date:20161213

Re: [Mailman-Users] distutils is not available or incomplete when ./configure mailman 2.1.23?

2016-12-13 Thread Mark Sapiro

On 12/13/2016 08:17 PM, Caesar Samsi wrote:
> Hi,
> 
> When I run configure like this:
> 
> ./configure --prefix=/var/lib/mailman --with-username=list 
> --with-groupname=list --with-cgi-gid=www-data --with-mail-gid=list 
> --with-mailhost=YOUR.EMAIL.DOMAIN --with-urlhost=YOUR.WEB.DOMAIN
> 
> A few lines later I get:
> 
> … checking that Python has a working distutils... configure: error: 
> 
> * Distutils is not available or is incomplete for /usr/bin/python
> * If you installed Python from RPM (or other package manager)
> * be sure to install the -devel package, or install Python
> * from source.  See sec. 15.1 of the Installation Manual for
> * details
> 
> What am I missing?


sudo apt-get install python-dev

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Root URL / vs /listinfo?

2016-12-13 Thread Mark Sapiro

On 12/13/2016 06:50 PM, Caesar Samsi wrote:
> [dangit had to resend, used a non-member alias]
> 
> Hmm but I want to enter http://mail.mydomain.com/ (root non SSL) and end
> up at https://mail.mydomain.com/ (root with SSL) but which serves up
> listinfo as it has been ScriptAlias’ed to
> 
> (i.e. serves up /listinfo but without the URL /listinfo)


Somewhere in some part of your apache configuration that you haven't
posted there is a redirect from http://mail.mydomain.com/ to
http://mail.mydomain.com/listinfo.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] distutils is not available or incomplete when ./configure mailman 2.1.23?

2016-12-13 Thread Caesar Samsi

Hi,

When I run configure like this:

./configure --prefix=/var/lib/mailman --with-username=list 
--with-groupname=list --with-cgi-gid=www-data --with-mail-gid=list 
--with-mailhost=YOUR.EMAIL.DOMAIN --with-urlhost=YOUR.WEB.DOMAIN

A few lines later I get:

… checking that Python has a working distutils... configure: error: 

* Distutils is not available or is incomplete for /usr/bin/python
* If you installed Python from RPM (or other package manager)
* be sure to install the -devel package, or install Python
* from source.  See sec. 15.1 of the Installation Manual for
* details

What am I missing?

Thank you, Caesar.
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Root URL / vs /listinfo?

2016-12-13 Thread Caesar Samsi

[dangit had to resend, used a non-member alias]

Hmm but I want to enter http://mail.mydomain.com/  
(root non SSL) and end up at https://mail.mydomain.com/ 
 (root with SSL) but which serves up listinfo as it 
has been ScriptAlias’ed to

(i.e. serves up /listinfo but without the URL /listinfo)

I guess I can live with it, the intent of redirecting from root to mailman 
works well.

