Hacking attempts?
by Lists
Hi,
We are seeing thousands of these emails every day, looks like someone is trying to hack our Mailman3 but would appreciate someone with more knowledge of MM3 to confirm.
Is this a problem with our setup? i.e. the “Internal Server Error” bit, or are the hackers just sending bad data that is causing the error? also how do we stop/block this?
TIA and here is a typical email:
Subject: [Django] ERROR (EXTERNAL IP): Internal Server Error: /mailman3/accounts/fedora/login/
Internal Server Error: /mailman3/accounts/fedora/login/
TypeError at /accounts/fedora/login/
_openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint'
Request Method: GET
Request URL: https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next… <https://mailman.ardc.net/mailman3/accounts/fedora/login/?process=login&next…>
Django Version: 2.2.26
Python Executable: /usr/bin/uwsgi-core
Python Version: 3.9.2
Python Path: ['.', '', '/usr/lib/python39.zip', '/usr/lib/python3.9', '/usr/lib/python3.9/lib-dynload', '/usr/local/lib/python3.9/dist-packages', '/usr/lib/python3/dist-packages', '/usr/lib/python3.9/dist-packages']
Server time: Thu, 14 Jul 2022 02:34:04 -0400
Installed Applications:
('hyperkitty',
'postorius',
'django_mailman3',
'django.contrib.admin',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'compressor',
'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
'django_mailman3.lib.auth.fedora')
Installed Middleware:
('django.contrib.sessions.middleware.SessionMiddleware',
'django.middleware.common.CommonMiddleware',
'django.middleware.csrf.CsrfViewMiddleware',
'django.middleware.locale.LocaleMiddleware',
'django.contrib.auth.middleware.AuthenticationMiddleware',
'django.contrib.messages.middleware.MessageMiddleware',
'django.middleware.clickjacking.XFrameOptionsMiddleware',
'django.middleware.security.SecurityMiddleware',
'django_mailman3.middleware.TimezoneMiddleware',
'postorius.middleware.PostoriusMiddleware')
Traceback:
File "/usr/lib/python3/dist-packages/django/core/handlers/exception.py" in inner
34. response = get_response(request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response
115. response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3/dist-packages/django/core/handlers/base.py" in _get_response
113. response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in view
71. return self.dispatch(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django/views/generic/base.py" in dispatch
97. return handler(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in get
56. return self.post(request, *args, **kwargs)
File "/usr/lib/python3/dist-packages/django_mailman3/lib/auth/fedora/views.py" in post
67. client = _openid_consumer(request)
Exception Type: TypeError at /accounts/fedora/login/
Exception Value: _openid_consumer() missing 2 required positional arguments: 'provider' and 'endpoint'
Request information:
USER: AnonymousUser
GET:
process = 'login'
