[Mailman-Users] MailMan For LAN Only

[Stephen J. Turnbull]

Carlos Williams writes:

 > I am wanting to implement MailMan for my company LAN. I am currently
 > running my email server on Postfix. I am wondering if someone can
 > answer these questions for me. If I install MailMan / Apache on my
 > mail server, will the MailMan list be visible by anyone on the web who
 > can access my mail server via Apache?

No, only to those with the admin password.  It may also be possible to
get the list of members by email, but (a) list members (or the admin)
can exclude their own addresses from that list and (b) the facility
can be turned off entirely (which it is by default AFAIK).

However, as Adam McGregor pointed out, this really isn't an issue of
Mailman security at all as you've described it so far.  It's a
question of locking down the firewall in general, the MTA, and Apache.

First, you may want to consider a separate host which runs Postfix,
Apache, and Mailman.  The only users are root, mailman, and www-data.
This is not an MX, in fact it probably shouldn't be routable at all
from outside the LAN/VPN.  I ran my (very small) Mailman lists from a
Pentium 133 MHz with 80MB of RAM running Linux until it died last
year.  Mailman per se thus can run on any hardware you can buy off the
shelf today.  Performance should not be a problem until you have lists
> 1 members with frequent traffic; the price of the hardware will
be determined by the reliability you demand.

If you are installing a webserver on the existing mail host only to
provide the Mailman web interface, you can restrict access to Apache
at the firewall.  This implies that admins do their work, and list
members access their membership configurations, via the corporate LAN
or VPN.

Mailman restricts access to the membership list and other admin
functions to those with the admin password.  If you use a strong
password and have access via https rather than http, the worrying risk
to the admin pages is social (disgruntled admins, bribery, rootkit on
the admin's machine) rather than technical, even with access via the
public Internet.  (I still recommend restricting access to the Mailman
pages to inside the LAN/VPN, though.)

 > I am worried about spammers using MailMan to harvest valid email
 > addresses.

The main vulnerability here is the archives.  Some obfuscation of the
addresses in the messages can be done by the default archiver.  But a
better route is to restrict access to those pages (or to Apache
itself) to inside-the-LAN IP addresses.

 > Can someone please tell me if this is possible and or how I should
 > consider configuring MailMan for my LAN?

If I were you, I wouldn't worry about configuring Mailman for security
at all.  I'd configure the firewall and Apache to require strong
authorization (eg, the VPN or attached directly to the LAN) to access
Mailman admin and user pages (including the list archives) at all.  If
people need access from outside the physical LAN, they should use a
VPN.

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Email command in Mailman to get by e-mail a message(like ezmlm has)

[Mark Sapiro]

Ricardo Dias Marques wrote:
>
>> No. There are no email commands for retrieving archived messages.
>
>Thanks for your quick reply. Is there any reason for not implementing
>this functionality -OR- is it just that there are other more urgent
>things to implement for Mailman first?


A bit of both. Mailman's philosophy from the beginning has been to
provide web based tools and interfaces in preference to email based. 

Also, I think no one has really perceived a need for this kind of
function.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Approved: password header!

[Barry Warsaw]

On Aug 7, 2009, at 10:59 AM, Barry Finkel wrote:


Barry Warsaw  wrote:


As a comparison, Launchpad's code review process allows for commands
in the body of the message.  It looks for specific commands prepended
by a space.  I don't particularly like that approach though because
the space can be hard to see.


Would it find a command that is at the beginning of a line (and thus
not preceeded by a space)?


Sorry, my explanation was incomplete.  Launchpad code review commands  
must begin at the start of the line, with a preceding space, e.g.


 review approve
 status approve

I think command messages must also be signed.  Also, there are only a  
limited number of email commands available.  In MM3, I plan on  
allowing for extensions via a pluggable architecture.


-Barry



PGP.sig
Description: This is a digitally signed message part
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman user password

[tanstaafl]

On 8/7/2009, Mark Sapiro (m...@msapiro.net) wrote:
> Stephen J. Turnbull wrote:
>>
>> However, in this case, I was assuming that Mark simply took you at
>> your word that mailmanctl lives in /bin,

> Exactly.

Ok, but... well, I didn't exactly say that, but yes, that was what the
command in question showed.

It's been a while since I researched this, but the reasoning was that
/usr/lib64/mailman was in the path for user mailman, and the command was
executed as mailman user, so had the path, so the command only needed to
be /bin/...

