Re: [Mailman-Users] gmail

2018-09-11 Thread Mark Sapiro 
On 09/11/2018 07:32 PM, Richard Damon wrote:
> 
> The one big downside of adding SPF, is that this cause problems if
> anyone sets up a forward for list messages to another domain, as these
> now will get rejected by any domain that checks SPF.


This can be at least partially mitigated by appending ~all (SOFTFAIL) or
even ?all (NEUTRAL) to your SPF record.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] gmail

2018-09-11 Thread Mark Sapiro 
On 09/11/2018 07:04 AM, Bernie Cosell wrote:
> I've gotten buried by 80 bounce messages, thanks to gmail's new policy [that 
> was, 
> apparently, put into effect yesterday].  The bounces say:
> 
> <@gmail.com>: host alt1.gmail-smtp-in.l.google.com[74.125.129.26] said:
> 421-4.7.0 This message does not have authentication information or fails 
> to
> pass 421-4.7.0 authentication checks. To best protect our users from spam,
> the 421-4.7.0 message has been blocked. Please visit 421-4.7.0
> https://support.google.com/mail/answer/81126#authentication for more
> 421- 4.7.0 information. 128-v6si11952705iti.109 - gsmtp (in reply to end of
> DATA command)
> 
> I looked at their 'answer' and mostly found it to be unhelpful.  i certainly 
> can't get 
> any server anywhere to change their their system configuration, nor can I 
> mess 
> with mailman [all suggestions about python-esque tweaks to mailman presume 
> that you have access to the server, which I don't].   Is there something I 
> can do 
> [just as a list owner] to deal with this mess?


No.

You need to convince your hosting service to publish SPF records for
your domain indicating that the outgoing server is permitted and to DKIM
sign outgoing messages from your domain.

In todays environment these are normal requirements for sending mail and
the Mailman host should do them.

However, if your list domain is fantasyfarm.com, it appears that
dreamhost does publish an appropriate SPF and at least DKIM signed the
post to which I'm replying.

Also, FWIW, I'm not seeing an abnormal number of gmail users bouncing on
my lists or on python.org lists.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] gmail

2018-09-11 Thread Richard Damon 
On 9/11/18 10:04 AM, Bernie Cosell wrote:
> I've gotten buried by 80 bounce messages, thanks to gmail's new policy [that 
> was, 
> apparently, put into effect yesterday].  The bounces say:
>
> <@gmail.com>: host alt1.gmail-smtp-in.l.google.com[74.125.129.26] said:
> 421-4.7.0 This message does not have authentication information or fails 
> to
> pass 421-4.7.0 authentication checks. To best protect our users from spam,
> the 421-4.7.0 message has been blocked. Please visit 421-4.7.0
> https://support.google.com/mail/answer/81126#authentication for more
> 421- 4.7.0 information. 128-v6si11952705iti.109 - gsmtp (in reply to end of
> DATA command)
>
> I looked at their 'answer' and mostly found it to be unhelpful.  i certainly 
> can't get 
> any server anywhere to change their their system configuration, nor can I 
> mess 
> with mailman [all suggestions about python-esque tweaks to mailman presume 
> that you have access to the server, which I don't].   Is there something I 
> can do 
> [just as a list owner] to deal with this mess?
>
>   /Bernie\_
>
>
>  Bernie Cosell
One option they list is to establish SPF for your domain (assuming that
the list comes from a domain that you control). I found that a couple of
years ago I need to add SPF for my list to avoid getting lots of these
from GMail.

The one big downside of adding SPF, is that this cause problems if
anyone sets up a forward for list messages to another domain, as these
now will get rejected by any domain that checks SPF.

-- 
Richard Damon

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Mark Sapiro 
On 09/11/2018 06:03 PM, Sean Son wrote:
> 
> So i got HTTPS to work on the main site, but now when I access the list
> archives, i see that they are still being accessed through HTTP and not
> HTTPS
> 
> So I then ran this command:
> 
> $prefix/bin/withlist -l -a -r fix_url
> 
> and each of the lists were listed but the word "locked" appeared by each
> one of them.. After the command finished running and I restarted Mailman as
> well as Apache, I still see that the list archives are being accessed
> through HTTP and not HTTPS.  Any ideas on how I should resolve this? What
> does "locked" mean that appeared by each list name:


'locked' is because you specified -l to lock the lists when running fix_url.


> /usr/lib/mailman/bin/withlist -l -a -r fix_url
> Importing fix_url...
> Running fix_url.fix_url()...
> Loading list list0 (locked)
> Saving list


withlist is just telling you it locked the list when loading it. This is
expected.

Running fix_url will fix the web_page_url attribute for existing lists
to use https assuming you set DEFAULT_URL_PATTERN to use https.

To fix the public archive URLs to be https, do step 4 at
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] gmail

2018-09-11 Thread Bernie Cosell 
I've gotten buried by 80 bounce messages, thanks to gmail's new policy [that 
was, 
apparently, put into effect yesterday].  The bounces say:

<@gmail.com>: host alt1.gmail-smtp-in.l.google.com[74.125.129.26] said:
421-4.7.0 This message does not have authentication information or fails to
pass 421-4.7.0 authentication checks. To best protect our users from spam,
the 421-4.7.0 message has been blocked. Please visit 421-4.7.0
https://support.google.com/mail/answer/81126#authentication for more
421- 4.7.0 information. 128-v6si11952705iti.109 - gsmtp (in reply to end of
DATA command)

I looked at their 'answer' and mostly found it to be unhelpful.  i certainly 
can't get 
any server anywhere to change their their system configuration, nor can I mess 
with mailman [all suggestions about python-esque tweaks to mailman presume 
that you have access to the server, which I don't].   Is there something I can 
do 
[just as a list owner] to deal with this mess?

  /Bernie\_


 Bernie Cosell
 ber...@fantasyfarm.com
-- Too many people; too few sheep --

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Sean Son 
On Tue, Sep 11, 2018 at 4:00 PM, Mark Sapiro  wrote:

> On 09/11/2018 11:47 AM, Sean Son wrote:
> >
> > Thanks for the reply man. I want to require HTTPS for Mailman and all of
> > its lists. I already have an SSL cert . I am running Apache as the
> > webserver on RHEL 7.  I took a look at the FAQs on the Mailman site,
> > regarding setting up SSL. It mentions that a virtual host can be set up
> for
> > HTTP to redirect to HTTPS, and a virtualhost can be set up for the HTTPS
> > and mailman configured to only work on HTTPs.  It is the latter part,
> > setting up the VirtualHost for HTTPS and configuring mailman to work only
> > with HTTPs, which I am lost on.
>
> There are multiple ways to do this. It depends on whether you have other
> virtual hosts and if so, if they should also be able to access mailman.
>
> In the simplest case, just put the various things for the mailman config
> such as
>
> ScriptAlias /mailman/ /path/to/mailman/cgi-bin
> Alias   /pipermail/  /path/to/mailman/archives/public/
>
> 
> Options ExecCGI
> Require all granted
> 
>
> 
> Options +FollowSymLinks
> Require all granted
> 
>
> directly in the mailman https virtual host.
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> linuxmailinglistsemail%40gmail.com
>

So i got HTTPS to work on the main site, but now when I access the list
archives, i see that they are still being accessed through HTTP and not
HTTPS

So I then ran this command:

$prefix/bin/withlist -l -a -r fix_url

and each of the lists were listed but the word "locked" appeared by each
one of them.. After the command finished running and I restarted Mailman as
well as Apache, I still see that the list archives are being accessed
through HTTP and not HTTPS.  Any ideas on how I should resolve this? What
does "locked" mean that appeared by each list name:

/usr/lib/mailman/bin/withlist -l -a -r fix_url
Importing fix_url...
Running fix_url.fix_url()...
Loading list list0 (locked)
Saving list
Loading list list1 (locked)
Saving list
Loading list list2 (locked)
Saving list
.
.
Finalizing
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] -EXT-Re: Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Sean Son 
On Tue, Sep 11, 2018 at 6:29 PM, Mark Sapiro  wrote:

