El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
I'd like for regular (non-admin) list subscribers to be able to manage their subscription preferences and view list archives.
That's a good way to go :-)
My response is more of a (very) old sysadmin and Django user (since 2008) hunch that a proper one based on code and documentation review, but I've been trying to contribute several times and always (super) Mark Sapiro beats me :-)
If I'm reading the error correctly, this is related to an inability to verify the cert chain. The /etc/mailman3/settings.py file points to the same cert and key files used by Nginx, Postfix, and Dovecot.
You are right in your diagnose but not in your interpretation (see my comment below inside the traceback). It is certificate related, but not for server TLS, but for CLIENT authentication.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25 EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know' EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
All these settings above are used for SENDING messages and, if I'm not mistaken, the SSL key and cert are used for authenticating the user sending the email. Actually, using TLS and SMTP Auth for localhost is a bit too much. I've been configuring SMTP servers since 1990 and my mail servers just accept mail form localhost, if they are broken into, the user and password have already been exposed :-)
But this might only be for email, not Postorius/Django.
You are right (if I also am)
What additional configuration is needed to allow regular users to create and manage their own accounts?
I'd say that is more what is not needed (the SMTP TLS authentication)
I'll remove the "noise". These are the tell tale lines:
"/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt p.py", line 67, in open self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
The SMTP Django backend is trying to connect to the mail server to send the Mailman account confirmation message and failing, probably because the user Django runs as cannot open the private key (which is a very sensible thing if that private key is the one used for the web facing TLS certificate, I can tell you how bad in private or search for my name, wasd, apache and VMS ;-))
That certificate is not needed for sending email from Django, and, as I said, not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on port 25 is not even recommended practice.
Happy, healthy, safe and well ventilated New Year to all.
-- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN
Note: signature.asc is the electronic signature of present message A: Yes.
Q: Are you sure ?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email ?