signup / registration error - permissions and cert chains
I'd like for regular (non-admin) list subscribers to be able to manage their subscription preferences and view list archives.
However, when new users attempt to create logins from the Postorius "Sign Up" page, the server returns the error pasted below, and displays a "server error" page to users.
If I'm reading the error correctly, this is related to an inability to verify the cert chain. The /etc/mailman3/settings.py file points to the same cert and key files used by Nginx, Postfix, and Dovecot. Since TLS works OK with these other services, it appears the cert and key are valid. (Viewing the cert in a web browser also supports this.)
The keyfile has 0400 permissions. I tried changing this to 0640 and making the keyfile owned by root:mailman. Even after restarting mailman3 and mailmanweb the same error occurs. (Permissions in the cert and key directories and above are not blocking access.)
The etc/mailman3/settings.py file includes these settings:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25 EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know' EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
But this might only be for email, not Postorius/Django. I checked the Mailman Web docs and settings reference but didn't see anything relevant on either page.
https://docs.mailman3.org/en/latest/config-web.html
https://docs.mailman3.org/projects/mailman-web/en/latest/settings.html
What additional configuration is needed to allow regular users to create and manage their own accounts?
Thanks.
dn
ERROR 2021-12-30 16:03:53,787 436935 django.request Internal Server Error: /accounts/signup/ Traceback (most recent call last): File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 71, in view return self.dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/utils/decorators.py", line 43, in _wrapper return bound_method(*args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 230, in dispatch return super(SignupView, self).dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 74, in dispatch response = super(RedirectAuthenticatedUserMixin, self).dispatch( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 204, in dispatch return super(CloseableSignupMixin, self).dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 97, in dispatch return handler(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 102, in post response = self.form_valid(form) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 248, in form_valid return complete_signup( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 209, in complete_signup return perform_login( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 175, in perform_login send_email_confirmation(request, user, signup=signup, email=email) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 346, in send_email_confirmation email_address.send_confirmation(request, signup=signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/models.py", line 62, in send_confirmation confirmation.send(request, signup=signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/models.py", line 169, in send get_adapter(request).send_confirmation_mail(request, self, signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/adapter.py", line 464, in send_confirmation_mail self.send_mail(email_template, emailconfirmation.email_address.email, ctx) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/adapter.py", line 136, in send_mail msg.send() File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/message.py", line 284, in send return self.get_connection(fail_silently).send_messages([self]) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smtp.py", line 102, in send_messages new_conn_created = self.open() File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smtp.py", line 67, in open self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile) File "/usr/lib/python3.9/smtplib.py", line 772, in starttls context = ssl._create_stdlib_context(certfile=certfile, File "/usr/lib/python3.9/ssl.py", line 787, in _create_unverified_context context.load_cert_chain(certfile, keyfile) PermissionError: [Errno 13] Permission denied
El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
I'd like for regular (non-admin) list subscribers to be able to manage their subscription preferences and view list archives.
That's a good way to go :-)
My response is more of a (very) old sysadmin and Django user (since 2008) hunch that a proper one based on code and documentation review, but I've been trying to contribute several times and always (super) Mark Sapiro beats me :-)
If I'm reading the error correctly, this is related to an inability to verify the cert chain. The /etc/mailman3/settings.py file points to the same cert and key files used by Nginx, Postfix, and Dovecot.
You are right in your diagnose but not in your interpretation (see my comment below inside the traceback). It is certificate related, but not for server TLS, but for CLIENT authentication.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25 EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know' EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
All these settings above are used for SENDING messages and, if I'm not mistaken, the SSL key and cert are used for authenticating the user sending the email. Actually, using TLS and SMTP Auth for localhost is a bit too much. I've been configuring SMTP servers since 1990 and my mail servers just accept mail form localhost, if they are broken into, the user and password have already been exposed :-)
But this might only be for email, not Postorius/Django.
You are right (if I also am)
What additional configuration is needed to allow regular users to create and manage their own accounts?