Thank you, Caesar.
> On Dec 13, 2016, at 5:06 PM, Mark Sapiro  wrote:
> 
> On 12/12/2016 02:39 PM, Caesar Samsi wrote:
>> When you go to http://mail.mydomain.com/, where do you wind up? I.e.,
>> whats the URL in the address bar of your browser, and is the resultant
>> page an actual page or a 404?
>> 
>> I end up at https://mail.mydomain.com/listinfo
> 
> 
> Which is correct, right?
> 
> 
>> What happens if you go to https://mail.mydomain.com/?
>> 
>> I end up at https://mail.mydomain.com/
> 
> 
> And you want to end up at https://mail.mydomain.com/listinfo, right.
> 
> The probable answer to that is you are doing the redirect from
> http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo before
> the redirect from http to https.
> 
> See below.
> 
> 
>> In /etc/apache2/sites-available I have mailman.con which contains a number 
>> of redirects as follows:
>> 
>> 
>> ServerName mydomain.us
>> ServerAdmin g...@amydomain.com
>> Redirect / https://mydomain.us/
>> 
> 
> 
> So going to http://mydomain.us/... will redirect to https://mydomain.us/...
> 
>> 
>> ServerName www.mydomain.us
>> ServerAdmin g...@amydomain.com
>> Redirect / https://mail.mydomain.us/
>> 
> 
> 
> And going to http://www.mydomain.us/... will redirect to
> https://mail.mydomain.us/...
> 
> 
>> 
>> ServerName mail.mydomain.us
>> ServerAdmin g...@mydomain.com
>> Redirect / https://mail.mydomain.us
> 
> 
> And going to http://mail.mydomain.us/... will redirect to
> https://mail.mydomain.us/...
> 
> 
>> ErrorLog /var/log/apache2/mailman-error.log
>> CustomLog /var/log/apache2/mailman-access.log combined
>> 
>> 
>>Options FollowSymLinks
>>AllowOverride All
>>Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
>>Require all granted
>> 
>> 
>> 
>> 
>> and aliases as follows:
>> 
>> Alias /AUP /var/www/html/AUP
>> Alias /pipermail/ /var/lib/mailman/archives/public/
>> Alias /postfixadmin /var/www/html/postfixadmin
>> Alias /roundcube /var/www/html/roundcube
>> Alias /images/mailman/ /usr/share/images/mailman/
>> ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin
>> ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb
>> ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm
>> ScriptAlias /create /usr/lib/cgi-bin/mailman/create
>> ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml
>> ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo
>> ScriptAlias /options /usr/lib/cgi-bin/mailman/options
>> ScriptAlias /private /usr/lib/cgi-bin/mailman/private
>> ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist
>> ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster
>> ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe
>> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
>> ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
> 
> So it appears you are relying on
> 
> ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo
> 
> to get to the listinfo page from an http(s)://host/ url. Aside from the
> fact that this isn't a redirect which would explain why when you go to
> https://mail.mydomain.com/ the address you wind up at is still
> https://mail.mydomain.com/ (but is it in fact the listinfo page?), it
> seems very bad because it means that going to any URL like
> http(s)://host/something, where 'something' is anything that doesn't
> match one of the preceding Alias or ScripAlias directives will invoke
> the script /usr/lib/cgi-bin/mailman/listinfosomething that doesn't
> exist, and even if you made it
> 
> ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo/
> 
> It would still invoke the script
> /usr/lib/cgi-bin/mailman/listinfo/something which will probably give a
> "No such list something" error on the returned listinfo page with
> http(s)://host/something still in the browser's address bar.
> 
> Further, this doesn't explain how http://mail.mydomain.com/ redirects to
> http://mail.mydomain.com/listinfo before redirecting to https.
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Root URL / vs /listinfo?

2016-12-13 Thread Mark Sapiro

On 12/12/2016 02:39 PM, Caesar Samsi wrote:
> When you go to http://mail.mydomain.com/, where do you wind up? I.e.,
> whats the URL in the address bar of your browser, and is the resultant
> page an actual page or a 404?
> 
> I end up at https://mail.mydomain.com/listinfo

Which is correct, right?

> What happens if you go to https://mail.mydomain.com/?
> 
> I end up at https://mail.mydomain.com/

And you want to end up at https://mail.mydomain.com/listinfo, right.

The probable answer to that is you are doing the redirect from
http://mail.mydomain.com/ to http://mail.mydomain.com/listinfo before
the redirect from http to https.

See below.

> In /etc/apache2/sites-available I have mailman.con which contains a number of 
> redirects as follows:
> 
> 
> ServerName mydomain.us
> ServerAdmin g...@amydomain.com
> Redirect / https://mydomain.us/
> 

So going to http://mydomain.us/... will redirect to https://mydomain.us/...

> 
> ServerName www.mydomain.us
> ServerAdmin g...@amydomain.com
> Redirect / https://mail.mydomain.us/
> 

And going to http://www.mydomain.us/... will redirect to
https://mail.mydomain.us/...

> 
> ServerName mail.mydomain.us
> ServerAdmin g...@mydomain.com
> Redirect / https://mail.mydomain.us

And going to http://mail.mydomain.us/... will redirect to
https://mail.mydomain.us/...

