Re: [Mailman-Users] Trying to tighten up my security...
Okay... Next hitch... I installed the patch, and tested it (by trying to send an e-mail to the group from an e-mail that I knew wasn't in the group). It was rejected (as expected). I just had an e-mail get through from a non-member! The e-mail is from: Bernardo Spicer [EMAIL PROTECTED] Who is definitely *not* on any of my lists. The group sender filter is set to 'Reject' postings from non-members for which no explicit action is defined. But, I was still notified. Here's the full header of the message that requested approval: Received: from mxs.mail.ru ([203.146.112.225]) by steeplechase-hoa.org (8.13.7/8.13.4) with ESMTP id k6K3TmZt017041 for [EMAIL PROTECTED]; Wed, 19 Jul 2006 21:30:03 -0600 Message-Id: [EMAIL PROTECTED] From: Bernardo Spicer [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: RE: wave surface Date: Thu, 20 Jul 2006 03:40:10 -0420 MIME-Version: 1.0 X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2800.1478 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1478 Content-Type: multipart/related; type=multipart/alternative; boundary==_NextPart_000_006A_01C6ABE8.DFCD64A0 Why did I get a request to approve this message? Thanks!!! Jon -Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: Monday, July 17, 2006 4:57 PM To: Jon D. Slater Subject: RE: [Mailman-Users] Trying to tighten up my security... Since I'm running 2.1.8 (instead of 2.1.6 as the patch requires), I made the changes by hand, which broke MM. So now I've put it all back the way it was and, at least, MM is back... (Without the patch.) The 2.1.6 listinclusion patch applies cleanly to 2.1.8 without change. cd path/to/2.1.8mailman/Mailman patch -p2 path_to_listinclusion.patch or cd path/to/2.1.8mailman patch -p1 path_to_listinclusion.patch After applying the patch you need to do 'mailmanctl restart' so IncomingRunner will pick up the change to Mailman/Handlers/Moderate.py. What broke? When you patched by hand, did you preserve indentation exactly? -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.10.1/389 - Release Date: 7/14/2006 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Trying to tighten up my security...
Just curious... Do you know if this patch still checks the 'mod' bit for entries in the accept_these_non_members? -Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: Monday, July 10, 2006 12:17 PM To: Jon D. Slater; mailman-users@python.org Subject: Re: [Mailman-Users] Trying to tighten up my security... Jon D. Slater wrote: I found this clue: Where? How do I allow subscribers from another list to post in my list without adding them as members? This particular feature might be useful if you manage multiple lists, but would like common senders among them all without needing to update each one when a new subscriber is added. To do this, log into the list's administrative interface: * Go to Privacy options * Go to Sender filters * Add another list's address into accept_these_listsenders (including @mailman.ucalgary.ca, one address per line) * Press the Submit Your Changes button when finished But I don't see 'accept_these_listsenders' on any of my [EMAIL PROTECTED] administrative pages. I think the above is referring to some locally modified Mailman (at ucalgary.ca ?). See http://sourceforge.net/tracker/index.php?func=detailaid=1220144group_id =103atid=300103 for another way to do this. This patch implements the ability to, in your case, add @members to the board list's accept_these_nonmembers to allow any member of the members list to post to the board list. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.10/383 - Release Date: 7/7/2006 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Trying to tighten up my security...
Hi All, I have two lists one called '[EMAIL PROTECTED]' which is the board of directors and one called '[EMAIL PROTECTED]'. My Member's list changes frequently. I would like to be able to allow anyone on the 'Members' list to send e-mail to the 'Board' with out having to add each member to the board list. I found this clue: How do I allow subscribers from another list to post in my list without adding them as members? This particular feature might be useful if you manage multiple lists, but would like common senders among them all without needing to update each one when a new subscriber is added. To do this, log into the list's administrative interface: * Go to Privacy options * Go to Sender filters * Add another list's address into accept_these_listsenders (including @mailman.ucalgary.ca, one address per line) * Press the Submit Your Changes button when finished But I don't see 'accept_these_listsenders' on any of my [EMAIL PROTECTED] administrative pages. How do I do this? Stats: Mailman: 2.1.8 OS: Fedora Core 4 (kernel-2.6.17-1.2141_FC4) Apache: 2.0 Thanks!!! Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Trying to tighten up my security...
-Original Message- From: Mark Sapiro [mailto:[EMAIL PROTECTED] Sent: Monday, July 10, 2006 12:17 PM To: Jon D. Slater; mailman-users@python.org Subject: Re: [Mailman-Users] Trying to tighten up my security... Jon D. Slater wrote: I found this clue: Where? Here: http://www.ucalgary.ca/it/self_help/email/mailman/mailmanfaq.html at the very bottom How do I allow subscribers from another list to post in my list without adding them as members? This particular feature might be useful if you manage multiple lists, but would like common senders among them all without needing to update each one when a new subscriber is added. To do this, log into the list's administrative interface: * Go to Privacy options * Go to Sender filters * Add another list's address into accept_these_listsenders (including @mailman.ucalgary.ca, one address per line) * Press the Submit Your Changes button when finished But I don't see 'accept_these_listsenders' on any of my [EMAIL PROTECTED] administrative pages. I think the above is referring to some locally modified Mailman (at ucalgary.ca ?). See http://sourceforge.net/tracker/index.php?func=detailaid=1220144group_id =103atid=300103 for another way to do this. This patch implements the ability to, in your case, add @members to the board list's accept_these_nonmembers to allow any member of the members list to post to the board list. -- Mark Sapiro [EMAIL PROTECTED] The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.394 / Virus Database: 268.9.10/383 - Release Date: 7/7/2006 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Integrating Mailman with Spamassassin
I've been using Mailman for some time, and just recently installed SpamAssassin on my Fedora Core 4, Linux machine. Where can I find instructions to integrate the two (so, that SpamAssassin analyzes the e-mail before sending a request to the moderator for approval)? Thanks! Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Is there a security hole in Mailman?
-Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Donsbach Sent: Sunday, February 12, 2006 10:10 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Is there a security hole in Mailman? On 2/12/06, Jon D. Slater [EMAIL PROTECTED] wrote: Hi All, Is there a security hole in Mailman? How are the evil spammers harvesting my list names when they aren't on the 'listinfo' page? From the address book(s) of one or some of you subscribers infected with a virus/worm? And, more importantly, is there a way to prevent it? (BTW, I'm also using SPAM ASSASSIN and a lot of these SPAM messages still get through.) Is your list set for subscribers only posting? Set your list to hold posts from non-members for moderation. Keep feeding the spam messages to sa-learn. Jeff D I'm already doing that. My complaint is that I have to go in and manually reject or ignore these messages. How are they getting my list names in the first place? I don't believe this is an issue where an individual user may have been compromised, because no single user accesses all the groups on all of the servers. Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
Re: [Mailman-Users] Is there a security hole in Mailman?
Some are pretty generic (board) while others are not (DesignReviewCommittee). -Original Message- From: Patrick Bogen [mailto:[EMAIL PROTECTED] Sent: Monday, February 13, 2006 9:46 AM To: Jon D. Slater Subject: Re: [Mailman-Users] Is there a security hole in Mailman? Do your lists have reasonably common names? announce staff that sort of thing? Spammers don't care about bounced messages, so they might just be randomly guessing. On 2/13/06, Jon D. Slater [EMAIL PROTECTED] wrote: -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] On Behalf Of Jeff Donsbach Sent: Sunday, February 12, 2006 10:10 AM To: mailman-users@python.org Subject: Re: [Mailman-Users] Is there a security hole in Mailman? On 2/12/06, Jon D. Slater [EMAIL PROTECTED] wrote: Hi All, Is there a security hole in Mailman? How are the evil spammers harvesting my list names when they aren't on the 'listinfo' page? From the address book(s) of one or some of you subscribers infected with a virus/worm? And, more importantly, is there a way to prevent it? (BTW, I'm also using SPAM ASSASSIN and a lot of these SPAM messages still get through.) Is your list set for subscribers only posting? Set your list to hold posts from non-members for moderation. Keep feeding the spam messages to sa-learn. Jeff D I'm already doing that. My complaint is that I have to go in and manually reject or ignore these messages. How are they getting my list names in the first place? I don't believe this is an issue where an individual user may have been compromised, because no single user accesses all the groups on all of the servers. Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman- users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman- users/pdbogen%40gmail.com Security Policy: http://www.python.org/cgi-bin/faqw- mm.py?req=showamp;file=faq01.027.htp -- - Patrick Bogen -- No virus found in this incoming message. Checked by AVG Free Edition. Version: 7.1.375 / Virus Database: 267.15.6/258 - Release Date: 2/13/2006 -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Is there a security hole in Mailman?
Hi All, I've been away from this list for a while, so the question may have already been asked (and answered). Is there a security hole in Mailman? Here's what I mean. I'm running several servers, all running mailman. *None* of my lists are displayed publicly when you view the mailman/listinfo page. When-ever I use a non-mailman email address on one of my web pages, I always 'munge' it using a java script. Lately I've been bombarded by 100's of spam e-mail messages, but *only to my Mailman lists*. My non-mailman e-mail address (which are munged with java), are never hit. How are the evil spammers harvesting my list names when they aren't on the 'listinfo' page? And, more importantly, is there a way to prevent it? (BTW, I'm also using SPAM ASSASSIN and a lot of these SPAM messages still get through.) Thanks! Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] Backup recommendations...
So I've just implement a backup solution that uses rsync to backup my users accounts to a remote server (works great). What should I be backing up from Mailman? Where do the MailMan files live? And, in the event of a drive failure, can I just copy the files back from my backup machine? Thanks in advance! Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
[Mailman-Users] One member not receiving e-mails...
Can someone suggest how I'd go about tracking down this problem... I have a list of 52 members. Of that list, there is 1 e-mail address that never receives e-mail from the server. (The other 51 work fine.) This 1 e-mail address (I'll call it '[EMAIL PROTECTED]') is an MSN e-mail address (if that matters). I have other MSN members and they *are* receiving mailings. To date, I've never had a message bounce back from '[EMAIL PROTECTED]', and they claim they *aren't* being delivered to their Junk Mail Folder. How would I start trying to trace this down? Is there a log something that might tell me if Mailman is, at least, trying to send them e-mail? Thanks!!! Jon -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: http://mail.python.org/mailman/options/mailman-users/archive%40jab.org Security Policy: http://www.python.org/cgi-bin/faqw-mm.py?req=showamp;file=faq01.027.htp