next = '/mailman3/hyperkitty/list/44net(a)mailman.ampr.org <mailto:mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
POST: No POST data
FILES: No FILES data
COOKIES: No cookie data
META:
CONTEXT_DOCUMENT_ROOT = '/var/www/html'
CONTEXT_PREFIX = ''
DOCUMENT_ROOT = '/var/www/html'
GATEWAY_INTERFACE = 'CGI/1.1'
HTTPS = 'on'
HTTP_ACCEPT = 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8'
HTTP_ACCEPT_ENCODING = 'gzip,deflate'
HTTP_CONNECTION = 'Keep-Alive'
HTTP_HOST = 'mailman.ardc.net <http://mailman.ardc.net/>'
HTTP_USER_AGENT = 'Mozilla/5.0 (compatible; BLEXBot/1.0; +http://webmeup-crawler.com/ <http://webmeup-crawler.com/>)'
PATH = '/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin'
PATH_INFO = '/accounts/fedora/login/'
QUERY_STRING = 'process=login&next=/mailman3/hyperkitty/list/44net(a)mailman.ampr.org <mailto:process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
REMOTE_ADDR = '157.90.177.212'
REMOTE_PORT = '63384'
REQUEST_METHOD = 'GET'
REQUEST_SCHEME = 'https'
REQUEST_URI = '/mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net(a)mailman.ampr.org <mailto:mailman3/accounts/fedora/login/?process=login&next=/mailman3/hyperkitty/list/44net@mailman.ampr.org>/message/O5Z2YZBJZXFPH2ACAORN6BST7B2S3M3P/'
SCRIPT_FILENAME = 'proxy:uwsgi://localhost//accounts/fedora/login/' <uwsgi://localhost//accounts/fedora/login/'>
SCRIPT_NAME = '/mailman3'
SERVER_ADDR = '44.1.1.29'
SERVER_ADMIN = 'postmaster(a)ardc.net <mailto:postmaster@ardc.net>'
SERVER_NAME = 'mailman.ardc.net <http://mailman.ardc.net/>'
SERVER_PORT = '443'
SERVER_PROTOCOL = 'HTTP/1.1'
SERVER_SIGNATURE = '<address>Apache/2.4.53 (Debian) Server at mailman.ardc.net <http://mailman.ardc.net/> Port 443</address>\n'
SERVER_SOFTWARE = 'Apache/2.4.53 (Debian)'
SSL_TLS_SNI = 'mailman.ardc.net <http://mailman.ardc.net/>'
uwsgi.core = 1
uwsgi.node = b'mailman'
uwsgi.version = b'2.0.19.1-debian'
wsgi.errors = <_io.TextIOWrapper name=2 mode='w' encoding='UTF-8'>
wsgi.file_wrapper = ''
wsgi.input = <uwsgi._Input object at 0x7f8e0b4a0410>
wsgi.multiprocess = False
wsgi.multithread = True
wsgi.run_once = False
wsgi.url_scheme = 'https'
wsgi.version = '(1, 0)'
Settings:
Using settings module settings
ABSOLUTE_URL_OVERRIDES = {}
ACCOUNT_AUTHENTICATION_METHOD = 'username_email'
ACCOUNT_DEFAULT_HTTP_PROTOCOL = 'https'
ACCOUNT_EMAIL_REQUIRED = True
ACCOUNT_EMAIL_VERIFICATION = 'mandatory'
ACCOUNT_UNIQUE_EMAIL = True
ADMINS = "(('Mailman Suite Admin', 'postmaster(a)ardc.net <mailto:postmaster@ardc.net>'),)"
ALLOWED_HOSTS = ['*']
APPEND_SLASH = True
AUTHENTICATION_BACKENDS = "('django.contrib.auth.backends.ModelBackend', 'allauth.account.auth_backends.AuthenticationBackend')"
AUTH_PASSWORD_VALIDATORS = '********************'
AUTH_USER_MODEL = 'auth.User'
BASE_DIR = '/usr/share/mailman3-web'
CACHES = {'default': {'BACKEND': 'django.core.cache.backends.locmem.LocMemCache'}}
CACHE_MIDDLEWARE_ALIAS = 'default'
CACHE_MIDDLEWARE_KEY_PREFIX = '********************'
CACHE_MIDDLEWARE_SECONDS = 600
COMPRESSORS = {'css': 'compressor.css.CssCompressor', 'js': 'compressor.js.JsCompressor'}
