[Mailman-Users] Mailman Security.
Hi All, I was just wondering what kind of security mailman offers, as far as protecting user passwords goes? A techy friend of mine has just kindly emailed me a list of all users and their passwords! Looking at my server logs it would appear that he snuck in somehow via anonymous ftp. Would closing the anon. ftp service stop mailman working in anyway, or dya reckon he got in some place else? Cheers Dino -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
RE: [Mailman-Users] Mailman Security.
Well I rent a virtual server and now use SSH. But have been told that I can't turn telnet off...sounds like rubbish to me but hey. But I do have 99.9% shell access, so there should be a way, I am looking into it now. Dino -Original Message- From: Adam [mailto:[EMAIL PROTECTED]] Sent: 05 February 2003 13:48 To: [EMAIL PROTECTED] Subject: Re: [Mailman-Users] Mailman Security. On Wed, 5 Feb 2003 11:44:10 - dino [EMAIL PROTECTED] wrote: Actually he did it this way: Noticed that mydomain/mailman was browsable. Telneted to port 80 and sent a get request from there...ouch. Sorting that now Dino The fact that telnet is open pretty much says everything about this sysadmin's approach to security. -- Public Key available from www.monkeez.co.uk/public_key.asc -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
RE: [Mailman-Users] Initial Setup Issues
Nope. Only the single member I manually added shows up anywhere at all. -Original Message- From: Jon Carnes [mailto:[EMAIL PROTECTED]] Sent: 04 February 2003 00:37 To: [EMAIL PROTECTED] Cc: Mailman users Mailing list Subject: RE: [Mailman-Users] Initial Setup Issues Not to be too obtuse but what happens when you look at the admindb web-page for the list? Are the subscribes waiting there to be confirmed? What subscribe settings in the admin web-pages? On Mon, 2003-02-03 at 13:31, dino wrote: Well everything seems to be OK, however here are the contents of my /home/mailman/logs/subscribe file Feb 03 18:13:31 2003 (16112) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:15:07 2003 (16423) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:16:14 2003 (16755) chico: new [EMAIL PROTECTED] Feb 03 18:28:52 2003 (17982) chico: pending [EMAIL PROTECTED] 213.78.79.150 User [EMAIL PROTECTED] is the one that I added manually via the web interface, the others I subbed via the user page. It looks like user requests are being held for some reason if they are submitted by potential users, but getting thru if me as the admin submits them... Argh! Again any help would be gratefully received! Dino -Original Message- From: Jon Carnes [mailto:[EMAIL PROTECTED]] Sent: 03 February 2003 14:20 To: [EMAIL PROTECTED] Cc: Mailman users Mailing list Subject: Re: [Mailman-Users] Initial Setup Issues Check the aliases that you created and make sure that they are pointing to mailman post scripts (with your list name as one of the inputs). Also take a look at the steps in FAQ 3.14. This was written specifically to help new installers of Mailman v2.0.13 who are having problems getting mail to go to the lists. Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Jon Carnes On Mon, 2003-02-03 at 05:10, dino wrote: Hi Guys, Great product and good list, but... I had some issues installing 2.1 so on advice from ISP installed the last stable release before that 2.0.13. Everything works fine during the setup stage and I can create the list properly with no issues, and the adding of aliases seems to go OK too. Once done I can view my list from the web and everything. However, if a user goes to the web to subscribe they do get the initial subscribe message, but replying to that doesn't generate the final confirmationation email. Rather, I, as list admin, seem to get a copy of their confirmation, and no user is created. But, manually adding subscribers from the web myself seems to work fine. Any ideas? Cheers Dino -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/jonc%40nc.rr.com -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
RE: [Mailman-Users] Initial Setup Issues