Anyway, this isn't a mailman issue anymore, so I won't say any more
about it...

-- 

Best regards,

Charles
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Trying to get attachments to another partition

[Mark Sapiro]

Steven Owley wrote:
>
>Using a soft link as a substitute for the
>/var/lib/mailman/archives/private/my_list_name/attachments directory,
>I have tried to get my mailman installation to start putting
>attachments on another partition.  This has not worked--I always get a
>"permission denied" error in the log.  However, the link is accessible
>and the directory it points to is owned by the proper user.


Is the directory it points to (and subordinates) SETGID and in
Mailman's group? For most (not quite all) Mailman files the owner is
irrelevant; it's the group that counts.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Load testing a mailman server

[Mark Sapiro]

Steve Wray wrote:
>
>So I'd like to do some load testing on it to measure its performance.
>
>I'm wondering if anyone can provide any ideas, insights or warnings with 
>respect to this sort of thing?


There is a script in the distribution - tests/fblast.py

It doesn't produce a report, but you can use it to bombard a list with
mail and then watch what happens to your system. See the docstring at
the beginning of the file for more info.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman user password

[Mark Sapiro]

Stephen J. Turnbull wrote:
>
>However, in this case, I was assuming that Mark simply took you at
>your word that mailmanctl lives in /bin,


Exactly.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman is not emailing to mailing list users.

[Mark Sapiro]

Oscar Balladares wrote:
>
>I have a functional email server: a domain name system (bind9), Postfix + 
>courier + virtual users (mysql).
>domain name: uccleon.edu.ni;
>server alias: mailserver;
>host name: uccleon.edu.ni;
>OS: Centos 5.2.


OK


>The email service is working properly, but I had configured mailman with 
>another domain name (ucc.lan), and everything was ok,
>now that I've changed it to "uccleon.edu.ni", mailman is not sending mails to 
>the mailling list users. I send a mail to "modu...@uccleon.edu.ni"
>but it doesn't send that message to the list users. It doesnt even appear in 
>the "List archive"  neither in the "Pending request list".
>The users are not being moderated, so they can send mails in any case.
>
>what is ok:
>It sends the message for the new created list (i.e: modulos), to the admin 
>account.  i.e : "welcome to your new mailing list: Modulos".When a user wants 
>to subscribes, it sends the confirmation email.When a user subscribes, it 
>sends the welcome message.
>When a user wants to unsubscribes, it sends the confirmation email.
>When I type: 
>$: newlist modulos
>it creates a "modu...@uccleon.edu.ni" recipient address, I have that account 
>enabled in mysql and it is working fine as an email account.


It appears that the issue is probably that Postfix is not delivering
the mail to Mailman. If this is not the case, see the FAQ at
 for other ideas.



>I'm thinking that if everything else is working as it should, it is possible 
>to be a "http://localhost/mailman/admin/modulos/"; configuration problem, the 
>GUI configuration.


The GUI per se has nothing to do with the flow of mail through Mailman.


>Last time that it worked I followed these simple instructions at 
>http://www.gnu.org/software/mailman/mailman-install/node13.html
>In short, I have to add a "MTA='Postfix'" to the mm_cfg.py file. and then make 
>a refernce to the mailman aliases file in the 
>"virtual_alias_maps=hash:/etc/mailman/aliases"tag, I guess that worked for 
>me the first time. (I have a bad memory).


When you changed the domain name, did you update mm_cfg.py and run
fix_url per the FAQ at , and then run
Mailman's bin/genaliases to rebuild the Postfix aliases?

>This is my Postfix Main.cf file:
>
>[r...@uccleon bin]# postconf -n
>
>alias_database = hash:/etc/aliases
>alias_maps = hash:/etc/aliases
>debug_peer_level = 2
>home_mailbox = Maildir/
>html_directory = no
>inet_interfaces = all
>
>mydestination = mailserver.uccleon.edu.ni, localhost, localhost.localdomain
>myhostname = uccleon.edu.ni
>mynetworks = 192.168.1.0/24, 127.0.0.0/8
>newaliases_path = /usr/bin/newaliases.postfix
>owner_request_special = no
>proxy_read_maps = $local_recipient_maps $mydestination $virtual_alias_maps 
>$virtual_alias_domains $virtual_mailbox_maps $virtual_mailbox_domains 
>$relay_recipient_maps $relay_domains $canonical_maps $sender_canonical_maps 
>$recipient_canonical_maps $relocated_maps $transport_maps $mynetworks 
>$virtual_mailbox_limit_maps
>smtpd_banner = $myhostname ESMTP $mail_name
>smtpd_recipient_restrictions = permit_mynetworks, permit_sasl_authenticated, 
>reject_unauth_destination
>smtpd_sasl_auth_enable = yes
>smtpd_sasl_authenticated_header = yes
>smtpd_tls_cert_file = /etc/postfix/smtpd.cert
>smtpd_tls_key_file = /etc/postfix/smtpd.key
>smtpd_use_tls = yes
>transport_maps = hash:/etc/postfix/transport
>unknown_local_recipient_reject_code = 550
>virtual_alias_maps = proxy:mysql:/etc/postfix/mysql-virtual_forwardings.cf, 
>mysql:/etc/postfix/mysql-virtual_email2email.cf, hash:/etc/mailman/aliases


In RedHat/Centos packages, /etc/mailman/aliases is a symlink to
Mailman's data/aliases, and this is an alias_map file, not a
virtual_alias_map file.


>virtual_create_maildirsize = yes
>virtual_gid_maps = static:5000
>virtual_mailbox_domains = proxy:mysql:/etc/postfix/mysql-virtual_domains.cf
>virtual_mailbox_limit_override = yes
>virtual_mailbox_maps = proxy:mysql:/etc/postfix/mysql-virtual_mailboxes.cf
>virtual_maildir_extended = yes
>virtual_uid_maps = static:5000
>[r...@uccleon bin]# 
>
>The mm_cfg.py file shows:
>
> 
>from Defaults import *
>import pwd, grp
>MAILMAN_UID = pwd.getpwnam('mailman')[2]
>MAILMAN_GID = grp.getgrnam('mailman')[2]
>
>
>#from socket import *
>#try:
>#fqdn = getfqdn()
>#except:
>#fqdn = 'mm_cfg_has_unknown_host_domains'
>
>#DEFAULT_URL_HOST   = fqdn
>#DEFAULT_EMAIL_HOST = fqdn
>DEFAULT_URL_HOST   = "uccleon.edu.ni"
>DEFAULT_EMAIL_HOST = "uccleon.edu.ni"
># Because we've overriden the virtual hosts above add_virtualhost
># MUST be called after they have been defined.


At this point add

VIRTUAL_HOSTS.clear()

It's not critical, but it removes the 'wrong' entry from Defaults.py


>add_virtualhost(DEFAULT_URL_HOST, DEFAULT_EMAIL_HOST)
>MTA = 'Postfix'
>
>MY /etc/aliases
>
># STANZA START: modulos
>
># CREATED: Sun Aug  2 12:56:50 2009
>
>#modulos: "|/usr/lib/mailman/mail/mailman post modulos"
>

Re: [Mailman-Users] Approved: password header!

[Mark Sapiro]

Khalil Abbas wrote:
>
>well I'm sorry I didn't quite understand, what should I do with this file you 
>sent me (approve.patch.txt) ?? where should I put it and what to name it and 
>what to do with its permissions n stuff?


I probably shouldn't tell you because if you don't know how to apply a
patch, you probably shouldn't do it, but

1) make a backup copy of Mailman/Handlers/Approve.py

2) give the command

  patch /path/to/Mailman/Handlers/Approve.py < approve.patch.txt

3) restart Mailman

4) If any problems result, restore Mailman/Handlers/Approve.py from
your backup and restart Mailman


-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Custom handler applied to digest tofilter excessive quoted text?

[Mark Sapiro]

Stephen J. Turnbull wrote:

>John Williams writes:
>
> > Is it possible to create a custom handler for digests only?
>
>Yes.  The standard pipeline contains a handler named "ToDigest" or
>something like that.  You edit the pipeline either in mm_cfg.py (for
>global effect) or create a local pipeline with bin/with_list (this has
>some UI gotchas although once you get the pipeline actually edited and
>saved it works great; feel free to remind me but I don't have time to
>go into it now).


See the FAQ at .


>So what you do is write your handler to do its job, then chain
>ToDigest's "process" function from there.


This may or may not work depending on whether the filtering of quotes
needs to look at more that the current message. Of course, I suppose
it could look at the list's digest.mbox for prior messages if
necessary.

However, why do this only for digests. Granted, that's where the
problem is most apparent, but I think in most cases the excessive
quotes could be trimmed from individual messages too. Every once in a
while, someone replis to something in a digest and quotes the entire
digest. Generally, these get caught on my lists for "too big", but I'd
want those quotes and less egregious ones removed from messages too.
And, if someone really needs more context for a reply, they can get it
from the archive.

I would have implemented it myself by now, but I haven't spent the time
to come up with a good algorithm for recognizing and removing
excessive quotes. Of course I could always use a gross cut approach
and make the users adapt to it ;)

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Approved: password header!

[Khalil Abbas]

 

WOWZERS.. I never knew I'd result in such a big fuss..

 

well I'm sorry I didn't quite understand, what should I do with this file you 
sent me (approve.patch.txt) ?? where should I put it and what to name it and 
what to do with its permissions n stuff?

 

I'm sorry I'm still zero in tghis stuff..

 

Thanks ..

 


 
> Date: Thu, 6 Aug 2009 13:59:49 -0700
> From: m...@msapiro.net
> To: khillo...@hotmail.com; mailman-users@python.org
> Subject: Re: [Mailman-Users] Approved: password header!
> 
> Khalil Abbas wrote:
> >
> >my suggestion is, before I had the honor to use outlook I had Smartermail .. 
> >they have a cool feature of approving messages with passwords is to use it 
> >in the subject line itself : "[password: PASSWORD] Subject bla bla bla".. 
> >then it removes the password part of course ..
> >
> > 
> >
> >why don't you guys do the same? it sure beats adding a custom header and 
> >stuff .. because in html messages it's really hard to do that !!
> 
> 
> We do. Just not in the subject.
> 
> As long as the incoming message has a text/plain part (i.e. is either a
> text/plain message or a multipart/alternative message with a
> text/plain alternative, we recognize and delete "Approved: passord" if
> it is the first non-blank line of the body. We also attempt to delete
> the line from any other body parts in which it appears, but in
> pathological cases, this may fail, so test first.
> 
> If your clients insist on posting HTML only messages and can't add an
> actual Approved: header to the message, then you can try patching
> Mailman/Handlers/Approve.py to recognize "[Approved: password]" in the
> Subject: header. The attached Approve.patch.txt file contains a patch
> that might do it.
> 
> I'll consider this as a feature for Mailman 2.2
> 
> -- 
> Mark Sapiro  The highway is for gamblers,
> San Francisco Bay Area, California better use your sense - B. Dylan
> 

_
With Windows Live, you can organize, edit, and share your photos.
http://www.microsoft.com/middleeast/windows/windowslive/products/photo-gallery-edit.aspx
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Approved: password header!

[Barry Finkel]

Barry Warsaw  wrote:

>As a comparison, Launchpad's code review process allows for commands  
>in the body of the message.  It looks for specific commands prepended  
>by a space.  I don't particularly like that approach though because  
>the space can be hard to see.

Would it find a command that is at the beginning of a line (and thus
not preceeded by a space)?
--
Barry S. Finkel
Computing and Information Systems Division
Argonne National Laboratory  Phone:+1 (630) 252-7277
9700 South Cass Avenue   Facsimile:+1 (630) 252-4601
Building 222, Room D209  Internet: bsfin...@anl.gov
Argonne, IL   60439-4828 IBMMAIL:  I1004994

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] erroneous unsubscriptions

[Mark Sapiro]

Lakshmi wrote:

>i am the owner of a mailing list. Recently people on the list were getting
>unsubscribed mysteriously. I have even disabled the bounce process.
>A few hours ago i received 30 unsubscription notifications. This is a
>serious error.


As Ralf suggests, if you have access, look at Mailman's bounce log.

If users have had delivery disabled by bounce processing (a 'B' in the
nomail column in the admin Membership List pages), turning off bounce
processing will not prevent them from being removed after their
warnings are exhausted.

If you have access to Mailman's logs and the system mail log, look at
Mailman's bounce, smtp-failure and subscribe logs. If there are
bounces you don't think are valid, check the system mail log too. If
you don't have access to these logs, you need to be talking to the
people who administer the Mailman installation you use.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman user password

[Barry Warsaw]

I'm sorry, I missed the OP and can't at the moment check the archives...

On Aug 7, 2009, at 5:44 AM, Stephen J. Turnbull wrote:


However, in this case, I was assuming that Mark simply took you at
your word that mailmanctl lives in /bin, not in something like
/usr/lib/mailman/bin (which is where it is on Debian; it is also
visible at /var/lib/mailman/bin).  My point was simply that normally
Mailman functions are invoked from CGI scripts, the MTA, or an init
script, so having the full path is not a burden.  None of the Mailman
servers I have access to have /bin/mailmanctl, so I believe it's
nonstandard (at the very least I would expect it to be in /sbin, more
likely /usr/sbin, and most likely, for the reasons mentioned, in none
of them :-).

The word "nonstandard" was not meant to be critical of your setup,
except as far as it makes our advice less accurate.


I can't check my Gentoo or Ubuntu machines right now, but on my own  
servers, I run Mailman from source anyway :).


But in any case, I do think mailmanctl should be in sbin or  
equivalent, though most people will probably use an init.d script to  
start and stop mailman.


It kind of sucks that there are so many other Mailman command line  
scripts, which is one reason why I've always put them in a separate  
Mailman specific bin directory.  With MM3 though I intend to use a  
'subcommand' approach so that there's only one 'mailman' command.   
Think things like 'mailman listmembers foo'.  I'll probably keep  
mailmanctl separate though I haven't decided about that yet.


-Barry



PGP.sig
Description: This is a digitally signed message part
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Approved: password header!

[Barry Warsaw]

On Aug 7, 2009, at 12:08 AM, Mark Sapiro wrote:

The idea is to require the square brackets so a mere "approved:" in  
the

subject (such as this message) doesn't trigger a match. We only match
if we find "Approve:" or "Approved:" followed by a single "word"
inside the square brackets and then we remove the brackets and their
contents.


As a comparison, Launchpad's code review process allows for commands  
in the body of the message.  It looks for specific commands prepended  
by a space.  I don't particularly like that approach though because  
the space can be hard to see.


Wrapping the Approve pseudo-header in brackets might be okay, though  
ideally, I think Mailman should maintain a set of OpenPGP public keys  
and do approval matching based on that.  Yes, I know that signing  
messages is problematic for a lot of people, but it would certainly be  
less ambiguous on Mailman's side.


I think anytime Mailman has to go trolling inside the body of the  
message, we're in trouble.


-Barry



PGP.sig
Description: This is a digitally signed message part
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] MailMan For LAN Only

[Adam McGreggor]

On Wed, Aug 05, 2009 at 11:54:44AM -0400, Carlos Williams wrote:
> I am wanting to implement MailMan for my company LAN. I am currently
> running my email server on Postfix. I am wondering if someone can
> answer these questions for me. If I install MailMan / Apache on my
> mail server, will the MailMan list be visible by anyone on the web who
> can access my mail server via Apache? 

"visible" in which regard? via Apache, it's possible to restrict
access to subnets, for example. Firewall rules can also be invoked.

(in short: depends how you set it up.)

Presumably Postfix supports some sort of ACLs, which may "help" in
keeping your list(s) to people/addresses you've explicitly
whitelisted, or something similar. Or just rely on Mailman's handling
of non-members.

> I am worried about spammers
> using MailMan to harvest valid email addresses. Even though it appears
> from the reading I have done that non-members can't send to the list
> w/o moderator approval, I still don't want the vulnerability of
> exposing my subscribed members email addresses.

restrict seeing subscribers to admins only? use "strong" passwords,
perhaps. Disable access to specific mailman scripts from non-trusted
addresses? don't have archives available to the public internet? 

> Can someone please tell me if this is possible 

Should be...

> and or how I should consider configuring MailMan for my LAN?

... although most of what you're after, as I understand it, is
not within Mailman itself, but down to webserver/firewall/MTA
configuration (well, that's how I might go about sorting out a
'private' installation)


-- 
``Have you always been revolutionary socialists?''
``No, we vote Conservative.''  (Simon Hoggart, interviewing a middle-class
couple at a reading of Tony Benn's speeches)
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Email command in Mailman to get by e-mail a message(like ezmlm has)

[Ricardo Dias Marques]

Hi Mark,

On Fri, Jul 31, 2009, Mark Sapiro wrote:

> No. There are no email commands for retrieving archived messages.

Thanks for your quick reply. Is there any reason for not implementing
this functionality -OR- is it just that there are other more urgent
things to implement for Mailman first?


> The pipermail web archive has periodic pseudo-mailbox (.txt and/or
> .txt.gz) files and there is normally a global archive mailbox in the
> file archives/private/LIST.mbox/LIST.mbox that may be linked from the
> archive table of contents and can normally be retrieved via a URL like
> , but
> there is no mechanism to retrieve messages from the archive via email
> commends.

Interesting. Thanks for the information!

Cheers,
Ricardo

Ricardo Dias Marques
lists AT ricmarques DOT net
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Custom handler applied to digest to filter excessive quoted text?

[tanstaafl]

On 8/7/2009, Stephen J. Turnbull (step...@xemacs.org) wrote:
>> Is it possible to create a custom handler for digests only?



>> I want a mail list that automatically strips out duplicated quoted text in
>> digests,

> Yes.

Wow, I'd be interested in this if you get it working... and I'd think
the mainline devs might be interested too.

By the way John... I'm guessing you sent your post twice becaqsue you
didn't realize that when posting from your gmail account, you won't see
your own posts? It considers the message you 'Sent' and  the one the
list sends as 'duplicates', so hides (or deletes?) the second one (from
the list). I really hate that about gmail...

-- 

Best regards,

Charles
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman user password

[tanstaafl]

On 8/7/2009 5:44 AM, Stephen J. Turnbull wrote:
>>> (There's no good reason for *any* mailman program to be on anybody's
>>> PATH, so yes, just having /bin/mailmanctl makes your installation
>>> nonstandard.)

>> Hmmm... Mark didn't seem to agree... he said:

> First, if you're sure you know why Mark said what he did, consider him
> authoritative.

Heh... I know enough to know that I'm not sure of anything...

> However, in this case, I was assuming that Mark simply took you at
> your word that mailmanctl lives in /bin, not in something like
> /usr/lib/mailman/bin (which is where it is on Debian; it is also
> visible at /var/lib/mailman/bin).  My point was simply that normally
> Mailman functions are invoked from CGI scripts, the MTA, or an init
> script, so having the full path is not a burden.  None of the Mailman
> servers I have access to have /bin/mailmanctl, so I believe it's
> nonstandard (at the very least I would expect it to be in /sbin, more
> likely /usr/sbin, and most likely, for the reasons mentioned, in none
> of them :-).

In Gentoo, it lives in /usr/lib64/mailman/bin

> The word "nonstandard" was not meant to be critical of your setup,
> except as far as it makes our advice less accurate.

I know, and no offense taken... I did say 'on gentoo'... I totally
understand different distros do things differently. But I was using the
init script that gentoo installed, and no one on the gentoo forums could
figure out why it wouldn't start. Something broke during the 2.1.9 >
2.1.10 upgrade, and I've been trying to fix it ever since... well, I
took a look at it for 15 or 20 minutes, 2 or 3 times (whenever I had to
reboot) over the last 2 years, but since I could start it manually, and
hardly ever reboot, it wasn't a priority.

There's an upgrade available for 2.1.12 now, so I'll see what happens
when I upgrade this time. At least I'll know what to do if it changes
the init script back and still won't start.

> (My preference is to run the oldest OS that can run my services,

 I'm the exact opposite... ain't it grand that there's a distro
for every one out there somewhere? ;)

-- 

Best regards,

Charles
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] mailman user password

[Stephen J. Turnbull]

tansta...@libertytrek.org writes:

 > On 8/2/2009, Stephen J. Turnbull (step...@xemacs.org) wrote:
 > > (There's no good reason for *any* mailman program to be on anybody's
 > > PATH, so yes, just having /bin/mailmanctl makes your installation
 > > nonstandard.)
 > 
 > Hmmm... Mark didn't seem to agree... he said:

First, if you're sure you know why Mark said what he did, consider him
authoritative.  (For future reference, Barry Warsaw and Brad Knowles
should also be considered authoritative unless they disagree.  [...@brad:
I know you like to deprecate your expertise these days, but you don't
spout off unless you do know, or at least provide appropriate
caveats.] :-)  Me?  I'm definitely of the persuasion that it is better
to be in error than in doubt. :-)

However, in this case, I was assuming that Mark simply took you at
your word that mailmanctl lives in /bin, not in something like
/usr/lib/mailman/bin (which is where it is on Debian; it is also
visible at /var/lib/mailman/bin).  My point was simply that normally
Mailman functions are invoked from CGI scripts, the MTA, or an init
script, so having the full path is not a burden.  None of the Mailman
servers I have access to have /bin/mailmanctl, so I believe it's
nonstandard (at the very least I would expect it to be in /sbin, more
likely /usr/sbin, and most likely, for the reasons mentioned, in none
of them :-).

The word "nonstandard" was not meant to be critical of your setup,
except as far as it makes our advice less accurate.

 > Or are you speaking strictly in terms of the fact that I'm on a gentoo
 > system?

No.  I do run Gentoo on my workstation, but my mailman server is on
Debian, so I don't know about the Gentoo package.  (My preference is
to run the oldest OS that can run my services, and Debian stable fits
that bill quite nicely. :-)
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] erroneous unsubscriptions

[Ralf Hildebrandt]

* Lakshmi <80.laks...@gmail.com>:
> Hi
> i am the owner of a mailing list. Recently people on the list were getting
> unsubscribed mysteriously. I have even disabled the bounce process.
> A few hours ago i received 30 unsubscription notifications. This is a
> serious error.
> 
> Can someone please suggest how to fix this problem.

Look at your logs

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Strange Wiki entry for Postfix Tuning

[Ralf Hildebrandt]

* Brad Knowles :

> The way I read this, it has nothing to do with the number of MXes you
> have.  It has to do with how many SMTP delivery sessions you'll
> attempt over the same connection before you drop the connection and
> re-connect (if you have more than this number of deliveries left),
> and that re-connection may well end up going to a different MX.

No. That's controlled elsewhere, based on time:

smtp_connection_cache_destinations = 
smtp_connection_cache_on_demand = yes

smtp_connection_cache_time_limit = 2s
When SMTP connection caching is enabled, the amount of time that an
unused SMTP client socket is kept open before it is closed. Do not
specify larger values without permission from the remote sites. 

smtp_connection_reuse_time_limit = 300s
The amount of time during which Postfix will use an SMTP connection
repeatedly. The timer starts when the connection is initiated (i.e. it
includes the connect, greeting and helo latency, in addition to the
latencies of subsequent mail delivery transactions). 

> This helps avoid conditions where you get locked into a particular MX
> that is slow, and that slows down all your delivery to that site, for
> as long as you have mail for that site.

smtp_connection_reuse_time_limit does that:

The problem starts when one of a set of MX hosts becomes slower than
the rest. Even though SMTP clients connect to fast and slow MX hosts
with equal probability, the slow MX host ends up with more
simultaneous inbound connections than the faster MX hosts, because the
slow MX host needs more time to serve each client request.

-- 
Ralf Hildebrandt
  Geschäftsbereich IT | Abteilung Netzwerk
  Charité - Universitätsmedizin Berlin
  Campus Benjamin Franklin
  Hindenburgdamm 30 | D-12203 Berlin
  Tel. +49 30 450 570 155 | Fax: +49 30 450 570 962
  ralf.hildebra...@charite.de | http://www.charite.de

--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9

Re: [Mailman-Users] Load testing a mailman server

[Brad Knowles]

on 8/7/09 12:48 AM, Rakotomandimby Mihamina said:


I'm wondering if anyone can provide any ideas, insights or warnings with
respect to this sort of thing?


I think you should firts enquire the debian and python mailing list 
managers. They could give you some statistics (CPU usage, Network

used, what hardware,...)


We've got some information in FAQ 1.15 at  
with regards to the largest lists that can be run with Mailman, but that 
doesn't directly address the issue of tools to do actual load testing.


Myself, I tend to use the "smtpsource" and "smtpsink" tools that Wietse 
Venema created (available as part of the standard postfix source 
installation, although perhaps not included with binary package versions 
from other sources), along with the "postal" tools written by Russ Coker 
(see ).



If you're going to be doing any benchmarking or load-testing, make sure 
you read, understand, and follow all the various relevant FAQs in the 
Mailman FAQ Wiki, especially in section 6.


--
Brad Knowles 
LinkedIn Profile: 
--
Mailman-Users mailing list
Mailman-Users@python.org
http://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
http://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Security Policy: http://wiki.list.org/x/QIA9