I'd say that is more what is not needed (the SMTP TLS authentication)
I'll remove the "noise". These are the tell tale lines:
"/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt p.py", line 67, in open self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
The SMTP Django backend is trying to connect to the mail server to send the Mailman account confirmation message and failing, probably because the user Django runs as cannot open the private key (which is a very sensible thing if that private key is the one used for the web facing TLS certificate, I can tell you how bad in private or search for my name, wasd, apache and VMS ;-))
That certificate is not needed for sending email from Django, and, as I said, not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on port 25 is not even recommended practice.
Happy, healthy, safe and well ventilated New Year to all.
-- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN
Note: signature.asc is the electronic signature of present message A: Yes.
Q: Are you sure ?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email ?
On Dec 31, 2021, at 03:43, Victoriano Giralt <victoriano@uma.es> wrote:
El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
I'd like for regular (non-admin) list subscribers to be able to manage their subscription preferences and view list archives.
That's a good way to go :-)
My response is more of a (very) old sysadmin and Django user (since 2008) hunch that a proper one based on code and documentation review, but I've been trying to contribute several times and always (super) Mark Sapiro beats me :-)
If I'm reading the error correctly, this is related to an inability to verify the cert chain. The /etc/mailman3/settings.py file points to the same cert and key files used by Nginx, Postfix, and Dovecot.
You are right in your diagnose but not in your interpretation (see my comment below inside the traceback). It is certificate related, but not for server TLS, but for CLIENT authentication.
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25 EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know' EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
All these settings above are used for SENDING messages and, if I'm not mistaken, the SSL key and cert are used for authenticating the user sending the email. Actually, using TLS and SMTP Auth for localhost is a bit too much. I've been configuring SMTP servers since 1990 and my mail servers just accept mail form localhost, if they are broken into, the user and password have already been exposed :-)
But this might only be for email, not Postorius/Django.
You are right (if I also am)
What additional configuration is needed to allow regular users to create and manage their own accounts?
I'd say that is more what is not needed (the SMTP TLS authentication)
I'll remove the "noise". These are the tell tale lines:
"/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt p.py", line 67, in open self.connection.starttls(keyfile=self.ssl_keyfile, certfile=self.ssl_certfile)
The SMTP Django backend is trying to connect to the mail server to send the Mailman account confirmation message and failing, probably because the user Django runs as cannot open the private key (which is a very sensible thing if that private key is the one used for the web facing TLS certificate, I can tell you how bad in private or search for my name, wasd, apache and VMS ;-))
That certificate is not needed for sending email from Django, and, as I said, not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on port 25 is not even recommended practice.
Hi Victoriano,
Thanks for this. I could use some clarification on what specific changes you are suggesting. I *think* you are saying to remove the EMAIL_USE_TLS stuff and also move to another port (maybe 587), but I am not sure.
Also, the reason I added the TLS in the first place was that I was getting errors without it. And I am unclear why the cert / private key pair do not work for Django when they do work OK for Postfix, Nginx, and Dovecot.
Thanks for clarifying — and happy and safe 2022 to you as well!
dn
Happy, healthy, safe and well ventilated New Year to all.
-- Victoriano Giralt Innovation Director Digital Transformation Vicerectorate University of Malaga +34952131415 SPAIN
Note: signature.asc is the electronic signature of present message A: Yes.
Q: Are you sure ?
A: Because it reverses the logical flow of conversation.
Q: Why is top posting annoying in email ?
Mailman-users mailing list -- mailman-users@mailman3.org To unsubscribe send an email to mailman-users-leave@mailman3.org https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
On 12/30/21 4:48 PM, David Newman wrote:
The etc/mailman3/settings.py file includes these settings:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25
These 2 (localhost and port 25) are defaults.
EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know'
Why are you authenticating? This should not be necessary.
EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
And why are you trying to use TLS? This is only for SMTP between Django and the MTA on the loopback port. TLS is overkill.
But this might only be for email, not Postorius/Django.
Actually it is only for mail from Django
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 12/31/21 4:56 PM, Mark Sapiro wrote:
On 12/30/21 4:48 PM, David Newman wrote:
The etc/mailman3/settings.py file includes these settings:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25
These 2 (localhost and port 25) are defaults.
EMAIL_HOST_USER = 'dnewman@networktest.com' EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know'
Why are you authenticating? This should not be necessary.
EMAIL_USE_TLS = 'True' EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt' EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
And why are you trying to use TLS? This is only for SMTP between Django and the MTA on the loopback port. TLS is overkill.