COMPRESS_CACHEABLE_PRECOMPILERS = '()'
COMPRESS_CACHE_BACKEND = 'default'
COMPRESS_CACHE_KEY_FUNCTION = '********************'
COMPRESS_CLEAN_CSS_ARGUMENTS = ''
COMPRESS_CLEAN_CSS_BINARY = 'cleancss'
COMPRESS_CLOSURE_COMPILER_ARGUMENTS = ''
COMPRESS_CLOSURE_COMPILER_BINARY = 'java -jar compiler.jar'
COMPRESS_CSS_HASHING_METHOD = 'mtime'
COMPRESS_DATA_URI_MAX_SIZE = 1024
COMPRESS_DEBUG_TOGGLE = None
COMPRESS_ENABLED = True
COMPRESS_FILTERS = {'css': ['compressor.filters.css_default.CssAbsoluteFilter'], 'js': ['compressor.filters.jsmin.JSMinFilter']}
COMPRESS_JINJA2_GET_ENVIRONMENT = <function CompressorConf.JINJA2_GET_ENVIRONMENT at 0x7f8e17d7a670>
COMPRESS_MINT_DELAY = 30
COMPRESS_MTIME_DELAY = 10
COMPRESS_OFFLINE = True
COMPRESS_OFFLINE_CONTEXT = {'STATIC_URL': '/mailman3/static/'}
COMPRESS_OFFLINE_MANIFEST = 'manifest.json'
COMPRESS_OFFLINE_TIMEOUT = 31536000
COMPRESS_OUTPUT_DIR = 'CACHE'
COMPRESS_PARSER = 'compressor.parser.AutoSelectParser'
COMPRESS_PRECOMPILERS = '()'
COMPRESS_REBUILD_TIMEOUT = 2592000
COMPRESS_ROOT = '/var/lib/mailman3/web/static'
COMPRESS_STORAGE = 'compressor.storage.CompressorFileStorage'
COMPRESS_TEMPLATE_FILTER_CONTEXT = {'STATIC_URL': '/mailman3/static/'}
COMPRESS_URL = '/mailman3/static/'
COMPRESS_URL_PLACEHOLDER = '/__compressor_url_placeholder__/'
COMPRESS_VERBOSE = False
COMPRESS_YUGLIFY_BINARY = 'yuglify'
COMPRESS_YUGLIFY_CSS_ARGUMENTS = '--terminal'
COMPRESS_YUGLIFY_JS_ARGUMENTS = '--terminal'
COMPRESS_YUI_BINARY = 'java -jar yuicompressor.jar'
COMPRESS_YUI_CSS_ARGUMENTS = ''
COMPRESS_YUI_JS_ARGUMENTS = ''
CSRF_COOKIE_AGE = 31449600
CSRF_COOKIE_DOMAIN = None
CSRF_COOKIE_HTTPONLY = False
CSRF_COOKIE_NAME = 'csrftoken'
CSRF_COOKIE_PATH = '/'
CSRF_COOKIE_SAMESITE = 'Lax'
CSRF_COOKIE_SECURE = False
CSRF_FAILURE_VIEW = 'django.views.csrf.csrf_failure'
CSRF_HEADER_NAME = 'HTTP_X_CSRFTOKEN'
CSRF_TRUSTED_ORIGINS = []
CSRF_USE_SESSIONS = False
DATABASES = {'default': {'ENGINE': 'django.db.backends.mysql', 'NAME': 'mailman', 'USER': 'mailman', 'PASSWORD': '********************', 'HOST': ‘X.X.X.X', 'PORT': '', 'OPTIONS': {'init_command': "SET sql_mode='STRICT_TRANS_TABLES'", 'charset': 'utf8mb4'}, 'ATOMIC_REQUESTS': False, 'AUTOCOMMIT': True, 'CONN_MAX_AGE': 0, 'TIME_ZONE': None, 'TEST': {'CHARSET': None, 'COLLATION': None, 'NAME': None, 'MIRROR': None}}}
DATABASE_ROUTERS = []
DATA_UPLOAD_MAX_MEMORY_SIZE = 2621440
DATA_UPLOAD_MAX_NUMBER_FIELDS = 1000
DATETIME_FORMAT = 'N j, Y, P'
DATETIME_INPUT_FORMATS = ['%Y-%m-%d %H:%M:%S', '%Y-%m-%d %H:%M:%S.%f', '%Y-%m-%d %H:%M', '%Y-%m-%d', '%m/%d/%Y %H:%M:%S', '%m/%d/%Y %H:%M:%S.%f', '%m/%d/%Y %H:%M', '%m/%d/%Y', '%m/%d/%y %H:%M:%S', '%m/%d/%y %H:%M:%S.%f', '%m/%d/%y %H:%M', '%m/%d/%y']
DATE_FORMAT = 'N j, Y'
DATE_INPUT_FORMATS = ['%Y-%m-%d', '%m/%d/%Y', '%m/%d/%y', '%b %d %Y', '%b %d, %Y', '%d %b %Y', '%d %b, %Y', '%B %d %Y', '%B %d, %Y', '%d %B %Y', '%d %B, %Y']
DEBUG = False
DEBUG_PROPAGATE_EXCEPTIONS = False
DECIMAL_SEPARATOR = '.'