> On 09/11/2018 02:00 PM, Parker, Michael D. wrote:
> > HmmmI seem to remember that there are places in the configuration
> files where http:// that would need to be changed to https://.
> > If I also recall, existing mail lists have the http:// reference in
> them which would have to be changed also.
>
>
> This is all covered in the FAQ at 
> which the OP said he read.
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> linuxmailinglistsemail%40gmail.com
>

Thanks everyone for the suggestions. I will try them and see what happens
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] -EXT-Re: Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Mark Sapiro 
On 09/11/2018 02:00 PM, Parker, Michael D. wrote:
> HmmmI seem to remember that there are places in the configuration files 
> where http:// that would need to be changed to https://.  
> If I also recall, existing mail lists have the http:// reference in them 
> which would have to be changed also.


This is all covered in the FAQ at 
which the OP said he read.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] -EXT-Re: Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Parker, Michael D. 
HmmmI seem to remember that there are places in the configuration files 
where http:// that would need to be changed to https://.  
If I also recall, existing mail lists have the http:// reference in them which 
would have to be changed also.

* * * * * *
Email: michael.d.par...@ga.com  < NOTE:  Remember to include my middle 
initial >

Michael D. Parker, CISSP 
EMS Programs Cybersecurity, Architecture, Software & Controls Division
General Atomics
ElectroMagnetics Systems Group (GA-EMS)
+1-858-964-6675 work phone
+1-858-376-7474 mobile phone
16969 Mesamint Street
San Diego, CA  92127-2407

*
CONFIDENTIALITY NOTICE: This communication is intended to be confidential to 
the person(s)
 to whom it is addressed. If you are not the intended recipient or the agent of 
the intended 
recipient or if you are unable to deliver this communication to the intended 
recipient, you 
must not read, use or disseminate this information. If you have received this 
communication 
in error, please advise the sender immediately by telephone and delete this 
message and any
 attachments without retaining a copy. 
*


-Original Message-
From: Mailman-Users  
On Behalf Of Mark Sapiro
Sent: Tuesday, September 11, 2018 13:00
To: mailman-users@python.org
Subject: -EXT-Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

On 09/11/2018 11:47 AM, Sean Son wrote:
> 
> Thanks for the reply man. I want to require HTTPS for Mailman and all 
> of its lists. I already have an SSL cert . I am running Apache as the 
> webserver on RHEL 7.  I took a look at the FAQs on the Mailman site, 
> regarding setting up SSL. It mentions that a virtual host can be set 
> up for HTTP to redirect to HTTPS, and a virtualhost can be set up for 
> the HTTPS and mailman configured to only work on HTTPs.  It is the 
> latter part, setting up the VirtualHost for HTTPS and configuring 
> mailman to work only with HTTPs, which I am lost on.

There are multiple ways to do this. It depends on whether you have other 
virtual hosts and if so, if they should also be able to access mailman.

In the simplest case, just put the various things for the mailman config such as

ScriptAlias /mailman/ /path/to/mailman/cgi-bin
Alias   /pipermail/  /path/to/mailman/archives/public/


Options ExecCGI
Require all granted



Options +FollowSymLinks
Require all granted


directly in the mailman https virtual host.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org 
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: 
http://wiki.list.org/x/QIA9 Searchable Archives: 
http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/michael.d.parker%40ga.com

--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Mark Sapiro 
On 09/11/2018 11:47 AM, Sean Son wrote:
> 
> Thanks for the reply man. I want to require HTTPS for Mailman and all of
> its lists. I already have an SSL cert . I am running Apache as the
> webserver on RHEL 7.  I took a look at the FAQs on the Mailman site,
> regarding setting up SSL. It mentions that a virtual host can be set up for
> HTTP to redirect to HTTPS, and a virtualhost can be set up for the HTTPS
> and mailman configured to only work on HTTPs.  It is the latter part,
> setting up the VirtualHost for HTTPS and configuring mailman to work only
> with HTTPs, which I am lost on.

There are multiple ways to do this. It depends on whether you have other
virtual hosts and if so, if they should also be able to access mailman.