After stripping this down to the defaults:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25
and restarting mailman3 (necessary?) and mailmanweb, the system emails me (as alias for root) an error like the one pasted below after I try creating a new user account.
After changing EMAIL_HOST to the system's canonical FQDN and again restarting mailman3 and mailmanweb, the error is the same, and still from postorius@localhost.
Also, FWIW, the user is created and is visible in the Django admin panel, but any login attempt produces the same error as the one pasted below.
The hostname settings in postfix's main.cf are as follows:
# hostname myhostname = mail9.networktest.com myorigin = /etc/mailname mydomain = networktest.com
Here is the error, sanitized with 'dom1.tld' and 'dom2.tld' addresses. Thanks in advance for additional troubleshooting clues.
Internal Server Error: /accounts/signup/
SMTPRecipientsRefused at /accounts/signup/ {'newuser@dom1.tld': (504, b'5.5.2 <postorius@localhost>: Sender address rejected: need fully-qualified address')}
Request Method: POST Request URL: http://mail.dom2.tld/accounts/signup/ Django Version: 3.0.14 Python Executable: /opt/mailman/venv/bin/uwsgi Python Version: 3.9.2 Python Path: ['.', '', '/etc/mailman3', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/opt/mailman/venv/lib/python3.9/site-packages'] Server time: Fri, 31 Dec 2021 17:30:30 -0800 Installed Applications: ['hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount'] Installed Middleware: ('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')
Traceback (most recent call last): File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/exception.py", line 34, in inner response = get_response(request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 115, in _get_response response = self.process_exception_by_middleware(e, request) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/handlers/base.py", line 113, in _get_response response = wrapped_callback(request, *callback_args, **callback_kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 71, in view return self.dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/utils/decorators.py", line 43, in _wrapper return bound_method(*args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/decorators/debug.py", line 76, in sensitive_post_parameters_wrapper return view(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 230, in dispatch return super(SignupView, self).dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 74, in dispatch response = super(RedirectAuthenticatedUserMixin, self).dispatch( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 204, in dispatch return super(CloseableSignupMixin, self).dispatch(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/django/views/generic/base.py", line 97, in dispatch return handler(request, *args, **kwargs) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 102, in post response = self.form_valid(form) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/views.py", line 248, in form_valid return complete_signup( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 209, in complete_signup return perform_login( File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 175, in perform_login send_email_confirmation(request, user, signup=signup, email=email) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/utils.py", line 346, in send_email_confirmation email_address.send_confirmation(request, signup=signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/models.py", line 62, in send_confirmation confirmation.send(request, signup=signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/models.py", line 169, in send