DEFAULT_CHARSET = 'utf-8'
DEFAULT_CONTENT_TYPE = 'text/html'
DEFAULT_EXCEPTION_REPORTER_FILTER = 'django.views.debug.SafeExceptionReporterFilter'
DEFAULT_FILE_STORAGE = 'django.core.files.storage.FileSystemStorage'
DEFAULT_FROM_EMAIL = 'postorius(a)mailman.ardc.net <mailto:postorius@mailman.ardc.net>'
DEFAULT_INDEX_TABLESPACE = ''
DEFAULT_TABLESPACE = ''
DISALLOWED_USER_AGENTS = []
EMAILNAME = 'mailman.ardc.net <http://mailman.ardc.net/>'
EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
EMAIL_HOST = 'localhost'
EMAIL_HOST_PASSWORD = '********************'
EMAIL_HOST_USER = ''
EMAIL_PORT = 25
EMAIL_SSL_CERTFILE = None
EMAIL_SSL_KEYFILE = '********************'
EMAIL_SUBJECT_PREFIX = '[Django] '
EMAIL_TIMEOUT = None
EMAIL_USE_LOCALTIME = False
EMAIL_USE_SSL = False
EMAIL_USE_TLS = False
FILE_CHARSET = 'utf-8'
FILE_UPLOAD_DIRECTORY_PERMISSIONS = None
FILE_UPLOAD_HANDLERS = ['django.core.files.uploadhandler.MemoryFileUploadHandler', 'django.core.files.uploadhandler.TemporaryFileUploadHandler']
FILE_UPLOAD_MAX_MEMORY_SIZE = 2621440
FILE_UPLOAD_PERMISSIONS = None
FILE_UPLOAD_TEMP_DIR = None
FILTER_VHOST = False
FIRST_DAY_OF_WEEK = 0
FIXTURE_DIRS = []
FORCE_SCRIPT_NAME = None
FORMAT_MODULE_PATH = None
FORM_RENDERER = 'django.forms.renderers.DjangoTemplates'
HAYSTACK_CONNECTIONS = {'default': {'ENGINE': 'haystack.backends.whoosh_backend.WhooshEngine', 'PATH': '/var/lib/mailman3/web/fulltext_index'}}
HOSTNAME = 'localhost.local'
IGNORABLE_404_URLS = []
INSTALLED_APPS = "('hyperkitty', 'postorius', 'django_mailman3', 'django.contrib.admin', 'django.contrib.auth', 'django.contrib.contenttypes', 'django.contrib.sessions', 'django.contrib.sites', 'django.contrib.messages', 'django.contrib.staticfiles', 'rest_framework', 'django_gravatar', 'compressor', 'haystack', 'django_extensions', 'django_q', 'allauth', 'allauth.account', 'allauth.socialaccount', 'django_mailman3.lib.auth.fedora')"
INTERNAL_IPS = []
LANGUAGES = [('af', 'Afrikaans'), ('ar', 'Arabic'), ('ast', 'Asturian'), ('az', 'Azerbaijani'), ('bg', 'Bulgarian'), ('be', 'Belarusian'), ('bn', 'Bengali'), ('br', 'Breton'), ('bs', 'Bosnian'), ('ca', 'Catalan'), ('cs', 'Czech'), ('cy', 'Welsh'), ('da', 'Danish'), ('de', 'German'), ('dsb', 'Lower Sorbian'), ('el', 'Greek'), ('en', 'English'), ('en-au', 'Australian English'), ('en-gb', 'British English'), ('eo', 'Esperanto'), ('es', 'Spanish'), ('es-ar', 'Argentinian Spanish'), ('es-co', 'Colombian Spanish'), ('es-mx', 'Mexican Spanish'), ('es-ni', 'Nicaraguan Spanish'), ('es-ve', 'Venezuelan Spanish'), ('et', 'Estonian'), ('eu', 'Basque'), ('fa', 'Persian'), ('fi', 'Finnish'), ('fr', 'French'), ('fy', 'Frisian'), ('ga', 'Irish'), ('gd', 'Scottish Gaelic'), ('gl', 'Galician'), ('he', 'Hebrew'), ('hi', 'Hindi'), ('hr', 'Croatian'), ('hsb', 'Upper Sorbian'), ('hu', 'Hungarian'), ('hy', 'Armenian'), ('ia', 'Interlingua'), ('id', 'Indonesian'), ('io', 'Ido'), ('is', 'Icelandic'), ('it', 'Italian'), ('ja', 'Japanese'), ('ka', 'Georgian'), ('kab', 'Kabyle'), ('kk', 'Kazakh'), ('km', 'Khmer'), ('kn', 'Kannada'), ('ko', 'Korean'), ('lb', 'Luxembourgish'), ('lt', 