I want to make you aware of a potential privacy problem in Mailman's
Hyperkitty. Under the upcoming EU General Data Protection Regulation
(GDPR), which will be in force as of 2018-05-25, it is illegal to
transmit data to third parties without a right to do so. Without going
into the details, the inclusion of third party services into one's
website is usually deemed such a transmission, and unless one has
explicit consent of the user (e.g., by an optional (!), unticked ticking
box) this is normally illegal (if one targets EU users).
The GDPR does not affect private and family use (Art. 2(2)(c) GDPR), but
the exact reach of that clause is yet to be determined; it certainly
does not exclude company use of Mailman.
I've found it's possible to disable the social login providers quite
easily (we had this discussion here on the mailinglist recently), but I
don't see an option to disable Gravatar. If there is one, please
enlighten me, but anyway I want to propose this as a feature request
against Hyperkitty. A GDPR-compliant implementation of Gravatar in
Mailman would look like this:
* In order to not transmit website visitor's data (IP address, browser
info, etc) to Gravatar, Hyperkitty has to request the avatar image
itself and not leave that to the user's browsers to do. In other
words, the HTTP GET request needs to come from the server running
Hyperkitty and the user's browser then just requests the avatar from
the Hyperkitty server. Most likely easiest way to do this is to
pre-download the avatar when an email is archived.
* In order to not transmit the subscribers' data (email address, allows
Gravatar to track the subscriber) to Gravatar illegally,
the retrieval of the avatar image from Gravatar has to be disabled by
default. Instead, an option needs to be added to the subscriber's
control panel which he has to actively enable in order to have his
Gravatar downloaded and thus used (privacy-by-default rule).
I'm not saying Gravatar tracks people and sells the information
gathered, though I have doubts on how Automattic makes money with the
service. I'm just outlining the legal duties under the upcoming GDPR for
service owners, which are independant of how Automattic processes the
data in this specific case.
Please don't dismiss this as some side feature not needed. The fines
that can be imposed on service owners due to violation of the GDPR are
very high (up to 20,000,000 € [that's 20 million euros, really]).
PGP/GPG ID: F1D8799FBCC8BC4F
Hello all ,
I configured mailman3 following this contributer guide http://docs.mailman3.org/en/latest/devsetup.html but i'am still getting problem with the configuration of MySQL and postfix . Is this section is enough for MySQL configurations ?
url: mysql+pymysql://myuser:mypassword@mymysqlhost/mailman?charset=utf8&use_unicode=1htmlI will appreciated if there are some documents to provide to cotinue the intergration of mailman3 .
Is there any tuto for postfix config ?
Thanks in advance
I am facing errors when using import21 to import list archives. The error message is "A string literal cannot contain NUL (0x00) characters." and the import stops, thus importing only mails up to 2009. The dublicates is mails already imported when retrying. If a mail contains illegal characters I would expect disregarding the particular mail and continue, or ignoring the nul character.
bash-4.3# python manage.py hyperkitty_import --verbosity 3 --since "01.01.1970" --list-address example(a)mailman3.ku.dk /opt/mailman-web-data/tmp/example(a)mailman3.ku.dk.mbox
Duplicate email with message-id '857A4D84DE6D1D41837DD9284F2729AB08F0C385(a)srv1.example.ku.dk'
Duplicate email with message-id '857A4D84DE6D1D41837DD9284F2729AB09DA5E45(a)srv1.example.ku.dk'
Failed adding message <857A4D84DE6D1D41837DD9284F2729AB09E20126(a)srv1.example.ku.dk>: A string literal cannot contain NUL (0x00) characters.