Although I am now having some thoughts...probably not relevant but you never know! Here is my installation history: 1. Installed Mailman 2.1, but had major problems 2. My ISP (I rent a virtual server) told me that they were only supporting 2.0.x at this time, thus: 3. Installed 2.0.13 as it is the most stable release prior to 2.1 Now, as far as uninstalling goes, I simply removed the install directories: ie: /home/mailman and /usr/local/mailman. Is there another uninstall step I should have taken and could the hassles I am having be caused by something from an earlier aborted install hanging around, dya think? Cheers dino -Original Message- From: Jon Carnes [mailto:[EMAIL PROTECTED]] Sent: 04 February 2003 00:37 To: [EMAIL PROTECTED] Cc: Mailman users Mailing list Subject: RE: [Mailman-Users] Initial Setup Issues Not to be too obtuse but what happens when you look at the admindb web-page for the list? Are the subscribes waiting there to be confirmed? What subscribe settings in the admin web-pages? On Mon, 2003-02-03 at 13:31, dino wrote: Well everything seems to be OK, however here are the contents of my /home/mailman/logs/subscribe file Feb 03 18:13:31 2003 (16112) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:15:07 2003 (16423) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:16:14 2003 (16755) chico: new [EMAIL PROTECTED] Feb 03 18:28:52 2003 (17982) chico: pending [EMAIL PROTECTED] 213.78.79.150 User [EMAIL PROTECTED] is the one that I added manually via the web interface, the others I subbed via the user page. It looks like user requests are being held for some reason if they are submitted by potential users, but getting thru if me as the admin submits them... Argh! Again any help would be gratefully received! Dino -Original Message- From: Jon Carnes [mailto:[EMAIL PROTECTED]] Sent: 03 February 2003 14:20 To: [EMAIL PROTECTED] Cc: Mailman users Mailing list Subject: Re: [Mailman-Users] Initial Setup Issues Check the aliases that you created and make sure that they are pointing to mailman post scripts (with your list name as one of the inputs). Also take a look at the steps in FAQ 3.14. This was written specifically to help new installers of Mailman v2.0.13 who are having problems getting mail to go to the lists. Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Jon Carnes On Mon, 2003-02-03 at 05:10, dino wrote: Hi Guys, Great product and good list, but... I had some issues installing 2.1 so on advice from ISP installed the last stable release before that 2.0.13. Everything works fine during the setup stage and I can create the list properly with no issues, and the adding of aliases seems to go OK too. Once done I can view my list from the web and everything. However, if a user goes to the web to subscribe they do get the initial subscribe message, but replying to that doesn't generate the final confirmationation email. Rather, I, as list admin, seem to get a copy of their confirmation, and no user is created. But, manually adding subscribers from the web myself seems to work fine. Any ideas? Cheers Dino -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/jonc%40nc.rr.com -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
RE: [Mailman-Users] Initial Setup Issues
Well everything seems to be OK, however here are the contents of my /home/mailman/logs/subscribe file Feb 03 18:13:31 2003 (16112) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:15:07 2003 (16423) chico: pending [EMAIL PROTECTED] 213.78.79.150 Feb 03 18:16:14 2003 (16755) chico: new [EMAIL PROTECTED] Feb 03 18:28:52 2003 (17982) chico: pending [EMAIL PROTECTED] 213.78.79.150 User [EMAIL PROTECTED] is the one that I added manually via the web interface, the others I subbed via the user page. It looks like user requests are being held for some reason if they are submitted by potential users, but getting thru if me as the admin submits them... Argh! Again any help would be gratefully received! Dino -Original Message- From: Jon Carnes [mailto:[EMAIL PROTECTED]] Sent: 03 February 2003 14:20 To: [EMAIL PROTECTED] Cc: Mailman users Mailing list Subject: Re: [Mailman-Users] Initial Setup Issues Check the aliases that you created and make sure that they are pointing to mailman post scripts (with your list name as one of the inputs). Also take a look at the steps in FAQ 3.14. This was written specifically to help new installers of Mailman v2.0.13 who are having problems getting mail to go to the lists. Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Jon Carnes On Mon, 2003-02-03 at 05:10, dino wrote: Hi Guys, Great product and good list, but... I had some issues installing 2.1 so on advice from ISP installed the last stable release before that 2.0.13. Everything works fine during the setup stage and I can create the list properly with no issues, and the adding of aliases seems to go OK too. Once done I can view my list from the web and everything. However, if a user goes to the web to subscribe they do get the initial subscribe message, but replying to that doesn't generate the final confirmationation email. Rather, I, as list admin, seem to get a copy of their confirmation, and no user is created. But, manually adding subscribers from the web myself seems to work fine. Any ideas? Cheers Dino -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ -- Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ This message was sent to: archive@jab.org Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org