[Mailman-Developers] MailMan-Traffic

[Henning Hülsebusch]

Hi !

Is it possible that you insert Traffic-Accounting in Mailman ?
Don't know, but I think it's not so difficult, Mailman has to do something 
like "(MailSize) * (actually members of the list)", stored in a 
PLAIN-textfile, so it will also be possible to parse the total traffic, 
monthly oder daily traffic.

So it will be possible, that the MailMan-big-boss-guru can have a look on 
Mailman-Traffic later on it could also be Moderator-Role.

Is it possible to insert something like this ?

Henning


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] Re: Is MM cookie auth 'secure' thru HTTP proxy servers?

[Richard Barrett]

Further to what I said before (see below), I now enclose a patch to correct 
the problem. The patch is to the WebAuthenticate function in 
Mailman.SecurityManager. It adopts the simple hypothesis that if you are 
setting or checking a cookie then the response about to be made shouldn't 
be cached.

>Date: Mon, 22 Apr 2002 17:30:14 +0100
>To: [EMAIL PROTECTED]
>From: Richard Barrett <[EMAIL PROTECTED]>
>Subject: Is MM cookie auth 'secure' thru HTTP proxy servers?
>
>Can someone out there sanity check my thinking on a possible hole in 
>Mailman's cookie based authentication.
>
>The scenario I'm concerned with is when Mailman's web GUI is being 
>accessed by a browser via a caching HTTP proxy server such as Squid, 
>hardly an uncommon situation these days.
>
>If my understanding is correct, then Squid (legitimately and like probably 
>any other HTTP proxy) has no qualms about caching a page merely because of 
>the existence of Cookies or Set-Cookie headers in the response or request. 
>This is justified by RFC 2616. The Squid FAQ says:
>
>
>The presence of Cookies headers in requests does not affect whether or not 
>an HTTP reply can be cached. Similarly, the presence of Set-Cookie headers 
>in replies does not affect whether the reply can be cached.
>
>
>It appears to me that in the absence of a Cache-Control header with a 
>value of private, no-cache or no-store a caching proxy server is free to 
>cache the response to an HTTP request purportedly protected by MM's cookie 
>based authentication AND to again serve that response to any other 
>requesting client WITHOUT consulting the server delivering the Mailman web GUI.
>
>I am hoping one of you kind readers will tell me I have missed the obvious 
>in my examination of the problem and the MM source, or that the scenario 
>above is invalid for any reason.
>
>In the meantime I'm working up a patch to block this possible security 
>hole by adding Cache-Control headers in the HHTP responses generated by 
>MM's web GUI.

patch file:

cut here 
--
--- mailman-2.0.10/Mailman/SecurityManager.py   Tue Nov  6 04:25:26 2001
+++ mailman-2.0.10-cache/Mailman/SecurityManager.py Tue Apr 23 09:44:22 
2002
@@ -31,7 +31,7 @@
  from Mailman import Cookie
  from Mailman import mm_cfg

-
+nocache = "Cache-Control: private"

  class SecurityManager:
  def InitVars(self, crypted_password):
@@ -66,10 +66,14 @@
  self.ConfirmUserPassword(user, password)
  else:
  self.ConfirmAdminPassword(password)
+print nocache
  print self.MakeCookie(key)
  return 1
  else:
-return self.CheckCookie(key)
+res = self.CheckCookie(key)
+if res:
+print nocache
+return res

  def MakeCookie(self, key):
  # Ingredients for our cookie: our `secret' which is the list's admin
cut here 
--




___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] 2.1b1: web-based create and DEFAULT_EMAIL_HOST?

[Harald Koch]

I just created a new list via the web interface, and the 'host_name'
parameter for the list was "www.cfrq.net" (the value of
DEFAULT_URL_HOST) instead of "cfrq.net" (the value of
DEFAULT_EMAIL_HOST).

This surprised me...

Mailman/Cgi/create.py uses the VIRTUAL_HOSTS stuff to get the correct
value for host_name, but I don't have any VIRTUAL_HOSTS defined (other
than the default, which should correctly map DEFAULT_URL_HOST to
DEFAULT_EMAIL_HOST).

Any suggestions as to where to look would be appreciated...

-- 
Harald Koch <[EMAIL PROTECTED]>


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] New emerging virus/worm. Grr.

