Re: [Mailman-Users] any info on this reported exploit?

[Stephen J. Turnbull]

> "Jim" == Jim Popovitch <[EMAIL PROTECTED]> writes:

Jim> BTW, just who are the members of mailman-security?

It's a self-selecting group, though not a terribly secret one; I
believe the membership of that list has been described, if not
explicitly listed, in the past.  But I know Barry well enough to trust
him for this purpose, and that's good enough for me.  Others must make
their own decisions, of course, and my opinion may or may not be
relevant to such decisions for any given person.

Jim> Well it seems to there are two extremes in the Mailman group
Jim> of interested folks.  Those that want to know everything, but
Jim> don't want anyone else to know it.

"Everything"?  That's curious thing to say about people active in an
open source software project, even as an exaggeration.  I think you
have long since let your temper get the better of you!  Now, it has
been said several times (in other words) that those who advocate this
policy dislike it for much the same reasons you do, but also believe
that the one you propose is worse.  Do you disbelieve that?

The statement I (an outsider who observed the discussions that led up
to publication of the FAQ) consider accurate is that those who
drafted the security policy tried to balance their desire to release
*all* information related to Mailman to all who will not use that
information to harm others, with their desire to provide as little
information as possible to those who would use it for irresponsible or
hostile purposes.

Jim> I think it is totally irresponsible to expect that site
Jim> admins find out on their own if there are insecurities in the
Jim> sites they run.

Without accepting that as an accurate characterization of the current
policy, let me say: Good for you!  Take some responsibility for what
you consider to be a problem, then.

Design a system to meet the goals of the security policy and the goal
of informing admins as best as possible.  Tell mailman-security about
it.  Deal with their objections and proposed improvements, and
implement it, including getting yourself sufficiently trusted to be
added to mailman-security if required for your proposal, and
coordinating the announcements (ie, writing the announcement and
getting the approvals from the developers who understand the security
implications of the information to be released, then posting it).
Alternatively, round up one or more volunteers to do the on-going
work.

Don't ask me to do any of it, though.  Sounds like a lot of work,
which I consider unnecessary.

Jim> If I am running a Mailman 2.1.6 site, I expect

"There you go again!"  I gather you still haven't read Paragraph 11 of
the License under which you received Mailman.

Note that that Paragraph does not say that the developers of Mailman
do not care about these issues.  It says that they will care about
them in the way that they see fit, and you have no legal grounds for
complaint, no matter what that is.  If you want to change the way they
deal with these issues, join them and do the work.  (In many cases,
"convince them to do it" is also appropriate, but in this case the
arguments you make have already been made and were found insufficient,
so jawbone is unlikely to be effective.)

-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of TsukubaTennodai 1-1-1 Tsukuba 305-8573 JAPAN
   Ask not how you can "do" free software business;
  ask what your business can "do for" free software.
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Why are footers sent as attachments?

[Stephen J. Turnbull]

> "Brad" == Brad Knowles <[EMAIL PROTECTED]> writes:

Brad>   You can't write your own HTML there, so no "click
Brad> here" type language is going to work.

Strictly speaking, this depends on the MUA, too.  In the message I'm
replying to Gnus added no less than 16 clickable items, including
everything in the footer (every line except the title "Mailman-Users
mailing list").  It's a shame that major vendors concentrated on a
misfeature that allows you to write

http://www.spyware-hell.com/downloads/";>
www.tulips.org has the best selection of garden photos!

in email, instead of teaching their products to snarf URLs out of
text/plain.

-- 
School of Systems and Information Engineering http://turnbull.sk.tsukuba.ac.jp
University of TsukubaTennodai 1-1-1 Tsukuba 305-8573 JAPAN
   Ask not how you can "do" free software business;
  ask what your business can "do for" free software.
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] any info on this reported exploit?

[Brad Knowles]

At 10:11 PM -0500 2006-01-29, Jim Popovitch quoted Stephen J. Turnbull:

>>  And if three people ask on mailman-security?  There's a short post to
>>  mailman-users, and it ends up in the faq, because it's a PITA for the
>>  developers to keep answering it.
>>  What's wrong with that?
>
>  Nothing, assuming:
>
> A) Makes it into the FAQ in a timely fashion for it to benefit site
>  admins

Which it will do -- see Stephen's note above.

> B) There is some means to notify site admins so that they don't
>  have to parse through mailman-users to get info on security issues.

We've tried to be good about making important announcements to 
the mailman-announce mailing list, but I see that we haven't posted 
anything there in a few months.  I grant you that we could be better 
about making announcements.

