford University From mark at msapiro.net Mon Oct 15 23:13:17 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 15 Oct 2012 17:13:17 -0400 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: References: Message-ID: Xueshan Feng wrote: >Can you do that (drop in files, or move the files out), while the >service >is running, without crashing service or losing data. Probably yes, but don't. Either OutgoingRunner has died (check Mailman's qrunner log) or your out queue is backlogged. If there is a bad message causing issues, it is in the one out queue entry with a .bak extension. If the queue is backlogged, messages will be processing. Check Mailman's smtp log and the archives of this list. -- Mark Sapiro Sent from my Android phone with K-9 Mail. Please excuse my brevity. From sfeng at stanford.edu Mon Oct 15 23:40:54 2012 From: sfeng at stanford.edu (Xueshan Feng) Date: Mon, 15 Oct 2012 14:40:54 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: References:

Message-ID: On Mon, Oct 15, 2012 at 2:13 PM, Mark Sapiro wrote: > Xueshan Feng wrote: > > >Can you do that (drop in files, or move the files out), while the > >service > >is running, without crashing service or losing data. > > > Probably yes, but don't. > > Either OutgoingRunner has died (check Mailman's qrunner log) or your out > queue is backlogged. > Yes the queue was backlogged because the outgoing smtp server it uses had a service outage. When the queue size climbed to a few thousands, even the smtp service was recovered, the process of the out queue was just really really slow going. (tail smtp log, post log). > If there is a bad message causing issues, it is in the one out queue entry > with a .bak extension. If the queue is backlogged, messages will be > processing. Check Mailman's smtp log and the archives of this list. > if I want to move quite a few *.bak aside (use timestamp as an indicator of how long they've been in that state), Is it necessary to stop the service, move files, then restart service? We have about 37,000 lists. Sometimes when I try to restart (/etc/init.d/mailman restart), OutgoingRunner won't go away, and had to be killed with -9. So I was wondering by moving files out of the queue without first stopping mailman, caused the OutgoingRunner to suffer. Thank you for your quick reply! Xueshan > > > -- > Mark Sapiro > Sent from my Android phone with K-9 Mail. Please excuse my brevity. > -- Xueshan Feng Infrastructure Delivery Group, IT Services Stanford University From mark at msapiro.net Tue Oct 16 06:35:42 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 15 Oct 2012 21:35:42 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: References:

Message-ID: <8d17caff-f131-4528-86fe-0354acf062ad@email.android.com> Xueshan Feng wrote: >On Mon, Oct 15, 2012 at 2:13 PM, Mark Sapiro wrote: > >> Xueshan Feng wrote: > >if I want to move quite a few *.bak aside (use timestamp as an >indicator of >how long they've been in that state), Is it necessary to stop the >service, move files, then restart service? >We have about 37,000 lists. Sometimes when I try to restart >(/etc/init.d/mailman restart), OutgoingRunner won't go away, and had to >be >killed with -9. This is really more involved than I can explain without a keyboard which I won't have before Tues eve, but there should be only one .bak file or one per slice if the runner is sliced. This is the message currently being processed. All others are ignored by the current runner (they will be "recovered" if the runner is restarted). >So I was wondering by moving files out of the queue without first >stopping >mailman, caused the OutgoingRunner to suffer. Probably not, but it is possible. More likely, it couldn't be SIGTERMed because it was waiting for a SMTP response. Note that part of the slowness at this point is due to the size of the out directory. You can address this by stopping Mailman, moving qfiles/out aside, starting Mailman (which should recreate qfiles/out at the first message if not before) and then moving old entries back a few at a time. -- Mark Sapiro Sent from my Android phone with K-9 Mail. Please excuse my brevity. From sfeng at stanford.edu Tue Oct 16 07:27:39 2012 From: sfeng at stanford.edu (Xueshan Feng) Date: Mon, 15 Oct 2012 22:27:39 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: <8d17caff-f131-4528-86fe-0354acf062ad@email.android.com> References:

<8d17caff-f131-4528-86fe-0354acf062ad@email.android.com> Message-ID: On Mon, Oct 15, 2012 at 9:35 PM, Mark Sapiro wrote: > Xueshan Feng wrote: > > >On Mon, Oct 15, 2012 at 2:13 PM, Mark Sapiro wrote: > > > >> Xueshan Feng wrote: > > > >if I want to move quite a few *.bak aside (use timestamp as an > >indicator of > >how long they've been in that state), Is it necessary to stop the > >service, move files, then restart service? > >We have about 37,000 lists. Sometimes when I try to restart > >(/etc/init.d/mailman restart), OutgoingRunner won't go away, and had to > >be > >killed with -9. > > > This is really more involved than I can explain without a keyboard which I > won't have before Tues eve, but there should be only one .bak file or one > per slice if the runner is sliced. This is the message currently being > processed. All others are ignored by the current runner (they will be > "recovered" if the runner is restarted). > This helps a lot already. We do have multiple runners. > >So I was wondering by moving files out of the queue without first > >stopping > >mailman, caused the OutgoingRunner to suffer. > > > Probably not, but it is possible. More likely, it couldn't be SIGTERMed > because it was waiting for a SMTP response. > Make sense. > > Note that part of the slowness at this point is due to the size of the out > directory. I was able to flush the queue today by moving long lasting *.bak out of the way, and at the same time stopped Postfix to allow mailman to process its queue. It took about half an hour to process 8000+ messages. If no manual intervene, it may take a few hours. You can address this by stopping Mailman, moving qfiles/out aside, starting > Mailman (which should recreate qfiles/out at the first message if not > before) and then moving old entries back a few at a time. > I think I've done that before. So moving back files into the queue in batches, doesn't have to stop mailman? The real operational question here is each time if we have to stop / start mailman to move files, than for large volume queues, it would take a lot of manual process. The procedure I have used is: - stop mailman - move queue files or .bak file aside - start mailman - move some files back, or .bak back into the queue (note files are moved back while mailman is running) Sounds right? thank you so much for your help! Xueshan > > > > -- > Mark Sapiro > Sent from my Android phone with K-9 Mail. Please excuse my brevity. > -- Xueshan Feng Infrastructure Delivery Group, IT Services Stanford University From mark at msapiro.net Wed Oct 17 06:23:30 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 16 Oct 2012 21:23:30 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: Message-ID: Xueshan Feng wrote: > >On Mon, Oct 15, 2012 at 9:35 PM, Mark Sapiro wrote: > >> This is really more involved than I can explain without a keyboard which I >> won't have before Tues eve, but there should be only one .bak file or one >> per slice if the runner is sliced. This is the message currently being >> processed. All others are ignored by the current runner (they will be >> "recovered" if the runner is restarted). >> > >This helps a lot already. We do have multiple runners. Here are the gory details. All the heavy lifting is done by methods of the Switchboard class defined in Mailman/Queue/Switchbord.py. Any particular runner is specific to a particular queue or slice of a queue. The out/ queue is processed by OutgoingRunner. If it isn't sliced, it processes the whole queue. If it is sliced, there are N slices. Note: The filename of a queue entry consists of a time stamp, a '+', a 40 hex digit hash and the extension (.pck or .bak). A slice consists of (1/N)th of the hash space. E.g., if N = 4, slice 0 is all hashes with first hex digit = 0, 1, 2 or 3; slice 1 is all hashes with first hex digit = 4, 5, 6 or 7; slice 2 is all hashes with first hex digit = 8, 9, A or B, and slice 3 is all hashes with first hex digit = C, D, E or F. A particular slice of OutgoingRunner initializes its Switchboard instance once at startup or restart. This creates the queue directory (qfiles/out/, or whatever queue this runner processes) if necessary, sets the upper and lower hash bounds for its slice if sliced and normally, recovers all the .bak files in it's slice. Recovery consists of incrementing a recovery count in the entry's metadata and renaming it from *.bak to *.pck. Thus, immediately after (re)starting a runner, there will be no *.bak files in its slice. The counter is to stop loops where messages crash the runner. A .bak file will be recovered at most 3 times and then moved to qfiles/bad/*.psv. After initialization, a runner first obtains a list of all the .pck files in its slice, sorted by timestamp so the list is FIFO. It then processes the list until the list is exhausted, sleeps for a second and gets a new list and repeats the process. If the new list is empty, it just sleeps a second and tries again until it gets one or more entries to process. Processing consists of renaming the file from *.pck to *.bak, unpickling it and processing it. If it crashes in processing, it will recover the .bak file upon restart. Thus, there should never be more than one .bak file per slice. >> Note that part of the slowness at this point is due to the size of the out >> directory. > > >I was able to flush the queue today by moving long lasting *.bak out of the >way, and at the same time stopped Postfix to allow mailman to process its >queue. It took about half an hour to process 8000+ messages. If no manual >intervene, it may take a few hours. > >You can address this by stopping Mailman, moving qfiles/out aside, starting >> Mailman (which should recreate qfiles/out at the first message if not >> before) and then moving old entries back a few at a time. >> > >I think I've done that before. So moving back files into the queue in >batches, doesn't have to stop mailman? First of all, The actual physical size of the queue directory impacts processing. Every time an entry is added to the queue, and every time a .pck file is renamed to .bak, the entire physical directory must be searched to ensure this isn't a duplicate name. Depending on OS settings, cache sizes and the physical directory size, this may actually involve multiple disk reads each time. Thus, if the qfiles/out/ directory has grown large because 8000+ messages were added to the queue when the runner couldn't handle them (and there may have been more in the retry/ queue because of SMTP failures), it would benefit from shrinking. This is accomplished by moving (mv) or renaming the queue directory itself aside, not just its contents and then letting the runner recreate it when it starts. Then, if necessary, move messages back a few at a time so the directory doesn't grow large again. >The real operational question here is each time if we have to stop / start >mailman to move files, than for large volume queues, it would take a lot >of manual process. The procedure I have used is: > >- stop mailman >- move queue files or .bak file aside Move the whole directory, not the contents. >- start mailman >- move some files back, or .bak back into the queue >(note files are moved back while mailman is running) Moving (mv or rename) files back from the same file system while Mailman is running is fine. When the entry appears in the directory in this case, the file contents are complete. This is essentially what Mailman does when it makes a queue entry. Copying (cp) is not good because there can be a directory entry for the file before its contents are complete, and a runner could read an incomplete file. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Oct 17 06:35:49 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 16 Oct 2012 21:35:49 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: Message-ID: Mark Sapiro wrote: >Xueshan Feng wrote: > >>The real operational question here is each time if we have to stop / start >>mailman to move files, than for large volume queues, it would take a lot >>of manual process. The procedure I have used is: >> >>- stop mailman >>- move queue files or .bak file aside > > Move the whole directory, not the contents. > > >>- start mailman >>- move some files back, or .bak back into the queue >>(note files are moved back while mailman is running) It's implied by the rest of my reply, but moving a .bak file into the queue while the runner for that slice is running does nothing until that runner is stopped or crashes and is restarted. If you want to actually process a .bak file you've moved aside, rename it .pck before moving it back. Note that you can examine the messages in queue entries with Mailman's bin/show_qfiles and see the messages and metadata with Mailman's bin/dumpdb. This may help in deciding whether to reprocess a particular entry. But, in your case, where the backlog in processing was due to an MTA outage, all the entries should be good. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From davejones70 at gmail.com Wed Oct 17 02:16:21 2012 From: davejones70 at gmail.com (Dave Jones) Date: Tue, 16 Oct 2012 19:16:21 -0500 Subject: [Mailman-Users] Mail going out to only 1 member Message-ID: I have a list named "supt" with 252 members that received an email that only went out to 1 recipient. After looking at the mailman smtp logs, I am seeing a number of lists that are only sending to a single recipient but have dozens to hundreds of members. Nothing is showing up in the "post" log for these problem lists. How do I troubleshoot this deeper? I still have many lists that seem to be working properly and actually have entries in the post log. Postfix maillog =============== Oct 10 10:36:12 lists postfix/qmgr[11957]: B1E055055B7: from=, size=95926, nrcpt=1 (queue active) Oct 10 10:36:12 lists postfix/local[14994]: B1E055055B7: to=< supt at lists.mydomain.com>, relay=local, delay=0.13, delays=0.02/0/0/0.12, dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman post supt) Mailman smtp log ================ Oct 10 10:36:15 2012 (15296) < mailman.550.1349883373.15294.supt at lists.mydomain.com> smtp to supt for 1 recips, completed in 0.022 seconds # list_members supt | wc -l 252 From mark at msapiro.net Wed Oct 17 18:48:57 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 17 Oct 2012 09:48:57 -0700 Subject: [Mailman-Users] Mail going out to only 1 member In-Reply-To: Message-ID: Dave Jones wrote: >I have a list named "supt" with 252 members that received an email that >only went out to 1 recipient. [...] >Postfix maillog >=============== >Oct 10 10:36:12 lists postfix/qmgr[11957]: B1E055055B7: >from=, size=95926, nrcpt=1 (queue >active) >Oct 10 10:36:12 lists postfix/local[14994]: B1E055055B7: to=< >supt at lists.mydomain.com>, relay=local, delay=0.13, delays=0.02/0/0/0.12, >dsn=2.0.0, status=sent (delivered to command: /usr/lib/mailman/mail/mailman >post supt) > >Mailman smtp log >================ >Oct 10 10:36:15 2012 (15296) < >mailman.550.1349883373.15294.supt at lists.mydomain.com> smtp to supt for 1 >recips, completed in 0.022 seconds > ># list_members supt | wc -l >252 What does list_members -r -n enabled supt | wc -l show? If it shows more than 1, is there anything in the list's Non-digest options -> regular_exclude_lists? It could be the case that in the above logs, the post was held, discarded or rejected and the one smtp message was a notification. What's in Mailman's vette log for this time? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From davejones70 at gmail.com Wed Oct 17 22:16:00 2012 From: davejones70 at gmail.com (Dave Jones) Date: Wed, 17 Oct 2012 15:16:00 -0500 Subject: [Mailman-Users] Mail going out to only 1 member In-Reply-To: References: Message-ID: On Wed, Oct 17, 2012 at 11:48 AM, Mark Sapiro wrote: > Dave Jones wrote: > > >I have a list named "supt" with 252 members that received an email that > >only went out to 1 recipient. > [...] > >Postfix maillog > >=============== > >Oct 10 10:36:12 lists postfix/qmgr[11957]: B1E055055B7: > >from=, size=95926, nrcpt=1 > (queue > >active) > >Oct 10 10:36:12 lists postfix/local[14994]: B1E055055B7: to=< > >supt at lists.mydomain.com>, relay=local, delay=0.13, delays=0.02/0/0/0.12, > >dsn=2.0.0, status=sent (delivered to command: > /usr/lib/mailman/mail/mailman > >post supt) > > > >Mailman smtp log > >================ > >Oct 10 10:36:15 2012 (15296) < > >mailman.550.1349883373.15294.supt at lists.mydomain.com> smtp to supt for 1 > >recips, completed in 0.022 seconds > > > ># list_members supt | wc -l > >252 > > > What does > > list_members -r -n enabled supt | wc -l > > show? If it shows more than 1, is there anything in the list's > Non-digest options -> regular_exclude_lists? > > It could be the case that in the above logs, the post was held, > discarded or rejected and the one smtp message was a notification. > What's in Mailman's vette log for this time? > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > # list_members -r -n enabled supt | wc -l 252 The regular_exclude_lists field is blank. The vette log has nothing at this time period. It skips from Oct 10 10:26:50 to 10:42.20. From listmail at b79.net Wed Oct 17 21:45:04 2012 From: listmail at b79.net (John Magolske) Date: Wed, 17 Oct 2012 12:45:04 -0700 Subject: [Mailman-Users] Download pipermail archives, convert to mbox file (script) Message-ID: <20121017194504.GA8588@s70206.gridserver.com> Hi, Sometimes before subscribing to a list I like to download the archives and convert them into an mbox file for nice threaded browsing & searching using familiar tools (for me, Mutt and mairix). Not finding an automated way to do this [1], I put together the following shell script. Simple & rough, but seems to do the job: #!/bin/sh # automated retrieval of pipermail archives & conversion to mbox file # Last edit: 2012/10/09 Tue 23:16 PDT listname=$(echo "$1" | sed 's:^$http.*$/$[^/]*$/$:\2:') cd /tmp wget -r -l 1 -nH -A *.txt.gz "$1" touch /tmp/pipermail/$listname/$listname.mbox chmod 600 /tmp/pipermail/$listname/$listname.mbox cd /tmp/pipermail/$listname for f in $(ls |sort) do zcat $f | iconv -f iso8859-15 -t utf-8 | sed 's/$^From.*$\ at\ /\1@/' >> "$listname.mbox" done rm /tmp/pipermail/$listname/*.gz mutt -f /tmp/pipermail/$listname/$listname.mbox I call this script piperget, and by doing: piperget http://example.tld/pipermail/somelistname/ the file /tmp/pipermail/somelistname.mbox is created and opened by mutt. If I like what I see, I move the mbox file to an appropriate location in my Mail directory, subscribe to the list, and filter the list traffic into that mbox. This could be made more robust and tweaked to better suit varying needs. Being able to specify a range of archive dates would be nice. Another thought is to have the option of leaving the last few *.txt.gz files laying around (somewhere other than in /tmp), checking against them to only wget new archives or an archive with a newer time-stamp, then concatenating newer messages onto the existing mbox. A sort of a pseudo-subscription to a list. Repeatedly re-downloading an entire monthly/quarterly archive as it changes would be rather bandwidth-wasteful though, better to subscribe and update the *.mbox via SMTP. Not sure if there's some rsync way to incrementally download only the parts of an archive that've changed... Anyhow, mostly I just use this to catch up on a list at the moment of deciding whether or not to subscribe to it. Any thoughts or suggestions are welcome. [1] After writing this script I did find: https://github.com/wesleyd/pipermail-archive-to-maildir Which could be another option for those interested in the maildir format. I prefer mbox for mailing lists. John -- John Magolske http://B79.net/contact From mark at msapiro.net Wed Oct 17 22:55:02 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 17 Oct 2012 13:55:02 -0700 Subject: [Mailman-Users] Mail going out to only 1 member In-Reply-To: Message-ID: Dave Jones wrote: > >On Wed, Oct 17, 2012 at 11:48 AM, Mark Sapiro wrote: > >> Dave Jones wrote: >> >> >Mailman smtp log >> >================ >> >Oct 10 10:36:15 2012 (15296) < >> >mailman.550.1349883373.15294.supt at lists.mydomain.com> smtp to supt for 1 >> >recips, completed in 0.022 seconds >> What's in Mailman's vette log for this time? > >The vette log has nothing at this time period. It skips from Oct 10 >10:26:50 to 10:42.20. What's in the Postfix maillog for the above smtp log message? Find the message at that time with from= The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Oct 17 23:25:26 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 17 Oct 2012 14:25:26 -0700 Subject: [Mailman-Users] Download pipermail archives, convert to mbox file (script) In-Reply-To: <20121017194504.GA8588@s70206.gridserver.com> Message-ID: John Magolske wrote: > >Sometimes before subscribing to a list I like to download the archives >and convert them into an mbox file for nice threaded browsing & >searching using familiar tools (for me, Mutt and mairix). If the list's archive is public and you are not a subscriber, your script is probably fine (I didn't look in detail), but if you are willing to subscribe first, whether the archives are private or public, you can get the list's entire cummulative mbox archive with something like wget 'http://www.example.com/mailman/private/LIST.mbox/LIST.mbox?username=U&password=P' where LIST is the list name, U is a list member's address and P is that member's list password. This has the advantage of getting all the message's headers as processed by Mailman with the exception of those added by SMTPDirect.py (Sender: and Errors-To:), not just those few that are in the periodic .txt or .txt.gz files. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From dan at prowebassociates.com Fri Oct 19 16:49:41 2012 From: dan at prowebassociates.com (Dan Young) Date: Fri, 19 Oct 2012 10:49:41 -0400 Subject: [Mailman-Users] command line import dupes option Message-ID: <50816885.7020802@prowebassociates.com> Is there a way to on/off the dupes option via command line? Possibly withlist? Or better yet, when I import a file of users can I set dupes unchecked? I currently do this via command line with a text file not through web admin. Thanks, Dan -- ProWeb Associates, Inc. 717-207-7125 ext 101 1-800-892-5136 ext 101 From roger.richcorp at btconnect.com Fri Oct 19 10:20:30 2012 From: roger.richcorp at btconnect.com (Roger Richmond) Date: Fri, 19 Oct 2012 09:20:30 +0100 Subject: [Mailman-Users] Content Filtering Message-ID: <033401cdadd2$9d14dce0$d73e96a0$@richcorp@btconnect.com> Hello all. I'm list administrator for a new UK healthcare mailing list. I want to add a disclaimer to all emails as a footer, and have set it up in the non Digest Options. I also want the footer to appear in the body of the email, not as an attachment. If I set Content Filtering to "Yes" This works. The other content filtering options are: Pass Mime Types- multipart multipart/mixed multipart/alternative text/plain image Remove attachments- exe bat cmd com pif scr vbs cpl Edit collapse alternatives and Edit convert HTML are both YES. The problem - one of the recipients' messages keeps bouncing with this error message: The attached message matched the ukmastocytosissupport_ukmasto.org mailing list's content filtering rules and was prevented from being forwarded on to the list membership. You are receiving the only remaining copy of the discarded message. Emails bounce when there is no attachment and when the subject and content are just "Test". If I revert to no content filtering the footer is sent as an attachment. The only difference I can see is that the email address is of the format "Christian name"@"Surname".net Any help would be greatly appreciated. Roger From GaryK at shoreline.edu Fri Oct 19 01:53:20 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Thu, 18 Oct 2012 23:53:20 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests Message-ID: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> For the past couple days my Mailman server has been hammered with automated subscription requests. I've always seen a few here and there but nothing like this. Thousands of them, exploiting the web interface and replying to confirmation email messages. Many of our lists were open subscription and so some got through. Not a lot though. What's most annoying is that list owners are being inundated with confirmation request messages, and you cannot delete them all at once on the "Tend to pending moderator requests" screen. You have to select "Discard" for each of them individually. I don't know if this has been changed yet. I am running 2.1.9 because that is the latest version available from Redhat as a package. I had to block access to the web interface from off site at our router to stop the deluge of messages. I have seen this starting to occur at some other Mailman sites as well. Anyone else seeing this or have any ideas about how best to handle this? I have it under control for now but it is changing the way we use our lists. -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax From mark at msapiro.net Fri Oct 19 20:24:15 2012 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 19 Oct 2012 11:24:15 -0700 Subject: [Mailman-Users] Content Filtering In-Reply-To: <033401cdadd2$9d14dce0$d73e96a0$@richcorp@btconnect.com> Message-ID: Roger Richmond wrote: > >Pass Mime Types- > >multipart > >multipart/mixed > >multipart/alternative The above two lines are redundant because you are alreaty accepting all multipart types with the first line. >text/plain > >image You are accepting attached images. This means any message with an attached image will be multipart after content filtering and will result in the footer being added as an attachment to those messages. [...] >Edit collapse alternatives and Edit convert HTML are both YES. > > > >The problem - one of the recipients' messages keeps bouncing with this error >message: > >The attached message matched the ukmastocytosissupport_ukmasto.org mailing >list's content filtering rules and was prevented from being forwarded on to >the list membership. You are receiving the only remaining copy of the >discarded message. The message being bounced is a text/html message as opposed to a multipart/alternative message with text/plain and text/html alternatives. Since you don't accept text/html, the entire message is filtered out. You want to add text/html to the pass_mime_types list. Doing so will accept this message and convert it to text/plain. It won't affect multipart/alternative messages as they are already being collapsed to the first (text/plain) part. Note that if you encounter problems with the conversion of HTML to plain text, see the FAQ at . -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Oct 19 20:12:18 2012 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 19 Oct 2012 11:12:18 -0700 Subject: [Mailman-Users] command line import dupes option In-Reply-To: <50816885.7020802@prowebassociates.com> Message-ID: Dan Young wrote: > >Is there a way to on/off the dupes option via command line? >Possibly withlist? See . This withlist script turns On nodupes for all members of the list. To turn the setting Off instead, change '1' to '0' in the line mlist.setMemberOption(member, mm_cfg.DontReceiveDuplicates, 1) To do only a few members (e.g. 2), change for member in mlist.getMembers(): to for member in ['user1 at example.com', 'user2 at example.com']: >Or better yet, when I import a file of users can I set dupes unchecked? >I currently do this via command line with a text file not through web admin. Uncheck the "Filter out duplicate messages to list members (if possible)" box in the list admin General Options -> new_member_options settings before running add_members. You could also do this via withlist. E.g. bin/withlist -l LIST Loading list LIST (locked) The variable `m' is the LIST MailList instance >>> from Mailman import mm_cfg >>> m.new_member_options &= ~mm_cfg.DontReceiveDuplicates >>> m.Save() >>> Unlocking (but not saving) list: gpc-test Finalizing -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Fri Oct 19 22:31:27 2012 From: mark at msapiro.net (Mark Sapiro) Date: Fri, 19 Oct 2012 13:31:27 -0700 Subject: [Mailman-Users] Mail going out to only 1 member - SOLVED In-Reply-To: References: Message-ID: <5081B89F.10902@msapiro.net> This has been resolved. The post was from a non-member and generic_nonmember_action was Reject and the SMTP recipient was the poster being sent the rejection. Note that generic_nonmember_action = Reject is a bad idea in general because it causes backscatter to innocent 3rd parties with spam with spoofed From: headers. The fact that these rejects aren't logged is a bug and will be fixed. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From stephen at xemacs.org Sat Oct 20 06:19:46 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Sat, 20 Oct 2012 13:19:46 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> Kalbfleisch, Gary writes: > inundated with confirmation request messages, and you cannot delete > them all at once on the "Tend to pending moderator requests" > screen. You have to select "Discard" for each of them > individually. I don't know if this has been changed yet. As far as I can see, these are batchable (you only need to click "Submit" once -- version 2.1.15, but I doubt this has changed in many years). Is your issue that the moderator has to tick each box? I really don't think that should change; otherwise you would lose valid subscription requests when being attacked in this way. Is the issue that lists get so many requests that it overflows the screen, and you can only do (say) 20 at once? > I had to block access to the web interface from off site at our > router to stop the deluge of messages. I think this is the best way to handle it. There really ought to be a way for a host to request that a service be firewalled programmatically, although it would have to be designed *very* carefully. > I have seen this starting to occur at some other Mailman sites as > well. Anyone else seeing this or have any ideas about how best to > handle this? I have it under control for now but it is changing > the way we use our lists. Sadly, I don't see how that can be avoided. The problem is the SMTP and HTTP protocols themselves, which have no easily used provision for authentication or authorization of clients. (How many students do you know who walk around with a personal X.509 certificate?) If you have suggestions for the admin interface, that would be very helpful. Even if you don't have a lot of confidence in them, this is a hard problem that requires wild ideas. From sfeng at stanford.edu Sat Oct 20 07:35:13 2012 From: sfeng at stanford.edu (Xueshan Feng) Date: Fri, 19 Oct 2012 22:35:13 -0700 Subject: [Mailman-Users] Manipulate mailman in / out queue In-Reply-To: References: Message-ID: Hi Mark, Thank you so much for taking the time to explain the details of queue process, the meaning of the file names in the queue, and what's the right way to handle files in the queue (like mv vs. cp). I have been managing campus mailing service for a long time. Once in a while we got mailbomb and messages would got stuck in queue and took long time to drain. I have tired moves files, move dirs, with / without restart service. Sometimes the queue would get processed quickly after my intervene, sometimes it did not. I also worry about losing messages by manually messing with the queue files. It helps a lot if one understands how things work. No more trial and error next time if I have to handle backlogs! Thank you! Xueshan Xueshan On Tue, Oct 16, 2012 at 9:23 PM, Mark Sapiro wrote: > Xueshan Feng wrote: > > > >On Mon, Oct 15, 2012 at 9:35 PM, Mark Sapiro wrote: > > > >> This is really more involved than I can explain without a keyboard > which I > >> won't have before Tues eve, but there should be only one .bak file or > one > >> per slice if the runner is sliced. This is the message currently being > >> processed. All others are ignored by the current runner (they will be > >> "recovered" if the runner is restarted). > >> > > > >This helps a lot already. We do have multiple runners. > > > Here are the gory details. All the heavy lifting is done by methods of > the Switchboard class defined in Mailman/Queue/Switchbord.py. > > Any particular runner is specific to a particular queue or slice of a > queue. The out/ queue is processed by OutgoingRunner. If it isn't > sliced, it processes the whole queue. If it is sliced, there are N > slices. > > Note: The filename of a queue entry consists of a time stamp, a '+', a > 40 hex digit hash and the extension (.pck or .bak). A slice consists > of (1/N)th of the hash space. E.g., if N = 4, slice 0 is all hashes > with first hex digit = 0, 1, 2 or 3; slice 1 is all hashes with first > hex digit = 4, 5, 6 or 7; slice 2 is all hashes with first hex digit = > 8, 9, A or B, and slice 3 is all hashes with first hex digit = C, D, E > or F. > > A particular slice of OutgoingRunner initializes its Switchboard > instance once at startup or restart. This creates the queue directory > (qfiles/out/, or whatever queue this runner processes) if necessary, > sets the upper and lower hash bounds for its slice if sliced and > normally, recovers all the .bak files in it's slice. Recovery consists > of incrementing a recovery count in the entry's metadata and renaming > it from *.bak to *.pck. Thus, immediately after (re)starting a runner, > there will be no *.bak files in its slice. The counter is to stop > loops where messages crash the runner. A .bak file will be recovered > at most 3 times and then moved to qfiles/bad/*.psv. > > After initialization, a runner first obtains a list of all the .pck > files in its slice, sorted by timestamp so the list is FIFO. It then > processes the list until the list is exhausted, sleeps for a second > and gets a new list and repeats the process. If the new list is empty, > it just sleeps a second and tries again until it gets one or more > entries to process. > > Processing consists of renaming the file from *.pck to *.bak, > unpickling it and processing it. If it crashes in processing, it will > recover the .bak file upon restart. Thus, there should never be more > than one .bak file per slice. > > > >> Note that part of the slowness at this point is due to the size of the > out > >> directory. > > > > > >I was able to flush the queue today by moving long lasting *.bak out of > the > >way, and at the same time stopped Postfix to allow mailman to process its > >queue. It took about half an hour to process 8000+ messages. If no manual > >intervene, it may take a few hours. > > > >You can address this by stopping Mailman, moving qfiles/out aside, > starting > >> Mailman (which should recreate qfiles/out at the first message if not > >> before) and then moving old entries back a few at a time. > >> > > > >I think I've done that before. So moving back files into the queue in > >batches, doesn't have to stop mailman? > > > First of all, The actual physical size of the queue directory impacts > processing. Every time an entry is added to the queue, and every time > a .pck file is renamed to .bak, the entire physical directory must be > searched to ensure this isn't a duplicate name. Depending on OS > settings, cache sizes and the physical directory size, this may > actually involve multiple disk reads each time. Thus, if the > qfiles/out/ directory has grown large because 8000+ messages were > added to the queue when the runner couldn't handle them (and there may > have been more in the retry/ queue because of SMTP failures), it would > benefit from shrinking. This is accomplished by moving (mv) or > renaming the queue directory itself aside, not just its contents and > then letting the runner recreate it when it starts. Then, if > necessary, move messages back a few at a time so the directory doesn't > grow large again. > > > >The real operational question here is each time if we have to stop / start > >mailman to move files, than for large volume queues, it would take a lot > >of manual process. The procedure I have used is: > > > >- stop mailman > >- move queue files or .bak file aside > > Move the whole directory, not the contents. > > > >- start mailman > >- move some files back, or .bak back into the queue > >(note files are moved back while mailman is running) > > > Moving (mv or rename) files back from the same file system while > Mailman is running is fine. When the entry appears in the directory in > this case, the file contents are complete. This is essentially what > Mailman does when it makes a queue entry. Copying (cp) is not good > because there can be a directory entry for the file before its > contents are complete, and a runner could read an incomplete file. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > > -- Xueshan Feng Infrastructure Delivery Group, IT Services Stanford University From dennisthetiger at chez-vrolet.net Sun Oct 21 04:32:24 2012 From: dennisthetiger at chez-vrolet.net (Dennis Carr) Date: Sat, 20 Oct 2012 19:32:24 -0700 (PDT) Subject: [Mailman-Users] confirming address subscriptions in email? Message-ID: A curiousity for you guys. I know that I can subscribe new users by doing the following: To: foo-l-request at chez-vrolet.net set authenticate password-goes-here subscribe address=user at somewhere.com end ...but if my list is set to admin confirm, I need to go to the web interface. I do not see a way in the documentation to do this via email only. Is there a hidden way? -Dennis Carr From mark at msapiro.net Sun Oct 21 05:20:29 2012 From: mark at msapiro.net (Mark Sapiro) Date: Sat, 20 Oct 2012 20:20:29 -0700 Subject: [Mailman-Users] confirming address subscriptions in email? In-Reply-To: Message-ID: Dennis Carr wrote: > >I know that I can subscribe new users by doing the following: > >To: foo-l-request at chez-vrolet.net >set authenticate password-goes-here This is superfluous. set authenticate only affects subsequent set commands. It has no effect on subscribe or any other non-set commands. >subscribe address=user at somewhere.com >end > >...but if my list is set to admin confirm, I need to go to the web >interface. I do not see a way in the documentation to do this via email >only. Is there a hidden way? No. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From manuel at weiel.eu Sun Oct 21 21:15:53 2012 From: manuel at weiel.eu (Manuel Weiel) Date: Sun, 21 Oct 2012 21:15:53 +0200 Subject: [Mailman-Users] iMailModerate 1.1.0 Message-ID: Hi together, a new version of iMailModerate is available. It brings iPhone 5 and iOS 6 support. Also the member-list is now not fully loaded (which can be too slow on big lists), but will be dynamically loaded. I'm preparing a bigger update in the near future. iMailModerate is the best way to moderate mails and manage subscribers on the iPhone. If you don't already own iMailModerate you can get it here: http://cl.ly/DyCl Best regards, Manuel Weiel From GaryK at shoreline.edu Mon Oct 22 17:57:00 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Mon, 22 Oct 2012 15:57:00 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> Hi Stephen, Thank you for your reply. My responses are below > -----Original Message----- > From: Stephen J. Turnbull [mailto:stephen at xemacs.org] > Sent: Friday, October 19, 2012 9:20 PM > To: Kalbfleisch, Gary > Cc: mailman-users at python.org > Subject: [Mailman-Users] Automated Subscription Bots Inundating List > Owners With Subscription Requests > > > Kalbfleisch, Gary originally writes: > > > inundated with confirmation request messages, and you cannot delete > > them all at once on the "Tend to pending moderator requests" > > screen. You have to select "Discard" for each of them > > individually. I don't know if this has been changed yet. > > Stephen J. Turnbull writes: > > As far as I can see, these are batchable (you only need to click > "Submit" once -- version 2.1.15, but I doubt this has changed in many > years). > > Is your issue that the moderator has to tick each box? I really don't > think that should change; otherwise you would lose valid subscription > requests when being attacked in this way. > > Is the issue that lists get so many requests that it overflows the > screen, and you can only do (say) 20 at once? > Kalbfleisch, Gary responds: Messages are batchable, but administrative tasks are not. As you noted you must tick each box, and yes I'm talking pages and pages of bogus subscription requests. Quite tedious. I think these too should be batchable but perhaps separately. What I would like to be able to do is to change all administrative messages to discard (or whatever) with one click, then go back and change the legitimate subscription requests back to accept. > > I had to block access to the web interface from off site at our > > router to stop the deluge of messages. > > I think this is the best way to handle it. > > There really ought to be a way for a host to request that a service be > firewalled programmatically, although it would have to be designed > *very* carefully. > After analyzing the httpd logs I have identified three primary sources of the bogus subscription requests, the most predominant being associated with http://mailbait.info. If you list admins out there are not familiar with mailbait.info you should check it out. It is a service (I use that term loosely here) for filling up your inbox. People submit hosts that send out email messages via web forms which are exploited for this purpose. If you run it (and you can do this without filling in the email address field so you can see how it works) you will see that it skips from one Mailman site to another submitting bogus subscription requests. As per the Mailbait FAQ, "MailBait does not condone using other people's email address with this service.", however they make no efforts to prevent it. You cannot filter on IP addresses because the source address is that of the person that runs it, not Mailbait itself. I created an iptables filter that looks for the string "mailbait.info", which appears in the Referer field of most of the packets. I investigated creating a filter utilizing the iptables "recent" directive, which filters on the number of consecutive hits per time period, but the hits are spread out between each host sufficiently to make this ineffective. This is true for the other two sources (not associated with Mailbait) I identified as well, which I traced to ISP DHCP ranges. > > I have seen this starting to occur at some other Mailman sites as > > well. Anyone else seeing this or have any ideas about how best to > > handle this? I have it under control for now but it is changing > > the way we use our lists. > > Sadly, I don't see how that can be avoided. The problem is the SMTP > and HTTP protocols themselves, which have no easily used provision for > authentication or authorization of clients. (How many students do you > know who walk around with a personal X.509 certificate?) > > If you have suggestions for the admin interface, that would be very > helpful. Even if you don't have a lot of confidence in them, this is > a hard problem that requires wild ideas. > CAPTCHA for subscription requests would go a long way in preventing this type of exploitation. Thank you, -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax From turnbull at sk.tsukuba.ac.jp Tue Oct 23 02:40:12 2012 From: turnbull at sk.tsukuba.ac.jp (Stephen J. Turnbull) Date: Tue, 23 Oct 2012 09:40:12 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> Kalbfleisch, Gary writes: > Kalbfleisch, Gary responds: > > Messages are batchable, but administrative tasks are not. As you > noted you must tick each box, and yes I'm talking pages and pages > of bogus subscription requests. Quite tedious. This would be a bigger problem than losing valid requests if it was frequent. > I think these too should be batchable but perhaps separately. What > I would like to be able to do is to change all administrative > messages to discard (or whatever) with one click, then go back and > change the legitimate subscription requests back to accept. I regularly lose posts to mailing lists because of this way of doing things. > After analyzing the httpd logs I have identified three primary > sources of the bogus subscription requests, the most predominant > being associated with http://mailbait.info. Wonderful. Not much Mailman can do about the network-level DoS, but I suppose the web interface could filter on referrers. If mailbait.info