Re: [Mailman-Users] Re: list admin passwords failing

Iain Pople wrote: >thanks for that. I had a look at the URL and maybe it has something to >do with my redirects. I have the following rule: > >RewriteRule ^/$ http://%{HTTP_HOST}/cgi-bin/mailman/listinfo [R] > >Which essentially redirects pages from http://lists.domain.com -> >http://lists.d

[Mailman-Users] Re: list admin passwords failing

thanks for that. I had a look at the URL and maybe it has something to do with my redirects. I have the following rule: RewriteRule ^/$ http://%{HTTP_HOST}/cgi-bin/mailman/listinfo [R] Which essentially redirects pages from http://lists.domain.com -> http://lists.domain.com/cgi-bin/mailman/l

Re: [Mailman-Users] Re: list admin passwords failing

Iain Pople wrote: >I should also mention that this is not a cookies issue (at least not on >the client end). I have tried with several browsers and double checked >that cookies are enabled. And cookies not being enabled or not working wouldn't cause the symptom you see anyway. Without cookies,

Re: [Mailman-Users] list admin passwords failing

Iain Pople wrote: > >I have noticed in the last couple of days that all my list admin >passwords are failing. I.e. I can't login to my lists via the admin web >interface. I've had a look through the logs and can't see anything >strange there. > >When I try and login the page just reloads with th

[Mailman-Users] Re: list admin passwords failing

I should also mention that this is not a cookies issue (at least not on the client end). I have tried with several browsers and double checked that cookies are enabled. Iain Pople wrote: Hi, I have noticed in the last couple of days that all my list admin passwords are failing. I.e. I can't log

[Mailman-Users] list admin passwords failing

Hi, I have noticed in the last couple of days that all my list admin passwords are failing. I.e. I can't login to my lists via the admin web interface. I've had a look through the logs and can't see anything strange there. When I try and login the page just reloads with the password prompt agai

Re: [Mailman-Users] Arch Command

Hunter Hillegas wrote: >My only list is not updating the archives as messages come in. > >Does the 'arch' command need to be in one of the cron jobs? No. Assuming archiving is turned on for the list, is the ArchRunner qrunner running? Are permissions correct on the archive/private/ and archive/p

Re: [Mailman-Users] okay to delete the mailing list called "mailman"?

David Morse wrote: >Debian advised me to create a mailing list called "mailman" after >installing mailman, saying that mailman wouldn't work until it had at >least one list to go off of. Now that I have another list, called >something other than "mailman", is it OK to delete the list named >"mail

[Mailman-Users] Arch Command

My only list is not updating the archives as messages come in. Does the 'arch' command need to be in one of the cron jobs? MM2.1.5 Hunter -- Mailman-Users mailing list Mailman-Users@python.org http://mail.python.org/mailman/listinfo/mailman-u

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 5:12 PM -0500 2005-02-14, Barry Warsaw wrote: In response to this issue, FAQ 1.27 has been updated Wow Brad, I was just about to change this to read [EMAIL PROTECTED] but you beat me to it by seconds. :) Mark had clued me in that someone had changed the security-related pages at www.list.o

Re: [Mailman-Users] okay to delete the mailing list called "mailman"?

At 4:59 PM -0500 2005-02-14, David Morse wrote: Debian advised me to create a mailing list called "mailman" after installing mailman, saying that mailman wouldn't work until it had at least one list to go off of. Not quite accurate. See

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

On Mon, 2005-02-14 at 10:23, Brad Knowles wrote: > In response to this issue, FAQ 1.27 has been updated Wow Brad, I was just about to change this to read [EMAIL PROTECTED] but you beat me to it by seconds. :) > , and the > mailman-users and mailman-developers mailing lists have likewise b

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

On Wed, 2005-02-09 at 17:00, Tokio Kikuchi wrote: > I've tested with my 1.3.29 installation and verified apache PATH_INFO > does convert '//' to '/'. Barry also wanted to clarify which apache > version/installation (combination with mailman) is valnerable. Return > code of 200 doesn't mean suce

[Mailman-Users] okay to delete the mailing list called "mailman"?

Debian advised me to create a mailing list called "mailman" after installing mailman, saying that mailman wouldn't work until it had at least one list to go off of. Now that I have another list, called something other than "mailman", is it OK to delete the list named "mailman"? (And thus have no

Re: [Mailman-Users] question for the python programmers

David Morse <[EMAIL PROTECTED]> wrote: > >If I look at the logs, this seems to be the problem > >admin(1853): File "/usr/lib/mailman/Mailman/Cgi/private.py", line 42, >in true_path >admin(1853): parts = [x for x in path.split(SLASH) if x not in ('.', >'..')] >admin(1853): NameError: global

[Mailman-Users] question for the python programmers

I can't access the logs on a newly-created list on a newly installed mailman (version 2.1.5-6 / debian sid) If I look at the logs, this seems to be the problem admin(1853): File "/usr/lib/mailman/Mailman/Cgi/private.py", line 42, in true_path admin(1853): parts = [x for x in path.split(SLA