>  I've been subscribed to mailman-announce for 5+ years.  I don't
>  recall ever seeing anything such as: "FAQ XYZ has been updated", let
>  alone info on potential vulnerabilities that I should be aware of.

If you're asking to be notified every time there is a FAQ update, 
then you have absolutely no clue whatsoever what you're asking for -- 
you have no clue how many times in an hour that I will edit or 
re-edit the same FAQ entry, trying to get the language just right. 
You have no clue how many times per day that I will create multiple 
FAQ entries, or clean up places where people were stupid and asked 
questions in the FAQ because the FAQ frequently uses a 
question-and-answer format, and they thought that if they asked a 
question there that it would be magically answered by someone.  And 
I'm just one person.

We could be better about making announcements to 
mailman-announce, I will grant you that.

>  And that is good.  Diana's case doesn't seem to meet that measure, yet
>  that is the advice Brad gave her.

She was asking a question regarding the security of Mailman, and 
she should have followed the instructions in FAQ 1.27.

> Was that an attempt to suppress this
>  info from other site admins?

Is your continuous harping on this obvious nonsensical question 
an attempt to drive away all other subscribers to this mailing list?

>  And how does that apply to Diana's question?  Clearly she was inquiring
>  about a fixed issue, right?  If not, shouldn't the answer given to her
>  also be seen by others in similar situations?

She didn't know the issue was fixed until she asked the question. 
Therefore, she should have followed proper procedure, as outlined in 
FAQ 1.27.

When you pick up a gun, do you pull the trigger before you check 
to see whether or not it is loaded?  If so, would you allow others to 
follow that procedure when aiming those guns at your head?

>  Well it seems to there are two extremes in the Mailman group of
>  interested folks.  Those that want to know everything, but don't want
>  anyone else to know it.

And now we see just how self-delusional you really are.  That's 
just a total load of bullshit.

This is an open-source project.  It is our goal to share the 
software and all associated information as widely as possible.  We 
have regular jobs, and we go out of our way to volunteer time for 
this project, as opposed to doing something else with our free time. 
And this is how we get abused?


In this case, all we ask is that if people have security-related 
questions, they should follow the proper procedures -- as outlined in 
FAQ 1.27.  In turn, we will do everything we can to get important 
version and security information out to the broadest possible user 
community.

And we might be inclined to improve our communications to the 
community if paranoid delusional types (e.g., you) would stop 
browbeating us every five minutes for not having already fixed and 
announced all security issues within the last five minutes.

Or will the beatings from you continue until our morale improves?

>  There is more to Mailman than just users and developers.  There are
>  those that are responsible for Mailman systems but they aren't the
>  day-to-day admins of the mailing lists.  I think it is totally
>  irresponsible to expect that site admins find out on their own if there
>  are insecurities in the sites they run.  If I am running a Mailman 2.1.6
>  site, I expect to be informed of vulnerabilities and security concerns
>  sometime before 2.1.7 is fully released, not just have to read it in the
>  CHANGES file of 2.1.7.

So, now you're insisting that we require everyone to register a 
valid working e-mail address with us before they're allowed to 
install Mailman, just so that we can make sure that we force-feed 
them every single brainwave that Barry, Tokio, Mark, or anyone else 
ever has?


I'm sorry, if you're running Mailman 2.1.6 and you want to be 
informed of issues regarding the software you're running, then you're 

Re: [Mailman-Users] any info on this reported exploit?

[Brad Knowles]

At 10:14 PM -0500 2006-01-29, Jim Popovitch wrote:

>  Well, I disagree with the current procedure, which based on past emails,
>  suggests that no one is kept informed about security concerns, and only
>  those that hear about one on their own can get a private response by
>  emailing mailman-security.

I think our security record is much better than most other 
open-source projects, and I think that we have much more open and 
frank discussions between the principal developers and the 
wheels-meet-the-road admins, owners, and moderators than most other 
open-source projects.

We don't deserve to be treated like this, especially not by the 
likes of you.

>>  But if you can't (or won't) follow the proper procedures, then I
>>  think it's perfectly reasonable to ask that you go somewhere else.
>
>  Thanks, I'll think more of you because you think I should go. 

Frankly, I don't care what you think of me.  I care that you are 
willing and able to follow the specified procedures, and if you can't 
(or won't) do that then you don't belong here.

>  Perhaps I am not the stumbling block here.

I think you're stumbling over your own feet.  Maybe you want to 
take them out of your mouth once in a while.