is in the Referrer header, return a 404. ;-) > > If you have suggestions for the admin interface, that would be very > > helpful. Even if you don't have a lot of confidence in them, this is > > a hard problem that requires wild ideas. > > > > CAPTCHA for subscription requests would go a long way in preventing > this type of exploitation. I'm pretty sure there are third-party extensions for this. I'm dubious about the net value of CAPTCHAs. Personally, I generally take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and don't go back. From brad at shub-internet.org Tue Oct 23 03:07:53 2012 From: brad at shub-internet.org (Brad Knowles) Date: Mon, 22 Oct 2012 18:07:53 -0700 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> On Oct 22, 2012, at 5:40 PM, Stephen J. Turnbull wrote: > I'm dubious about the net value of CAPTCHAs. Personally, I generally > take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and > don't go back. CAPTCHAs are already at the point where advanced code can apply statistical methods and solve them faster and better than many humans. Moreover, they have been problematic for a long time -- see , , and , among others. IMO, CAPTCHAs have already jumped the shark. -- Brad Knowles LinkedIn Profile: From GaryK at shoreline.edu Tue Oct 23 03:31:29 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 23 Oct 2012 01:31:29 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp>, <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> Message-ID: I personally don't care for CAPTCHA but it exists for a reason. If anyone can suggest a better solution I would love to here it. Right now Mailman is being exploited to email bomb individuals and DOS email systems. This cannot continue. Gary Kalbfleisch Sent from my iPod On Oct 22, 2012, at 6:08 PM, "Brad Knowles" wrote: > On Oct 22, 2012, at 5:40 PM, Stephen J. Turnbull wrote: > >> I'm dubious about the net value of CAPTCHAs. Personally, I generally >> take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and >> don't go back. > > CAPTCHAs are already at the point where advanced code can apply statistical methods and solve them faster and better than many humans. > > Moreover, they have been problematic for a long time -- see , , and , among others. > > > IMO, CAPTCHAs have already jumped the shark. > > -- > Brad Knowles > LinkedIn Profile: From stephen at xemacs.org Tue Oct 23 05:23:58 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Tue, 23 Oct 2012 12:23:58 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> Message-ID: <87vce1c1m9.fsf@uwakimon.sk.tsukuba.ac.jp> Kalbfleisch, Gary writes: > I personally don't care for CAPTCHA but it exists for a reason. Sure, the eternal search for easy solutions to difficult problems. > If anyone can suggest a better solution I would love to here it. > Right now Mailman is being exploited to email bomb individuals and > DOS email systems. This cannot continue. It's not obvious there are better solutions. It's pretty obvious that CAPTCHA is at a stage where serious miscreants won't be slowed much by it (there are canned solutions, and even in 2009 they were good enough for automated mischief-making), while it does bother legitimate users. You're right that it can't continue, but I don't really know if there's a way out. It may just not be possible to advertise open- subscription lists without attracting such abuse. One thing we could try is to encourage use of OpenID (which Mailman doesn't support AFAIK, but there may be third-party patches, and I bet Mark (2.1 series) and Barry (Next Generation) would both be happy to see it. I guess mailbomb.com could just automate creation of GMail or Hotmail accounts, so it wouldn't be a permanent solution. But it would be transparent to most users, and some would be actively pleased by it. From fmouse-mailman at fmp.com Tue Oct 23 06:51:28 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Mon, 22 Oct 2012 23:51:28 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> , <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> Message-ID: <1350967888.41465.2.camel@pudina.fmp.com> On Tue, 2012-10-23 at 01:31 +0000, Kalbfleisch, Gary wrote: > I personally don't care for CAPTCHA but it exists for a reason. If > anyone can suggest a better solution I would love to here it. Right > now Mailman is being exploited to email bomb individuals and DOS email > systems. This cannot continue. > Take a look at . While this technology may not solve all the problems presented by CAPTCHAs, this is certainly a promising direction in which to look for alternatives. -- Lindsay Haisley | "Behold! Our way lies through a FMP Computer Services | dark wood whence in which 512-259-1190 | weirdness may wallow!? http://www.fmp.com | --Beauregard From Ralf.Hildebrandt at charite.de Tue Oct 23 08:55:32 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 23 Oct 2012 08:55:32 +0200 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> Message-ID: <20121023065532.GC4181@charite.de> * Brad Knowles : > On Oct 22, 2012, at 5:40 PM, Stephen J. Turnbull wrote: > > > I'm dubious about the net value of CAPTCHAs. Personally, I generally > > take a CAPTCHA as a "NO TRESPASSING -- THIS MEANS YOU!" sign, and > > don't go back. > > CAPTCHAs are already at the point where advanced code can apply statistical methods and solve them faster and better than many humans. I recently got 30 new comments on my blog, all of which were spam. And of course I'm using a CAPTCHA there. So Brad's point is probably valid. -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From cpz at tuunq.com Tue Oct 23 17:17:52 2012 From: cpz at tuunq.com (Carl Zwanzig) Date: Tue, 23 Oct 2012 08:17:52 -0700 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <20121023065532.GC4181@charite.de> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu><87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp><8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu><87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp><7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> Message-ID: <5086B520.40900@tuunq.com> On 10/22/2012 11:55 PM, Ralf Hildebrandt wrote: > I recently got 30 new comments on my blog, all of which were spam. > And of course I'm using a CAPTCHA there. So Brad's point is probably > valid. I don't like captcha's either, and one of their problems is that they're so easy to see programatically. I've seen an interesting method in use: Right above the form, the page text says "Enter the word blue below", it's in body text. In the form, there's a box named whatsthecolor (or maybe just 'fred'). User enters "blue" and everything goes on. I think it unlikely that anyone will code their bot to parse the correct word out of the body text and enter it in the right form field. I've used a similar method for help email to places like yahoo. At the bottom of the text I ask "Please tell me your favorite color so I know I'm working with a real person." Seems to work. z! From jdanield at free.fr Tue Oct 23 17:41:56 2012 From: jdanield at free.fr (jdd) Date: Tue, 23 Oct 2012 17:41:56 +0200 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <5086B520.40900@tuunq.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu><87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp><8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu><87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp><7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> <5086B520.40900@tuunq.com> Message-ID: <5086BAC4.9040608@free.fr> Le 23/10/2012 17:17, Carl Zwanzig a ?crit : > I've used a similar method for help email to places like yahoo. At the > bottom of the text I ask "Please tell me your favorite color so I know > I'm working with a real person." Seems to work. yes I also have "public" passwd on a wiki. By the way the pas is not on the wiki page but on the mail I send to user. that said there are some real human paid to catch web site, and against that no luck :-( jdd -- http://www.dodin.org http://jddtube.dodin.org/20120616-52-highway_v1115 From GaryK at shoreline.edu Tue Oct 23 18:28:20 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 23 Oct 2012 16:28:20 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <5086BAC4.9040608@free.fr> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu><87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp><8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu><87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp><7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> <5086B520.40900@tuunq.com> <5086BAC4.9040608@free.fr> Message-ID: <8FBF98319244EE48845CC9BF72AB49E84DB387E6@SCC-EX2010-MBX2.shore.ctc.edu> Note that for the majority of what I have seen in this attack it is the return email messages that the exploiters desire. I have seen some subscriptions actually get through but I have not seen them exploited in any way other than to add to the flood of emails to the subscriber. I have seen some evidence that these accounts may have been used in an attempt to harvest email address. I have of course deleted all of these accounts so I won't have the opportunity to observe how else they might be used. As a result of this activity I have changed all lists so that confirmation is required for all subscriptions, and only list owners can view the list of subscribers. The confirmations don't actually solve the email bombing problem but it will keep bogus subscriptions to a minimum. I have implemented some iptables filters as noted previously but I have not yet opened up the web interface externally. I have been monitoring traffic directed to port 80 on my Mailman server and it has gone down significantly since I put up the block. I may open it up again next week to see how my iptables filters work. -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax > -----Original Message----- > From: Mailman-Users [mailto:mailman-users- > bounces+garyk=shoreline.edu at python.org] On Behalf Of jdd > Sent: Tuesday, October 23, 2012 8:42 AM > To: mailman-users at python.org > Subject: Re: [Mailman-Users] Automated Subscription Bots Inundating List > Owners With Subscription Requests > > Le 23/10/2012 17:17, Carl Zwanzig a ?crit : > > > > I've used a similar method for help email to places like yahoo. At the > > bottom of the text I ask "Please tell me your favorite color so I know > > I'm working with a real person." Seems to work. > > yes I also have "public" passwd on a wiki. By the way the pas is not on the > wiki page but on the mail I send to user. > > that said there are some real human paid to catch web site, and against that > no luck :-( > > jdd > > > -- > http://www.dodin.org > http://jddtube.dodin.org/20120616-52-highway_v1115 > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: > http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- > archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman- > users/garyk%40shoreline.edu From brad at shub-internet.org Tue Oct 23 18:37:49 2012 From: brad at shub-internet.org (Brad Knowles) Date: Tue, 23 Oct 2012 09:37:49 -0700 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <5086BAC4.9040608@free.fr> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu><87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp><8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu><87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp><7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> <5086B520.40900@tuunq.com> <5086BAC4.9040608@free.fr> Message-ID: On Oct 23, 2012, at 8:41 AM, jdd wrote: > that said there are some real human paid to catch web site, and against that no luck :-( There's an old axiom in the security business that no defense can stop a sufficiently motivated attacker with sufficient resources. The US Secret Service knows this all too well, as they continue to try to protect the President (whomever that might be) against assassination attempts. The "PlayThru" solution from areyouahuman.com is an interesting concept, but there are some other interesting alternatives as well. Among other things, I don't think that PlayThru would work for the visually-challenged, but then I've only read part of the FAQs so perhaps this is something they address later. One interesting concept I've seen has been to use a mathematical function that is easy to compute (on your end), but hard to reverse (on the other end). Then you do a challenge-response query and they don't even get to see the "submit" button until the calculations are complete (automated via JavaScript, of course). They could potentially hack the JavaScript, and maybe try to apply algorithms to speed up the calculations, so you have to choose carefully. Make the problem big enough, and even the biggest Google-enabled "rainbow tables" won't help, and it will be impossible to bypass with human-enabled methods. The problem there is to *AVOID* making the problem so hard that your "real" customers are also prevented from being able to post -- that would be throwing the baby out with the bathwater. -- Brad Knowles LinkedIn Profile: From rodrigoantunes at pelotas.ifsul.edu.br Mon Oct 22 17:46:43 2012 From: rodrigoantunes at pelotas.ifsul.edu.br (Rodrigo Abrantes Antunes) Date: Mon, 22 Oct 2012 13:46:43 -0200 Subject: [Mailman-Users] Too many recipients Message-ID: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> Hi, when I try to send an e-mail to my list (only one recipient, the list itself), I get these: In mailman's smtp logs: Oct 22 13:26:17 2012 (22940) smtp to contas for 828 recips, completed in 1.705 seconds In mailman's post logs: Oct 22 13:26:17 2012 (22940) post to contas from xxx at xxxx, size=3620, message-id=, 450 failures In mailman's smtp-failure logs: Oct 22 13:26:17 2012 (22940) delivery to xxx at xxxxx failed with code 452: 4.5.3 Error: too many recipients In my mm_cfg.py I have this: DEFAULT_MAX_NUM_RECIPIENTS = 0 Any ideas? From rodrigoantunes at pelotas.ifsul.edu.br Tue Oct 23 18:19:18 2012 From: rodrigoantunes at pelotas.ifsul.edu.br (Rodrigo Abrantes Antunes) Date: Tue, 23 Oct 2012 14:19:18 -0200 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> Message-ID: <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> Citando Rodrigo Abrantes Antunes : > > Hi, when I try to send an e-mail to my list (only one recipient, the > list itself), I get these: > > In mailman's smtp logs: > Oct 22 13:26:17 2012 (22940) smtp to contas for 828 > recips, completed in 1.705 seconds > > In mailman's post logs: > Oct 22 13:26:17 2012 (22940) post to contas from xxx at xxxx, > size=3620, message-id=, 450 failures > > In mailman's smtp-failure logs: > Oct 22 13:26:17 2012 (22940) delivery to xxx at xxxxx failed with > code 452: 4.5.3 Error: too many recipients > > In my mm_cfg.py I have this: > DEFAULT_MAX_NUM_RECIPIENTS = 0 > > Any ideas? > Searching google I found that this error isn't related to the number of users in the list, it occurs because the total number of addresses in the To: and Cc: headers of the post equals or exceeds max_num_recipients. But in documentation is said that if this option is set to 0 it has no limit. And my post have only one recipient in To:, the list itself. So what may be causing this? From GaryK at shoreline.edu Tue Oct 23 19:19:44 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 23 Oct 2012 17:19:44 +0000 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> Message-ID: <8FBF98319244EE48845CC9BF72AB49E84DB38AB9@SCC-EX2010-MBX2.shore.ctc.edu> Am I understanding correctly that the list itself is a member of the list? Sounds like an email loop to me. What are you trying to do? -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax > -----Original Message----- > From: Mailman-Users [mailto:mailman-users- > bounces+garyk=shoreline.edu at python.org] On Behalf Of Rodrigo Abrantes > Antunes > Sent: Tuesday, October 23, 2012 9:19 AM > To: mailman-users at python.org > Subject: Re: [Mailman-Users] Too many recipients > > Citando Rodrigo Abrantes Antunes : > > > > Hi, when I try to send an e-mail to my list (only one recipient, the > > list itself), I get these: > > > > In mailman's smtp logs: > > Oct 22 13:26:17 2012 (22940) smtp to contas for 828 > > recips, completed in 1.705 seconds > > > > In mailman's post logs: > > Oct 22 13:26:17 2012 (22940) post to contas from xxx at xxxx, > > size=3620, message-id=, 450 failures > > > > In mailman's smtp-failure logs: > > Oct 22 13:26:17 2012 (22940) delivery to xxx at xxxxx failed with code > > 452: 4.5.3 Error: too many recipients > > > > In my mm_cfg.py I have this: > > DEFAULT_MAX_NUM_RECIPIENTS = 0 > > > > Any ideas? > > > Searching google I found that this error isn't related to the number of users in > the list, it occurs because the total number of addresses in the > To: and Cc: headers of the post equals or exceeds max_num_recipients. But > in documentation is said that if this option is set to 0 it has no limit. > And my post have only one recipient in To:, the list itself. So what may be > causing this? > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: > http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- > archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman- > users/garyk%40shoreline.edu From fmouse-mailman at fmp.com Tue Oct 23 19:28:00 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Tue, 23 Oct 2012 12:28:00 -0500 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> Message-ID: <1351013280.41465.25.camel@pudina.fmp.com> > Hi, when I try to send an e-mail to my list (only one recipient, the list > itself), I get these: Aren't you creating a loop here? Why are you putting the list itself on the list as its only recipient? This appears to me to be an invitation for an endless loop. -- Lindsay Haisley | "Real programmers use butterflies" FMP Computer Services | 512-259-1190 | - xkcd http://www.fmp.com | From fmouse-mailman at fmp.com Tue Oct 23 19:33:07 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Tue, 23 Oct 2012 12:33:07 -0500 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> Message-ID: <1351013587.41465.29.camel@pudina.fmp.com> On Mon, 2012-10-22 at 13:46 -0200, Rodrigo Abrantes Antunes wrote: > Any ideas? > The behavior of Mailman with respect to the number of recipients specified in any single SMTP transaction is controlled by SMTP_MAX_RCPTS, which should be less than the max number of recipients allowed by the SMTP server for any single transaction. If your setting up this loop to stress-test your installation, set SMTP_MAX_RCPTS in mm_cfg.py to a small enough number to pass muster with the contas SMTP server. -- Lindsay Haisley | "Humor will get you through times of no humor FMP Computer Services | better than no humor will get you through 512-259-1190 | times of humor." http://www.fmp.com | - Butch Hancock From mark at msapiro.net Tue Oct 23 19:44:14 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Oct 2012 10:44:14 -0700 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> Message-ID: Rodrigo Abrantes Antunes wrote: >Hi, when I try to send an e-mail to my list (only one recipient, the list >itself), I get these: > > In mailman's smtp logs: > Oct 22 13:26:17 2012 (22940) smtp to contas for 828 recips, >completed in 1.705 seconds > > In mailman's post logs: > Oct 22 13:26:17 2012 (22940) post to contas from xxx at xxxx, size=3620, >message-id=, 450 failures > > In mailman's smtp-failure logs: > Oct 22 13:26:17 2012 (22940) delivery to xxx at xxxxx failed with code 452: >4.5.3 Error: too many recipients > > In my mm_cfg.py I have this: > DEFAULT_MAX_NUM_RECIPIENTS = 0 The above setting has nothing to do with this. The message in your smtp-failure log comes from your MTA because Mailman is sending messages with a number of recipients (SMTP RCPT TO) greater than your MTA will accept. In mm_cfg.py, set SMTP_MAX_RCPTS to a number less than the MTA's recipient limit, and restart Mailman. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From brad at shub-internet.org Tue Oct 23 18:51:36 2012 From: brad at shub-internet.org (Brad Knowles) Date: Tue, 23 Oct 2012 09:51:36 -0700 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E84DB387E6@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu><87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp><8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu><87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp><7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> <5086B520.40900@tuunq.com> <5086BAC4.9040608@free.fr> <8FBF98319244EE48845CC9BF72AB49E84DB387E6@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: On Oct 23, 2012, at 9:28 AM, "Kalbfleisch, Gary" wrote: > As a result of this activity I have changed all lists so that confirmation is required for all subscriptions, and only list owners can view the list of subscribers. The confirmations don't actually solve the email bombing problem but it will keep bogus subscriptions to a minimum. I have implemented some iptables filters as noted previously but I have not yet opened up the web interface externally. I have been monitoring traffic directed to port 80 on my Mailman server and it has gone down significantly since I put up the block. I may open it up again next week to see how my iptables filters work. BTW, all the general speculation and conversation about CAPTCHAs, etc... notwithstanding, you do clearly have a real operational problem today. For your specific issue, I would recommend keeping your proposed solutions as relatively simple as possible, and layer them. Requiring confirmation is a good simple solution to a number of problems, as is restricting the ability to see list membership to only those people who are list owners. In my experience, KISS+layering almost always beats solutions that are complex from Day One. -- Brad Knowles LinkedIn Profile: From rodrigoantunes at pelotas.ifsul.edu.br Tue Oct 23 22:10:56 2012 From: rodrigoantunes at pelotas.ifsul.edu.br (Rodrigo Abrantes Antunes) Date: Tue, 23 Oct 2012 18:10:56 -0200 Subject: [Mailman-Users] Too many recipients In-Reply-To: <1351013280.41465.25.camel@pudina.fmp.com> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> <1351013280.41465.25.camel@pudina.fmp.com> Message-ID: <20121023181056.Horde.Z6MwbEv4Cn9QhvnQ0PVRSBA@webmail.pelotas.ifsul.edu.br> Citando Lindsay Haisley : >> Hi, when I try to send an e-mail to my list (only one recipient, the list >> itself), I get these: > Aren't you creating a loop here?? Why are you putting the list itself on > the list as its only recipient?? This appears to me to be an invitation > for an endless loop. > > -- > Lindsay Haisley? ? ? ?