In the simplest case, just put the various things for the mailman config
such as

ScriptAlias /mailman/ /path/to/mailman/cgi-bin
Alias   /pipermail/  /path/to/mailman/archives/public/


Options ExecCGI
Require all granted



Options +FollowSymLinks
Require all granted


directly in the mailman https virtual host.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Sean Son 
On Tue, Sep 11, 2018 at 12:11 PM, Mark Sapiro  wrote:

> On 09/10/2018 09:04 AM, Sean Son wrote:
> >
> > I have to set up SSL for our mailman instance and I am stuck on how the
> SSL
> > Virtualhost for HTTPs should be set up. I know the FAQ on the list.org
> > website explains all of the steps for setting up HTTPS with mailman, but
> I
> > do not see anything that explains how to set up the actual virtual host
> and
> > which options and directives should be in the virtual host.. Any and ALL
> > help is greatly appreciated!!
>
>
> If I understand correctly, this is a web server question, not a Mailman
> question.
>
> Please elaborate. Are you asking how to set up your web server? if so,
> what web server are you using (Apache, nginx, ??). Also, what are you
> trying to do. I.e. do you want to require https for Mailman or only
> allow it? Do you have an SSL certificate? If not, see
> .
>
> --
> Mark Sapiro The highway is for gamblers,
> San Francisco Bay Area, Californiabetter use your sense - B. Dylan
> --
> Mailman-Users mailing list Mailman-Users@python.org
> https://mail.python.org/mailman/listinfo/mailman-users
> Mailman FAQ: http://wiki.list.org/x/AgA3
> Security Policy: http://wiki.list.org/x/QIA9
> Searchable Archives: http://www.mail-archive.com/
> mailman-users%40python.org/
> Unsubscribe: https://mail.python.org/mailman/options/mailman-users/
> linuxmailinglistsemail%40gmail.com
>

Hey Mark

Thanks for the reply man. I want to require HTTPS for Mailman and all of
its lists. I already have an SSL cert . I am running Apache as the
webserver on RHEL 7.  I took a look at the FAQs on the Mailman site,
regarding setting up SSL. It mentions that a virtual host can be set up for
HTTP to redirect to HTTPS, and a virtualhost can be set up for the HTTPS
and mailman configured to only work on HTTPs.  It is the latter part,
setting up the VirtualHost for HTTPS and configuring mailman to work only
with HTTPs, which I am lost on. I did research online and I found this
posting:

https://www.apachelounge.com/viewtopic.php?p=30938

But it does not seem that the OP ever got his issue resolved. He did not
post any updates.  So, to summarize, I need assistance on setting up the
VirtualHost for the HTTPS only access to Mailman


Thanks!
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

Re: [Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Mark Sapiro 
On 09/10/2018 09:04 AM, Sean Son wrote:
> 
> I have to set up SSL for our mailman instance and I am stuck on how the SSL
> Virtualhost for HTTPs should be set up. I know the FAQ on the list.org
> website explains all of the steps for setting up HTTPS with mailman, but I
> do not see anything that explains how to set up the actual virtual host and
> which options and directives should be in the virtual host.. Any and ALL
> help is greatly appreciated!!


If I understand correctly, this is a web server question, not a Mailman
question.

Please elaborate. Are you asking how to set up your web server? if so,
what web server are you using (Apache, nginx, ??). Also, what are you
trying to do. I.e. do you want to require https for Mailman or only
allow it? Do you have an SSL certificate? If not, see
.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org

[Mailman-Users] Setting up SSL Virtualhost for Mailman

2018-09-11 Thread Sean Son 
Hello all

I have to set up SSL for our mailman instance and I am stuck on how the SSL
Virtualhost for HTTPs should be set up. I know the FAQ on the list.org
website explains all of the steps for setting up HTTPS with mailman, but I
do not see anything that explains how to set up the actual virtual host and
which options and directives should be in the virtual host.. Any and ALL
help is greatly appreciated!!


Thanks

Sean
--
Mailman-Users mailing list Mailman-Users@python.org
https://mail.python.org/mailman/listinfo/mailman-users
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
Unsubscribe: 
https://mail.python.org/mailman/options/mailman-users/archive%40jab.org