[Mailman-Users] Re: customized From handling?
Rich Morin writes: > [the blinux admins] would probably be more inclined to update > within version 2.1.x (and tweak the config a bit) than to move to > version 3. That's fine with us. We are proud of Mailman 2, it's just that a decade ago we could clearly see it was reaching the end of the line for major feature development. IMO, everybody should definitely update to the most recent version of Mailman 2 which is available from Launchpad via the bzr VCS (you can also download a tar.gz or maybe a .zip) as well as many distros' package repositories (if not the very most recent, something much better than 2.1.12 or 2.1.15). There have been *many* improvements since then, including the DMARC mitigations mentioned elsewhere in this thread that may help address this problem, but also a number of security issues that affect third parties (a few cross-site scripting vulnerabilities, for example) have been addressed. Staying up to date on Internet-facing software is just plain good citizenship. > Where can I find the right place to post a feature request for > Mailman 2.1.x? Here.[1] The answer will be "No" ;-) *but* that will be followed with (a) various suggestions for workarounds in the stock Mailman from developers and other users and (b) help with creating specific patches for sites to maintain for themselves. (a) is why I suggest here rather than mailman-developers -- other users are a great resource! We aren't opposed to folks developing Mailman 2 further, patch by patch. We're strict about devoting project resources to Mailman 3. Footnotes: [1] If it applies to Mailman 3 as well, an RFE on the tracker at https://gitlab.com/mailman would be appreciated, though. -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
Rich Morin writes: > So, it sounds like any feature requests should be directed to > Mailman 3: That is correct. > Mailman Core seems to be the best bet For the viewers playing along at home, there is no Mailman Core list as far as I know. :-) There are two lists, the core developers are all subscribed to both. They are both Mailman 3 lists: Mailman Developers https://mail.python.org/mailman3/lists/mailman-developers.python.org/ for technical questions and "obvious" feature requests directed to the developers, and Mailman Users https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/ for questions and feature requests that would benefit from input from other users. Sorry about the confusing domains and duplicated list name (Mailman Users); we originally hoped that Mailman 3 would quickly entirely replace Mailman 2 for the kind of folks who subscribe to applications' discussion lists, and we could just migrate -users and eventually -developers to mailman3.org. But it didn't happen that way, and we found we really needed to keep the original mailman-users list around for the many users who were perfectly satisfied with Mailman 2's features and quality but still had the occasional question (such as "OMG what is DMARC!" :-). > I'll post there and see how the maintainers respond... You're just going to get the same people (me and Mark) :-), except that I think Abhilash is a little more likely to respond on Mailman Developers and the V3 version of Mailman Users. (There are several other core developers but they're currently busy with other stuff and not hanging out here these days.) Steve -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/6/21 4:51 PM, Henry Yen wrote: How about this: turn anonymous_list back off, set from_is_list to MungeFrom, then add an MTA milter to delete reply-to and cc? That would be an option except the OP's list is Mailman 2.1.12 which has no from_is_list feature. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On Fri, Nov 05, 2021 at 10:49:45AM -0700, Mark Sapiro wrote: > On 11/5/21 10:09 AM, Rich Morin wrote: > >Thanks for the prompt and informative response! > > > >It sounds like the "Munge From" setting would meet their desire for spam > >avoidance, except that "the original From will be placed in either CC or > >Reply-To depending on other settings". However, I can't find this > >setting; can you provide a link? > > > Sorry, I assumed this was Mailman 2.1 because this list is for Mailmaqn > 2.1. In Mailman 3, the settings would be under Settings->DMARC > Mitigatations and would be DMARC mitigation action = Replace From: with > lit address and DMARC Mitigate unconditionally = Yes > > > >Meanwhile, it appears that the "remove_headers" option could be used to > >remove the CC and Reply-To headers. Is this correct and are there any > >other headers we'd need to remove? > > > >https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html#remove-headers > > > No, This option only applies to headers in messages posted to usenet via > the mail-> usenet gateway. There are no settings that would remove the > posters address from Reply-To or CC. DMARC mitigations are intended to > mitigate the effects of DMARC while still allowing Reply and Reply-All > to function as they would without the mitigation. > > Anonymizing posts by hiding the posters address but not name has never > been implemented in any form. > > > -- > Mark Sapiro The highway is for gamblers, > San Francisco Bay Area, Californiabetter use your sense - B. Dylan How about this: turn anonymous_list back off, set from_is_list to MungeFrom, then add an MTA milter to delete reply-to and cc? -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/5/21 11:48 AM, Rich Morin wrote: Apologies for the confusion and thanks for the clarification. As a complete newbie to Mailman, I didn't even notice that there was a major revision involved :-). Looking at the headers of a recent blinux-list message, I see: X-Mailman-Version: 2.1.12 Just to provide some closure on this, The from_is_list feature was introduced as a site option in Mailman 2.1.16 and made always available in 2.1.18. Thus it is not in 2.1.12 in any form. Meanwhile, looking at https://launchpad.net/mailman/+milestone/2.1.15, I see: This is the final release of Mailman 2.1.15. ... That referred to 2.1.15 final as opposed to prior 2.1.15 beta and release candidate releases. The current release of Mailman 2.1 is 2.1.35. Mailman 2.1.30 was the last release in the 2.1 series except for security fixes, serious bug fixes and translation updates. See https://mail.python.org/archives/list/mailman-annou...@python.org/message/TJLEX52N2ARNOQBC2ZNYMNV5U226R5NM/ -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/5/2021 12:02 PM, Rich Morin wrote: In any event, the blinux-list admins would probably be more inclined to update within version 2.1.x (and tweak the config a bit) than to move to version 3. For casual use, setting up mailman3 is a lot of work IMHO. Where can I find the right place to post a feature request for Mailman 2.1.x? It would be here (this list), but pretty much nobody is adding features to v2 anymore*, even security patches only happen when really needed. (I suppose though that if someone did develop a feature patch, it would be considered.) *mailman2 runs on python2, which is way past it's stated end-of-life; migrating anything from python2 to python3 is a large undertaking so the developers are concentrating on mailman3 (w/ python3). There's probably something in the wiki about this. z! not a mailman developer, just a long-time user -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