| "Real programmers use butterflies" > FMP Computer Services | > 512-259-1190? ? ? ? ? |? ? ? ?- xkcd > http://www.fmp.com? ? | > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/Unsubscribe: > http://mail.python.org/mailman/options/mailman-users/rodrigoantunes%40pelotas.ifsul.edu.br The list's e-mail obviously isn't a list member, what I said is that when you want to send and email to the list you put the list's email in the recipient. From rodrigoantunes at pelotas.ifsul.edu.br Tue Oct 23 22:21:16 2012 From: rodrigoantunes at pelotas.ifsul.edu.br (Rodrigo Abrantes Antunes) Date: Tue, 23 Oct 2012 18:21:16 -0200 Subject: [Mailman-Users] Too many recipients In-Reply-To: <1351013587.41465.29.camel@pudina.fmp.com> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <1351013587.41465.29.camel@pudina.fmp.com> Message-ID: <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> Citando Lindsay Haisley : > On Mon, 2012-10-22 at 13:46 -0200, Rodrigo Abrantes Antunes wrote: > > Any ideas? > The behavior of Mailman with respect to the number of recipients > specified in any single SMTP transaction is controlled by > SMTP_MAX_RCPTS, which should be less than the max number of recipients > allowed by the SMTP server for any single transaction.? If your setting > up this loop to stress-test your installation, set SMTP_MAX_RCPTS in > mm_cfg.py to a small enough number to pass muster with the contas SMTP > server. > > -- > Lindsay Haisley? ? ? ?|? "Humor will get you through times of no humor > FMP Computer Services |? ? ? better than no humor will get you through > 512-259-1190? ? ? ? ? |? ? ? ? ?times of humor." > http://www.fmp.com? ? |? ? ? ? ? ? - Butch Hancock > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: > http://www.mail-archive.com/mailman-users%40python.org/Unsubscribe: > http://mail.python.org/mailman/options/mailman-users/rodrigoantunes%40pelotas.ifsul.edu.br I didn't set any loop, the list's e-mail obviously isn't a list member, what I said is that when you want to send and email to the list you put the list's email in the "To:" field and that's the only recipient when I'm sending e-mail, I'm not putting more recipients in "to:" field wich could burst the limit of max_num_recipients if this limit was set. I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 in postfix and I'm still getting these errors. From mark at msapiro.net Tue Oct 23 22:45:47 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Oct 2012 13:45:47 -0700 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <1351013587.41465.29.camel@pudina.fmp.com> <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> Message-ID: <508701FB.80907@msapiro.net> On 10/23/2012 1:21 PM, Rodrigo Abrantes Antunes wrote: > > I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 > in postfix and I'm still getting these errors. Did you restart Mailman after setting SMTP_MAX_RCPTS = 250 in mm_cfg.py? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From fmouse-mailman at fmp.com Tue Oct 23 23:49:09 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Tue, 23 Oct 2012 16:49:09 -0500 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <1351013587.41465.29.camel@pudina.fmp.com> <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> Message-ID: <1351028949.41465.70.camel@pudina.fmp.com> On Tue, 2012-10-23 at 18:21 -0200, Rodrigo Abrantes Antunes wrote: > I didn't set any loop, the list's e-mail obviously isn't a list member, > what I said is that when you want to send and email to the list you put > the list's email in the "To:" field and that's the only recipient when I'm > sending e-mail, I'm not putting more recipients in "to:" field wich could > burst the limit of max_num_recipients if this limit was set. OK, I'm sorry. I misunderstood. > I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 > in postfix and I'm still getting these errors. Did you restart Mailman and postfix? What do the Mailman log files show with regard to the number of recipients (smtp log) and the number of failures (post log) _after_ your changes and a restart of both postfix and Mailman? What's the total number of subscribers on the list (i.e. how many "rcpt to" addresses did Mailman _attempt_ to submit for posting)? Do your mail system logs shed any light on anything? My mail logs are always my first stop when trying to debug a mail problem. -- Lindsay Haisley | "Fighting against human creativity is like FMP Computer Services | trying to eradicate dandelions" 512-259-1190 | http://www.fmp.com | -- Pamela Jones From fmouse-mailman at fmp.com Wed Oct 24 00:11:28 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Tue, 23 Oct 2012 17:11:28 -0500 Subject: [Mailman-Users] Too many recipients In-Reply-To: <508701FB.80907@msapiro.net> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <1351013587.41465.29.camel@pudina.fmp.com> <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> <508701FB.80907@msapiro.net> Message-ID: <1351030288.41465.87.camel@pudina.fmp.com> On Tue, 2012-10-23 at 13:45 -0700, Mark Sapiro wrote: > On 10/23/2012 1:21 PM, Rodrigo Abrantes Antunes wrote: > > > > I've set SMTP_MAX_RCPTS to 250 in mailman and smtpd_recipient_limit to 300 > > in postfix and I'm still getting these errors. > > Did you restart Mailman IMHO, a restart of postfix would probably be in order, too. I know that many settings in my mail server, courier MTA, require a restart of the server after changing them in order for them to take effect. Mark, Brad, etc. I have a question here. Rodrigo says that in his Mailman smtp log, a SMTP transaction to contas for 828 recipients was "completed in 1.705 seconds" Mailman also reports a _temporary_ failure of 450 addresses. Because this is a 4xx class error, can one assume that after accepting smtpd_recipient_limit "rcpt to" addresses, postfix started rejecting each new address with a 452 (4.5.3) error, and that Mailman continued to attempt to send recipients in spite of this? - after which Mailman sent, and postfix accepted, the body of the message? This is the only scenario that makes any sense in light of the reported temporary failure. Is Mailman smart enough to pick up the thread on this and re-send to those addresses which were refused? The only other possible scenario is that the SMTP server bounced the entire message after transmission of the message body was complete, based on an excessive number of recipients. In this case, wouldn't it make more sense for the mail server to return a 5xx (permanent) class error? Inquiring minds want to know. I don't know postfix, and because all my outgoing lists have VERP personalization enabled, this problem never comes up here. -- Lindsay Haisley | "We have met the enemy and he is us." FMP Computer Services | 512-259-1190 | -- Pogo http://www.fmp.com | From Ralf.Hildebrandt at charite.de Wed Oct 24 00:13:22 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 24 Oct 2012 00:13:22 +0200 Subject: [Mailman-Users] Too many recipients In-Reply-To: <1351030288.41465.87.camel@pudina.fmp.com> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <1351013587.41465.29.camel@pudina.fmp.com> <20121023182116.Horde.RY90dEv4Cn9Qhvw8UyphSlA@webmail.pelotas.ifsul.edu.br> <508701FB.80907@msapiro.net> <1351030288.41465.87.camel@pudina.fmp.com> Message-ID: <20121023221322.GD8571@charite.de> * Lindsay Haisley : > IMHO, a restart of postfix would probably be in order, too. I know that > many settings in my mail server, courier MTA, require a restart of the > server after changing them in order for them to take effect. postfix reload suffices. -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From mark at msapiro.net Wed Oct 24 01:11:53 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Oct 2012 16:11:53 -0700 Subject: [Mailman-Users] Too many recipients In-Reply-To: <1351030288.41465.87.camel@pudina.fmp.com> Message-ID: Lindsay Haisley wrote: > >Mark, Brad, etc. I have a question here. Rodrigo says that in his >Mailman smtp log, a SMTP transaction to contas for 828 recipients was >"completed in 1.705 seconds" > >Mailman also reports a _temporary_ failure of 450 addresses. Because >this is a 4xx class error, can one assume that after accepting >smtpd_recipient_limit "rcpt to" addresses, postfix started rejecting >each new address with a 452 (4.5.3) error, and that Mailman continued to >attempt to send recipients in spite of this? - after which Mailman sent, >and postfix accepted, the body of the message? First of all, it is not clear how many recipients were sent in this SMTP transaction. The 828 recipients was the entire list, but the list is chunked into pieces of *at most* SMTP_MAX_RCPTS (default 500) and each chunk is sent as a separate SMTP transaction. Further, the chunks ar separated by top level domain such that all .com addresses are in their (set of) chunks; all .net and .org addresses are in a separate set; all .edu, .us and .ca addresses, and the rest are in yet another set. That notwithstanding, the actual SMTP transaction is handled by Python's smtplib module. The fact that there were no smtp-failure log messages that indicate an exception from smtplib (these would be log messages like 'All recipients refused: %s, msgid: %s', 'SMTP session failure: %s, %s, msgid: %s' or 'Low level smtp error: %s, msgid: %s') indicates that smtplib detected that at least one recipient was accepted and returned a dictionary, with one entry for each recipient that was refused. Each entry contains a tuple of the SMTP error code and the accompanying error message sent by the server. These are reported as indicated in the OP. Mailman then records any permanent failures as bounces and if there are temporary failures as here, updates the recipient list for the message to contain only the temp failed addresses and queues it in the retry queue to be retried. Thus, if the MTA is accepting say 50 recipients out of 500, the 500 will eventually all be delivered after about 10 times the retry interval which defaults to 15 minutes. >This is the only scenario that makes any sense in light of the reported >temporary failure. Is Mailman smart enough to pick up the thread on >this and re-send to those addresses which were refused? See above. >The only other possible scenario is that the SMTP server bounced the >entire message after transmission of the message body was complete, >based on an excessive number of recipients. In this case, wouldn't it >make more sense for the mail server to return a 5xx (permanent) class >error? That didn't happen here. If it had, the smtplib process would have thrown a smtplib.SMTPResponseException and this would have been logged with a 'SMTP session failure: %s, %s, msgid: %s' message. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Wed Oct 24 01:31:55 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 23 Oct 2012 16:31:55 -0700 Subject: [Mailman-Users] Too many recipients In-Reply-To: Message-ID: Mark Sapiro wrote: > >The 828 recipients was the entire list, but the list is chunked into >pieces of *at most* SMTP_MAX_RCPTS (default 500) and each chunk is >sent as a separate SMTP transaction. Further, the chunks ar separated >by top level domain such that all .com addresses are in their (set of) >chunks; all .net and .org addresses are in a separate set; all .edu, >.us and .ca addresses, and the rest are in yet another set. It's not really an important part of the answer, but the above paragraph should have said: The 828 recipients was the entire list, but the list is chunked into pieces of *at most* SMTP_MAX_RCPTS (default 500) and each chunk is sent as a separate SMTP transaction. Further, the chunks are separated by top level domain such that all .com addresses are in their (set of) chunk(s); all .net and .org addresses are in a separate set; all .edu, .us and .ca addresses are in a third set, and the rest are in yet another set. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From stephen at xemacs.org Wed Oct 24 04:57:42 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed, 24 Oct 2012 11:57:42 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1350967888.41465.2.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <1350967888.41465.2.camel@pudina.fmp.com> Message-ID: <87txtkbmqh.fsf@uwakimon.sk.tsukuba.ac.jp> Lindsay Haisley writes: > Take a look at . I just tried their sample. I'd rather face a CAPTCHA! And their twitter feed reads like spam -- same comments, same apparent author, different avatar. Not a great start if they want to captcha my lists! ;-) Seriously, I can see how it would work if they got the human factors right. Also seriously, do they have an accessible alternative? (No less than three of the people who currently aren't on my list that I wish were on it are somewhere between totally blind and "visually challenged".) And of course nothing visual works if you use a text browser. In general, it's still a stopgap. Requiring a test is offensive to real people. If you want to live only in meatspace (and be untrackable in the virtual world), I guess that's unavoidable. But for the vast majority of people, they just want to have an ID they can use to sign up anywhere, without being treated like the spamming equivalent of HIV. From stephen at xemacs.org Wed Oct 24 05:04:15 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed, 24 Oct 2012 12:04:15 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E84DB387E6@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <20121023065532.GC4181@charite.de> <5086B520.40900@tuunq.com> <5086BAC4.9040608@free.fr> <8FBF98319244EE48845CC9BF72AB49E84DB387E6@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <87sj94bmfk.fsf@uwakimon.sk.tsukuba.ac.jp> Kalbfleisch, Gary writes: > Note that for the majority of what I have seen in this attack it > is the return email messages that the exploiters desire. Yes, this is the most important point for Mailman developers, in fact. Thank you for reiterating it. > I have seen some evidence that these accounts may have been used in > an attempt to harvest email address. Yeah, but I don't know what you can do about that in an open subscription list unless you anonymize (which I'm not willing to do because private replies are often desirable on my lists, YMMV). From stephen at xemacs.org Wed Oct 24 05:21:28 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Wed, 24 Oct 2012 12:21:28 +0900 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> References: <20121022134643.Horde.LQp4aUv4Cn9QhWpjWa7XIeA@webmail.pelotas.ifsul.edu.br> <20121023141918.Horde.dE5NEEv4Cn9QhsOGJr3ws9A@webmail.pelotas.ifsul.edu.br> Message-ID: <87r4ooblmv.fsf@uwakimon.sk.tsukuba.ac.jp> Rodrigo Abrantes Antunes writes: > Searching google I found that this error isn't related to the number of > users in the list, it occurs because the total number of addresses in the > To: and Cc: headers of the post equals or exceeds > max_num_recipients. The operational issues have already been addressed well in other posts. However the above statement is incorrect, and needs clarification. The items visible in your personal mail client (MUA) in the To:, Cc:, and Bcc: fields are usually called "addresses" or "addressees". These are different from "recipients", which are the addresses that the host-to-host mail program (MTA) sends to. Mailman "explodes" the list's *address* into a large number of *recipients*, and asks the MTA to deliver to that whole list of recipients, or to chunks of it as Mark explains elsewhere. You will in general never see the list of recipients of a post unless you look at the MTA's logs. By the way, there's nothing wrong with your understanding of plain English, in which "address" and "recipient" are pretty much the same. However, in technical discussion these words are often distinguished as above. > But in documentation is said that if this option is set to 0 it has > no limit. The limit you are running into here is not in Mailman, it is in the MTA. Mailman cannot tell the MTA what to do; it can only restrict itself to a small enough number that the MTA will cooperate with it. From fmouse-mailman at fmp.com Wed Oct 24 07:08:19 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Wed, 24 Oct 2012 00:08:19 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <87txtkbmqh.fsf@uwakimon.sk.tsukuba.ac.jp> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <1350967888.41465.2.camel@pudina.fmp.com> <87txtkbmqh.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <1351055299.41465.127.camel@pudina.fmp.com> On Wed, 2012-10-24 at 11:57 +0900, Stephen J. Turnbull wrote: > Lindsay Haisley writes: > > > Take a look at . > > I just tried their sample. I'd rather face a CAPTCHA! And their > twitter feed reads like spam -- same comments, same apparent author, > different avatar. Not a great start if they want to captcha my lists! > ;-) Well that's understandable. Their enterprise has a bit of the flavor of a small-time hustle; nonetheless, my point is that they seem to have focused on a simple paradigm that would be very hard to crack short of some sort of advanced AI technology. It's this aspect that bears exploring. > Seriously, I can see how it would work if they got the human factors > right. Also seriously, do they have an accessible alternative? (No > less than three of the people who currently aren't on my list that I > wish were on it are somewhere between totally blind and "visually > challenged".) And of course nothing visual works if you use a text > browser. It's not hard to imagine an audio equivalent - a simple puzzle, such as "Press 1 when you hear the sound of a duck". This example would be culturally constrained (people with no experience with ducks would be puzzled!) but this is a direction to consider. All captchas are by their very nature culturally constrained to a greater or lesser degree. > In general, it's still a stopgap. Requiring a test is offensive to > real people. If you want to live only in meatspace (and be > untrackable in the virtual world), I guess that's unavoidable. But > for the vast majority of people, they just want to have an ID they can > use to sign up anywhere, without being treated like the spamming > equivalent of HIV. Any solution to the problem is going to have to be anchored in meatspace. This is the bottom line on detecting the difference between bots and people. Life is a study in tradeoffs. The tradeoff of having "an ID they can use to sign up anywhere, without being treated like the spamming equivalent of HIV" would probably be a gross loss of anonymity, the digital equivalent of having a passport which could be verified through a government's department of state. This might be just as onerous to some people as a captcha or a puzzle. Yes, some people consider a captcha to be offensive, and I've had colleagues who won't use them for sites where they really don't want to communicate the slightest hint of suspicion to visitors, such as political organizations that are eager to sign up volunteers or supporters. A captcha becomes kind of like passing muster with a bouncer who's making sure that a club's dress code is observed. On the other hand, most people get spam, and hate it, and can appreciate that their own interests are served by having to jump through a hoop or two to make sure that they're entering a bot-free zone. I think a lot of the acceptability of such schemes hinges on how they're presented and introduced in the context of their usage. -- Lindsay Haisley | "Friends are like potatoes. FMP Computer Services | If you eat them, they die" 512-259-1190 | http://www.fmp.com | - Aaron Edmund From guest2 at sgeinc.com Tue Oct 23 22:36:36 2012 From: guest2 at sgeinc.com (Richard Shetron) Date: Tue, 23 Oct 2012 16:36:36 -0400 Subject: [Mailman-Users] meaning of data in mailman smtp file Message-ID: <5086FFD4.7060304@sgeinc.com> What does this line really mean and why does it take so long to run? Oct 23 06:03:01 2012 (1870) <7.0.1.0.0.20121016133607.0469b148 at marchreport.com> smtp to marchreport_daily_alert_ctc10 for 2 recips, completed in 168.022 seconds Thanks From guest2 at sgeinc.com Wed Oct 24 15:54:03 2012 From: guest2 at sgeinc.com (Richard Shetron) Date: Wed, 24 Oct 2012 09:54:03 -0400 Subject: [Mailman-Users] mailman running very slow Message-ID: <5087F2FB.1060307@sgeinc.com> Yes I've tried to research via google, etc. I've run through the page at: http://wiki.list.org/display/DOC/4.78+Troubleshooting-+No+mail+going+out+to+lists+members I'm running ubuntu with mailman 2.1.14 and things seem to be taking forever. Until a few days ago things were running fine. There have been no config/system changes. One of the things I'm seeing is is the smtp log file: Oct 23 13:42:13 2012 (19673) <7.0.1.0.0.20121016133607.0469b148 at marchreport.com> smtp to marchreport_daily_alert_ctc10 for 2 recips, completed in 168.029 seconds That seem to be a very long time for processing a list. Also mailing from a week ago are starting to come through, but I thought I'd removed all of them from both the mailq and from mailman. I thought I new how to cancel/remove older mailings, but it seems not. How do you cancel old mailings? I've cleared the postfix queue and I thought I'd cleared the mailman qfiles. I'm also occasionally getting the following error in the smtp-failure log: Oct 24 06:00:01 2012 (29638) Low level smtp error: (4, 'Interrupted system call'), msgid:<7.0.1.0.0.20121016133607.0469b148 at marchreport.com> We're using ubuntu with postfix. python processes: mailman 4576 0.0 0.0 9608 4792 ? Ss 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/mailmanctl -s start mailman 4577 0.0 0.0 9552 6456 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=ArchRunner:0:1 -s mailman 4578 0.0 0.1 17420 14696 ? S 06:00 0:01 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=BounceRunner:0:1 -s mailman 4579 0.0 0.0 9528 6436 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=CommandRunner:0:1 -s mailman 4580 0.0 0.0 9544 6444 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=IncomingRunner:0:1 -s mailman 4581 0.0 0.0 9520 6488 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=NewsRunner:0:1 -s mailman 4582 0.2 0.1 14628 11964 ? S 06:00 0:25 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=OutgoingRunner:0:1 -s mailman 4583 0.0 0.1 12332 9688 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=VirginRunner:0:1 -s mailman 4584 0.0 0.0 9512 6448 ? S 