> ErrorLog /var/log/apache2/mailman-error.log
> CustomLog /var/log/apache2/mailman-access.log combined
> 
> 
> Options FollowSymLinks
> AllowOverride All
> Options +ExecCGI -MultiViews +SymLinksIfOwnerMatch
> Require all granted
> 
> 
> 
> 
> and aliases as follows:
> 
> Alias /AUP /var/www/html/AUP
> Alias /pipermail/ /var/lib/mailman/archives/public/
> Alias /postfixadmin /var/www/html/postfixadmin
> Alias /roundcube /var/www/html/roundcube
> Alias /images/mailman/ /usr/share/images/mailman/
> ScriptAlias /admin /usr/lib/cgi-bin/mailman/admin
> ScriptAlias /admindb /usr/lib/cgi-bin/mailman/admindb
> ScriptAlias /confirm /usr/lib/cgi-bin/mailman/confirm
> ScriptAlias /create /usr/lib/cgi-bin/mailman/create
> ScriptAlias /edithtml /usr/lib/cgi-bin/mailman/edithtml
> ScriptAlias /listinfo /usr/lib/cgi-bin/mailman/listinfo
> ScriptAlias /options /usr/lib/cgi-bin/mailman/options
> ScriptAlias /private /usr/lib/cgi-bin/mailman/private
> ScriptAlias /rmlist /usr/lib/cgi-bin/mailman/rmlist
> ScriptAlias /roster /usr/lib/cgi-bin/mailman/roster
> ScriptAlias /subscribe /usr/lib/cgi-bin/mailman/subscribe
> ScriptAlias /mailman/ /usr/lib/cgi-bin/mailman/
> ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo

So it appears you are relying on

ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo

to get to the listinfo page from an http(s)://host/ url. Aside from the
fact that this isn't a redirect which would explain why when you go to
https://mail.mydomain.com/ the address you wind up at is still
https://mail.mydomain.com/ (but is it in fact the listinfo page?), it
seems very bad because it means that going to any URL like
http(s)://host/something, where 'something' is anything that doesn't
match one of the preceding Alias or ScripAlias directives will invoke
the script /usr/lib/cgi-bin/mailman/listinfosomething that doesn't
exist, and even if you made it

ScriptAlias / /usr/lib/cgi-bin/mailman/listinfo/

It would still invoke the script
/usr/lib/cgi-bin/mailman/listinfo/something which will probably give a
"No such list something" error on the returned listinfo page with
http(s)://host/something still in the browser's address bar.

Further, this doesn't explain how http://mail.mydomain.com/ redirects to
http://mail.mydomain.com/listinfo before redirecting to https.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Adam Goldberg

Send grid gives you the ability to see if someone opened the email, etc. 
clearly it was sendgrid that added that (and that's why I don't use sendgrid).

Adam Goldberg
202-507-9900

On Tue, Dec 13, 2016 at 6:52 PM -0500, "Mark Sapiro" 
mailto:m...@msapiro.net>> wrote:

On 12/13/2016 01:31 PM, Kim, DongInn wrote:
>
> I do not know what is going on with the digital signature part but I am 
> wondering if you can take a look at the full raw source of the message and 
> see if there is any clues to debug this issue? This message was sent with my 
> S/MIME signature.
> http://www.crest.iu.edu/~dikim/mailman_footer.txt 
> 
>
> The raw source has the correct format of plain text footer but it is ignored 
> and another footer seems to be displayed with the html format.
> Why does it have two footer contents?

I don't know the answer to that, but I can tell you the Mailman 2.1.23
did not add the text/html footer. Something in the delivery chain after
Mailman converted Mailman's text/plain footer into multipart/alternative
with Mailman's original text/plain footer as the first alternative and
the garbled text/html footer as the second alternative.

A clue is whatever did that also added the web bug

https://u1524457.ct.sendgrid.net/wf/open?upn=FkTv6GMOKAeoJi-2BuKcaB7j2pviCy3ue7m8E6mW8uXY9UnMILQAXAHVBrmmTRd83iYN9USWcOUM8L8ZosPzEP9m1VANGlC-2BxOxriFYBy4Tu1iTEvXSVeZZdQjAkN4o4OHJDdsmqZwygNz8M-2BM97RC-2FW0fJrSW6L-2FeaD7enEkleB4vtP5DiIUsHhgUBZGo-2BNadwAONhlISQa0s2Fu-2FSFTQJJnaQGDVK8HDSBQcwSSSZwM-3D";
alt="" width="1" height="1" border="0" style="height:1px
!important;width:1px !important;border-width:0 !important;margin-top:0
!important;margin-bottom:0 !important;margin-right:0
!important;margin-left:0 !important;padding-top:0
!important;padding-bottom:0 !important;padding-right:0
!important;padding-left:0 !important;"/>

It looks like the first MTA in the delivery chain is
ismtpd0003p1sjc2.sendgrid.net and that this is a "smarthost" used by
Mailman at isocpp.org for delivery as the message is relayed through
ismtpd0003p1sjc2.sendgrid.net, filter0120p1las1.sendgrid.net and
o1.30e.fshared.sendgrid.net before being delivered to the MX for
indiana.edu.