-- 
Brad Knowles, <[EMAIL PROTECTED]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

 -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
 Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See .
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Why are footers sent as attachments?

[Brad Knowles]

At 5:41 PM +0900 2006-01-30, Stephen J. Turnbull wrote:

>>  "Brad" == Brad Knowles <[EMAIL PROTECTED]> writes:
>
>  Brad>You can't write your own HTML there, so no "click
>  Brad> here" type language is going to work.
>
>  Strictly speaking, this depends on the MUA, too.

True.

>In the message I'm
>  replying to Gnus added no less than 16 clickable items, including
>  everything in the footer (every line except the title "Mailman-Users
>  mailing list").

It is not unusual for MUAs to convert many of the List-* headers 
into clickable links.  IMO, that's pretty cool.

>   It's a shame that major vendors concentrated on a
>  misfeature that allows you to write
>
>  http://www.spyware-hell.com/downloads/";>
>  www.tulips.org has the best selection of garden photos!
>
>  in email, instead of teaching their products to snarf URLs out of
>  text/plain.

The ironic thing is that you're saying this to me, and that 
Eudora (my MUA) only made the URL clickable -- i.e., it did exactly 
what you are saying that vendors don't do with their MUAs.  ;)

Of course, I have all the HTML features of Eudora turned off, and 
I neither send nor receive messages that are HTML formatted.  I still 
can't figure out a way to get it to stop converting HTML formatting 
into a rich text format which is more difficult to quote and edit, 
but at least it does give me methods of flattening rich text into 
ASCII, which can then be cut and re-pasted in a quotation format.

-- 
Brad Knowles, <[EMAIL PROTECTED]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

 -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
 Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See .
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

[Mailman-Users] Templates: Continued

[Jeff Edwards]

Can anyone point me to the Python module that Pipermail uses to take
templates and render HTML message archives?

Jeff Edwards

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Templates: Continued

[Bryan Carbonnell]

On 30/01/06, Jeff Edwards <[EMAIL PROTECTED]> wrote:
> Can anyone point me to the Python module that Pipermail uses to take
> templates and render HTML message archives?

$PREFIX/Mailman/Archiver/HyperArch.py

--
Bryan Carbonnell - [EMAIL PROTECTED]
Life's journey is not to arrive at the grave safely in a well
preserved body, but rather to skid in sideways, totally worn out,
shouting "What a great ride!"
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Templates: Continued

[Mark Sapiro]

Jeff Edwards wrote:

>Can anyone point me to the Python module that Pipermail uses to take
>templates and render HTML message archives?

Mailman/Archiver/HyperArch.py

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Why are footers sent as attachments?

[Carl Zwanzig]

In a flurry of recycled electrons, Stephen J. Turnbull wrote:

> Strictly speaking, this depends on the MUA, too.  In the message I'm
> replying to Gnus added no less than 16 clickable items, including
> everything in the footer (every line except the title "Mailman-Users
> mailing list").  It's a shame that major vendors concentrated on a
> misfeature that allows you to write
> 
> http://www.spyware-hell.com/downloads/";>
> www.tulips.org has the best selection of garden photos!
> 
> in email, instead of teaching their products to snarf URLs out of
> text/plain.

Strange enough, some versions of lookOut will make things that look
like URLs (and UNCs) clickable even in plain-text messages. At my 
office, only about a third of the users send HTML-format email, but
for the most part lookOut does the right thing.  (Now if I could get
them to stop sending multihundred K attachments to entire exchange
server lists... not my job, though)


z!
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

[Mailman-Users] Footers showing up as attachments

[David Ellsworth]

Having lots of complaints from listees that they can't unsubscribe when
those Instructions are included as a footer in every email.

Some have said (on windows computers) arrive as an attachment not in the
body of the email. 

Any ideas how that can be fixed?

Thanks

David


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Footers showing up as attachments

[Mark Sapiro]

David Ellsworth wrote:
>
>Some have said (on windows computers) arrive as an attachment not in the
>body of the email. 

The most recent thread on this topic on this list began just yesterday


-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Newbie question regarding multiple domains with oneMailman installation

[Daniel Spreadbury]

Hi Mark,

Thanks for your very helpful reply! I think I'm getting somewhere,
though I've hit another brick wall.

> virtual
>
> will return some relevant information including FAQs 4.29. 4.47 and
> 4.62.

Thanks -- I tried searching for "virtual domains", which didn't find
the same FAQs.