06:00 0:00 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=RetryRunner:0:1 -s mailman 4585 0.0 0.0 9728 6904 ? S 06:00 0:08 /usr/bin/python /var/lib/mailman/bin/qrunner --runner=MaildirRunner:0:1 -s another error in smtp-failure: Oct 24 09:37:18 2012 (4582) All recipients refused: {'mmm5000 at aol.com': (503, '5.5.1 Error: nested MAIL command')}, msgid: <7.0.1.0.0.20121016133607.0469b148 at marchreport.com> The SMTP settings in mm_cfg.py: MAILMAN_SITE_LIST = 'mailman' SMTPPORT = 587 #SMTPHOST = 'mail.marchreport.com' Just did this change from name to ip SMTPHOST = '71.244.124.123' postfix listens on 587: master.cf:587 inet n - n - 120 smtpd From fmouse-mailman at fmp.com Wed Oct 24 18:52:20 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Wed, 24 Oct 2012 11:52:20 -0500 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <5087F2FB.1060307@sgeinc.com> References: <5087F2FB.1060307@sgeinc.com> Message-ID: <1351097540.41465.150.camel@pudina.fmp.com> On Wed, 2012-10-24 at 09:54 -0400, Richard Shetron wrote: > Oct 23 13:42:13 2012 (19673) > <7.0.1.0.0.20121016133607.0469b148 at marchreport.com> smtp to > marchreport_daily_alert_ctc10 for 2 recips, completed in 168.029 > seconds > > That seem to be a very long time for processing a list. > Yes, that's a long time. If nothing has changed in your Mailman installation, I'd guess you're looking at an issue with the SMTP server, or possibly a network issue. A look at your mail server logs and the timestamp data therein should give you a finer-grained look at the timing of SMTP events associated with Mailman's outgoing posts. Another very useful tool for analyzing mail issues is swaks. -- Lindsay Haisley | "We are all broken toasters, but we still FMP Computer Services | manage to make toast" 512-259-1190 | http://www.fmp.com | - Cheryl Dehut From Ralf.Hildebrandt at charite.de Wed Oct 24 19:19:07 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 24 Oct 2012 19:19:07 +0200 Subject: [Mailman-Users] meaning of data in mailman smtp file In-Reply-To: <5086FFD4.7060304@sgeinc.com> References: <5086FFD4.7060304@sgeinc.com> Message-ID: <20121024171907.GI12219@charite.de> * Richard Shetron : > What does this line really mean and why does it take so long to run? It means that sending the mail to the marchreport_daily_alert_ctc10 list too 168.022 seconds, > Oct 23 06:03:01 2012 (1870) > <7.0.1.0.0.20121016133607.0469b148 at marchreport.com> > smtp to marchreport_daily_alert_ctc10 for 2 recips, completed in > 168.022 seconds A look at your mail server logs and the timestamp data therein should give you a finer-grained look at the timing of SMTP events associated with Mailman's outgoing posts. It should be easy to find. From mark at msapiro.net Wed Oct 24 20:03:13 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 24 Oct 2012 11:03:13 -0700 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <5087F2FB.1060307@sgeinc.com> Message-ID: Richard Shetron wrote: > >Also mailing from a week ago are starting to come through, but I thought >I'd removed all of them from both the mailq and from mailman. I thought >I new how to cancel/remove older mailings, but it seems not. How do you >cancel old mailings? I've cleared the postfix queue and I thought I'd >cleared the mailman qfiles. If you removed all the entries from Mailman's queue files or at least those in the out/ and retry/ queues, no old messages should be coming from Mailman except for messages that were held for moderation and have been subsequently approved. >I'm also occasionally getting the following error in the smtp-failure log: > >Oct 24 06:00:01 2012 (29638) Low level smtp error: (4, 'Interrupted >system call'), msgid:<7.0.1.0.0.20121016133607.0469b148 at marchreport.com> See the FAQ at . >We're using ubuntu with postfix. > >python processes: > [...] >mailman 4585 0.0 0.0 9728 6904 ? S 06:00 0:08 >/usr/bin/python /var/lib/mailman/bin/qrunner --runner=MaildirRunner:0:1 -s Why are you running MaildirRunner? are you actually using maildir delivery to Mailman? >another error in smtp-failure: > >Oct 24 09:37:18 2012 (4582) All recipients refused: {'mmm5000 at aol.com': >(503, '5.5.1 Error: nested MAIL command')}, msgid: ><7.0.1.0.0.20121016133607.0469b148 at marchreport.com> This indicates some serious confusion in Python's smtplib. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From brad at shub-internet.org Wed Oct 24 20:06:28 2012 From: brad at shub-internet.org (Brad Knowles) Date: Wed, 24 Oct 2012 11:06:28 -0700 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <1351097540.41465.150.camel@pudina.fmp.com> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> Message-ID: <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> On Oct 24, 2012, at 9:52 AM, Lindsay Haisley wrote: >> That seem to be a very long time for processing a list. >> > Yes, that's a long time. If nothing has changed in your Mailman > installation, I'd guess you're looking at an issue with the SMTP server, > or possibly a network issue. A look at your mail server logs and the > timestamp data therein should give you a finer-grained look at the > timing of SMTP events associated with Mailman's outgoing posts. One thing I've found in the past is that frequently the mailing list administration and the SMTP MTA administration is done by different teams, and when one side asks the other if anything has changed the answer will frequently be "No, nothing at all". However, in many cases, there were changes made that were felt to be so minor that they were trivial and wouldn't count as "real changes". Nevertheless, many so-called "trivial" changes can frequently have impacts far above and beyond what was anticipated. I'd encourage the OP to also check out their DNS caching resolver servers, to see if they've recently had any problems or made any changes (even apparently trivial ones). > Another very useful tool for analyzing mail issues is swaks. Now that's a tool I had not heard of before. I'm assuming you mean the tool at ? -- Brad Knowles LinkedIn Profile: From stephen at xemacs.org Wed Oct 24 20:14:09 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Thu, 25 Oct 2012 03:14:09 +0900 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351055299.41465.127.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <87d30d6ahp.fsf@uwakimon.sk.tsukuba.ac.jp> <8FBF98319244EE48845CC9BF72AB49E84DB37539@SCC-EX2010-MBX2.shore.ctc.edu> <87obju3tsj.fsf@uwakimon.sk.tsukuba.ac.jp> <7BDC8DCF-D226-4317-9570-4753330CFFD3@shub-internet.org> <1350967888.41465.2.camel@pudina.fmp.com> <87txtkbmqh.fsf@uwakimon.sk.tsukuba.ac.jp> <1351055299.41465.127.camel@pudina.fmp.com> Message-ID: <87mwzbbuvi.fsf@uwakimon.sk.tsukuba.ac.jp> Lindsay Haisley writes: > On the other hand, most people get spam, and hate it, and can > appreciate that their own interests are served by having to jump > through a hoop or two to make sure that they're entering a bot-free > zone. Sure, all of that is true, except for the implication that CAPTCHAs and other complicated reverse Turing tests actually are effective enough to be worth it. As several people have pointed out, all you really need to do is to make up your own trivial test that requires actually understanding English. It will keep 'bots out, but if somebody really wants you, they'll do it themselves or pay somebody to do it.[1] CAPTCHAs and PlayThru work only because nobody really wants access to your piddly little list anyway. Footnotes: [1] In fact, I bet a sufficiently smart ripoff artist could simply VNC the Playthru to some other site that lots of people (speaking loosely here) want to access (porn, gambling), and then relay the solution back to the site they want access to. From fmouse-mailman at fmp.com Wed Oct 24 20:17:50 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Wed, 24 Oct 2012 13:17:50 -0500 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> Message-ID: <1351102670.41465.157.camel@pudina.fmp.com> On Wed, 2012-10-24 at 11:06 -0700, Brad Knowles wrote: > > Another very useful tool for analyzing mail issues is swaks. > > Now that's a tool I had not heard of before. I'm assuming you mean > the tool at ? > That's the one. I used to test SMTP stuff by using telnet to port 25 and talking to an SMTP server, but swaks does all the lifting for you, and gives you a terminal display of the entire dialog in real time, so you can see where a SMTP transaction is hanging, or timing out, or whatever. It's written in perl, and self-docs with a man-page like help system. It has a ton of useful options, and is truly, as advertised, "the Swiss army knife for SMTP". As a mail admin, I couldn't be without it :) -- Lindsay Haisley | "Behold! Our way lies through a FMP Computer Services | dark wood whence in which 512-259-1190 | weirdness may wallow!? http://www.fmp.com | --Beauregard From guest2 at sgeinc.com Wed Oct 24 23:36:21 2012 From: guest2 at sgeinc.com (Richard Shetron) Date: Wed, 24 Oct 2012 17:36:21 -0400 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> Message-ID: <50885F55.3050002@sgeinc.com> I played with some settings and did some restarts and things look better: Oct 24 17:13:22 2012 (5464) <7.0.1.0.0.20121023125107.046bd868 at marchreport.com> smtp to marchreport_daily_alert_ctc01 for 3379 recips, completed in 151.441 seconds Oct 24 17:16:11 2012 (5464) <7.0.1.0.0.20121023125107.046bd868 at marchreport.com> smtp to marchreport_daily_alert_cta31 for 3826 recips, completed in 169.111 seconds Oct 24 17:25:44 2012 (5464) <7.0.1.0.0.20121023125107.046bd868 at marchreport.com> smtp to marchreport_daily_alert_ctc02 for 7202 recips, completed in 572.629 seconds Oct 24 17:29:32 2012 (5464) <7.0.1.0.0.20121023125107.046bd868 at marchreport.com> smtp to marchreport_daily_alert_ctc03 for 3694 recips, completed in 227.642 seconds Thanks! From adam-mailman at amyl.org.uk Thu Oct 25 00:14:05 2012 From: adam-mailman at amyl.org.uk (Adam McGreggor) Date: Wed, 24 Oct 2012 23:14:05 +0100 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> Message-ID: <20121024221405.GT5644@hendricks.amyl.org.uk> On Wed, Oct 24, 2012 at 11:06:28AM -0700, Brad Knowles wrote: > On Oct 24, 2012, at 9:52 AM, Lindsay Haisley wrote: > > Another very useful tool for analyzing mail issues is swaks. > > Now that's a tool I had not heard of before. I'm assuming you mean the tool at ? swaks truly is a lovely tool. -- "Like any Englishman armed with a cricket bat, he was doomed to fail." -- Guy Ladenburg (prosecuting counsel, comments on Paul Kelleher's first attempt to behead a statue of Margaret Thatcher) From barry at list.org Thu Oct 25 01:22:53 2012 From: barry at list.org (Barry Warsaw) Date: Wed, 24 Oct 2012 19:22:53 -0400 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <20121024221405.GT5644@hendricks.amyl.org.uk> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <20121024221405.GT5644@hendricks.amyl.org.uk> Message-ID: <20121024192253.0cd97ad5@resist> On Oct 24, 2012, at 11:14 PM, Adam McGreggor wrote: >On Wed, Oct 24, 2012 at 11:06:28AM -0700, Brad Knowles wrote: >> On Oct 24, 2012, at 9:52 AM, Lindsay Haisley wrote: >> > Another very useful tool for analyzing mail issues is swaks. >> >> Now that's a tool I had not heard of before. I'm assuming you mean the tool at ? > >swaks truly is a lovely tool. `apt-get install swaks` Wow, indeed. Very cool. That'll make a nice Mailman 3 testing tool. Cheers, -Barry From rodrigoantunes at pelotas.ifsul.edu.br Thu Oct 25 17:20:52 2012 From: rodrigoantunes at pelotas.ifsul.edu.br (Rodrigo Abrantes Antunes) Date: Thu, 25 Oct 2012 13:20:52 -0200 Subject: [Mailman-Users] Too many recipients Message-ID: <20121025132052.Horde.TkrKCUv4Cn9QiVjUc9TT2QA@webmail.pelotas.ifsul.edu.br> Citando "Stephen J. Turnbull" : > > Rodrigo Abrantes Antunes writes: > > Searching google I found that this error isn't related to the number of > users in the list, it occurs because the total number of addresses in the > To: and Cc: headers of the post equals or exceeds > max_num_recipients. > > The operational issues have already been addressed well in other > posts.? However the above statement is incorrect, and needs > clarification. > > The items visible in your personal mail client (MUA) in the To:, Cc:, > and Bcc: fields are usually called "addresses" or "addressees".? These > are different from "recipients", which are the addresses that the > host-to-host mail program (MTA) sends to.? Mailman "explodes" the > list's *address* into a large number of *recipients*, and asks the MTA > to deliver to that whole list of recipients, or to chunks of it as > Mark explains elsewhere.? You will in general never see the list of > recipients of a post unless you look at the MTA's logs. > > By the way, there's nothing wrong with your understanding of plain > English, in which "address" and "recipient" are pretty much the same. > However, in technical discussion these words are often distinguished > as above. > > But in documentation is said that if this option is set to 0 it has > no limit. > > The limit you are running into here is not in Mailman, it is in the > MTA.? Mailman cannot tell the MTA what to do; it can only > restrictitself to a small enough number that the MTA will cooperate > with it. > Ok, I was still getting the errors because in my hurry I put SMTP_MAX_RCPS instead of SMTP_MAX_RCPTS. I corrected this and restarted both mailman and postfix, now I don't get any errors in smtp-failure and in post I get this (with no failures): Oct 24 12:29:30 2012 (6788) post to contas from xxx at xxx.xxx, size=2458, message-id=<20121024122919.11874kw8jiq8t16n at xxx.xx.xx>, success In my mail.log I see this for one of the members of the list in the exact moment I posted to the list: Oct 24 12:29:30 xxx postfix/smtp[9530]: 722F2292F8: to=, relay=127.0.0.1[127.0.0.1]:10023, conn_use=10, delay=0.5, delays=0.15/0.23/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=10090-06-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as DD12C292F6) Oct 24 12:31:25 xxx cyrus/lmtp[11051]: duplicate_mark: <20121024122919.11874kw8jiq8t16n at xxxx.xxx> .xxx+ at .sieve.?? 1351089085 0 Oct 24 12:31:25 xxx postfix/pipe[9565]: DD12C292F6: to=, relay=cyrus, delay=115, delays=0.03/89/0/25, dsn=2.0.0, status=sent (delivered via cyrus service) But the message never appears in the user's mailbox. Other messages sent by users appears normallly in mailbox. Some users receive the messages sent by mailman, for these users i see this in mail.log: Oct 25 08:15:30 srv-mail-pel postfix/smtp[5459]: B4E2429275: to=, relay=127.0.0.1[127.0.0.1]:10023, conn_use=2, delay=0.49, delays=0.19/0.01/0/0.29, dsn=2.0.0, status=sent (250 2.0.0 Ok, id=04730-12-2, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as 1BEFD292E1) Oct 25 08:19:29 srv-mail-pel cyrus/lmtp[13727]: duplicate_check: <20121025081521.Horde.NWZiHUv4Cn9QiRE5nCOzRSA at xx.xx.xx> user.rodrigoantunes? 0 Oct 25 08:19:29 srv-mail-pel cyrus/lmtp[13727]: duplicate_check: <20121025081521.Horde.NWZiHUv4Cn9QiRE5nCOzRSA at xx.xx.xx> user.rodrigoantunes? 0 Oct 25 08:19:29 srv-mail-pel cyrus/lmtp[13727]: duplicate_mark: <20121025081521.Horde.NWZiHUv4Cn9QiRE5nCOzRSA at xx.xx.xx> user.rodrigoantunes? 1351160369 14881517650057856560 Oct 25 08:19:29 srv-mail-pel cyrus/lmtp[13727]: Delivered: <20121025081521.Horde.NWZiHUv4Cn9QiRE5nCOzRSA at xx.xx.xx> to mailbox: user.rodrigoantunes Oct 25 08:19:29 srv-mail-pel cyrus/lmtp[13727]: duplicate_mark: <20121025081521.Horde.NWZiHUv4Cn9QiRE5nCOzRSA at xx.xx.xx> .rodrigoantunes+ at .sieve. 1351160369 0 Oct 25 08:19:29 srv-mail-pel postfix/pipe[5469]: 1BEFD292E1: to=, relay=cyrus, delay=239, delays=0.1/215/0/24, dsn=2.0.0, status=sent (delivered via cyrus service) I'm totally confused why this is happening... ? From mark at msapiro.net Thu Oct 25 19:58:27 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Oct 2012 10:58:27 -0700 Subject: [Mailman-Users] Too many recipients In-Reply-To: <20121025132052.Horde.TkrKCUv4Cn9QiVjUc9TT2QA@webmail.pelotas.ifsul.edu.br> References: <20121025132052.Horde.TkrKCUv4Cn9QiVjUc9TT2QA@webmail.pelotas.ifsul.edu.br> Message-ID: <50897DC3.2010104@msapiro.net> On 10/25/2012 8:20 AM, Rodrigo Abrantes Antunes wrote: > > Ok, I was still getting the errors because in my hurry I put > SMTP_MAX_RCPS instead of SMTP_MAX_RCPTS. I corrected this and restarted > both mailman and postfix, now I don't get any errors in smtp-failure and > in post I get this (with no failures): > > Oct 24 12:29:30 2012 (6788) post to contas from xxx at xxx.xxx, size=2458, > message-id=<20121024122919.11874kw8jiq8t16n at xxx.xx.xx>, success So that's a successful post. There should also be an entry in Mailman's smtp log indicating the total number of recipients sent to. > In my mail.log I see this for one of the members of the list in the > exact moment I posted to the list: > > Oct 24 12:29:30 xxx postfix/smtp[9530]: 722F2292F8: to=, > relay=127.0.0.1[127.0.0.1]:10023, conn_use=10, delay=0.5, > delays=0.15/0.23/0/0.13, dsn=2.0.0, status=sent (250 2.0.0 Ok, > id=10090-06-10, from MTA([127.0.0.1]:10025): 250 2.0.0 Ok: queued as > DD12C292F6) > Oct 24 12:31:25 xxx cyrus/lmtp[11051]: duplicate_mark: > <20121024122919.11874kw8jiq8t16n at xxxx.xxx> .xxx+ at .sieve. 1351089085 0 > Oct 24 12:31:25 xxx postfix/pipe[9565]: DD12C292F6: to=, > relay=cyrus, delay=115, delays=0.03/89/0/25, dsn=2.0.0, status=sent > (delivered via cyrus service) > > But the message never appears in the user's mailbox. Other messages > sent by users appears normallly in mailbox. This message was delivered from Mailman to Postfix and then delivered by Postfix to Cyrus, possibly because this was to a local user and Cyrus is acting as the LDA, or possibly for some other reason, but in any case, if the mail wasn't delivered to the user, this is a question for Cyrus. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From david.westlund at axis.com Thu Oct 25 14:50:31 2012 From: david.westlund at axis.com (David Westlund) Date: Thu, 25 Oct 2012 14:50:31 +0200 Subject: [Mailman-Users] Mailman redundancy setup Message-ID: Hi I am investigating doing a redundant setup of a mailman installation. We do not care about load balancing, only fail over. I have read through all I can found about this, including the following article on the FAQ: http://wiki.list.org/pages/viewpage.action?pageId=4030621 I am planning to solve this by having an ordinary passive - active with a shared ip number between the hosts. My idea is to have mailman installations on both servers, but point out an NFS area for storing the data that needs to be available on all nodes in the setup. The big difference between failover and load balancing (described in the FAQ post that I linked to) is of course that whenever there is a fail over, there is a good chance that the other mailman instance exited abruptly, leaving lock files and temporary data. This makes an argument for storing lock files locally. On the other hand, we do not want a situation where data gets corrupted even if both hosts end up running simultaneously. I have some questions, perhaps someone here has an answer: * If we store lock files on an NFS area and one node goes down without removing any locks, will the other node be able to start mailman? * According to http://wiki.list.org/pages/viewpage.action?pageId=4030621, qrunner does not use locks. However, I see a file named "master-qrunner" in the locks directory. Suppose that our master node went down without removing any lock files, would the master-qrunner file cause the qrunner on the other node to not start? * On the page http://wiki.list.org/pages/viewpage.action?pageId=4030621 they mention that "If you set up /usr/local/mailman/qfiles to be shared across NFS and don't set up dedicated slices for each group of queue runners, you will be SERIOUSLY SCREWED." In what way? * Say that we store locks locally, store data on an NFS node and accidentally start two instances of mailman on two different machines. Do we risk data corruption, or is the worst thing that can happen that changes are overwritten? * Is there some documentation that I have not found about how locks are used in Mailman? BR, David Westlund From J.Angel at herts.ac.uk Thu Oct 25 14:04:39 2012 From: J.Angel at herts.ac.uk (Judy Angel) Date: Thu, 25 Oct 2012 13:04:39 +0100 Subject: [Mailman-Users] change existing subscribers setting Message-ID: I have a list of 6000 users and I wish to change the setting for all subscribers to Conceal the member's address Acknowledge the member's posting I can see how to set it for new members but not existing existing members. Thanks Judy Angel University of Hertfordshire From mark at msapiro.net Thu Oct 25 22:47:09 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Oct 2012 13:47:09 -0700 Subject: [Mailman-Users] Mailman redundancy setup In-Reply-To: Message-ID: David Westlund > >* If we store lock files on an NFS area and one node goes down without removing any locks, will the other node be able to start mailman? It depends. If you run mailmanctl with the -s or --stale-lock-cleanup option, it will remove the other master's lock. Note that mailmanctl --help implies it will do this only if the process with the lock is not running, but it doesn't really check this. >* According to http://wiki.list.org/pages/viewpage.action?pageId=4030621, qrunner does not use locks. However, I see a file named "master-qrunner" in the locks directory. Suppose that our master node went down without removing any lock files, would the master-qrunner file cause the qrunner on the other node to not start? The qrunner processes do not use locks but the master (mailmanctl) does. See answer above. >* On the page http://wiki.list.org/pages/viewpage.action?pageId=4030621 they mention that "If you set up /usr/local/mailman/qfiles to be shared across NFS and don't set up dedicated slices for each group of queue runners, you will be SERIOUSLY SCREWED." In what way? If you have two qrunners processing the same (or overlapping) slices of the same queue, they step on each other's toes. Both runners make a list of the candidate entries in their slice of the queue. One runner starts to process an entry and renames it from *.pck to *.bak. The second runner attempts to process the same entry and finds it missing. This causes the second runner to log a misleading error and attempt to remove and perhaps preserve the *.bak file the first runner is processing. One or the other runner will be unable to remove the *.bak file and will log another error. Further, if the second runner removes the *.bak and the first runner dies for some reason, there will be no recovery file and the message will be lost. >* Say that we store locks locally, store data on an NFS node and accidentally start two instances of mailman on two different machines. Do we risk data corruption, or is the worst thing that can happen that changes are overwritten? You will have all the issues described in the previous answer due to multiple qrunners processing the same slices of the same queues. In addition, you will potentially have lists being updated concurrently by the separate hosts. I think that the worst that can happen is that one hosts changes will be lost. The two hosts will write their changes to separate temporary files. The temp files have hostname and PID as part of their names. Thus, the temp files should each be good although they will not contain the other host's changes. Then each process does the sequence 1) remove config.pck.last, 2) rename config.pck to config.pck.last, 3) rename config.pck.tmp.xxx to config.pck. Ordinarily, the changes from the host that does step 3 first will be lost. It would be possible for one host to try to instantiate a list and read the config.pck in between steps 2 and 3 by the other host when the config.pck isn't there. This should just cause it to fall back to the config.pck.last, but again will result in the changes in the other host's temp file being lost. >* Is there some documentation that I have not found about how locks are used in Mailman? Have you seen which describes what lock files look like? There are only two kinds of locks in Mailman. the master qrunner (mailmanctl) lock which is intended to prevent Mailman from being started twice, but which is defeated by the -s|--stale-lock-cleanup option, and list locks. List locks prevent concurrent updates to list objects and a list's archives. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Thu Oct 25 23:03:14 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Oct 2012 14:03:14 -0700 Subject: [Mailman-Users] change existing subscribers setting In-Reply-To: Message-ID: Judy Angel wrote: > >I have a list of 6000 users and I wish to change the setting for all >subscribers to >Conceal the member's address >Acknowledge the member's posting >I can see how to set it for new members but not existing existing members. If you have command line access to the Mailman installation, see . This withlist script sets all list members to NOT be concealed. It can be easily changed set all list members to both be concealed and to have their posts acknowledged by changing the one line mlist.setMemberOption(member, mm_cfg.ConcealSubscription, 0) to the two lines mlist.setMemberOption(member, mm_cfg.ConcealSubscription, 1) mlist.setMemberOption(member, mm_cfg.AcknowledgePosts, 1) If you don't have command line access to the Mailman installation, you could probably modify the web admin screen scraping script at to do this. See the existing --unhide option in the script. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From brian at emwd.com Thu Oct 25 23:54:18 2012 From: brian at emwd.com (Brian Carpenter) Date: Thu, 25 Oct 2012 17:54:18 -0400 Subject: [Mailman-Users] Strange list problem Message-ID: <5089B50A.3050306@emwd.com> Hi Everyone: I have come across some strange behavior that has me stumped. Here are the symptoms: 1. List is moderated. When a moderated member's post is approved by a moderator, the post is sent to the list as expected. 2. The post shows up in the Archives of the list. 3. The post DOES NOT get distributed to the mailing list members (non-digest). 4. It seems the post(s) ARE distributed to the digest members. I am only guessing at this but digests are being sent out so I am assume it because there is something to send out. Our mailman lists were recently upgraded to Mailman 2.1.15. This seemed to suddenly start happening out of no where since Oct 15th. I am not seeing this behavior with other lists. Any advice? Thanks! *Brian Carpenter *EMWD.com T: 336-755-0685 E: brian at emwd.com http://www.emwd.com Facebook LinkedIn From mark at msapiro.net Fri Oct 26 02:07:39 2012 From: mark at msapiro.net (Mark Sapiro) Date: Thu, 25 Oct 2012 17:07:39 -0700 Subject: [Mailman-Users] Strange list problem In-Reply-To: <5089B50A.3050306@emwd.com> Message-ID: Brian Carpenter wrote: > >I have come across some strange behavior that has me stumped. Here are >the symptoms: > >1. List is moderated. When a moderated member's post is approved by a >moderator, the post is sent to the list as expected. > >2. The post shows up in the Archives of the list. > >3. The post DOES NOT get distributed to the mailing list members >(non-digest). > >4. It seems the post(s) ARE distributed to the digest members. I am only >guessing at this but digests are being sent out so I am assume it >because there is something to send out. What's in Mailman's logs, particularly vette, post, smtp and error? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From fmouse-mailman at fmp.com Fri Oct 26 04:44:24 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Thu, 25 Oct 2012 21:44:24 -0500 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <50898E8A.6020403@sgeinc.com> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <1351102670.41465.157.camel@pudina.fmp.com> <50898E8A.6020403@sgeinc.com> Message-ID: <1351219464.38108.27.camel@pudina.fmp.com> On Thu, 2012-10-25 at 15:10 -0400, Richard Shetron wrote: > What arguments do you use to pretend to be mailman delivering to postfix > with swaks? I would run swaks from the same box on which you run Mailman, and use -f with whatever Mailman uses as the envelope sender address for posts, If you have VERP personalization turned on, this would be a "bounces" address. Send to a sample (test) address that's on the list, and use -s with the FQN of the server which your Mailman installation uses. All of this assumes, of course, that you're using postfix as a SMTP server (DELIVERY_MODULE = 'SMTPDirect' as opposed to DELIVERY_MODULE='Sendmail'). If you're using the latter, then swaks won't help you. BTW, it would be a good idea if you'd cc questions such as this to the list. There are some very good minds on the list who might well chime in helpfully, and/or critique my response. > I'm running on too much stress, too little sleep/food ;) > > > On 10/24/2012 2:17 PM, Lindsay Haisley wrote: > > On Wed, 2012-10-24 at 11:06 -0700, Brad Knowles wrote: > >>> Another very useful tool for analyzing mail issues is swaks. > >> > >> Now that's a tool I had not heard of before. I'm assuming you mean > >> the tool at ? > >> > > That's the one. I used to test SMTP stuff by using telnet to port 25 > > and talking to an SMTP server, but swaks does all the lifting for you, > > and gives you a terminal display of the entire dialog in real time, so > > you can see where a SMTP transaction is hanging, or timing out, or > > whatever. It's written in perl, and self-docs with a man-page like help > > system. It has a ton of useful options, and is truly, as advertised, > > "the Swiss army knife for SMTP". As a mail admin, I couldn't be without > > it :) > > From stephen at xemacs.org Fri Oct 26 07:02:46 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Fri, 26 Oct 2012 14:02:46 +0900 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <1351219464.38108.27.camel@pudina.fmp.com> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <1351102670.41465.157.camel@pudina.fmp.com> <50898E8A.6020403@sgeinc.com> <1351219464.38108.27.camel@pudina.fmp.com> Message-ID: <87625xn7ux.fsf@uwakimon.sk.tsukuba.ac.jp> Lindsay Haisley writes: > I would run swaks from the same box on which you run Mailman, and use -f > with whatever Mailman uses as the envelope sender address for > posts, Wow, that's cool! Thanks for the tip! From fmouse-mailman at fmp.com Fri Oct 26 19:50:25 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Fri, 26 Oct 2012 12:50:25 -0500 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <87625xn7ux.fsf@uwakimon.sk.tsukuba.ac.jp> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <1351102670.41465.157.camel@pudina.fmp.com> <50898E8A.6020403@sgeinc.com> <1351219464.38108.27.camel@pudina.fmp.com> <87625xn7ux.fsf@uwakimon.sk.tsukuba.ac.jp> Message-ID: <1351273825.13974.4.camel@pudina.fmp.com> On Fri, 2012-10-26 at 14:02 +0900, Stephen J. Turnbull wrote: > Lindsay Haisley writes: > > I would run swaks from the same box on which you run Mailman, and use -f > > with whatever Mailman uses as the envelope sender address for > > posts, > > Wow, that's cool! Thanks for the tip! I would have thought that everyone who works with or develops any application or server that handles e-mail would know about swaks. But then I kind of live in a bubble out here in the boonies of Texas. -- Lindsay Haisley | "The only unchanging certainty FMP Computer Services | is the certainty of change" 512-259-1190 | http://www.fmp.com | - Ancient wisdom, all cultures From brad at shub-internet.org Sun Oct 28 04:44:29 2012 From: brad at shub-internet.org (Brad Knowles) Date: Sat, 27 Oct 2012 20:44:29 -0700 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <1351273825.13974.4.camel@pudina.fmp.com> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <1351102670.41465.157.camel@pudina.fmp.com> <50898E8A.6020403@sgeinc.com> <1351219464.38108.27.camel@pudina.fmp.com> <87625xn7ux.fsf@uwakimon.sk.tsukuba.ac.jp> <1351273825.13974.4.camel@pudina.fmp.com> Message-ID: <6F0B1AB3-4949-4261-8BEE-61D69DE231E4@shub-internet.org> On Oct 26, 2012, at 10:50 AM, Lindsay Haisley wrote: > I would have thought that everyone who works with or develops any > application or server that handles e-mail would know about swaks. But > then I kind of live in a bubble out here in the boonies of Texas. Well, you surprised both me and Barry with swaks, and in this space I think that takes a bit of doing. :-) So, consider yourself complimented, even if you and I have shared the same "boonies of Texas" location -- although sometimes I wonder if that shouldn't be "loonies of Texas". ;-) ;-) ;-) -- Brad Knowles LinkedIn Profile: From stephen at xemacs.org Mon Oct 29 03:57:40 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Mon, 29 Oct 2012 11:57:40 +0900 Subject: [Mailman-Users] mailman running very slow In-Reply-To: <1351273825.13974.4.camel@pudina.fmp.com> References: <5087F2FB.1060307@sgeinc.com> <1351097540.41465.150.camel@pudina.fmp.com> <9ADD3FB5-AFF9-4473-B85B-0DB5707797AC@shub-internet.org> <1351102670.41465.157.camel@pudina.fmp.com> <50898E8A.6020403@sgeinc.com> <1351219464.38108.27.camel@pudina.fmp.com> <87625xn7ux.fsf@uwakimon.sk.tsukuba.ac.jp> <1351273825.13974.4.camel@pudina.fmp.com> Message-ID: <87objmkmsb.fsf@uwakimon.sk.tsukuba.ac.jp> Lindsay Haisley writes: > I would have thought that everyone who works with or develops any > application or server that handles e-mail would know about swaks. *They* probably do. *I* am an economics professor[1] who moonlights on programmer's editors and host admin for one such project. ;-) Footnotes: [1] With a strong interest in self-organizing systems such as Internet standards and open source software development projects. From wizard at syntheticsw.com Sun Oct 28 17:52:07 2012 From: wizard at syntheticsw.com (Torsten Giebl) Date: Sun, 28 Oct 2012 17:52:07 +0100 Subject: [Mailman-Users] Mailman Downgrade from 2.1.15 to 2.1.13 possible ? Message-ID: <281eed97d79ab21495fb8f7c6ff23973.squirrel@ssl0.ovh.net> Hello ! Is a downgrade from Mailman 2.1.15 to 2.1.13 possible ? I know downgrades are not officially supported. If it is possible, what do i have to do ? Thanks. From soportek at lavabit.com Sun Oct 28 20:49:47 2012 From: soportek at lavabit.com (soportek) Date: Sun, 28 Oct 2012 13:49:47 -0600 Subject: [Mailman-Users] mailan and postfix config problems Message-ID: <508D8C5B.4060403@lavabit.com> I am migrating mailman lists from somedomain.org to lists.somedomain.org I can create new lists for lists.somedomain.org and receive mail from the list but sending mail to lists.somedomain.org results in " Recipient address rejected: User unknown;" I know this is postfix related but I am follwing the postfix config INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py and I have edited... /etc/postfix/main.cf /etc/postfix/master.cf /etc/postfix/transport /etc/mailman/mm_cfg.py ..as per those instructions. I have also read these guides which provide more or less identical instructions. http://wiki.debian.org/Postfix#Mailman_with_Postfix http://library.linode.com/email/mailman/debian-6-squeeze The relevant section of my /etc/postfix/main.cf looks like this alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases virtual_alias_maps = hash:/etc/postfix/virtual local_recipient_maps = $alias_maps, proxy:unix:passwd.byname relay_domains = $mydestination, lists.somedomain.org relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman transport_maps = hash:/etc/postfix/transport mailman_destination_recipient_limit = 1 Something I find odd is that with the above config is that when I create a new list nothing is being written to the file: /var/lib/mailman/data/virtual-mailman I understood that should happen automatically. From bcooksley at kde.org Sun Oct 28 21:27:14 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Mon, 29 Oct 2012 09:27:14 +1300 Subject: [Mailman-Users] POST based subscribe attacks Message-ID: Hi all, We at KDE are currently experiencing attacks upon our Mailman installation, attempting to subscribe random email addresses (which more often than not are valid unfortunately). These attacks are conducted essentially through performing mass HTTP POST requests to /subscribe/listname with few proceeding GET requests. It seems that the attackers are capitalizing on Mailman's lack of CSRF protection. Does anyone know if there are plans to add CSRF protection into Mailman 2? Alternately, is anyone aware of any form of CAPTCHA protection which can be applied to Mailman? It has gotten to the point where we have had to disable web based subscriptions to our mailing lists due to this abuse. Thanks, Ben Cooksley KDE Sysadmin From cpz at tuunq.com Mon Oct 29 18:15:43 2012 From: cpz at tuunq.com (Carl Zwanzig) Date: Mon, 29 Oct 2012 10:15:43 -0700 Subject: [Mailman-Users] POST based subscribe attacks In-Reply-To: References: Message-ID: <508EB9BF.6020406@tuunq.com> On 10/28/2012 1:27 PM, Ben Cooksley wrote: > Alternately, is anyone aware of any form of CAPTCHA protection which > can be applied to Mailman? There was a recent thread that discussed this very thing: starting at http://www.mail-archive.com/mailman-users%40python.org/msg61769.html. z! From mark at msapiro.net Mon Oct 29 18:40:14 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 29 Oct 2012 10:40:14 -0700 Subject: [Mailman-Users] POST based subscribe attacks In-Reply-To: Message-ID: Ben Cooksley wrote: > >It seems that the attackers are capitalizing on Mailman's lack of CSRF >protection. Does anyone know if there are plans to add CSRF protection >into Mailman 2? It depends what you mean by CSRF protection. If you mean true protection based on something like the addition and validation of some nonce in URLs, then no, there are no plans to do this. However, the admin interface in Mailman 2.1.15 has been somewhat hardened against CSRF. The following is from the 2.1.15 section of the NEWS file > The web admin interface has been hardened against CSRF attacks by adding > a hidden, encrypted token with a time stamp to form submissions and not > accepting authentication by cookie if the token is missing, invalid or > older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one > hour. Posthumous thanks go to Tokio Kikuchi for this implementation > which is only one of his many contributions to Mailman prior to his > death from cancer on 14 January 2012. This hardening does not extend to the subscribe form, but I doubt that CSRF is involved there as no authentication is required to POST a subscribe request. Anyone can GET the listinfo page and then post the form data. Otherwise, it wouldn't be very useful as a user subscription request. Also, see the thread at referred to in Carl's reply. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Oct 29 19:18:50 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 29 Oct 2012 11:18:50 -0700 Subject: [Mailman-Users] Mailman Downgrade from 2.1.15 to 2.1.13 possible ? In-Reply-To: <281eed97d79ab21495fb8f7c6ff23973.squirrel@ssl0.ovh.net> Message-ID: Torsten Giebl wrote: > > >Is a downgrade from Mailman 2.1.15 to 2.1.13 possible ? >I know downgrades are not officially supported. >If it is possible, what do i have to do ? It should be possible without problems, but why do you want to do this. Perhaps what you want to accomplish can be done by configuration changes in Mailman 2.1.15. Assuming you installed Mailman 2.1.15 from a GNU Mailman project tarball distribution, downgrade would be accomplished by downloading and unpacking the 2.1.13 tarball (See ), and running configure and make, stopping Mailman and possibly the web server, running make install and starting the stopped services just as you would for an upgrade. Note that make install runs bin/update which will detect the downgrade, issue a warning and do nothing. You can ignore the warning in this case. Not that this process won't work for all downgrades because of irreversable database changes that have occurred, but it should be OK for 2.1.15 -> 2.1.13. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From fmouse-mailman at fmp.com Mon Oct 29 19:25:25 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Mon, 29 Oct 2012 13:25:25 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <1351535125.48214.92.camel@pudina.fmp.com> On Thu, 2012-10-18 at 23:53 +0000, Kalbfleisch, Gary wrote: > I am running 2.1.9 because that is the latest version available from > Redhat as a package. It's relatively simple to install Mailman from the source package, but one thing that would help a great deal with this would be default inclusion in the built package of a standard text or script that would contain, or issue, the arguments provided to configure during the build process. There are several critical parameters including the prefix, the var-prefix and of course the mail-gid which ought to be readily available for this purpose. If you've already built Mailman from source, this information is of course available in the config.log, but for people installing Mailman from an outdated package from a distribution, and wanting to catch up with the latest improvements or security fixes, having this information available as part of the distributed end product would be a big help. This is already done for many large and complex packages, would be a big help in making the transition from a pre-built Mailman package to a source-based update. Maybe this information is already available. I only spent about 5 minutes looking for it outside of the source tree and couldn't find it. -- Lindsay Haisley | "Behold! Our way lies through a FMP Computer Services | dark wood whence in which 512-259-1190 | weirdness may wallow!? http://www.fmp.com | --Beauregard From mark at msapiro.net Mon Oct 29 19:36:10 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 29 Oct 2012 11:36:10 -0700 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: <508D8C5B.4060403@lavabit.com> Message-ID: soportek wrote: [...] > >I know this is postfix related but I am follwing the postfix config >INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py [...] >I have also read these guides which provide more or less identical >instructions. >http://wiki.debian.org/Postfix#Mailman_with_Postfix >http://library.linode.com/email/mailman/debian-6-squeeze > >The relevant section of my /etc/postfix/main.cf looks like this > > alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases > alias_database = hash:/etc/aliases > virtual_alias_maps = hash:/etc/postfix/virtual > local_recipient_maps = $alias_maps, proxy:unix:passwd.byname > > relay_domains = $mydestination, lists.somedomain.org > relay_recipient_maps = hash:/var/lib/mailman/data/virtual-mailman > transport_maps = hash:/etc/postfix/transport > mailman_destination_recipient_limit = 1 > > >Something I find odd is that with the above config is that when I create >a new list nothing is being written to the file: > /var/lib/mailman/data/virtual-mailman First see the FAQ at . Then see the results of this Google search ; in particular see postfix_to_mailman.py is a third-party package which is not distributed by the GNU Mailman project, nor is it officially supported by the GNU Mailman project. It is an alternative to and incompatible with delivery to mailman via aliases and virtual alias maps. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Mon Oct 29 19:43:49 2012 From: mark at msapiro.net (Mark Sapiro) Date: Mon, 29 Oct 2012 11:43:49 -0700 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351535125.48214.92.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> Message-ID: <508ECE65.3040604@msapiro.net> On 10/29/2012 11:25 AM, Lindsay Haisley wrote: > On Thu, 2012-10-18 at 23:53 +0000, Kalbfleisch, Gary wrote: >> I am running 2.1.9 because that is the latest version available from >> Redhat as a package. > > It's relatively simple to install Mailman from the source package, but > one thing that would help a great deal with this would be default > inclusion in the built package of a standard text or script that would > contain, or issue, the arguments provided to configure during the build > process. [...] > Maybe this information is already available. I only spent about 5 > minutes looking for it outside of the source tree and couldn't find it. See and the Mailman-Developers post linked therefrom. It's probably out of date and does not directly address the issue of making this information available as part of the 3rd party package, but it is probably still useful to someone trying to upgrade RedHat Mailman from source. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From fmouse-mailman at fmp.com Mon Oct 29 20:14:09 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Mon, 29 Oct 2012 14:14:09 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <508ECE65.3040604@msapiro.net> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <508ECE65.3040604@msapiro.net> Message-ID: <1351538049.48214.103.camel@pudina.fmp.com> On Mon, 2012-10-29 at 11:43 -0700, Mark Sapiro wrote: > See and the Mailman-Developers post linked > therefrom. It's probably out of date and does not directly address the > issue of making this information available as part of the 3rd party > package, but it is probably still useful to someone trying to upgrade > RedHat Mailman from source. Yes, this article is very informative, and at present may be the best thing available for an old-package to new-source upgrade. And yes, it does not address the issue of making this information available as a default part of the 3rd party package. Such an enhancement would obviously not help anyone using a currently "older" Mailman package, but going forward, say into MM3, it might be a good idea to make this information available in some such way. I use courier as a MTA, and courier has a "courier-config" executable in /usr/bin which spits out all sorts of useful build information, including the package creator's build-time configure args. -- Lindsay Haisley | "The difference between a duck is because FMP Computer Services | one leg is both the same" 512-259-1190 | - Anonymous http://www.fmp.com | From Ralf.Hildebrandt at charite.de Mon Oct 29 20:15:00 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Mon, 29 Oct 2012 20:15:00 +0100 Subject: [Mailman-Users] POST based subscribe attacks In-Reply-To: References: Message-ID: <20121029191500.GE24940@charite.de> * Ben Cooksley : > Hi all, > > We at KDE are currently experiencing attacks upon our Mailman > installation, attempting to subscribe random email addresses (which > more often than not are valid unfortunately). These attacks are > conducted essentially through performing mass HTTP POST requests to > /subscribe/listname with few proceeding GET requests. > > It seems that the attackers are capitalizing on Mailman's lack of CSRF > protection. Does anyone know if there are plans to add CSRF protection > into Mailman 2? > Alternately, is anyone aware of any form of CAPTCHA protection which > can be applied to Mailman? > > It has gotten to the point where we have had to disable web based > subscriptions to our mailing lists due to this abuse. Interestingly this could be the cause for the recent onslaught of fake subscription attemps at mail.python.org You definitely get a +1 for me on this one :) -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From bcooksley at kde.org Mon Oct 29 20:33:14 2012 From: bcooksley at kde.org (Ben Cooksley) Date: Tue, 30 Oct 2012 08:33:14 +1300 Subject: [Mailman-Users] POST based subscribe attacks In-Reply-To: References: Message-ID: On Tue, Oct 30, 2012 at 6:40 AM, Mark Sapiro wrote: > Ben Cooksley wrote: >> >>It seems that the attackers are capitalizing on Mailman's lack of CSRF >>protection. Does anyone know if there are plans to add CSRF protection >>into Mailman 2? > > > It depends what you mean by CSRF protection. If you mean true > protection based on something like the addition and validation of some > nonce in URLs, then no, there are no plans to do this. I mean placing some form of unique token in the form itself on the web page, and validating this token on the server side. > > However, the admin interface in Mailman 2.1.15 has been somewhat > hardened against CSRF. The following is from the 2.1.15 section of the > NEWS file That is good news. > >> The web admin interface has been hardened against CSRF attacks by adding >> a hidden, encrypted token with a time stamp to form submissions and not >> accepting authentication by cookie if the token is missing, invalid or >> older than the new mm_cfg.py setting FORM_LIFETIME which defaults to one >> hour. Posthumous thanks go to Tokio Kikuchi for this implementation >> which is only one of his many contributions to Mailman prior to his >> death from cancer on 14 January 2012. > > > This hardening does not extend to the subscribe form, but I doubt that > CSRF is involved there as no authentication is required to POST a > subscribe request. Anyone can GET the listinfo page and then post the > form data. Otherwise, it wouldn't be very useful as a user > subscription request. A pity, as the subscription form definitely could do with the same form of protection. The need to retrieve another page, parse the html to get the CSRF token and then generate an appropriate POST request would represent a much larger obstacle than the current Mailman subscription system, which provides no protection. > > Also, see the thread at > > referred to in Carl's reply. While i'm aware that CAPTCHA's can be broken, it does raise the level of difficulty the spammer must go through to abuse your service. > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, California better use your sense - B. Dylan > Regards, Ben Cooksley KDE Sysadmin From fmouse-mailman at fmp.com Mon Oct 29 21:17:10 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Mon, 29 Oct 2012 15:17:10 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351538049.48214.103.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <508ECE65.3040604@msapiro.net> <1351538049.48214.103.camel@pudina.fmp.com> Message-ID: <1351541830.48214.113.camel@pudina.fmp.com> On Mon, 2012-10-29 at 14:14 -0500, Lindsay Haisley wrote: > On Mon, 2012-10-29 at 11:43 -0700, Mark Sapiro wrote: > > See and the Mailman-Developers post linked > > therefrom. It's probably out of date and does not directly address the > > issue of making this information available as part of the 3rd party > > package, but it is probably still useful to someone trying to upgrade > > RedHat Mailman from source. > > Yes, this article is very informative, and at present may be the best > thing available for an old-package to new-source upgrade. And yes, it > does not address the issue of making this information available as a > default part of the 3rd party package. Adding this feature would involve only about 6 lines of code :) in configure.in: --- configure.in.orig 2012-10-29 14:37:31.000000000 -0500 +++ configure.in 2012-10-29 14:59:13.000000000 -0500 @@ -18,7 +18,8 @@ AC_REVISION($Revision: 8122 $) AC_PREREQ(2.0) AC_INIT(src/common.h) - +CONFIGURE_CLI="$0 $@" +AC_SUBST(CONFIGURE_CLI) # /usr/local/mailman is the default installation directory AC_PREFIX_DEFAULT(/usr/local/mailman) @@ -683,6 +684,7 @@ contrib/qmail-to-mailman.py \ contrib/courier-to-mailman.py \ contrib/rotatelogs.py \ +contrib/mm-config \ cron/bumpdigests \ cron/checkdbs \ cron/cull_bad_shunt \ And in the contrib directory, a short script, mm-config, to display this information: #!/usr/bin/python print """Mailman was built with the following configuration invocation: %s""" % ("@CONFIGURE_CLI@",) This properly belongs on the mailman-developers list, so please excuse my posting it on the thread here, but I though the discussion might be useful. I also posted it to the developers list. -- Lindsay Haisley | "Real programmers use butterflies" FMP Computer Services | 512-259-1190 | - xkcd http://www.fmp.com | From GaryK at shoreline.edu Mon Oct 29 22:04:05 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Mon, 29 Oct 2012 21:04:05 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351535125.48214.92.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> Message-ID: <8FBF98319244EE48845CC9BF72AB49E850DFB824@SCC-EX2010-MBX2.shore.ctc.edu> I like to stick with packages when possible because it makes maintenance much easier. This is really a non-issue since the current version of Mailman does not have a fix for this problem. Thank you, -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax > -----Original Message----- > From: Mailman-Users [mailto:mailman-users- > bounces+garyk=shoreline.edu at python.org] On Behalf Of Lindsay Haisley > Sent: Monday, October 29, 2012 11:25 AM > To: mailman-users at python.org > Subject: Re: [Mailman-Users] Automated Subscription Bots Inundating List > Owners With Subscription Requests > > On Thu, 2012-10-18 at 23:53 +0000, Kalbfleisch, Gary wrote: > > I am running 2.1.9 because that is the latest version available from > > Redhat as a package. > > It's relatively simple to install Mailman from the source package, but one > thing that would help a great deal with this would be default inclusion in the > built package of a standard text or script that would contain, or issue, the > arguments provided to configure during the build process. There are several > critical parameters including the prefix, the var-prefix and of course the mail- > gid which ought to be readily available for this purpose. > > If you've already built Mailman from source, this information is of course > available in the config.log, but for people installing Mailman from an > outdated package from a distribution, and wanting to catch up with the latest > improvements or security fixes, having this information available as part of > the distributed end product would be a big help. > This is already done for many large and complex packages, would be a big > help in making the transition from a pre-built Mailman package to a source- > based update. > > Maybe this information is already available. I only spent about 5 minutes > looking for it outside of the source tree and couldn't find it. > > -- > Lindsay Haisley | "Behold! Our way lies through a > FMP Computer Services | dark wood whence in which > 512-259-1190 | weirdness may wallow!? > http://www.fmp.com | --Beauregard > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: > http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail- > archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman- > users/garyk%40shoreline.edu From soportek at lavabit.com Tue Oct 30 01:09:07 2012 From: soportek at lavabit.com (soportek) Date: Mon, 29 Oct 2012 18:09:07 -0600 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: References: Message-ID: <508F1AA3.7090404@lavabit.com> On 10/29/2012 12:36 PM, Mark Sapiro wrote: > soportek wrote: > > [...] >> >> I know this is postfix related but I am follwing the postfix config >> INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py > [...] > First see the FAQ at . > > Then see the results of this Google search > ; > in particular see > > > > postfix_to_mailman.py is a third-party package which is not distributed > by the GNU Mailman project, nor is it officially supported by the GNU > Mailman project. It is an alternative to and incompatible with > delivery to mailman via aliases and virtual alias maps. > Ah! Sorry I had no idea this script wasn't developed by the GNU Mailman project. I must be the Nth person to bother the list about it. Funny that none of my searches turned up that important detail. Seems like it might be a good idea to recommend against using this script directly in one of the FAQ's on the mailman site or here http://wiki.list.org/display/DOC/Integrating+Mailman+with+postfix From stephen at xemacs.org Tue Oct 30 02:40:50 2012 From: stephen at xemacs.org (Stephen J. Turnbull) Date: Tue, 30 Oct 2012 10:40:50 +0900 Subject: [Mailman-Users] POST based subscribe attacks In-Reply-To: References: Message-ID: <87625slot9.fsf@uwakimon.sk.tsukuba.ac.jp> Ben Cooksley writes: > A pity, as the subscription form definitely could do with the same > form of protection. Think about what you're saying. "Open subscription" either means open subscription, or an admin has to do all the work. There's no third way. (Well, there is, but it only applies to lists that don't need to allow subscriptions from outside the firewall, and cannot be implemented in Mailman itself.) > While i'm aware that CAPTCHA's can be broken, it does raise the level > of difficulty the spammer must go through to abuse your service. No, it doesn't. It's a one-time investment for the spammers, and raises the level of difficulty for the *first* victim. After that, it's all free to them. If you want CAPTCHA, what you *want* to do is to implement it yourself. Once it becomes standard in Mailman, it will be broken (probably weeks before the official release), the exploit will be on sale (ditto), and CAPTCHA will be worthless to you from then on. Personally, I haven't seen any evidence of these attacks. My lists max at less than 1000 users, most are less than a dozen. I suspect this means that these miscreants are going after big lists because they're big. If so, there is probably enough profit in it that they can afford to hire people to solve CAPTCHAs and PlayThru. We need to rethink the whole model. :-( From fmouse-mailman at fmp.com Tue Oct 30 04:36:31 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Mon, 29 Oct 2012 22:36:31 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E850DFB824@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <8FBF98319244EE48845CC9BF72AB49E850DFB824@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <1351568191.48214.133.camel@pudina.fmp.com> On Mon, 2012-10-29 at 21:04 +0000, Kalbfleisch, Gary wrote: > I like to stick with packages when possible because it makes > maintenance much easier. As do I. There are times, however, when mission-critical packages in a distribution are outdated, or absent, or broken and building from source is the only option. IMHO, having the knowledge and the tools on one's system to do builds from the upstream source is an important system administration skill. I always seem to have one or two packages on any box that end up being built from source. Mailman is one of them, because I have a number of patches for it that I've developed, and because building and installing it from source is very easy. Juggling packages vs. upstream source is something you get used to. All package management system that I know of have ways of freezing packages at a certain level or version so that your custom builds don't get crosswise of package management. -- Lindsay Haisley | "Real programmers use butterflies" FMP Computer Services | 512-259-1190 | - xkcd http://www.fmp.com | From GaryK at shoreline.edu Tue Oct 30 05:56:17 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 30 Oct 2012 04:56:17 +0000 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351568191.48214.133.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <8FBF98319244EE48845CC9BF72AB49E850DFB824@SCC-EX2010-MBX2.shore.ctc.edu>, <1351568191.48214.133.camel@pudina.fmp.com> Message-ID: <2EE00797-5CB0-41B9-A4A8-1BBEBA3985FF@shoreline.edu> Don't assume that I don't have the skills. I have been building the linux os from source since long before most people even heard of the Internet. I manage my time very carefully, and mailman is a very small part of what I do. The newest version of mailman does not resolve any of the issues that I have been expiriencing if you have read my posts. I have implemented the security measures required using other means until such a time that they are resolved in mailman. Regards Gary Kalbfleisch Sent from my iPod On Oct 29, 2012, at 8:37 PM, "Lindsay Haisley" wrote: > On Mon, 2012-10-29 at 21:04 +0000, Kalbfleisch, Gary wrote: >> I like to stick with packages when possible because it makes >> maintenance much easier. > > As do I. There are times, however, when mission-critical packages in a > distribution are outdated, or absent, or broken and building from source > is the only option. IMHO, having the knowledge and the tools on one's > system to do builds from the upstream source is an important system > administration skill. I always seem to have one or two packages on any > box that end up being built from source. Mailman is one of them, > because I have a number of patches for it that I've developed, and > because building and installing it from source is very easy. > > Juggling packages vs. upstream source is something you get used to. All > package management system that I know of have ways of freezing packages > at a certain level or version so that your custom builds don't get > crosswise of package management. > > -- > Lindsay Haisley | "Real programmers use butterflies" > FMP Computer Services | > 512-259-1190 | - xkcd > http://www.fmp.com | > > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman-users/garyk%40shoreline.edu From andi at sixhop.net Tue Oct 30 09:07:10 2012 From: andi at sixhop.net (Andreas Nitsche) Date: Tue, 30 Oct 2012 09:07:10 +0100 Subject: [Mailman-Users] There are no pending requests when clicking on the link in the mail Message-ID: <508F8AAE.7040402@sixhop.net> Hello, I tried to search some answers for this problem but didn't find anyone. I'm getting a daily mail which says that there is one mail which needs to be moderated. The link I get is http://lists.mydomain.com/mailman/admindb/orga When clicking on that link the site says that there are no pending requests. From other posts I got the hint to have a look at some files, so there is heldmsg-orga file within the data directory and even in lists/orga/request.pck is a hint to this mail. I also checked the permissions with check_perms and corrected them after the mail was received with check_perms -f. Can you tell me what's going wrong here? cheers Andi From GaryK at shoreline.edu Tue Oct 30 14:50:10 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 30 Oct 2012 13:50:10 +0000 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users Message-ID: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> I received three unsubscribe confirmations over night. I did not initiate these. The source IP's resolve to India and Sri Lanka. Is it just me or is this happening to other subscribers? -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax From Ralf.Hildebrandt at charite.de Tue Oct 30 14:51:45 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 30 Oct 2012 14:51:45 +0100 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> References: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: <20121030135145.GY25787@charite.de> * Kalbfleisch, Gary : > I received three unsubscribe confirmations over night. I did not > initiate these. The source IP's resolve to India and Sri Lanka. Is it > just me or is this happening to other subscribers? Not to me, but we're also seeing subscription requests that are reported as spam by the victims at yahoo. -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From GaryK at shoreline.edu Tue Oct 30 15:01:10 2012 From: GaryK at shoreline.edu (Kalbfleisch, Gary) Date: Tue, 30 Oct 2012 14:01:10 +0000 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: <20121030135145.GY25787@charite.de> References: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> <20121030135145.GY25787@charite.de> Message-ID: <8FBF98319244EE48845CC9BF72AB49E850DFF710@SCC-EX2010-MBX2.shore.ctc.edu> Sounds familiar. Please see the thread "Automated Subscription Bots Inundating List Owners With Subscription Requests" if you haven't already. -- Gary Kalbfleisch -- Director of Technology Support Services -- Shoreline Community College -- (206) 546-5813 -- (206) 546-6943 Fax -----Original Message----- From: Mailman-Users [mailto:mailman-users-bounces+garyk=shoreline.edu at python.org] On Behalf Of Ralf Hildebrandt Sent: Tuesday, October 30, 2012 6:52 AM To: mailman-users at python.org Subject: Re: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users * Kalbfleisch, Gary : > I received three unsubscribe confirmations over night. I did not > initiate these. The source IP's resolve to India and Sri Lanka. Is it > just me or is this happening to other subscribers? Not to me, but we're also seeing subscription requests that are reported as spam by the victims at yahoo. -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 ------------------------------------------------------ Mailman-Users mailing list Mailman-Users at python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/garyk%40shoreline.edu From barry at list.org Tue Oct 30 16:35:47 2012 From: barry at list.org (Barry Warsaw) Date: Tue, 30 Oct 2012 16:35:47 +0100 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <1351538049.48214.103.camel@pudina.fmp.com> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <508ECE65.3040604@msapiro.net> <1351538049.48214.103.camel@pudina.fmp.com> Message-ID: <20121030163547.48d018fa@resist> On Oct 29, 2012, at 02:14 PM, Lindsay Haisley wrote: >Such an enhancement would obviously not help anyone using a currently >"older" Mailman package, but going forward, say into MM3, it might be a >good idea to make this information available in some such way. I use >courier as a MTA, and courier has a "courier-config" executable >in /usr/bin which spits out all sorts of useful build information, >including the package creator's build-time configure args. Mailman 3 should be much more FHS friendly out of the box. Of course, one important change is that we have actual ini-file configuration and not the crazy mm_cfg.py stuff. The ini-file contains a [mailman]layout configuration variable which names a [paths.*] section from your configuration file. These sections are used to locate all the directories Mailman puts things. By default, it uses the [paths.dev] layout which puts everything under a local, relative 'var' directory. It comes with a [paths.fhs] section so switching to FHS layout (which of course distro versions of Mailman 3 should do), you would add the following to your mailman.cfg file: -----snip snip----- [mailman] layout: fhs -----snip snip----- Here are the values it uses in FHS layout: [paths.fhs] # Filesystem Hiearchy Standard 2.3 # http://www.pathname.com/fhs/pub/fhs-2.3.html bin_dir: /sbin var_dir: /var/lib/mailman queue_dir: /var/spool/mailman log_dir: /var/log/mailman lock_dir: /var/lock/mailman etc_dir: /etc ext_dir: /etc/mailman.d pid_file: /var/run/mailman/master.pid Of course, if you wanted to e.g. put the master.pid file in /run instead of /var/run, you could do something like this: -----snip snip----- [mailman] layout: slashrun [paths.slashrun] bin_dir: /sbin var_dir: /var/lib/mailman queue_dir: /var/spool/mailman log_dir: /var/log/mailman lock_dir: /var/lock/mailman etc_dir: /etc ext_dir: /etc/mailman.d pid_file: /run/mailman/master.pid -----snip snip----- Cheers, -Barry From mark at msapiro.net Tue Oct 30 19:58:24 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 11:58:24 -0700 Subject: [Mailman-Users] There are no pending requests when clicking on thelink in the mail In-Reply-To: <508F8AAE.7040402@sixhop.net> Message-ID: Andreas Nitsche wrote: > >I'm getting a daily mail which says that there is one mail which needs >to be moderated. The link I get is > >http://lists.mydomain.com/mailman/admindb/orga > >When clicking on that link the site says that there are no pending requests. See the FAQ at . > From other posts I got the hint to have a look at some files, so there is heldmsg-orga file within the data directory and even in lists/orga/request.pck is a hint to this mail. In this case, it seems that whatever web server is at lists.mydomain.com is invoking the admindb CGI for a different Mailman than the one whose data/ and lists/ directories you are looking at. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From mark at msapiro.net Tue Oct 30 20:16:17 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 12:16:17 -0700 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> Message-ID: Kalbfleisch, Gary wrote: > >I received three unsubscribe confirmations over night. I did not initiate >these. The source IP's resolve to India and Sri Lanka. Is it just me or is > this happening to other subscribers? I get them all the time. More often they originate from email (probably spam sent to mailman-users-unsubscribe or mailman-users-leave and spoofing me in the From:). Only web initiated unsubscribes have a source IP in the confirmation. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From soportek at lavabit.com Tue Oct 30 20:34:15 2012 From: soportek at lavabit.com (soportek) Date: Tue, 30 Oct 2012 13:34:15 -0600 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: References: Message-ID: <50902BB7.5000402@lavabit.com> On 10/29/2012 12:36 PM, Mark Sapiro wrote: > soportek wrote: > > [...] >> >> I know this is postfix related but I am follwing the postfix config >> INSTALL instructions from /var/lib/mailman/bin/postfix-to-mailman.py > [...] > First see the FAQ at . > .. > > postfix_to_mailman.py is a third-party package which is not distributed > by the GNU Mailman project, nor is it officially supported by the GNU > Mailman project. It is an alternative to and incompatible with > delivery to mailman via aliases and virtual alias maps. > Ok, so I've reverted my previous changes and now I've followed the exact instructions from http://wiki.list.org/display/DOC/Integrating+Mailman+with+postfix I can create new lists as lists.somedomain.org, aliases seem to be created fine but then no mail is ever sent from the list. I can send a request to the list and I don't receive a bounce. I don't see any errors in the mailman o postfix log so I can't tell what is happening. From mark at msapiro.net Tue Oct 30 21:06:36 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 13:06:36 -0700 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: <50902BB7.5000402@lavabit.com> References: <50902BB7.5000402@lavabit.com> Message-ID: <5090334C.4030500@msapiro.net> On 10/30/2012 12:34 PM, soportek wrote: > > Ok, so I've reverted my previous changes and now I've followed the exact > instructions from > http://wiki.list.org/display/DOC/Integrating+Mailman+with+postfix See the notes I just added to the above article. > I can create new lists as lists.somedomain.org, aliases seem to be > created fine but then no mail is ever sent from the list. I can send a > request to the list and I don't receive a bounce. I don't see any errors > in the mailman o postfix log so I can't tell what is happening. See the FAQ at . Look at all Mailman's logs and queues. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Steven.Jones at vuw.ac.nz Tue Oct 30 20:39:23 2012 From: Steven.Jones at vuw.ac.nz (Steven Jones) Date: Tue, 30 Oct 2012 19:39:23 +0000 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: References: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu>, Message-ID: <833D8E48405E064EBC54C84EC6B36E4054706DCB@STAWINCOX10MBX4.staff.vuw.ac.nz> Hi, We are certainly seeing a lot of subscription attempts in the last 2weeks, as if mailman lists are being actively targeted. Some lists have over 400 subscription attempts outstanding. :/ regards Steven Jones Technical Specialist - Linux RHCE Victoria University, Wellington, NZ 0064 4 463 6272 ________________________________________ From: Mailman-Users [mailman-users-bounces+steven.jones=vuw.ac.nz at python.org] on behalf of Mark Sapiro [mark at msapiro.net] Sent: Wednesday, 31 October 2012 8:16 a.m. To: Kalbfleisch, Gary; mailman-users at python.org Subject: Re: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users Kalbfleisch, Gary wrote: > >I received three unsubscribe confirmations over night. I did not initiate >these. The source IP's resolve to India and Sri Lanka. Is it just me or is > this happening to other subscribers? I get them all the time. More often they originate from email (probably spam sent to mailman-users-unsubscribe or mailman-users-leave and spoofing me in the From:). Only web initiated unsubscribes have a source IP in the confirmation. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan ------------------------------------------------------ Mailman-Users mailing list Mailman-Users at python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/steven.jones%40vuw.ac.nz From fmouse-mailman at fmp.com Tue Oct 30 22:11:32 2012 From: fmouse-mailman at fmp.com (Lindsay Haisley) Date: Tue, 30 Oct 2012 16:11:32 -0500 Subject: [Mailman-Users] Automated Subscription Bots Inundating List Owners With Subscription Requests In-Reply-To: <2EE00797-5CB0-41B9-A4A8-1BBEBA3985FF@shoreline.edu> References: <8FBF98319244EE48845CC9BF72AB49E84DB354CD@SCC-EX2010-MBX2.shore.ctc.edu> <1351535125.48214.92.camel@pudina.fmp.com> <8FBF98319244EE48845CC9BF72AB49E850DFB824@SCC-EX2010-MBX2.shore.ctc.edu> ,<1351568191.48214.133.camel@pudina.fmp.com> <2EE00797-5CB0-41B9-A4A8-1BBEBA3985FF@shoreline.edu> Message-ID: <1351631492.54729.17.camel@pudina.fmp.com> On Tue, 2012-10-30 at 04:56 +0000, Kalbfleisch, Gary wrote: > Don't assume that I don't have the skills. I don't. Please accept my apology if you thought that I implied this. > I have been building the linux os from source since long before most > people even heard of the Internet. I manage my time very carefully, > and mailman is a very small part of what I do. The newest version of > mailman does not resolve any of the issues that I have been > expiriencing if you have read my posts. Yes, I have been following the thread. An update to a newer version of MM would allow you to bulk-delete spurious subscription requests - a small advantage, to be sure, but a time-saver over versions which didn't offer this administrative feature. > I have implemented the security measures required using other means > until such a time that they are resolved in mailman. FWIW, I've had very good results using SpamAssassin as a pre-filter for Mailman, using James Henstridge's package (patched for post MM versions >= 2.1.10). See: http://wiki.list.org/pages/viewpage.action?pageId=4030589 http://www.jamesh.id.au/articles/mailman-spamassassin/ This filter also blocks a lot of spurious subscription attempts, according to my list hosting customers, who have told me that the filter has substantially reduced the amount of administrative spam they have to deal with (compared to when the filter has not been in place) and haven't mentioned a problem with false positives. I know this filter is quite old, but with the patch for more recent MM versions (wiki.list.org) it seems to work quite well. Servers here also block email at the front door based on the CBL advisory list, which probably also helps. -- Lindsay Haisley | "Humor will get you through times of no humor FMP Computer Services | better than no humor will get you through 512-259-1190 | times of humor." http://www.fmp.com | - Butch Hancock From jesus at evangelizacion.org.mx Tue Oct 30 21:47:15 2012 From: jesus at evangelizacion.org.mx (Jesus Rivas) Date: Tue, 30 Oct 2012 14:47:15 -0600 Subject: [Mailman-Users] list of subcriber diggest Message-ID: <50903CD3.9050104@evangelizacion.org.mx> Hi, there are any way to get list of subscriber digests? regards Sistemas ---------------------- Evangelizaci?n Activa Comunicaci?n Digital al Servicio del Evangelio www.evangelizacion.org.mx 8347-5438 y 8123-1293 From mark at msapiro.net Tue Oct 30 22:35:59 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 14:35:59 -0700 Subject: [Mailman-Users] list of subcriber diggest In-Reply-To: <50903CD3.9050104@evangelizacion.org.mx> Message-ID: Jesus Rivas wrote: > >there are any way to get list of subscriber digests? If you mean a list of only those subscribers who are subsccribed in digest mode, see the FAQ at . Both list_members and the script at have "digest only" options. Also, the 'roster' page separates subscribers by digest/non-digest. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Ralf.Hildebrandt at charite.de Tue Oct 30 22:42:36 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Tue, 30 Oct 2012 22:42:36 +0100 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: <833D8E48405E064EBC54C84EC6B36E4054706DCB@STAWINCOX10MBX4.staff.vuw.ac.nz> References: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> <833D8E48405E064EBC54C84EC6B36E4054706DCB@STAWINCOX10MBX4.staff.vuw.ac.nz> Message-ID: <20121030214236.GB29736@charite.de> * Steven Jones : > Hi, > > We are certainly seeing a lot of subscription attempts in the last 2weeks, as if mailman lists are being actively targeted. Some lists have over 400 subscription attempts outstanding. Is there a simple way of seeing which lists still have outstanding requests? -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From kjohnson at pcc.edu Tue Oct 30 22:57:59 2012 From: kjohnson at pcc.edu (Kirke Johnson) Date: Tue, 30 Oct 2012 14:57:59 -0700 Subject: [Mailman-Users] I did not submit a request to unsubscribe from mailman-users In-Reply-To: <20121030214236.GB29736@charite.de> References: <8FBF98319244EE48845CC9BF72AB49E850DFF653@SCC-EX2010-MBX2.shore.ctc.edu> <833D8E48405E064EBC54C84EC6B36E4054706DCB@STAWINCOX10MBX4.staff.vuw.ac.nz> <20121030214236.GB29736@charite.de> Message-ID: That appears at the bottom when you run the Mailman Daily Status Report using the mmdsr script. See . Kirke Johnson Internet: kjohnson at pcc.edu Email Administrator, TSS , Sylvania Campus Portland Community College, Portland, OR, USA (971) 722-4368 On Tue, Oct 30, 2012 at 2:42 PM, Ralf Hildebrandt wrote: > * Steven Jones : >> Hi, >> >> We are certainly seeing a lot of subscription attempts in the last 2weeks, as if mailman lists are being actively targeted. Some lists have over 400 subscription attempts outstanding. > > Is there a simple way of seeing which lists still have outstanding > requests? > > -- > Ralf Hildebrandt Charite Universit?tsmedizin Berlin > ralf.hildebrandt at charite.de Campus Benjamin Franklin > http://www.charite.de Hindenburgdamm 30, 12203 Berlin > Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 > ------------------------------------------------------ > Mailman-Users mailing list Mailman-Users at python.org > http://mail.python.org/mailman/listinfo/mailman-users > Mailman FAQ: http://wiki.list.org/x/AgA3 > Security Policy: http://wiki.list.org/x/QIA9 > Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ > Unsubscribe: http://mail.python.org/mailman/options/mailman-users/kjohnson%40pcc.edu From mark at msapiro.net Tue Oct 30 23:27:46 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 15:27:46 -0700 Subject: [Mailman-Users] I did not submit a request to unsubscribe frommailman-users In-Reply-To: Message-ID: Kirke Johnson wrote: >That appears at the bottom when you run the Mailman Daily Status >Report using the mmdsr script. See > . In reply to: >On Tue, Oct 30, 2012 at 2:42 PM, Ralf Hildebrandt > wrote: >> >> Is there a simple way of seeing which lists still have outstanding >> requests? The mmdsr report only shows and sumarises the held message files in Mailman's data/ directory. It also doesn't do all of them if the list is long. See for a script that lists all the outstanding held message, subscription and unsubscription requests by list and type. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From soportek at lavabit.com Wed Oct 31 01:27:39 2012 From: soportek at lavabit.com (soportek) Date: Tue, 30 Oct 2012 18:27:39 -0600 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: <5090334C.4030500@msapiro.net> References: <50902BB7.5000402@lavabit.com> <5090334C.4030500@msapiro.net> Message-ID: <5090707B.30109@lavabit.com> On 10/30/2012 02:06 PM, Mark Sapiro wrote: > On 10/30/2012 12:34 PM, soportek wrote: >> >> Ok, so I've reverted my previous changes and now I've followed the exact >> instructions from >> http://wiki.list.org/display/DOC/Integrating+Mailman+with+postfix Ok, so now I first undid specific changes from the wiki tutorial, removed entries from and postmapped /etc/postfix/transport and removed mailman entry from /etc/postfix/master.cf Now I've followed these 2 guides. http://www.list.org/mailman-install/postfix-integration.html http://www.list.org/mailman-install/postfix-virtual.html relevant parts of my mailman mm_cfg.py look like this MTA = 'Postfix' DEB_LISTMASTER = 'postmaster at somedomain.org' POSTFIX_STYLE_VIRTUAL_DOMAIN = ['lists.somedomain.org'] and the relevant parts of my postfix main.cf look like this local_recipient_maps = $alias_maps, proxy:unix:passwd.byname alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases alias_database = hash:/etc/aliases virtual_alias_domains = lists.somedomain.org virtual_alias_maps = hash:/etc/postfix/virtual, hash:/var/lib/mailman/data/virtual-mailman relay_domains = localhost If I create a new list in the lists.somedomain.org domain I receive confirmation from the list but writing to the list results in " Recipient address rejected" from postfix. /var/lib/mailman/data/aliases is being written but /var/lib/mailman/data/virtual-mailman is not being updated by Mailman. bin/check_perms returns no problems. From mark at msapiro.net Wed Oct 31 03:32:49 2012 From: mark at msapiro.net (Mark Sapiro) Date: Tue, 30 Oct 2012 19:32:49 -0700 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: <5090707B.30109@lavabit.com> Message-ID: soportek wrote: > >relevant parts of my mailman mm_cfg.py look like this > MTA = 'Postfix' > DEB_LISTMASTER = 'postmaster at somedomain.org' > POSTFIX_STYLE_VIRTUAL_DOMAIN = ['lists.somedomain.org'] That should be POSTFIX_STYLE_VIRTUAL_DOMAINS = ['lists.somedomain.org'] > >and the relevant parts of my postfix main.cf look like this > > local_recipient_maps = $alias_maps, proxy:unix:passwd.byname > alias_maps = hash:/etc/aliases, hash:/var/lib/mailman/data/aliases > alias_database = hash:/etc/aliases > virtual_alias_domains = lists.somedomain.org > virtual_alias_maps = hash:/etc/postfix/virtual, >hash:/var/lib/mailman/data/virtual-mailman > relay_domains = localhost > >If I create a new list in the lists.somedomain.org domain I receive >confirmation from the list but writing to the list results in " >Recipient address rejected" from postfix. What is the exact Postfix log message? >/var/lib/mailman/data/aliases is being written but >/var/lib/mailman/data/virtual-mailman is not being updated by Mailman. Which is probably the entire issue and is because POSTFIX_STYLE_VIRTUAL_DOMAINS is misspelled. On the other hand, what are your Defaults.py/mm_cfg.py settings for DEFAULT_URL_HOST and DEFAULT_EMAIL_HOST and if these are set in mm_cfg.py, are the settings followed by add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST) and have you run fix_url? -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan From Ralf.Hildebrandt at charite.de Wed Oct 31 09:37:05 2012 From: Ralf.Hildebrandt at charite.de (Ralf Hildebrandt) Date: Wed, 31 Oct 2012 09:37:05 +0100 Subject: [Mailman-Users] I did not submit a request to unsubscribe frommailman-users In-Reply-To: References: Message-ID: <20121031083705.GC22770@charite.de> > See for a script that > lists all the outstanding held message, subscription and > unsubscription requests by list and type. Exactly what I was looking for, thanks -- Ralf Hildebrandt Charite Universit?tsmedizin Berlin ralf.hildebrandt at charite.de Campus Benjamin Franklin http://www.charite.de Hindenburgdamm 30, 12203 Berlin Gesch?ftsbereich IT, Abt. Netzwerk fon: +49-30-450.570.155 From soportek at lavabit.com Wed Oct 31 16:24:21 2012 From: soportek at lavabit.com (soportek) Date: Wed, 31 Oct 2012 09:24:21 -0600 Subject: [Mailman-Users] mailan and postfix config problems In-Reply-To: References: Message-ID: <509142A5.1000001@lavabit.com> On 10/30/2012 10:12 PM, Mark Sapiro wrote: > soportek wrote: >> >> Unfortunately after fixing the error and restarting postfix it still >> doesn't write any data to /var/lib/mailman/data/virtual-mailman > > > Did you run bin/genaliases after fixing POSTFIX_STYLE_VIRTUAL_DOMAINS? > That was it. I forgot to run genaliases again. It is all working fine now. > > If it were required, you'd need to run genaliases after running fix_url. > > Also, is there some reason other than oversight that you didn't reply > on list? > Just oversight. Thank you for your help and patience. From Tim at EpicDartmouth.com Wed Oct 31 17:02:35 2012 From: Tim at EpicDartmouth.com (Tim Chesnutt) Date: Wed, 31 Oct 2012 13:02:35 -0300 Subject: [Mailman-Users] Problem with Administrative requests for Mailing List Message-ID: <50914B9B.8020107@EpicDartmouth.com> I have enabled mailing lists under cPanel on my hosting package and am doing my own testing to ensure I understand how it works before inviting other users, and putting the system into service. Everything was going great with all my tests, till I tried sending a few messages to the list from addresses not yet subscribed. I (as List Administrator), received notice that there were posts that needed my authorization to post. When I visited the "Administrative requests for mailing list" page I see all the options, but none of them have any functionality. That is no matter what option or options I select, when I click "Submit All Data" the page cycles, and returns with no change in the message status - no messages get Accepted, no messages get Rejected, no messages get Discarded, and no message is sent back to the author of the post (I have tried all possible combinations to see if there were someway to trigger action from this page, but to no avail. In addition to not being able to administer these posts while signed in as the List Administrator, I note that I also can not cancel these posts from the email address they were originally submitted: When I follow the link to cancel the posting, I am asked for a "confirmation string (i.e. /cookie/) that you received in your email message". There is no confirmation string received in the email system message telling me that my post is awaiting moderation. The Mailman version provided is 2.1.14-1, and the hosting company has been of no use to date in this question as they are unfamiliar with this functionality. (there is another quirk that I mention here in case it is in some manner related, though I think not: While in cPanel, looking under the heading Mailing Lists, the resulting page allows me to set up mailing lists, but for some reason the "modify" link with each mailing list does not take me to the Mailing List Administration page but to a broken link. I had not worried about this lack of convenience as I can enter directly) Thank you, Tim. -- Do something EPIC today! Tim Chesnutt Race Director Subaru EPIC Dartmouth June 30th, 2013 - Three Great Races, One EPIC Day! AQUA Dartmouth - 3.8k / 180k / 300m EPIC Dartmouth - 3.8k / 180k / 21.1k IRON Dartmouth - 3.8k / 180k / 42.2k www.EpicDartmouth.com From mark at msapiro.net Wed Oct 31 17:42:55 2012 From: mark at msapiro.net (Mark Sapiro) Date: Wed, 31 Oct 2012 09:42:55 -0700 Subject: [Mailman-Users] Problem with Administrative requests for MailingList In-Reply-To: <50914B9B.8020107@EpicDartmouth.com> Message-ID: Tim Chesnutt wrote: >I have enabled mailing lists under cPanel on my hosting package and am >doing my own testing to ensure I understand how it works before inviting >other users, and putting the system into service. See the FAQs at and . >When I visited the "Administrative requests for mailing list" page I see >all the options, but none of them have any functionality. That is no >matter what option or options I select, when I click "Submit All Data" >the page cycles, and returns with no change in the message status - no >messages get Accepted, no messages get Rejected, no messages get >Discarded, and no message is sent back to the author of the post (I have >tried all possible combinations to see if there were someway to trigger >action from this page, but to no avail. See the FAQ at . Also, examine the source of the web page and look at the action= URL in the form tag. Is this URL identical to the URL of the page? Also, is there any message at the top of the returned page? >In addition to not being able to administer these posts while signed in >as the List Administrator, I note that I also can not cancel these posts >from the email address they were originally submitted: When I follow the >link to cancel the posting, I am asked for a "confirmation string (i.e. >/cookie/) that you received in your email message". There is no >confirmation string received in the email system message telling me that >my post is awaiting moderation. The URL in the message you receive should be of the form http://host/mailman/confirm/list_host/xxxxxx where xxxxxx is a string of 40 hex digits. If you go to that URL, you shouldn't need to provide a confirmation string, but if the URL is split by your mail reader, you might just be going to http://host/mailman/confirm/list_host/ or something with less than the full 40 hex digits. In any case, the 40 hex digits are the confirmation string. >The Mailman version provided is 2.1.14-1, and the hosting company has >been of no use to date in this question as they are unfamiliar with this >functionality. You might consider trying to find a hosting service that is more committed to serving its customers ;) >(there is another quirk that I mention here in case it is in some manner >related, though I think not: While in cPanel, looking under the heading >Mailing Lists, the resulting page allows me to set up mailing lists, but >for some reason the "modify" link with each mailing list does not take >me to the Mailing List Administration page but to a broken link. I had >not worried about this lack of convenience as I can enter directly) This is a cPanel feature which is not a part of GNU Mailman. I can't help with cPanel's list maintenance features outside the standard GNU Mailman web admin and admindb interfaces. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan