Re: [Mailman-Users] Unable to post to list - Command died with status 2
On 09/12/2016 06:45 AM, Jewel Brueggeman-Makda wrote: > Good Morning, > I am in the process of setting up a replacement mailman server and so far > things are going well. I did have 2.1.22 and upgraded to 2.1.23. The point > where I am stuck is when I try to post to the mailman list I receive the > following error below. When I setup mailman I used the following command: > ./configure --with-mail-gid=mailman --with-cgi-gid=apache > > Upon seeing the error below I reran the configure command with the 'nobody' > and reran the make, make install but that broke the web interface. I have > searched online but cannot find a solution. Is the MTA Postfix? If so, the problem is your Mailman aliases.db file is not owned by 'mailman' (probably by root) and --with-mail-gid=mailman should be correct. What does "broke the web interface" mean? If you look in apache's error log, there may be a group mismatch error there. Are you shure the web server runs as user 'apache' and not 'www-data' or something else. Try ps -fwwA|egrep '(apache|httpd)' -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
Re: [Mailman-Users] What does "Possible malformed path attack" actually mean?
On 09/12/2016 12:02 PM, Sebastian Hagedorn wrote: > > So far I haven't been able to understand what is going on. I can't find > any questionable requests in Apache's access log from the GSA. Any ideas > what could be causing this? It is caused by an attempt to get a mailman URL that contains spaces or characters not in the printable ascii set [\x21-\x7e]. The reason behind this is to disallow CR and LF in particular. This was a security enhancement in Mailman 2.1.9. From the NEWS - A malicious user could visit a specially crafted URI and inject an apparent log message into Mailman's error log which might induce an unsuspecting administrator to visit a phishing site. This has been blocked. Thanks to Moritz Naumann for its discovery. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan signature.asc Description: OpenPGP digital signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] What does "Possible malformed path attack" actually mean?
Hi, today I updated our installation of Mailman to version 2.1.23. Prior to the upgrade there were "Possible malformed path attack" log entries, but without any further details I never bothered to look for their cause. After the update I can now see where they are coming from, and it's our own Google Search Appliance (GSA). So far I haven't been able to understand what is going on. I can't find any questionable requests in Apache's access log from the GSA. Any ideas what could be causing this? Thanks Sebastian -- Sebastian Hagedorn - Weyertal 121, Zimmer 2.02 Regionales Rechenzentrum (RRZK) Universität zu Köln / Cologne University - Tel. +49-221-470-89578 pgpv7eQimKGVB.pgp Description: PGP signature -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
[Mailman-Users] Unable to post to list - Command died with status 2
Good Morning, I am in the process of setting up a replacement mailman server and so far things are going well. I did have 2.1.22 and upgraded to 2.1.23. The point where I am stuck is when I try to post to the mailman list I receive the following error below. When I setup mailman I used the following command: ./configure --with-mail-gid=mailman --with-cgi-gid=apache Upon seeing the error below I reran the configure command with the 'nobody' and reran the make, make install but that broke the web interface. I have searched online but cannot find a solution. : Command died with status 2: "/usr/local/mailman/mail/mailman post mailman". Command output: Group mismatch error. Mailman expected the mail wrapper script to be executed as group "mailman", but the system's mail server executed the mail script as group "nobody". Try tweaking the mail server to run the script as group "mailman", or re-run configure, providing the command line option `--with-mail-gid=nobody'. Jewel Makda -- Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org