> Mailman version? :-)

2.1.7, though I'm guessing from the smiley that this doesn't much matter!

> Either put the Mailman specific alias and scriptalias, etc stuff in
> each virtual host section in the web server config, or put it
> somewhere where it will apply to all hosts.
>
> Put directives like:
>
> add_virtualhost('dom.ain', 'dom.ain')
> add_virtualhost('another.domain','another.domain')
>
> in mm_cfg.py. This assumes you will access the web pages via
> http://dom.ain/..., as well as emailing [EMAIL PROTECTED],
> i.e., that the web domain and the email domain are the same for the
> hosts.

Okay, I've got all this.  Two problems remain:

1. If I go to http://dom.ain.com/mailman/, I get a "you don't have
permission to view /mailman/" error. If I go to
http://dom.ain.com/mailman/admin, for example, I get the mailman
interface as I'd expect. Is there something I can do to get /mailman
to give me something sensible, or is that not how it's supposed to
work? My Apache config does a standard script alias thing:

ScriptAlias /mailman "/usr/local/mailman/cgi-bin/"

I'm guessing I've missed something simple here.

2. This is a thornier issue, and I've spent most of the day today
trying to sort it out. My MTA is exim-4.22-1, installed via the
FreeBSD ports collection. As far as I can tell, it was installed with
the default user of mailnull and group of mail. As such, when I built
mailman from /usr/ports/mail/mailman, I used this command line:

make MAIL_GID="mail" install

as specified in /usr/local/share/doc/mailman/FreeBSD-post-install-notes

I also made sure that the aliases at the top of the Exim config file
(which I've placed just below the MAIN CONFIGURATION SETTINGS part of
the configure file) say:

MAILMAN_USER=mailnull
MAILMAN_GROUP=mail

I've also set up aliases in my domain-specific alias files for mail
delivery (I'm using Cyrus on top of Exim for IMAP), of the form:

members-list "|/usr/local/mailman/mail/mailman post members-list"
members-list-admin "|/usr/local/mailman/mail/mailman admin members-list"

and so on.

When I do e.g. "exim -bt [EMAIL PROTECTED]" I get the
expected result.

However, when I actually send mail to any of these addresses, I see
this in my main Exim log:

2006-01-30 18:09:06 1F3dSa-0001XG-RO ** [EMAIL PROTECTED]
<[EMAIL PROTECTED]> R=mailman_router T=mailman_transport:
Child process of mailman_transport transport returned 2 from command:
/usr/local/mailman/mail/mailman

This results in the mail being bounced back to me as undeliverable,
and nothing getting through to the mailing list.

The FreeBSD post-install notes list this problem specifically as
occurring if Mailman isn't installed with the right MAIL_GID set at
make, but I'm pretty sure I've set this correctly (see above). The
only other solution I've seen suggested is to use check_perms -f to
fix up permissions. I've done this, and no problems are found.

Any ideas as to what I'm doing wrong?

Thanks again for your help!

Daniel
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

[Mailman-Users] Footers showing up as attachments

[David Ellsworth]

Having lots of complaints from listees that they can't unsubscribe when
those Instructions are included as a footer in every email.

Some have said (on windows computers) arrive as an attachment not in the
body of the email. 

Any ideas how that can be fixed?

Thanks

David


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Newbie question regarding multiple domains with oneMailman installation

[Mark Sapiro]

>On 30/01/06, Daniel Spreadbury <[EMAIL PROTECTED]> wrote:
>> 1. If I go to http://dom.ain.com/mailman/, I get a "you don't have
>> permission to view /mailman/" error. If I go to
>> http://dom.ain.com/mailman/admin, for example, I get the mailman
>> interface as I'd expect. Is there something I can do to get /mailman
>> to give me something sensible, or is that not how it's supposed to
>> work? My Apache config does a standard script alias thing:
>>
>> ScriptAlias /mailman "/usr/local/mailman/cgi-bin/"
>>
>> I'm guessing I've missed something simple here.

RedirectMatch ^/mailman[/]*$ http://dom.ain.com/mailman/listinfo

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Newbie question regarding multiple domains with oneMailman installation

[Daniel Spreadbury]

Hi chaps,

Further to my last email a few minutes ago, I appear to have stumbled
on the answer, thanks to this post from the archives:

http://www.exim.org/pipermail/exim-users/Week-of-Mon-20030210/049748.html

Apparently my exim user is actually running in group "wheel".
Recompiling mailman yet again, this time with MAIL_GID='wheel', seems
to have sorted it.