'Lithuanian'), ('lv', 'Latvian'), ('mk', 'Macedonian'), ('ml', 'Malayalam'), ('mn', 'Mongolian'), ('mr', 'Marathi'), ('my', 'Burmese'), ('nb', 'Norwegian Bokmål'), ('ne', 'Nepali'), ('nl', 'Dutch'), ('nn', 'Norwegian Nynorsk'), ('os', 'Ossetic'), ('pa', 'Punjabi'), ('pl', 'Polish'), ('pt', 'Portuguese'), ('pt-br', 'Brazilian Portuguese'), ('ro', 'Romanian'), ('ru', 'Russian'), ('sk', 'Slovak'), ('sl', 'Slovenian'), ('sq', 'Albanian'), ('sr', 'Serbian'), ('sr-latn', 'Serbian Latin'), ('sv', 'Swedish'), ('sw', 'Swahili'), ('ta', 'Tamil'), ('te', 'Telugu'), ('th', 'Thai'), ('tr', 'Turkish'), ('tt', 'Tatar'), ('udm', 'Udmurt'), ('uk', 'Ukrainian'), ('ur', 'Urdu'), ('vi', 'Vietnamese'), ('zh-hans', 'Simplified Chinese'), ('zh-hant', 'Traditional Chinese')]
LANGUAGES_BIDI = ['he', 'ar', 'fa', 'ur']
LANGUAGE_CODE = 'en-us'
LANGUAGE_COOKIE_AGE = None
LANGUAGE_COOKIE_DOMAIN = None
LANGUAGE_COOKIE_NAME = 'django_language'
LANGUAGE_COOKIE_PATH = '/'
LOCALE_PATHS = []
LOGGING = {'version': 1, 'disable_existing_loggers': False, 'filters': {'require_debug_false': {'()': 'django.utils.log.RequireDebugFalse'}}, 'handlers': {'mail_admins': {'level': 'ERROR', 'filters': ['require_debug_false'], 'class': 'django.utils.log.AdminEmailHandler'}, 'file': {'level': 'INFO', 'class': 'logging.handlers.RotatingFileHandler', 'filename': '/var/log/mailman3/web/mailman-web.log', 'formatter': 'verbose'}, 'console': {'class': 'logging.StreamHandler', 'formatter': 'simple'}}, 'loggers': {'django.request': {'handlers': ['mail_admins', 'file'], 'level': 'INFO', 'propagate': True}, 'django': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'hyperkitty': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}, 'postorius': {'handlers': ['file'], 'level': 'INFO', 'propagate': True}}, 'formatters': {'verbose': {'format': '%(levelname)s %(asctime)s %(process)d %(name)s %(message)s'}, 'simple': {'format': '%(levelname)s %(message)s'}}}
LOGGING_CONFIG = 'logging.config.dictConfig'
LOGIN_REDIRECT_URL = 'list_index'
LOGIN_URL = 'account_login'
LOGOUT_REDIRECT_URL = None
LOGOUT_URL = 'account_logout'
MAILMAN_ARCHIVER_FROM = "('127.0.0.1', '::1', '10.4.16.129', '44.1.1.29')"
MAILMAN_ARCHIVER_KEY = '********************'
MAILMAN_REST_API_PASS = '********************'
MAILMAN_REST_API_URL = '********************'
MAILMAN_REST_API_USER = '********************'
MANAGERS = []
MEDIA_ROOT = ''
MEDIA_URL = ''
MESSAGE_STORAGE = 'django.contrib.messages.storage.fallback.FallbackStorage'
MESSAGE_TAGS = {40: 'danger'}
MIDDLEWARE = "('django.contrib.sessions.middleware.SessionMiddleware', 'django.middleware.common.CommonMiddleware', 'django.middleware.csrf.CsrfViewMiddleware', 'django.middleware.locale.LocaleMiddleware', 'django.contrib.auth.middleware.AuthenticationMiddleware', 'django.contrib.messages.middleware.MessageMiddleware', 'django.middleware.clickjacking.XFrameOptionsMiddleware', 'django.middleware.security.SecurityMiddleware', 'django_mailman3.middleware.TimezoneMiddleware', 'postorius.middleware.PostoriusMiddleware')"
MIGRATION_MODULES = {}
MONTH_DAY_FORMAT = 'F j'
NUMBER_GROUPING = 0
PASSWORD_HASHERS = '********************'
PASSWORD_RESET_TIMEOUT_DAYS = '********************'
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/ <http://localhost/mailman3/>'
PREPEND_WWW = False
Q_CLUSTER = {'timeout': 300, 'save_limit': 100, 'orm': 'default', 'poll': 5}
ROOT_URLCONF = 'urls'
SECRET_KEY = '********************'
SECURE_BROWSER_XSS_FILTER = False
SECURE_CONTENT_TYPE_NOSNIFF = False
SECURE_HSTS_INCLUDE_SUBDOMAINS = False
SECURE_HSTS_PRELOAD = False
SECURE_HSTS_SECONDS = 0
SECURE_PROXY_SSL_HEADER = None
SECURE_REDIRECT_EXEMPT = []
SECURE_SSL_HOST = None
SECURE_SSL_REDIRECT = False
SERVER_EMAIL = 'root(a)mailman.ardc.net <mailto:root@mailman.ardc.net>'
SESSION_CACHE_ALIAS = 'default'
SESSION_COOKIE_AGE = 1209600
SESSION_COOKIE_DOMAIN = None
SESSION_COOKIE_HTTPONLY = True
SESSION_COOKIE_NAME = 'sessionid'
SESSION_COOKIE_PATH = '/'
SESSION_COOKIE_SAMESITE = 'Lax'
SESSION_COOKIE_SECURE = False
SESSION_ENGINE = 'django.contrib.sessions.backends.db'
SESSION_EXPIRE_AT_BROWSER_CLOSE = False
SESSION_FILE_PATH = None
SESSION_SAVE_EVERY_REQUEST = False
SESSION_SERIALIZER = 'django.contrib.sessions.serializers.PickleSerializer'
SETTINGS_MODULE = 'settings'
SHORT_DATETIME_FORMAT = 'm/d/Y P'
SHORT_DATE_FORMAT = 'm/d/Y'
SIGNING_BACKEND = 'django.core.signing.TimestampSigner'
SILENCED_SYSTEM_CHECKS = []
SITE_ID = 1
SOCIALACCOUNT_PROVIDERS = {}
STATICFILES_DIRS = '()'
STATICFILES_FINDERS = "('django.contrib.staticfiles.finders.FileSystemFinder', 'django.contrib.staticfiles.finders.AppDirectoriesFinder', 'compressor.finders.CompressorFinder')"
STATICFILES_STORAGE = 'django.contrib.staticfiles.storage.StaticFilesStorage'
STATIC_ROOT = '/var/lib/mailman3/web/static'
STATIC_URL = '/mailman3/static/'
TEMPLATES = [{'BACKEND': 'django.template.backends.django.DjangoTemplates', 'DIRS': [], 'APP_DIRS': True, 'OPTIONS': {'context_processors': ['django.template.context_processors.debug', 'django.template.context_processors.i18n', 'django.template.context_processors.media', 'django.template.context_processors.static', 'django.template.context_processors.tz', 'django.template.context_processors.csrf', 'django.template.context_processors.request', 'django.contrib.auth.context_processors.auth', 'django.contrib.messages.context_processors.messages', 'django_mailman3.context_processors.common', 'hyperkitty.context_processors.common', 'postorius.context_processors.postorius']}}]
TEST_NON_SERIALIZED_APPS = []
TEST_RUNNER = 'django.test.runner.DiscoverRunner'
THOUSAND_SEPARATOR = ','
TIME_FORMAT = 'P'
TIME_INPUT_FORMATS = ['%H:%M:%S', '%H:%M:%S.%f', '%H:%M']
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_THOUSAND_SEPARATOR = False
USE_TZ = True
USE_X_FORWARDED_HOST = True
USE_X_FORWARDED_PORT = False
WSGI_APPLICATION = 'wsgi.application'
X_FRAME_OPTIONS = 'SAMEORIGIN'
YEAR_MONTH_FORMAT = 'F Y’
2 years, 4 months
Re: Hyperkitty
by Stephen J. Turnbull
Mark Labeste writes:
> Thanks for your reply. I was abled point to the mailman.cfg path
> appeared in mailman info. Below is the result of mailman conf. But
> archive is still now showing on web browser.