[Mailman-Users] Job -- Doing mailman install - need some help

We're getting ready to migrate from a hosted solution to our own server, and I'd like very much to hire on a contractor to assist with the installation and testing part of this project. We also may need some help with migrating our current lists and archives. Are there any hired guns out there wh

[Mailman-Users] Handling MM security problems

[long post ahead] This has gone past silly. I run MM. I'm concerned about security holes. I want to know about holes ASAP. I want to make the decision whether they are serious enough to stop all list processing or to ignore. I don't want someone else making these decisions for me. The only

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

great just what we need 20 lines of .signature . On Mon, 14 Feb 2005, Brad Knowles wrote: In response to this issue, FAQ 1.27 has been updated, and the mailman-users and mailman-developers mailing lists have likewise been modified to include suitable text at the bottom of every messag

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

--On February 14, 2005 07:40:29 -0800 Chuq Von Rospach <[EMAIL PROTECTED]> wrote: Again. So excuse me if I'm grumpy. I think I'm entitled. Not as much as Barry is, but he's far too polite to try to get people to behave. that's my job around here. Good on you. I was mightily pissed off when that

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

On Feb 14, 2005, at 4:24 AM, Florian Weimer wrote: You're trying to establish something like ownership of security bugs. No, I'm trying to get the people on this list to follow the STANDARD PROTOCOL that exists for disclosure of this data, actually. Which if people actually paid attention to ho

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 2:09 PM +0100 2005-02-14, Florian Weimer wrote: The underlying assumption seems to be that Mailman security bugs can only be disclosed by posting them on the Mailman lists. In response to this issue, FAQ 1.27 has been updated, and the mailman-users and mailman-developers mailing lists have l

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 2:09 PM +0100 2005-02-14, Florian Weimer wrote: The underlying assumption seems to be that Mailman security bugs can only be disclosed by posting them on the Mailman lists. We have no more control over what you say or do on other lists than any other developer. Yes, if there is a security b

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

* Brad Knowles: > At 1:24 PM +0100 2005-02-14, Florian Weimer wrote: > >> Who has a say in the disclosure of a security bug? > > In terms of who can post such things to this list? Well, as one > of the core developers for Mailman, Chuq is one of the very few > people who can have an abso

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 1:24 PM +0100 2005-02-14, Florian Weimer wrote: Who has a say in the disclosure of a security bug? In terms of who can post such things to this list? Well, as one of the core developers for Mailman, Chuq is one of the very few people who can have an absolute say in that. You're trying to

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

* Chuq Von Rospach: > my position is simple (and unchanged): if it's not your project, don't > make strategic decisions about it. Unfortunately, the crackers that began to attack Mailman sites in January didn't respect your wishes. Who has a say in the disclosure of a security bug? The person

Re: [Mailman-Users] Reply-To list and poster in _some_ headers

On Mon, Feb 14, 2005 at 10:46:07AM +, david gordon wrote: > >Reply-To: [EMAIL PROTECTED], [EMAIL PROTECTED] Set "strip original Reply-To" and force your one Regards Sythos -- Sythos - http://www.sythos.net () ASCII Ribbon Campaign - against html/rtf/vCard in mail /\

[Mailman-Users] Reply-To list and poster in _some_ headers

I have a 2.1.5 Mailman list set up so all replies go to the list. The setting "Where are replies to list messages directed? Poster is strongly recommended for most mailing lists." is "Explicit address" and the "Explicit Reply-To: header." is the email address of the list, ie [EMAIL PROTECTED] Ever

Re: [Mailman-Users] Erase single post from archive

At 11:08 AM +0100 2005-02-14, Sythos wrote: I do wrong question, I've already done this way, but I'm looking for something via web for moderator (to execute way in FAQ3.3 the executor must have write right on system and a shell) Sorry, that's the only method that is available. -- Brad Knowle

Re: [Mailman-Users] Erase single post from archive

On Mon, Feb 14, 2005 at 10:43:13AM +0100, Brad Knowles wrote: > > I've receive sometimes spam in open-post list, there is a way to erase > > it from archive? > If you go to the Mailman FAQ Wizard at > and search for "archive", > you should run acro

Re: [Mailman-Users] Erase single post from archive

At 9:31 AM +0100 2005-02-14, Sythos wrote: I've receive sometimes spam in open-post list, there is a way to erase it from archive? If you go to the Mailman FAQ Wizard at and search for "archive", you should run across FAQ 3.3. -- Brad Knowles, <[EMAI

[Mailman-Users] Erase single post from archive

Hi all I've receive sometimes spam in open-post list, there is a way to erase it from archive? Regards, Sythos -- Sythos - http://www.sythos.net () ASCII Ribbon Campaign - against html/rtf/vCard in mail /\- against M$ attachments