[Terri Oda]

At 10:07 AM 23/04/02 -0700, Chuq Von Rospach wrote:
>This is an emerging worm, and it looks pretty ugly. It has hit Hong Kong and
>Great Britain worst so far, but it's spreading rapidly accordind to people
>I've talked to.

I have to say, I've seen it already quite a bit on some of the linuxchix 
mailing lists.  Mostly it's getting caught by our "posters-only" rules, but 
we're also getting sent "You have a virus" auto-messages to the lists, the 
admins, and probably random posters as well.  I haven't seen any make it 
through to the lists I'm on yet, but it's probably only a matter of time 
before someone's copy chooses a valid From: address.

I hadn't gone to look up the details on it yet, but I figured it was 
forging From:'s when I saw a mail purportedly from an older address 
belonging to our coordinator, who lives in Australia, coming from an ISP 
which is local to me, halfway around the world in Canada.   I haven't been 
tracing ISPs, but I'm guessing it's spread over the US by now.

Thanks for the extra info, Chuq.  I should probably make a similar notice 
available before I start getting complaints.

  Terri




___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] MailMan-Traffic

[J C Lawrence]

On Tue, 23 Apr 2002 10:26:11 +0200 
h huelsebusch  wrote:

> Hi !  Is it possible that you insert Traffic-Accounting in Mailman ?
> Don't know, but I think it's not so difficult, Mailman has to do
> something like "(MailSize) * (actually members of the list)", stored
> in a PLAIN-textfile, so it will also be possible to parse the total
> traffic, monthly oder daily traffic.

Several points:

  Mailman does not store the membership list in a text file.  Further,
  under 2.1 Mailman may not store the membership list at all, but
  depending on local configuration may only have the ability to query
  (LDAP, SQL, whatever) an external service for the membership to apply
  to a specific message.

  Outbound traffic in a bandwidth sense is not a product of number of
  list members times size of message.  That ignores bounces, RCPT TO
  bundling, and remote exploders (many companies subscribe a central
  account to popular lists and then explode that account to all internal
  interested parties and/or gate it to an internal newsgroup).

  All the data you seem to want is currently available from both the
  Mailman logs and your MTA logs.  You just have to take it out and
  parse it.

-- 
J C Lawrence
-(*)Satan, oscillate my metallic sonatas. 
[EMAIL PROTECTED]   He lived as a devil, eh?  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] Re: [Mailman-Users] mailman loops because of & in an address

[J C Lawrence]

On Tue, 23 Apr 2002 14:49:37 +0200 (CEST) 
Antenna Support <[EMAIL PROTECTED]> wrote:

> Dear people, We just experienced a loop: a message was sent many times
> because it wasn't deleted in the /home/mailman/qfiles directory The
> error mailed was:

> /usr/bin/python -S /home/mailman/cron/qrunner

> sh: [EMAIL PROTECTED]: command not found c... User unknown

> It appeared that there was an address added to the list:
> m&[EMAIL PROTECTED]

> The loop could only be stopped by removing the .msg and .db file in
> the qfiles directory. I also removed this address from the
> subscribers.

Aiiieee!

We should really sanitise inbound email addresses.  "&" is not a legal
char in a LHS.

-- 
J C Lawrence
-(*)Satan, oscillate my metallic sonatas. 
[EMAIL PROTECTED]   He lived as a devil, eh?  
http://www.kanga.nu/~claw/  Evil is a name of a foeman, as I live.


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] MailMan-Traffic

[Chuq Von Rospach]

On 4/23/02 11:22 AM, "J C Lawrence" <[EMAIL PROTECTED]> wrote:

> Mailman does not store the membership list in a text file.  Further,
> under 2.1 Mailman may not store the membership list at all, but
> depending on local configuration may only have the ability to query
> (LDAP, SQL, whatever) an external service for the membership to apply
> to a specific message.

This, FWIW, is turning into a crucial issue for me. We've come ot realize
the subscriber lists are a corporate asset that needs protecting, so a big
To Do item for me now is to get them into a system inside the firewall and
off the mail list machine in the border zone, so if there's a break-in, the
data is cloistered.

Those of you who run corporate list servers ought to stop and think about
what the loss or leakage of your subscriber lists might do to you. I sat
down with my security guys last week to go over issues, and that was THE top
issue in their mind... (it started out as a "how do we protect our archives
better" meeting, actually).


-- 
Chuq Von Rospach, Architech
[EMAIL PROTECTED] -- http://www.chuqui.com/

Yes, I am an agent of Satan, but my duties
are largely ceremonial.