It is almost 100% certain that it is something at sendgrid.net that is
both munging the text/plain footer into the multipart/alternative and
adding the web bug to the html alternative.

--
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/adam%40agp-llc.com
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Adam Goldberg

That's all true, but in addition I don't want my MSA changing the body of the 
emails I send. For this reason (the footer problem), and others. 

Adam
a...@agp-llc.com



> On Dec 13, 2016, at 7:02 PM, Mark Sapiro  wrote:
> 
>> On 12/13/2016 03:54 PM, Adam Goldberg wrote:
>> Send grid gives you the ability to see if someone opened the email, etc. 
>> clearly it was sendgrid that added that (and that's why I don't use 
>> sendgrid).
> 
> 
> Yes, that's what web bugs are for, but in addition to being annoying
> invasions of privacy, they are totally unreliable as a means of knowing
> whether someone read the mail. All they will tell you is that the
> recipient 'opened' the mail which doesn't mean she read it. Also many
> MUAs will not load external images in HTML mail without at least asking
> first so many people may have read the mail without ever loading the
> encoded image URL.
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Mark Sapiro

On 12/13/2016 03:54 PM, Adam Goldberg wrote:
> Send grid gives you the ability to see if someone opened the email, etc. 
> clearly it was sendgrid that added that (and that's why I don't use sendgrid).

Yes, that's what web bugs are for, but in addition to being annoying
invasions of privacy, they are totally unreliable as a means of knowing
whether someone read the mail. All they will tell you is that the
recipient 'opened' the mail which doesn't mean she read it. Also many
MUAs will not load external images in HTML mail without at least asking
first so many people may have read the mail without ever loading the
encoded image URL.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Mark Sapiro

On 12/13/2016 01:31 PM, Kim, DongInn wrote:
> 
> I do not know what is going on with the digital signature part but I am 
> wondering if you can take a look at the full raw source of the message and 
> see if there is any clues to debug this issue? This message was sent with my 
> S/MIME signature.
> http://www.crest.iu.edu/~dikim/mailman_footer.txt 
> 
> 
> The raw source has the correct format of plain text footer but it is ignored 
> and another footer seems to be displayed with the html format.
> Why does it have two footer contents?

I don't know the answer to that, but I can tell you the Mailman 2.1.23
did not add the text/html footer. Something in the delivery chain after
Mailman converted Mailman's text/plain footer into multipart/alternative
with Mailman's original text/plain footer as the first alternative and
the garbled text/html footer as the second alternative.

A clue is whatever did that also added the web bug

https://u1524457.ct.sendgrid.net/wf/open?upn=FkTv6GMOKAeoJi-2BuKcaB7j2pviCy3ue7m8E6mW8uXY9UnMILQAXAHVBrmmTRd83iYN9USWcOUM8L8ZosPzEP9m1VANGlC-2BxOxriFYBy4Tu1iTEvXSVeZZdQjAkN4o4OHJDdsmqZwygNz8M-2BM97RC-2FW0fJrSW6L-2FeaD7enEkleB4vtP5DiIUsHhgUBZGo-2BNadwAONhlISQa0s2Fu-2FSFTQJJnaQGDVK8HDSBQcwSSSZwM-3D";
alt="" width="1" height="1" border="0" style="height:1px
!important;width:1px !important;border-width:0 !important;margin-top:0
!important;margin-bottom:0 !important;margin-right:0
!important;margin-left:0 !important;padding-top:0
!important;padding-bottom:0 !important;padding-right:0
!important;padding-left:0 !important;"/>

It looks like the first MTA in the delivery chain is
ismtpd0003p1sjc2.sendgrid.net and that this is a "smarthost" used by
Mailman at isocpp.org for delivery as the message is relayed through
ismtpd0003p1sjc2.sendgrid.net, filter0120p1las1.sendgrid.net and
o1.30e.fshared.sendgrid.net before being delivered to the MX for
indiana.edu.

It is almost 100% certain that it is something at sendgrid.net that is
both munging the text/plain footer into the multipart/alternative and
adding the web bug to the html alternative.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Kim, DongInn

Mark, there is another thing that I need to mention.

This footer used to work fine with 2.1.15 (i.e., it was fine with the digital 
signature email) but it seems to have a problem with 2.1.23.
Maybe I did anything stupid? :-(

Regards,

--
- DongInn





> On Dec 13, 2016, at 4:31 PM, Kim, DongInn  wrote:
> 
> Hi Mark,
> 
> Thank you very much for looking into my problem.
> 
> I do not know what is going on with the digital signature part but I am 
> wondering if you can take a look at the full raw source of the message and 
> see if there is any clues to debug this issue? This message was sent with my 
> S/MIME signature.
> http://www.crest.iu.edu/~dikim/mailman_footer.txt 
> 
> 
> The raw source has the correct format of plain text footer but it is ignored 
> and another footer seems to be displayed with the html format.
> Why does it have two footer contents?
> 
> Regards,
> 
> --
> - DongInn
> 
> 
> 
>> On Dec 13, 2016, at 1:03 AM, Mark Sapiro > > wrote:
>> 
>> On 12/12/2016 02:49 PM, Kim, DongInn wrote:
>>> Hi,
>>> 
>>> Is there a way to keep the footer format (or layout)? In the most emails, 
>>> the footer format is fine but when a user uses digital signature (pgp or 
>>> S/MIME), it surely breaks the format.
>>> It seems that it is possible that the format is broken regardless of the 
>>> signature issue but I can not track down this case.
>>> 
>>> For example, the broken format looks like this:
>>> https://www.dropbox.com/s/hwukqz2iuqa18cg/Screenshot%202016-12-12%2017.47.16.png?dl=0
>>>  
>>> 
>>> 
>>> The right format looks like this:
>>> https://www.dropbox.com/s/7tqfdxvjb6hxqbg/Screenshot%202016-12-12%2017.48.09.png?dl=0
>>> 
>>> Maybe, can we use  tag around the footer for the html format of email?
>> 
>> 
>> Standard Mailman never puts the footer in an HTML message part. If the
>> message is a single part text/plain message, the footer is appended to
>> the text/plain message. Otherwise it is added as a separate text/plain part.
>> 
>> It could be in your case that unsigned messages are single part
>> text/plain messages and signatures make the message multipart/signed,
>> but even so, the formatting of the footer should not be changed.
>> 
>> The article at > > has more on this. It
>> also has some material about non-standard (and not recommended) patches.
>> Is your Mailman patched in any way to deal with footers and to put them
>> in HTML parts?
>> 
>> -- 
>> Mark Sapiro mailto:m...@msapiro.net>>The highway 
>> is for gamblers,
>> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
>> 
>> --
>> Mailman-Users mailing list Mailman-Users@python.org 
>> 
>> https://mail.python.org/mailman/listinfo/mailman-users 
>> 
>> Mailman FAQ: http://wiki.list.org/x/AgA3
>> Security Policy: http://wiki.list.org/x/QIA9
>> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
>> Unsubscribe: 
>> https://mail.python.org/mailman/options/mailman-users/dikim%40indiana.edu
> 

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] footer format

2016-12-13 Thread Kim, DongInn

Hi Mark,

Thank you very much for looking into my problem.

I do not know what is going on with the digital signature part but I am 
wondering if you can take a look at the full raw source of the message and see 
if there is any clues to debug this issue? This message was sent with my S/MIME 
signature.
http://www.crest.iu.edu/~dikim/mailman_footer.txt 


The raw source has the correct format of plain text footer but it is ignored 
and another footer seems to be displayed with the html format.
Why does it have two footer contents?