Traceback (most recent call last):
File "manage.py", line 10, in <module>
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 367, in execute_from_command_line
File "/usr/local/lib/python2.7/site-packages/django/core/management/__init__.py", line 359, in execute
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 305, in run_from_argv
File "/usr/local/lib/python2.7/site-packages/django/core/management/base.py", line 356, in execute
output = self.handle(*args, **options)
File "/usr/local/lib/python2.7/site-packages/hyperkitty/management/commands/hyperkitty_import.py", line 278, in handle
File "/usr/local/lib/python2.7/site-packages/hyperkitty/management/commands/hyperkitty_import.py", line 152, in from_mbox
File "/usr/local/lib/python2.7/site-packages/hyperkitty/lib/incoming.py", line 149, in add_to_list
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 796, in save
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 824, in save_base
updated = self._save_table(raw, cls, force_insert, force_update, using, update_fields)
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 908, in _save_table
result = self._do_insert(cls._base_manager, using, fields, update_pk, raw)
File "/usr/local/lib/python2.7/site-packages/django/db/models/base.py", line 947, in _do_insert
File "/usr/local/lib/python2.7/site-packages/django/db/models/manager.py", line 85, in manager_method
return getattr(self.get_queryset(), name)(*args, **kwargs)
File "/usr/local/lib/python2.7/site-packages/django/db/models/query.py", line 1043, in _insert
File "/usr/local/lib/python2.7/site-packages/django/db/models/sql/compiler.py", line 1054, in execute_sql
File "/usr/local/lib/python2.7/site-packages/django/db/backends/utils.py", line 64, in execute
return self.cursor.execute(sql, params)
ValueError: A string literal cannot contain NUL (0x00) characters.
I have installed mailman3 - it looks very great!
Now I wanted to try import from mailman2 mbox, so i did:
python2 manage.py hyperkitty_import --settings settings --ignore-mtime
-v 3 --since 2010-01-01 -l test(a)list.domain.com /tmp/test.mbox
It shows that it have sucessfully imported all emails and I can see them
from database (sqlite3), but I cannot see them from GUI (hyperkitty).
Only thing I can see is this inactive "test" list.
I have tried that I create list before importing, still same result.
All new emails are archiving to another lists (which are not imported,
but new installations).
Any help is appreciated!
All the best
I am pleased to announce that Postorius 1.1.2 is released and is up on PyPI.
This release fixes a security bug that sets the password of a user in Core to
their display name. It is recommended that you upgrade to this version.
Postorius (Django) and Mailman Core both have different notion of "user" and
"password". When a user account in created in Postorius, it creates a user in
Core using the REST API. This bug, causes the password of user created in Core
to be set to their display name instead.
However, as of now, there are no use cases of the user password in Core and it
is present only for historical reasons. So, while this bug is a serious one, it
wouldn't result in any real-world exploit. Along with the bug-fix, this release
includes a new command that resets *all* user passwords in Core to a random
value. Again, there are no use cases of these passwords so resetting *all* of
them isn't going to cause any inconvenience to users.
This command should be run after the upgrade:
$ cd mailman-suite/mailman-suite_project/
$ python manage.py reset_passwords
Python 2.7 is the only supported Python version for this release. All versions
of Django <=1.11 is supported.
For more information about GNU Mailman and Postorius, please see our website:
The source code is available on Gitlab:
A few days ago, I am trying to install and configure mailman 3, in a Centos7. and the truth has not been achieved. I am already a little desperate.
I'll tell you
First I install the hyperkitty-el.repo repository
and install mailman 3, hyperkitty and postorius.
Initially when reviewing and making some minor modifications to the mailman configuration file, the service apparently rises without major problems.
The problem occurs when I try to configure the web interfaces.
Initially the apache server did not start, with a series of errors.
Following the instructions of the document published here:
I managed to eliminate the initial errors, which prevented to raise the Apache server.
However, when trying to access the web pages, in the case of hyperkitty, I get an error 500 with an "internal server error".
In the case of postorius, I get an error 403 forbidden.