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] New emerging virus/worm. Grr.

[Chuq Von Rospach]

Passing this along, because this has implications to list owners.

A new emerging worm is out there in windows land. That's bad enough, but
this one has the hack that instead of repropogating via email using the
owners email address, it repropogates using a random address in the infected
machine's address book as the From, while sending to other random addresses
in the book. 

Last night, I started getting email from a friend (who happens to be a top
computer security guy in the country) from an address he hasn't used in
three years, and he doesn't use windows. Other people started getting email
from ME that was infected.

This morning, the complaints started coming in that my mailman system was
sending out infected emails, or that it was sending people admin messages
because some infected machine was sending TO my mailman system as someone
else, so they were getting the return notice.

Here's what I'm currently sending out to people that complain about these
bogus mailman messages

---

Someone out there has both your address and our address in their address
book, and is infected with this virus:



One of the side effects is that when it tries to reinfect, it takes an
address from the address book at random, and uses it as the "from" in
sending to someone else. So there's some third party that's hijacked your
email address and using it to forward infected messages. And there's not a
thing either of us can do about it, because neither of us are infected (or
at least, we aren't) or control the machine doing it.

This is an emerging worm, and it looks pretty ugly. It has hit Hong Kong and
Great Britain worst so far, but it's spreading rapidly accordind to people
I've talked to.


---

This one has the possibility to get really ugly and nasty, folks, because
it's hijacking addresses. Users can't depend on being yelled at by friends
for being infected, because this new worm hides behind random return
addresses. Which means the only thing you know is that the "person" sending
you the email isn't the one infected, but someone who knows both of you
is... 

At least, as far as I can tell so far. The experts still seem to be trying
to get a handle on it...



-- 
Chuq Von Rospach, Architech
[EMAIL PROTECTED] -- http://www.chuqui.com/

The Cliff's Notes Cliff's Notes on Hamlet:
And they all died happily ever after



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

[Mailman-Developers] Warning: nasty variant of this new virus.

[Chuq Von Rospach]

I just got sent a new copy of the Klez.E virus. The text it sends to the
user is this:

--
Klez.E is the most common world-wide spreading worm.It's very dangerous by
corrupting your files.
Because of its very smart stealth and anti-anti-virus technic,most common AV
software can't detect or clean it.
We developed this free immunity tool to defeat the malicious virus.
You only need to run this tool once,and then Klez will never come into your
PC.
NOTE: Because this tool acts as a fake Klez to fool the real worm,some AV
monitor maybe cry when you run it.
If so,Ignore the warning,and select 'continue'.
If you have any question,please mail to me  .
--

If you follow these instructions, you'll be infected by the worm. Don't run
ANYTHING from anyone you don't explicitly can guarantee as a valid source of
help. 


-- 
Chuq Von Rospach, Architech
[EMAIL PROTECTED] -- http://www.chuqui.com/

He doesn't have ulcers, but he's a carrier.



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] New emerging virus/worm. Grr.

[Ron Jarrell]

At 10:07 AM 4/23/02 -0700, Chuq Von Rospach wrote:

>Passing this along, because this has implications to list owners.
>
>A new emerging worm is out there in windows land. That's bad enough, but

Jeez, chuq, where have you been?  I've been dealing with klez for 
*months*.  Our central scanners nail about 1,400 of them *a day*.

A spam generating company's mailer got infected recently, and started 
spamming people all over the world with the addresses on their "to spam" 
list.  The only new development in klez, which in itself is a variant of 
sircam (which I get about 2400 a day of) is that a new variant came out 
with a new message, and slipped past a lot of virus scanners for a day, 
(re)infecting a lot of people who *still* don't know not to click things.

I swear, I could send them a mail messages that said "Click here to destroy 
your hard drive totally!" and they would.



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] New emerging virus/worm. Grr.

[Chuq Von Rospach]

>> A new emerging worm is out there in windows land. That's bad enough, but
> 
> Jeez, chuq, where have you been?  I've been dealing with klez for
> *months*.  Our central scanners nail about 1,400 of them *a day*.

This is a new variant, not the old Klez. And it's getting worse.

-- 
Chuq Von Rospach, Architech
[EMAIL PROTECTED] -- http://www.chuqui.com/

He doesn't have ulcers, but he's a carrier.



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] Warning: nasty variant of this new virus.