get_adapter(request).send_confirmation_mail(request, self, signup) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/adapter.py", line 464, in send_confirmation_mail self.send_mail(email_template, emailconfirmation.email_address.email, ctx) File "/opt/mailman/venv/lib/python3.9/site-packages/allauth/account/adapter.py", line 136, in send_mail msg.send() File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/message.py", line 284, in send return self.get_connection(fail_silently).send_messages([self]) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smtp.py", line 109, in send_messages sent = self._send(message) File "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smtp.py", line 125, in _send self.connection.sendmail(from_email, recipients, message.as_bytes(linesep='\r\n')) File "/usr/lib/python3.9/smtplib.py", line 885, in sendmail raise SMTPRecipientsRefused(senderrs)
Exception Type: SMTPRecipientsRefused at /accounts/signup/ Exception Value: {'newuser@dom1.tld': (504, b'5.5.2 <postorius@localhost>: Sender address rejected: need fully-qualified address')} Request information: USER: AnonymousUser
GET: No GET data
POST: csrfmiddlewaretoken = 'Nk6NjFAaf4bWPOWUZJzrKcTHvIHIXVjSdTb79KeRoM9LpRqK9ljKhXWdWKbfAwMf' email = 'newuser@dom1.tld' username = 'newuser@dom1.tld' password1 = '********************' password2 = '********************' next = '/accounts/login/'
FILES: No FILES data
COOKIES: roundcube_sessid = 'epth5c1jhmbjrfquire5p9chd9' csrftoken = 'uRqeKMsMSoItwOWLTRXT7dEwGoN0cCy2UqvyAR6t16Gi6RqB3tHcEYH27qhxPd1p'
META: CONTENT_LENGTH = '217' CONTENT_TYPE = 'application/x-www-form-urlencoded' CSRF_COOKIE = 'uRqeKMsMSoItwOWLTRXT7dEwGoN0cCy2UqvyAR6t16Gi6RqB3tHcEYH27qhxPd1p' HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,image/avif,image/webp,image/apng,*/*;q=0.8,application/signed-exchange;v=b3;q=0.9' HTTP_ACCEPT_ENCODING = 'gzip, deflate, br' HTTP_ACCEPT_LANGUAGE = 'en-US,en;q=0.9' HTTP_CACHE_CONTROL = 'max-age=0' HTTP_CONNECTION = 'close' HTTP_COOKIE = 'roundcube_sessid=epth5c1jhmbjrfquire5p9chd9; csrftoken=uRqeKMsMSoItwOWLTRXT7dEwGoN0cCy2UqvyAR6t16Gi6RqB3tHcEYH27qhxPd1p' HTTP_DNT = '1' HTTP_HOST = 'mail.dom2.tld' HTTP_ORIGIN = 'https://mail.dom2.tld' HTTP_REFERER = 'https://mail.dom2.tld/' HTTP_SEC_FETCH_DEST = 'document' HTTP_SEC_FETCH_MODE = 'navigate' HTTP_SEC_FETCH_SITE = 'same-origin' HTTP_SEC_FETCH_USER = '?1' HTTP_SEC_GPC = '1' HTTP_UPGRADE_INSECURE_REQUESTS = '1' HTTP_USER_AGENT = 'Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/96.0.4664.110 Safari/537.36' HTTP_X_FORWARDED_FOR = '75.82.86.131' PATH_INFO = '/accounts/signup/' QUERY_STRING = '' REMOTE_ADDR = '127.0.0.1' REQUEST_METHOD = 'POST' REQUEST_URI = '/accounts/signup/' SCRIPT_NAME = '' SERVER_NAME = 'mail9' SERVER_PORT = '8000' SERVER_PROTOCOL = 'HTTP/1.0' uwsgi.core = 1 uwsgi.node = b'mail9' uwsgi.version = b'2.0.20' wsgi.errors = <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'> wsgi.file_wrapper = '' wsgi.input = <uwsgi._Input object at 0x7fb27a13a3b0> wsgi.multiprocess = True wsgi.multithread = True wsgi.run_once = False wsgi.url_scheme = 'http' wsgi.version = '(1, 0)'
Settings: Using settings module settings ABSOLUTE_URL_OVERRIDES = {} ACCOUNT_AUTHENTICATION_METHOD = 'username_email' ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'http' ACCOUNT_EMAIL_REQUIRED = True ACCOUNT_EMAIL_VERIFICATION = 'mandatory' ACCOUNT_UNIQUE_EMAIL = True ADMINS = "(('Mailman Suite Admin', 'hostmaster@networktest.com'),)" ALLOWED_HOSTS = ['localhost', '127.0.0.1', '162.251.233.247', 'mail9.networktest.com', 'lists.networktest.com', 'lists.dom1.tld', 'mail.dom2.tld'] APPEND_SLASH = True AUTHENTICATION_BACKENDS = "('django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend')" AUTH_PASSWORD_VALIDATORS = '********************' AUTH_USER_MODEL = 'auth.User' BASE_DIR = PosixPath('/opt/mailman/web') CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}} CACHE_MIDDLEWARE_ALIAS = 'default' CACHE_MIDDLEWARE_KEY_PREFIX = '********************' CACHE_MIDDLEWARE_SECONDS = 600 COMPRESSORS = {'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'} COMPRESS_CACHEABLE_PRECOMPILERS = '()' COMPRESS_CACHE_BACKEND = 'default' COMPRESS_CACHE_KEY_FUNCTION = '********************' COMPRESS_CLEAN_CSS_ARGUMENTS = '' COMPRESS_CLEAN_CSS_BINARY = 'cleancss' COMPRESS_CLOSURE_COMPILER_ARGUMENTS = '' COMPRESS_CLOSURE_COMPILER_BINARY = 'java -jar compiler.jar' COMPRESS_CSS_HASHING_METHOD = 'mtime' COMPRESS_DATA_URI_MAX_SIZE = 1024 COMPRESS_DEBUG_TOGGLE = None COMPRESS_ENABLED = True COMPRESS_FILTERS = {'css': ['compressor.filters.css_default.CssAbsoluteFilter', 'compressor.filters.cssmin.rCSSMinFilter'], 'js': ['compressor.filters.jsmin.rJSMinFilter']} COMPRESS_JINJA2_GET_ENVIRONMENT = <function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7fb27d6eb550> COMPRESS_MINT_DELAY = 30 COMPRESS_MTIME_DELAY = 10 COMPRESS_OFFLINE = True COMPRESS_OFFLINE_CONTEXT = {'STATIC_URL': '/static/'} COMPRESS_OFFLINE_MANIFEST = 'manifest.json' COMPRESS_OFFLINE_TIMEOUT = 31536000 COMPRESS_OUTPUT_DIR = 'CACHE' COMPRESS_PARSER = 'compressor.parser.AutoSelectParser' COMPRESS_PRECOMPILERS = "(('text/x-scss', 'sassc -t compressed {infile} {outfile}'), ('text/x-sass', 'sassc -t compressed {infile} {outfile}'))" COMPRESS_REBUILD_TIMEOUT = 2592000 COMPRESS_ROOT = '/opt/mailman/web/static' COMPRESS_STORAGE = 'compressor.storage.CompressorFileStorage' COMPRESS_TEMPLATE_FILTER_CONTEXT = {'STATIC_URL': '/static/'} COMPRESS_URL = '/static/' COMPRESS_URL_PLACEHOLDER = '/__compressor_url_placeholder__/' COMPRESS_VERBOSE = False COMPRESS_YUGLIFY_BINARY = 'yuglify' COMPRESS_YUGLIFY_CSS_ARGUMENTS = '--terminal' COMPRESS_YUGLIFY_JS_ARGUMENTS = '--terminal' COMPRESS_YUI_BINARY = 'java -jar yuicompressor.jar' COMPRESS_YUI_CSS_ARGUMENTS = '' COMPRESS_YUI_JS_ARGUMENTS = '' CSRF_COOKIE_AGE = 31449600 CSRF_COOKIE_DOMAIN = None CSRF_COOKIE_HTTPONLY = False CSRF_COOKIE_NAME = 'csrftoken' CSRF_COOKIE_PATH = '/' CSRF_COOKIE_SAMESITE = 'Lax' CSRF_COOKIE_SECURE = False CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure' CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN' CSRF_TRUSTED_ORIGINS = [] CSRF_USE_SESSIONS = False DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', 'NAME': 'mailmanweb', 'USER': 'mailman', 'PASSWORD': '********************', 'HOST': 'localhost', 'PORT': '', 'OPTIONS': {'charset': 'utf8mb4'}, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'TIME_ZONE': None, 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}} DATABASE_ROUTERS = [] DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440 DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000 DATETIME_FORMAT = 'N j, Y, P' DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y'] DATE_FORMAT = 'N j, Y' DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y'] DEBUG = False DEBUG_PROPAGATE_EXCEPTIONS = False DECIMAL_SEPARATOR = '.' DEFAULT_CHARSET = 'utf-8' DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter' DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage' DEFAULT_FROM_EMAIL = 'postorius@localhost' DEFAULT_INDEX_TABLESPACE = '' DEFAULT_TABLESPACE = '' DISALLOWED_USER_AGENTS = [] EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'mail9.networktest.com' EMAIL_HOST_PASSWORD = '********************' EMAIL_HOST_USER = '' EMAIL_PORT = 25 EMAIL_SSL_CERTFILE = None EMAIL_SSL_KEYFILE = '********************' EMAIL_SUBJECT_PREFIX = '[Django] ' EMAIL_TIMEOUT = None EMAIL_USE_LOCALTIME = False EMAIL_USE_SSL = False EMAIL_USE_TLS = False FILE_CHARSET = 'utf-8' FILE_UPLOAD_DIRECTORY_PERMISSIONS = None FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler'] FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440 FILE_UPLOAD_PERMISSIONS = 420 FILE_UPLOAD_TEMP_DIR = None FILTER_VHOST = True FIRST_DAY_OF_WEEK = 0 FIXTURE_DIRS = [] FORCE_SCRIPT_NAME = None FORMAT_MODULE_PATH = None FORM_RENDERER = 'django.forms.renderers.DjangoTemplates' HAYSTACK_CONNECTIONS = {'default': {'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', 'PATH': '/opt/mailman/web/fulltext_index'}} HYPERKITTY_ENABLE_GRAVATAR = True IGNORABLE_404_URLS = [] INSTALLED_APPS = ['hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount'] INTERNAL_IPS = [] LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('uz', 'Uzbek'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')] LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur'] LANGUAGE_CODE = 'en-us' LANGUAGE_COOKIE_AGE = None LANGUAGE_COOKIE_DOMAIN = None LANGUAGE_COOKIE_HTTPONLY = False LANGUAGE_COOKIE_NAME = 'django_language' LANGUAGE_COOKIE_PATH = '/' LANGUAGE_COOKIE_SAMESITE = None LANGUAGE_COOKIE_SECURE = False LOCALE_PATHS = [] LOGGING = {'version': 1, 'disable_existing_loggers': False, 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}}, 'handlers': {'mail_admins': {'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'django.utils.log.AdminEmailHandler'}, 'file': {'level': 'INFO', 'class': 'logging.handlers.WatchedFileHandler', 'filename': '/opt/mailman/web/logs/mailmanweb.log', 'formatter': 'verbose'}, 'console': {'class': 'logging.StreamHandler', 'formatter': 'simple'}}, 'loggers': {'django.request': {'handlers': ['mail_admins', 'file'], 'level': 'ERROR', 'propagate': True}, 'django': {'handlers': ['file'], 'level': 'ERROR', 'propagate': True}, 'hyperkitty': {'handlers': ['file'], 'level': 'DEBUG', 'propagate': True}, 'postorius': {'handlers': ['console', 'file'], 'level': 'INFO'}}, 'formatters': {'verbose': {'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s'}, 'simple': {'format': '%(levelname)s %(message)s'}}} LOGGING_CONFIG = 'logging.config.dictConfig' LOGIN_REDIRECT_URL = 'list_index' LOGIN_URL = 'account_login' LOGOUT_REDIRECT_URL = None LOGOUT_URL = 'account_logout' MAILMAN_ARCHIVER_FROM = "('127.0.0.1', '::1')" MAILMAN_ARCHIVER_KEY = '********************' MAILMAN_REST_API_PASS = '********************' MAILMAN_REST_API_URL = '********************' MAILMAN_REST_API_USER = '********************' MANAGERS = [] MEDIA_ROOT = '' MEDIA_URL = '' MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage' MESSAGE_TAGS = {40: 'danger'} MIDDLEWARE = "('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')" MIGRATION_MODULES = {} MONTH_DAY_FORMAT = 'F j' NUMBER_GROUPING = 0 PASSWORD_HASHERS = '********************' PASSWORD_RESET_TIMEOUT_DAYS = '********************' POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost:8000' PREPEND_WWW = False Q_CLUSTER = {'retry': 360, 'timeout': 300, 'save_limit': 100, 'orm': 'default'} ROOT_URLCONF = 'mailman_web.urls' SECRET_KEY = '********************' SECURE_BROWSER_XSS_FILTER = False SECURE_CONTENT_TYPE_NOSNIFF = True SECURE_HSTS_INCLUDE_SUBDOMAINS = False SECURE_HSTS_PRELOAD = False SECURE_HSTS_SECONDS = 0 SECURE_PROXY_SSL_HEADER = None SECURE_REDIRECT_EXEMPT = [] SECURE_REFERRER_POLICY = None SECURE_SSL_HOST = None SECURE_SSL_REDIRECT = False SERVER_EMAIL = 'root@localhost.local' SESSION_CACHE_ALIAS = 'default' SESSION_COOKIE_AGE = 1209600 SESSION_COOKIE_DOMAIN = None SESSION_COOKIE_HTTPONLY = True SESSION_COOKIE_NAME = 'sessionid' SESSION_COOKIE_PATH = '/' SESSION_COOKIE_SAMESITE = 'Lax' SESSION_COOKIE_SECURE = False SESSION_ENGINE = 'django.contrib.sessions.backends.db' SESSION_EXPIRE_AT_BROWSER_CLOSE = False SESSION_FILE_PATH = None SESSION_SAVE_EVERY_REQUEST = False SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer' SETTINGS_MODULE = 'settings' SHORT_DATETIME_FORMAT = 'm/d/Y P' SHORT_DATE_FORMAT = 'm/d/Y' SIGNING_BACKEND = 'django.core.signing.TimestampSigner' SILENCED_SYSTEM_CHECKS = [] SITE_ID = 2 SOCIALACCOUNT_PROVIDERS = {'openid': {'SERVERS': [{'id': 'yahoo', 'name': 'Yahoo', 'openid_url': 'http://me.yahoo.com'}]}, 'google': {'SCOPE': ['profile', 'email'], 'AUTH_PARAMS': {'access_type': 'online'}}, 'facebook': {'METHOD': 'oauth2', 'SCOPE': ['email'], 'FIELDS': ['email', 'name', 'first_name', 'last_name', 'locale', 'timezone'], 'VERSION': 'v2.4'}} STATICFILES_DIRS = '()' STATICFILES_FINDERS = "('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder')" STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage' STATIC_ROOT = '/opt/mailman/web/static' STATIC_URL = '/static/' TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.i18n', 'django.template.context_processors.media', 'django.template.context_processors.static', 'django.template.context_processors.tz', 'django.template.context_processors.csrf', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'django_mailman3.context_processors.common', 'hyperkitty.context_processors.common', 'postorius.context_processors.postorius']}}] TEST_NON_SERIALIZED_APPS = [] TEST_RUNNER = 'django.test.runner.DiscoverRunner' THOUSAND_SEPARATOR = ',' TIME_FORMAT = 'P' TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M'] TIME_ZONE = 'America/Los_Angeles' USE_I18N = True USE_L10N = True USE_THOUSAND_SEPARATOR = False USE_TZ = True USE_X_FORWARDED_HOST = False USE_X_FORWARDED_PORT = False WSGI_APPLICATION = 'mailman_web.wsgi.application' X_FRAME_OPTIONS = 'DENY' YEAR_MONTH_FORMAT = 'F Y'
dn
But this might only be for email, not Postorius/Django.
Actually it is only for mail from Django
On 12/31/21 5:37 PM, David Newman wrote:
After stripping this down to the defaults:
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend' EMAIL_HOST = 'localhost' EMAIL_PORT = 25
and restarting mailman3 (necessary?)
No
and mailmanweb, the system emails me (as alias for root) an error like the one pasted below after I try creating a new user account.
After changing EMAIL_HOST to the system's canonical FQDN and again restarting mailman3 and mailmanweb, the error is the same, and still from postorius@localhost.
localhost is better. If you set it to the system's canonical FQDN you need to ensure that that name or IP is in Postfix mynetworks.
...
Internal Server Error: /accounts/signup/
SMTPRecipientsRefused at /accounts/signup/ {'newuser@dom1.tld': (504, b'5.5.2 <postorius@localhost>: Sender address rejected: need fully-qualified address')} ... Settings: Using settings module settings ... DEFAULT_FROM_EMAIL = 'postorius@localhost'
Try setting this to a fully qualified address, e.g., something@networktest.com, not @localhost.
More info at https://docs.mailman3.org/en/latest/config-web.html#setting-up-email
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
On 12/31/21 6:59 PM, Mark Sapiro wrote:
SMTPRecipientsRefused at /accounts/signup/ {'newuser@dom1.tld': (504, b'5.5.2 <postorius@localhost>: Sender address rejected: need fully-qualified address')}
...
Settings: Using settings module settings ... DEFAULT_FROM_EMAIL = 'postorius@localhost'
Try setting this to a fully qualified address, e.g., something@networktest.com, not @localhost.
Bingo. Thank you for this, and for helping so many MM users.
To a healthier, more clueful, and generally much improved 2022!
dn
More info at https://docs.mailman3.org/en/latest/config-web.html#setting-up-email
participants (3)
-
David Newman -
Mark Sapiro -
Victoriano Giralt