Regards,

--
- DongInn



> On Dec 13, 2016, at 1:03 AM, Mark Sapiro  wrote:
> 
> On 12/12/2016 02:49 PM, Kim, DongInn wrote:
>> Hi,
>> 
>> Is there a way to keep the footer format (or layout)? In the most emails, 
>> the footer format is fine but when a user uses digital signature (pgp or 
>> S/MIME), it surely breaks the format.
>> It seems that it is possible that the format is broken regardless of the 
>> signature issue but I can not track down this case.
>> 
>> For example, the broken format looks like this:
>> https://www.dropbox.com/s/hwukqz2iuqa18cg/Screenshot%202016-12-12%2017.47.16.png?dl=0
>> 
>> The right format looks like this:
>> https://www.dropbox.com/s/7tqfdxvjb6hxqbg/Screenshot%202016-12-12%2017.48.09.png?dl=0
>> 
>> Maybe, can we use  tag around the footer for the html format of email?
> 
> 
> Standard Mailman never puts the footer in an HTML message part. If the
> message is a single part text/plain message, the footer is appended to
> the text/plain message. Otherwise it is added as a separate text/plain part.
> 
> It could be in your case that unsigned messages are single part
> text/plain messages and signatures make the message multipart/signed,
> but even so, the formatting of the footer should not be changed.
> 
> The article at  has more on this. It
> also has some material about non-standard (and not recommended) patches.
> Is your Mailman patched in any way to deal with footers and to put them
> in HTML parts?
> 
> -- 
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> 
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
> Unsubscribe: 
> https://mail.python.org/mailman/options/mailman-users/dikim%40indiana.edu

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Mailman - admin panel - ldap users

2016-12-13 Thread Mark Sapiro

On 12/13/2016 05:59 AM, Zalezny Niezalezny wrote:
> Hi,
> 
> I just would like to know, if its possible to connect LDAP some how with
> Mailman webpanel ?
> I simply would like to create a users in our AD System and give them rights
> to create new maillings lists ?

There is an LDAP MemberAdaptor at
, but I don't think this
is what you are asking. This adaptor allows using the LDAP database as
the membership list for a list or lists.

If I understand, you want to allow people in your LDAP database to
create lists.

This could be done, but it would require modifying the
Mailman/Cgi/create.py script to somehow authenticate the person trying
to create a list against the LDAP database.

Alternatively, you could create a list whose membership is determined
from your LDAP database and use it to distribute the "list creator"
password which you would change more or less frequently depending on
turnover. Or, this wouldn't even need to be a list. Just some process to
query the LDAP database and send an or otherwise notify people.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Mailman - admin panel - ldap users

2016-12-13 Thread Zalezny Niezalezny

Hi,

I just would like to know, if its possible to connect LDAP some how with
Mailman webpanel ?
I simply would like to create a users in our AD System and give them rights
to create new maillings lists ?

Is it possible ?



With kind regards

Zalezny
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-13 Thread Mark Sapiro

On 12/12/2016 03:07 PM, Edward Hasbrouck wrote:
> 
> How can I stop this? I am willing to give up "subscribe to this list by 
> e-mail", and require all subscriptions to be via the Web. 

Steve has answered most of this. I just want to add a couple of things.
With respect to web subscribes, several sites including python.org have
seen mail bomb attacks via the web subscribe interface.

These are subscribes via the web UI by distributed bots that are "smart"
enough to GET the form  and delay tens of seconds before POSTing it. The
most recent attacks have been multiple subscribes to multiple lists of
some gmail.com address with various permutations of dots (ignored by
gmail) interspersed in the local part. The most recent attack on
mail.python.org subscribed addresses that matched

  '^.*s\.*u\.*n\.*i\.*b\.*e\.*e\.*s\.*t\.*a\.*r\.*s.*@gmail\.com

During the first 17 hours (before I noticed it in the daily status
report) there were 7896 pending subscribes waiting user confirmation and
417 held subscriptions waiting moderator approval (There is a script at
 to remove these).

At that point I added the above pattern to the GLOBAL_BAN_LIST (recently
implemented because of attacks like this). During the next 30+ hours
until the attacks stopped there were 4631 banned subscription attempts.

The banned attempts and held subscriptions don't send emails, but there
were still almost 8000 email confirmation requests sent to the gmail
address.

The bottom line here is that web subscribes are also vulnerable to
exploitation.

