Re: [linux] Any experiences with Sympa?
Hello, On Mon, Aug 30, 2021 at 08:52:26AM -0400, Dianne Skoll wrote: > Hi, > > I upgraded my web server to Debian 11 "Bullseye" last night and it > rather rudely removed Mailman, which I use to manage three mailing [snip] > > I re-installed Mailman 2 from source, but I don't think that's a viable > long term option. Has anyone had experience with Sympa? I'm > considering that as a replacement for my mailing lists. I've hesitated to answer as I don't have experience from an administrator of Sympa, but as an "uber" admin (I don't remember the Sympa term. We're talking circa 2002 2003) of mailing lists. Maybe it was Master Administrator. I was hoping you would hear from more experienced voices. Anyway, I could do anything to any mailing list on the server that a list owner or admin could do to their own lists. My impressions were that it was HIGHLY configurable. IIRC, there are 4 types of lists depending on who can post and subscribe. You can get notifications for a gazillion things, again, iirc. Multilingual, though that may not be a concern for you. It was for the org I volunteered for. >From where I was standing it seemed like a nice package. I enjoyed the experience of using it. If you do go the Sympa route, I'd be interested in hearing your impressions, both as list admin and as sysadmin. Cheers, -- Znoteer znot...@mailbox.org To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
Re: [linux] Any experiences with Sympa?
On Mon, 30 Aug 2021, Dianne Skoll wrote: I upgraded my web server to Debian 11 "Bullseye" last night and it rather rudely removed Mailman, Debian clearly warns users to check what packages might get removed before upgrading the release. As might be expected when upgrading from a release from two years ago, some packages may no longer be available. That's because Mailman 2 is no longer supported. Debian clearly states in their release notes that Mailman 2 will be removed. You can't blame them because it needs Python 2 which is definitely past end-of-life. "Chapter 5. Issues to be aware of for bullseye 5.3.1. Noteworthy obsolete packages The following is a list of known and noteworthy obsolete packages (see Section 4.8, “Obsolete packages” for a description). The list of obsolete packages includes: ... Mailman mailing list manager suite version 3 is the only available version of Mailman in this release. Mailman has been split up into various components; the core is available in the package mailman3 and the full suite can be obtained via the mailman3-full metapackage. The legacy Mailman version 2.1 is no longer available (this used to be the package mailman). This branch depends on Python 2 which is no longer available in Debian" I re-installed Mailman 2 from source, but I don't think that's a viable long term option. Not unless you are going to apply Python 2 and Mailman security patches yourself - if they are even available reliably. Mailman 3's documentation is also awful and frankly, the software looks half-baked. Having been exploring / installing / testing MM3 to replace this list's current software I feel like this too at this time. Has anyone had experience with Sympa? I'm considering that as a replacement for my mailing lists. No experience. But Sympa DOES support proper From mail header rewriting so as to not break DMARC, and it also support ARC, a more recent mail extension for mailing lists specifically. Without these features a mailing list will NOT be able to reliably deliver messages. https://sympa-community.github.io/manual/customize/dmarc-protection.html https://sympa-community.github.io/manual/customize/dkim-arc.html DKIM has been introduced in Sympa version 6.1. ARC has been introduced in Sympa version 6.2.38. I'm not thrilled at their reported vulnerabilities in 2020: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=sympa I really do not like to see things like "allows remote attackers to obtain full SOAP API" which could result in a reportable data leak and privacy invasion. Also "a local privilege escalation from the sympa user account to full root access" -- although I suspect machines that OCLUG members would run a mailing list on aren't allowing ssh access to untrusted users. (Fair reporting: here are the Mailman vulnerabilties reported: https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=mailman) The downside of Sympa is that is is in Perl, which increasingly fewer admins are familar with. Sympa may be a great choice for you though! Brett
[linux] Any experiences with Sympa?
Hi, I upgraded my web server to Debian 11 "Bullseye" last night and it rather rudely removed Mailman, which I use to manage three mailing lists. That's because Mailman 2 is no longer supported. I took a look at Mailman 3, but it's not an option because it doesn't support Sendmail well (and for other reasons, I'm constrained to use that MTA, alas.) Mailman 3's documentation is also awful and frankly, the software looks half-baked. I re-installed Mailman 2 from source, but I don't think that's a viable long term option. Has anyone had experience with Sympa? I'm considering that as a replacement for my mailing lists. Regards, Dianne. To unsubscribe send a blank message to linux+unsubscr...@linux-ottawa.org To get help send a blank message to linux+h...@linux-ottawa.org To visit the archives: https://lists.linux-ottawa.org