In the mail, I receive a log, with the following content:
Traceback (most recent call last):
File "/ usr / bin / django-admin", line 5, in <module>
File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line
354, in execute_from_command_line
File "/usr/lib/python2.7/site-packages/django/core/management/__init__.py", line
303, in execute
File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 48, in __getattr__
File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 44, in _setup
self._wrapped = Settings (settings_module)
File "/usr/lib/python2.7/site-packages/django/conf/__init__.py", line 92, in __init__
mod = importlib.import_module (self.SETTINGS_MODULE)
File "/usr/lib64/python2.7/importlib/__init__.py", line 37, in import_module
__import __ (name)
ImportError: No module named settings
In the Apache logs, it also shows the following:
[Mon Dec 11 21: 48: 41.875069 2017] [authz_core: error] [pid 15333] [client my-client-ip: 33584] AH01630: client denied by server configuration: / etc / postorius / sites / default / srv
when I execute the command:
throws me the following:
django.core.exceptions.ImproperlyConfigured: Requested setting DATABASES, but settings are not configured. You must either define the environment variable DJANGO_SETTINGS_MODULE or call settings.configure() before accessing settings.
checking the ports, I can see that python has open ports 8000 in 127.0.0.1, and 8001 in external ip,
for more than I have looked for information, documentation, etc, about the procedure of the installation. all the documentation I found, part of the premise of an installation, clean from git, by pip, but none from the yum and rpm.
So it is difficult for me to determine what to apply, and what not.
apparently no one has installed, or has had problems in the installation from repositories, or I am omitting some step (most likely) that I could not determine.
the bad thing, is that in postfix, I have everything configured, with digital signatures, so I would not like to lose all that work, as to start with an installation from 0.
If you can help me, it would be very helpful.
since I made the request of help in another list, of dev, to which it is supposed that the consultations should be made, according to the historical mails, but I never received answer.
Of course, thank you very much for any help and guidance they can give me.
I would suggest that there is something very broken here: there seems to be a problem with communication between the email system (mailman core…?) and HyperKitty.
On November 21, I sent the message below, as a part of this very thread, to Thor and cc’d the mailman 3 list. But the message never showed up in HyperKitty . I don’t know if other list members received it in their email inboxes or not.
Thor obviously received the message (it was addressed to him directly), because he referenced it in a message that is in the archives . However, I never received an email copy of his message from the list.
So, what’s going on?
What baffles me is that more people are not complaining about this. Is it just that no one has noticed? Or is it some subtle misconfiguration in my system? And in Thor’s apparently. And maybe in the lists.mailman3.org system as well.
> On 2017.11.21, at 06:31 , Cameron Smith <ccsmith(a)mail2.cetsi.com> wrote:
> I, too, have been struggling with messages not showing up , although the conditions are somewhat different.
> What I have found works to make all of the messages appear is the following, which you might try:
> sudo docker-compose exec mailman-web ./manage.py runjobs yearly
>  https://firstname.lastname@example.org/threa...
>> On 2017.11.21, at 04:41 , Thor Atle Rustad <thor.rustad(a)gmail.com> wrote:
>>>> When I send a message from the Postorius interface, it is neither sent
>>>> or stored. I briefly see this message: "Your reply has been sent and is
>>>> being processed.", and then nothing happens.
In my latest iteration I installed Maxking docker-mailman by downloading
the files (git clone https://github.com/maxking/docker-mailman.git) and
building the images myself by modifying docker-compose.yaml like this:
Same thing goes for mailman-web. Only modification was changing the uid/gid
in the images to make it equal to the local user on the host.
Now a few things are not working. In Postorius
<server>/postorius/lists/<listname>) there is a menu row (Subscription
requests|Held messages|Members|Settings|Mass operations|Banned addresses
etc). The two items Members and Mass operations should normally show a
drop-down menu when clicked, but here nothing happens. Same thing for the
Admin menu (can't access Logout, amongst other things).
In Hyperkitty, messages are not loaded properly. In various places on the
page I see spinning discs indicating something is loading, but nothing