But I'd still love some advice on the Apache part of my question,
reproduced below.

Thanks,

Daniel

On 30/01/06, Daniel Spreadbury <[EMAIL PROTECTED]> wrote:
> 1. If I go to http://dom.ain.com/mailman/, I get a "you don't have
> permission to view /mailman/" error. If I go to
> http://dom.ain.com/mailman/admin, for example, I get the mailman
> interface as I'd expect. Is there something I can do to get /mailman
> to give me something sensible, or is that not how it's supposed to
> work? My Apache config does a standard script alias thing:
>
> ScriptAlias /mailman "/usr/local/mailman/cgi-bin/"
>
> I'm guessing I've missed something simple here.
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

[Mailman-Users] members address in to header

[Aaron Todd]

I know this has probably been posted a thousand times so I am sorry if I
annoy anyone who has been at this for years.  I am new to mailman so please
take it easy on me.

I recently had my ISP set up a list for me and due to their lack of
knowledge about mailman I have found myself searching the Internet, reading
the manuals, and now posting here for answeres to my questions.

So far I really like the system.  We have been very impressed.  One question
that has come up is:  Is there any way for the members address to be in the
TO header when they get it?  Currently when I send out an email to my list
each member sees the lists address in the TO and FROM headers.  Reply-TO was
pretty easy to take care of, but TO is what I am conserned about.  The
intention of this list is to be an announcment only list.  I really do not
want to show the lists address to the user that will be getting the
message.  I am not trying to SPAM people here...I am just trying to keep the
message to my customers as personal as I can.

If anyone could give me an answer on this or even give me something to
search on I would really appreciate it.  I've been running through
the archives, but so far come up empty.

Thanks,

toddaa
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] New Lists not getting emails from internal domain

[Neilrey Espino]

Many thanks Mark

-Original Message-
From: Mark Sapiro [mailto:[EMAIL PROTECTED] 
Sent: Sunday, January 29, 2006 10:58 PM
To: Neilrey Espino; mailman-users@python.org
Subject: RE: [Mailman-Users] New Lists not getting emails from internal
domain

Neilrey Espino wrote:

>Just realized Mark  The other lists are actually fine,,,I'm only
>having problems with the newly created list. I'm not sure if there's a
>typo on the aliases.

If mail from the internet reaches the list, then it would seem the
aliases would be OK. If not, there might be a problem with the aliases
or the new aliases may not have been installed properly for the MTA.

You could look for clues at whatever logs the MTA produces.

If old lists are fine, both locally and from the internet, and the new
list is fine from the internet but not locally, then I still think
it's an MTA issue and that the aliases for this new list must somehow
be installed incompletely or differently from the others.

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] members address in to header

[Mark Sapiro]

Aaron Todd wrote:

>I know this has probably been posted a thousand times so I am sorry if I
>annoy anyone who has been at this for years.  I am new to mailman so please
>take it easy on me.


Well then have you searched the archives of this list for your answers?


>Is there any way for the members address to be in the
>TO header when they get it?


It's called 'full personalization'. If the personalization options do
not appear on the Non-digest options page in the admin interface, It's
because your ISP has not set OWNERS_CAN_ENABLE_PERSONALIZATION = Yes
in mm_cfg.py. This may or may not be a concious decision on their part.


>Currently when I send out an email to my list
>each member sees the lists address in the TO and FROM headers.  Reply-TO was
>pretty easy to take care of, but TO is what I am conserned about.  The
>intention of this list is to be an announcment only list.  I really do not
>want to show the lists address to the user that will be getting the
>message.  I am not trying to SPAM people here...I am just trying to keep the
>message to my customers as personal as I can.


See the FAQ. There's lots of good information there. In particular,
article 3.11 gives lots of detail about setting up announcement lists.

>Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Is there a workaround to this?

[John W. Baxter]

On 1/29/06 11:18 AM, "Jp Possenti" <[EMAIL PROTECTED]> wrote:

> So basically there is none yet. Hopefully in the future there will be. I
> don't want to hack anything really, just don't feel comfortable enough, and
> it maybe breaking something else in the long run after an upgrade or update.
> 

The fix will come from Microsoft, when they decide to make Outlook behave
sensibly.  (It's quite possible that they view the behavior as making sense
for mail passed from one Outlook user to another via a single in-house
Exchange server (or even a nest of in-house Exchange servers.)

