Hyperkitty django.request forbidden
Hi,
I moved from mailman to mailman3 in 2021. I hadn't have the time to fix the archiving. I can see the emails older then that in Hyperkitty, but none of the once still there is mailman3. What can be the problem?
It's a Debian 12, I use the packages from the repo.
In the mailman-web.log I can see this:
[pid: 861|app: 0|req: 8277/8277] xxx.xxx.xxx.xxx () {40 vars in 636 bytes} [Wed Feb 26 06:47:31 2025] GET /hyperkitty/api/mailman/urls?mlist=korus%40lists.somewhere.xx =
generated 221 bytes in 33 msecs (HTTP/1.1 403) 7 headers in 211 bytes (1 switches on core 1) ERROR 2025-02-26 06:47:31,705 861 hyperkitty.views.mailman Access to the archiving API endpoint was forbidden from IP xxx.xxx.xxx.xxx, your MAILMAN_ARCHIVER_FROM setting may be misconfigured WARNING 2025-02-26 06:47:31,705 861 django.request Forbidden: /hyperkitty/api/mailman/urls WARNING 2025-02-26 06:47:31,705 861 django.request Forbidden: /hyperkitty/api/mailman/urls
I have this line in /etc/mailman3/mailman-web.py
MAILMAN_ARCHIVER_FROM = ('https://lists.somewhere.xx/hyperkitty', '::1')
I have the Archiving settings:
Archive policy is Private archives At Active archivers hyperkitty's checkbox is checked Archive rendering mode is Plain text
I have these packages installed right now:
ii mailman3 3.3.8-2~deb12u2
ii mailman3-full 3.3.8-2~deb12u2
ii mailman3-web 0+20200530-2.1
ii python3-django-mailman3 1.3.9-1
ii python3-mailman-hyperkitty 1.2.1-1
ii python3-mailmanclient 3.3.5-1
Thanks, Árpád
Arpad Horvath via Mailman-users writes:
I moved from mailman to mailman3 in 2021. I hadn't have the time to fix the archiving. I can see the emails older then that in Hyperkitty, but none of the once still there is mailman3. What can be the problem?
I don't understand "none of the once still there is mailman3". Do you mean none of the emails sent since the upgrade from Mailman 2 to Mailman 3 are not visible in HyperKitty?
It's a Debian 12, I use the packages from the repo.
ERROR 2025-02-26 06:47:31,705 861 hyperkitty.views.mailman Access to the archiving API endpoint was forbidden from IP xxx.xxx.xxx.xxx, your MAILMAN_ARCHIVER_FROM setting may be misconfigured [...] I have this line in /etc/mailman3/mailman-web.py
MAILMAN_ARCHIVER_FROM = ('https://lists.somewhere.xx/hyperkitty', '::1')
Where did that line come from? Did you put it there? If so, don't worry about it, we'll figure out what goes there. If not, investigate a bit and if it seems like it came from debconf, you may want to report an issue to Debian.
I think Django is failing to parse that. It expects hosts, not URLs. The default is:
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')
I would just comment out that line in mailman-web.py and restart. If it starts working, then I suggest removing it entirely.
Steve
On 3/1/25 08:02, Stephen J. Turnbull wrote:
Arpad Horvath via Mailman-users writes:
ERROR 2025-02-26 06:47:31,705 861 hyperkitty.views.mailman Access to the archiving API endpoint was forbidden from IP xxx.xxx.xxx.xxx, your MAILMAN_ARCHIVER_FROM setting may be misconfigured [...] I have this line in /etc/mailman3/mailman-web.py
MAILMAN_ARCHIVER_FROM = ('https://lists.somewhere.xx/hyperkitty', '::1')
As Steve says, 'https://lists.somewhere.xx/hyperkitty' is inappropriate for MAILMAN_ARCHIVER_FROM. In particilar, MAILMAN_ARCHIVER_FROM must include the IP 'xxx.xxx.xxx.xxx' from the above log message.
-- Mark Sapiro <mark@msapiro.net> The highway is for gamblers, San Francisco Bay Area, California better use your sense - B. Dylan
Unfortunately I don't remember the articles that I used when I migrated. But this setting (no MAILMAN_ARCHIVER_FROM setting directly) does not seem to work. Hyperkitty is clearly available from outside, but doesn't seem to be from inside (localhost).
I don't know how can I make it available on localhost with nginx. Current nginx setting is quite long and I am not sure, what is sensitive there. The structure is this
upstream mailman3 { server unix:/run/mailman3-web/uwsgi.sock fail_timeout=0; }
server { listen 80; listen [::]:80; server_name lists.somewhere.xx; ... }
server { listen 443; listen [::]:443; server_name lists.somewhere.xx; ...
location / {
uwsgi_pass mailman3;
include /etc/nginx/uwsgi_params;
}
location /mailman3/static {
alias /var/lib/mailman3/web/static;
}
location /mailman3/static/favicon.ico {
alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
}
access_log /var/log/nginx/mailman3/access.log combined;
error_log /var/log/nginx/mailman3/error.log;}
Can I reach hyperkitty through the socket then or what do I need to do?
Thanks. It works now. I've added the IP to MAILMAN_ARCHIVER_FROM and now it is populating the months I though were lost.
participants (3)
-
Arpad Horvath -
Mark Sapiro -
Stephen J. Turnbull