> I would still prefer to have e-mail confirmation of new subscriptions, but 
> I don't think that would cause as much of a backscatter problem: The 
> "-request" address can be harvested form the public Web, but the 
> "-confirm" address would be much less likely to do so.
> 
> But if it is simpler to implement, it would be OK to require new 
> subscriptions to be confirmed through the Web interface.

The whole point of confirmation is to verify that the entity generating
the subscribe request can actually receive and comprehend an email
message sent to that address, i.e. is the actual user whose address that
is. I don't see how that can be done without sending an email to the
address.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-13 Thread Mark Sapiro

On 12/13/2016 03:54 AM, Stephen J. Turnbull wrote:
> Edward Hasbrouck writes:
> 
>  > How can I stop this? I am willing to give up "subscribe to this list by 
>  > e-mail", and require all subscriptions to be via the Web.
> 
> Set Privacy Options | subscribe_policy to "Require approval".


That won't work. The From: address still gets a 'results of your email
commands' message.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Spam to "-request" address generating backscatter spam

2016-12-13 Thread Stephen J. Turnbull

Edward Hasbrouck writes:

 > (2) Spam with forged "From:" headers is sent to 
 > "listname-requ...@domain.com".

 > How can I stop this? I am willing to give up "subscribe to this list by 
 > e-mail", and require all subscriptions to be via the Web.

Set Privacy Options | subscribe_policy to "Require approval".

If you don't like that because of lots of subscribes, the easiest
thing to do if you actually have control over your installation is to
remove the alias in the MTA.  How to do that in Plesk, I don't know.
Probably can't, then you have to talk to your hosting service.

Everything else I can think of requires changing code or access to the
Mailman config files.  Again you'll have to talk to your host.

 > I understand that this may take time to implement, but this problem has 
 > been known for a very long time. I would like to see this put on the 
 > feature request list, however that is done.

There is no feature request list for Mailman 2 any more.  If Mark
has time and thinks it's not too invasive, it might happen, but he's
getting more and more involved with Mailman 3.  For Mailman 3, it
would be

http://gitlab.com/mailman/mailman/issues

Use tags "wishlist" and "security" I think.  (Note, AFAIK "security"
doesn't mean "privileged info" on Gitlab's tracker, it's just a tag
for any issue with our privacy or malware mitigation stuff.)

 > Is there any workaround, either through the Web interface or by editing 
 > Mailman configuration files, to disable the "-request" address or cause 
 > all mail to that address to be dropped without generating a reply?

This really is something that should be done in the MTA.  I understand
that you probably don't have access to your MTA's configs, but that's
not our fault.  From our point of view, making this change adds to the
complexity of Mailman configuration for all our users (site admins,
list owners, and subscribers).  It's already quite confusing, and only
going to get worse as we add DKIM, SPF, DMARC, ARC, 

 > FWIW, I am using Mailman through Plesk, which offers it as an option. 

Consider changing to a service that's more expensive but doesn't make
you unreasonable for making a support request.  Plesk (and cPanel) are
a good idea in principle, but unfortunately the spammers, phishers,
and other miscreants, malefactors, and felons put paid to that.  It
doesn't really matter what you do, if you take input from the
Internet, you need to be able to reconfigure quickly and flexibly in
response to exploits.  Those "control panels" don't offer that, and
probably cannot.

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] distutils is not available or incomplete when ./configure mailman 2.1.23?

Re: [Mailman-Users] Root URL / vs /listinfo?

[Mailman-Users] distutils is not available or incomplete when ./configure mailman 2.1.23?

Re: [Mailman-Users] Root URL / vs /listinfo?

Re: [Mailman-Users] Root URL / vs /listinfo?

Re: [Mailman-Users] footer format

Re: [Mailman-Users] footer format

Re: [Mailman-Users] footer format

Re: [Mailman-Users] footer format

Re: [Mailman-Users] footer format

Re: [Mailman-Users] footer format

Re: [Mailman-Users] Mailman - admin panel - ldap users

[Mailman-Users] Mailman - admin panel - ldap users

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

Re: [Mailman-Users] Spam to "-request" address generating backscatter spam

[Mailman-Users] Spam to "-request" address generating backscatter spam

16 matches

Site Navigation

Mail list logo

Footer information