[Ron Jarrell]

At 02:35 PM 4/23/02 -0700, Chuq Von Rospach wrote:

>I just got sent a new copy of the Klez.E virus. The text it sends to the
>user is this:

plus, as i recall, there's a *second* virus in the payload as well.  A 
two-fer if you will.

The sad this is, if you read the various klez codes, it's some guy 
bemoaning that he only makes $5k a year and has to support his parents, and 
is wondering if anyone will hire him now that he's demonstrated how good he is.



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] New emerging virus/worm. Grr.

[Ron Jarrell]

At 03:02 PM 4/23/02 -0700, Chuq Von Rospach wrote:

> >> A new emerging worm is out there in windows land. That's bad enough, but
> >
> > Jeez, chuq, where have you been?  I've been dealing with klez for
> > *months*.  Our central scanners nail about 1,400 of them *a day*.
>
>This is a new variant, not the old Klez. And it's getting worse.

Yea, I know; that's total across the variant.  About 900 of them are the 
new one.  But still, it's been out for a while to.

Of course, given that I manged the cluster of virus scanners that strip all 
our incoming mail, and get the nightly report, maybe I'm just sensitive to 
it.  But our postmaster team has been backtracking origins of these things 
for a while now, and getting them fixed when we can.  Some sites are really 
helpful and appreciative, and some sites are real pricks.  Strangely, it 
seems to match the "will help stop spam" vs. "Go screw yourself" camps 
almost perfectly :-).



___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] Warning: nasty variant of this new virus.

[John W Baxter]

At 14:35 -0700 4/23/2002, Chuq Von Rospach wrote:
>I just got sent a new copy of the Klez.E virus. The text it sends to the
>user is this:
>
>--
>Klez.E is the most common world-wide spreading worm.It's very dangerous by
>corrupting your files.

Ah...there's one now.  It came in a text/html part, with quoted-printable
encoding.
The clever HTML which precedes the above material is (in its entirety) (I
stuck the spaces into the first tag to try to avoid confusing some dumb
mail client or overly-smart scanner).



Klez.E...

The social engineering in the English translation of the message isn't
badly done.

File name in this sample is "Fy.bat" (which I suspect I'm interpreting
correctly).

  --John
-- 
John Baxter   [EMAIL PROTECTED]  Port Ludlow, WA, USA


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers

Re: [Mailman-Developers] New emerging virus/worm. Grr.

[Phil Barnett]

On Tuesday 23 April 2002 06:02 pm, you wrote:
> >> A new emerging worm is out there in windows land. That's bad
> >> enough, but
> >
> > Jeez, chuq, where have you been?  I've been dealing with klez for
> > *months*.  Our central scanners nail about 1,400 of them *a day*.
>
> This is a new variant, not the old Klez. And it's getting worse.

This is what I have in my "Hold posts with header value matching a 
specified regexp" field.

I decided about a month ago that I will no longer tolerate attachments 
going through automatically. It does require me to be more vigilant, 
but it has stopped everything so far. As you can see, some of these are 
quite specific from repeat offenders that spam in plain text. But the 
generic ones are great for stopping virus attachments from going 
anywhere. I got two of my list regulars, one from Europe and one from 
the Far East to help me admin the list to let legitimate attachments 
through in a reasonable period of time. Generally, the delay is less 
than 30 minutes from the time one is posted until it is released.

I stopped four viruses these from going out today, which means that 300 
list members were spared virus attacks 4 times. So, I stopped Klez 1200 
times today by having to moderate 4 messages. Pretty good trade, if you 
ask me.

# Lines that *start* with a '#' are comments.
to: [EMAIL PROTECTED]
message-id: relay.comanche.denmark.eu
from: [EMAIL PROTECTED]
from: .*@uplinkpro.com
from: .*@lithesoft.com
from: .*@paid4survey.net
from: .*@freegift4u.com.*
subject: .*@Podtal.*
from: .*etoyshop.*
from: .*bdavisa.*
subject: .*new photos from my party.*
Content-type: text/html
Content-type: text/enriched
Content-type: text/x-vcard
Content-type: multipart/alternative
Content-type: multipart/related
Content-type: multipart/mixed
Content-type: application/octet-stream
Content-Disposition: attachment
from: .*@lehugo.com.br.*


___
Mailman-Developers mailing list
[EMAIL PROTECTED]
http://mail.python.org/mailman/listinfo/mailman-developers