> On Nov 5, 2021, at 11:52, Carl Zwanzig wrote: > > Might be on launchpad, but Mailman v2 itself is at 2.1.35; there have been > many features and security patches since .15. Yow! Seems like that web site is a bit out of date. In any event, the blinux-list admins would probably be more inclined to update within version 2.1.x (and tweak the config a bit) than to move to version 3. Where can I find the right place to post a feature request for Mailman 2.1.x? -r -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/5/2021 11:48 AM, Rich Morin wrote: Apologies for the confusion and thanks for the clarification. As a complete newbie to Mailman, I didn't even notice that there was a major revision involved :-). Looking at the headers of a recent blinux-list message, I see: X-Mailman-Version: 2.1.12 Which is positively _ancient_. Meanwhile, looking athttps://launchpad.net/mailman/+milestone/2.1.15, I see: This is the final release of Mailman 2.1.15. ... Might be on launchpad, but Mailman v2 itself is at 2.1.35; there have been many features and security patches since .15. Later, z! -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
> On Nov 5, 2021, at 10:49, Mark Sapiro wrote: > > Sorry, I assumed this was Mailman 2.1 ... Apologies for the confusion and thanks for the clarification. As a complete newbie to Mailman, I didn't even notice that there was a major revision involved :-). Looking at the headers of a recent blinux-list message, I see: > X-Mailman-Version: 2.1.12 Meanwhile, looking at https://launchpad.net/mailman/+milestone/2.1.15, I see: > This is the final release of Mailman 2.1.15. ... So, it sounds like any feature requests should be directed to Mailman 3: https://gitlab.com/mailman/mailman/-/issues Mailman Core seems to be the best bet for this issue; I'll post there and see how the maintainers respond... -r -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/5/21 10:09 AM, Rich Morin wrote: Thanks for the prompt and informative response! It sounds like the "Munge From" setting would meet their desire for spam avoidance, except that "the original From will be placed in either CC or Reply-To depending on other settings". However, I can't find this setting; can you provide a link? Sorry, I assumed this was Mailman 2.1 because this list is for Mailmaqn 2.1. In Mailman 3, the settings would be under Settings->DMARC Mitigatations and would be DMARC mitigation action = Replace From: with lit address and DMARC Mitigate unconditionally = Yes Meanwhile, it appears that the "remove_headers" option could be used to remove the CC and Reply-To headers. Is this correct and are there any other headers we'd need to remove? https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html#remove-headers No, This option only applies to headers in messages posted to usenet via the mail-> usenet gateway. There are no settings that would remove the posters address from Reply-To or CC. DMARC mitigations are intended to mitigate the effects of DMARC while still allowing Reply and Reply-All to function as they would without the mitigation. Anonymizing posts by hiding the posters address but not name has never been implemented in any form. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
Thanks for the prompt and informative response! It sounds like the "Munge From" setting would meet their desire for spam avoidance, except that "the original From will be placed in either CC or Reply-To depending on other settings". However, I can't find this setting; can you provide a link? Meanwhile, it appears that the "remove_headers" option could be used to remove the CC and Reply-To headers. Is this correct and are there any other headers we'd need to remove? https://docs.mailman3.org/projects/mailman/en/latest/src/mailman/config/docs/config.html#remove-headers -r -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/
[Mailman-Users] Re: customized From handling?
On 11/4/21 5:48 PM, Rich Morin wrote: I'm a member of the "Linux for blind general discussion" list (blinux-l...@redhat.com), which uses Mailman. Some time ago, the list was having problems with folks spamming members, using addresses harvested from the "From" lines of messages. So, the list admins opted to change the "From" line to simply say: Linux for blind general discussion Although this solved the immediate problem, it also resulted in some confusion, because all postings are now anonymous by default. Is there a configuration option that would (say) result in a From line that only reveals the poster's name, but not their email address? Presumably, they did this by making the list anonymous. Rather than doing that, the only other configuration is to set from_is_list to Munge From. This will make the from look like Jane Doe via Linux for blind general discussion but this won't totally hide the poster's address as the original from will be placed in either CC or Reply-To depending on other settings. Also, if the original from is just something like j...@example.com without a display name and that list member also has no real name attribute on the list, the from will become jdoe--- via Linux for blind general discussion I.e. it will include the poster's username, but not the email domain. -- Mark Sapiro The highway is for gamblers, San Francisco Bay Area, Californiabetter use your sense - B. Dylan -- Mailman-Users mailing list -- mailman-users@python.org To unsubscribe send an email to mailman-users-le...@python.org https://mail.python.org/mailman3/lists/mailman-users.python.org/ Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/ https://mail.python.org/archives/list/mailman-users@python.org/