  --John


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

[Mailman-Users] Changing max_recipients

[Ashley M. Kirchner]

If I change my SMTP_MAX_RCPTS (in Defaults.py) while something is 
being sent out, is there anyway to have mailman ... uh ... recalculate 
if you will and continue sending where it was, but with the new 
max_recipient number instead of the old one?  Or am I stuck till this 
queue finishes?

-- 
W | It's not a bug - it's an undocumented feature.
  +
  Ashley M. Kirchner    .   303.442.6410 x130
  IT Director / SysAdmin / Websmith . 800.441.3873 x130
  Photo Craft Laboratories, Inc.. 3550 Arapahoe Ave. #6
  http://www.pcraft.com . .  ..   Boulder, CO 80303, U.S.A.


--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Changing max_recipients

[Brad Knowles]

At 3:24 PM -0700 2006-01-30, Ashley M. Kirchner wrote:

>  If I change my SMTP_MAX_RCPTS (in Defaults.py) while something is
>  being sent out, is there anyway to have mailman ... uh ... recalculate
>  if you will and continue sending where it was, but with the new
>  max_recipient number instead of the old one?  Or am I stuck till this
>  queue finishes?

I'm not sure when that value is read during the initialization 
process, and where that may be stored afterwards.  It may be that you 
need to stop and restart Mailman to get it to pick up that change, or 
Mailman may pick up the change when the next message comes in.

If you're really unlucky, that value will only get read from 
Defaults.py when the list is created and will then be saved 
internally to the list configuration pickle, and the value from 
Defaults.py will never be read again for that list.


However, even in the best case, none of this is going to have any 
impact on messages that have already come in and are in the process 
of going back out again.

-- 
Brad Knowles, <[EMAIL PROTECTED]>

"Those who would give up essential Liberty, to purchase a little
temporary Safety, deserve neither Liberty nor Safety."

 -- Benjamin Franklin (1706-1790), reply of the Pennsylvania
 Assembly to the Governor, November 11, 1755

  LOPSA member since December 2005.  See .
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Changing max_recipients

[Mark Sapiro]

Ashley M. Kirchner wrote:
>
>If I change my SMTP_MAX_RCPTS (in Defaults.py) while something is 
>being sent out, is there anyway to have mailman ... uh ... recalculate 
>if you will and continue sending where it was, but with the new 
>max_recipient number instead of the old one?  Or am I stuck till this 
>queue finishes?

Queue may not be the right term here depending on what you mean.
Outgoing runner gets a message from the out queue, calls SMTPDirect
(or whatever the delivery module is, but SMTPDirect is the default and
the only one that uses SMTP_MAX_RCPTS) once to deliver the message to
the recipients which have already been calculated, and waits for
SMTPDirect to return before getting the next message from the out
queue.

Note that a message in the out queue, is one post, admin notice or
whatever. Even if it is going to be VERPed or personalized, there is
only one message in the out queue. It's up to SMTPDirect to
personalize it if it's personalized and send it.

Now here, we're not talking VERPed or personalized messages, because
they are sent one at a time from SMTPDirect to the MTA. Only non
VERPed, non personalized messages, digests, etc. are sent in 'chunks'
with up to SMTP_MAX_RCPTS recipients.

Now, as Brad suggested, if you change SMTP_MAX_RCPTS in mm_cfg.py, the
change won't be seen until you do a 'bin/mailmanctl restart'. If you
do this in the middle of processing a message, the qrunners will
finish what they're doing before reloading. So the change won't affect
a message that is currently being delivered from SMTPDirect to the
MTA. Even if this were not the case, SMTPDirect builds the chunks of
addresses to which it's going to deliver before it begins sending and
doesn't use SMTP_MAX_RCPTS after that.

So the short answer, is no. Once a message has started being delivered
from Mailman to the MTA, you can't change the parameters for the
balance of the delivery.

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp

Re: [Mailman-Users] Is there a workaround to this?

[Mark Sapiro]

John W. Baxter wrote:
>
>The fix will come from Microsoft, when they decide to make Outlook behave
>sensibly.  (It's quite possible that they view the behavior as making sense
>for mail passed from one Outlook user to another via a single in-house
>Exchange server (or even a nest of in-house Exchange servers.)

I think that this behavior has to do with Microsoft's "Purported
Responsible Address" which has something to do with "Sender ID
Framework"

which is/was a typical Microsoft attempt to hijack "Sender Policy
Framework" .

-- 
Mark Sapiro <[EMAIL PROTECTED]>   The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: 
http://www.python.org/cgi-bin/faqw-mm.py?req=show&file=faq01.027.htp