Sorry, can't help you without more information. Is your archive
visible from the Internet?
What do you mean by "archive is not showing"? Do you get an error
indication (like HTTP 404 error "no such page")? Do you get the
archive page but you expect to see email there and there isn't any?
If something else, what?
I assume you installed Mailman from a distribution. Which one?
What does "mailman info" report? If that doesn't work, you'll have to
find the installed Mailman hierarchy, probably /var/lib/mailman3 or
/usr/lib/mailman3, and run "bin/mailman info" from there.
What are the contents of these files:
mailman.cfg (probably in /etc/mailman3/mailman.cfg)
settings.py (there are a lot of these with different purposes, with
luck you'll find the right one in
/etc/mailman3/settings.py or possibly in
var/etc/settings.py under the Mailman hierarchy)
urls.py (may be in /etc/mailman3/urls.py, or next to settings.py)
This list strips most attachments. However it should be possible to
attach these files as long as the Content-Type is text/plain. If
you're not sure what the Content-Type your email program applies, you
can include them in the message body at the end.
The following version information may be useful later, but it's not
urgent. What versions of the following packages are installed:
mailman3 (possibly just mailman)
postorius
hyperkitty
gunicorn
mailman-web
mailmanclient
django_mailman (possibly django-mailman)
django (or Django)
(all of the above may be prefixed with something that indicates that
they are Python programs)
apache (possibly apache2 or apache24) or possibly nginx
uwsgi (may not be in use)
Steve
1 year, 2 months
Re: Hyperkitty 403 Forbidden Error
by Abhilash Raj
On Wed, Aug 7, 2019, at 8:41 AM, Phil Thompson wrote:
> On 06/08/2019 09:48, Phil Thompson wrote:
> > On 06/08/2019 03:38, Abhilash Raj wrote:
> >> On Mon, Aug 5, 2019, at 10:06 AM, Phil Thompson wrote:
> >>> I'm in the process of setting up mailman3. The only problem I seem to
> >>> be
> >>> having is getting Hyperkitty to archive messages. Rather than the
> >>> authorisation problems people have previously asked about on the
> >>> list, I
> >>> am getting a 403 error...
> >>>
> >>> Aug 05 15:38:40 2019 (10229) HyperKitty failure on
> >>> http://localhost/mailman3/hyperkitty/api/mailman/urls:
> >>> <html><title>Forbidden</title><body>
> >>> <h1>Access is forbidden</h1></body></html> (403)
> >>> Aug 05 15:38:58 2019 (10222) HyperKitty failure on
> >>> http://localhost/mailman3/hyperkitty/api/mailman/archive:
> >>> <html><title>Forbidden</title><body>
> >>> <h1>Access is forbidden</h1></body></html> (403)
> >>>
> >>> Any suggestions would be appreciated.
> >>
> >> How did you install Hyperkitty?
> >
> > On Ubuntu...
> >
> > apt-get install mailman3-full
> >
> >> You probably need to the set the API key correctly in both Core and
> >> Hyperkitty.
> >>
> >> Have you looked at documentation here[1]?
> >>
> >> [1]:
> >> https://hyperkitty.readthedocs.io/en/latest/install.html#connecting-to-mail…
> >>
> >> Note that the MAILMAN_ARCHIVER_KEY = "value" (this value should be in
> >> quotes, single or double, doesn't matter) in your settings.py for Web
> >> (Django) should be same as the `api_key : value` (without quotes here
> >> in hyperkitty.cfg config file).
> >
> > That's all correct. I'm familiar with the authorisation issues that
> > other people have had.
> >
> > The only thing I'm doing differently (as far as I am aware) is that
> > I'm using a URL prefixed with /mailman3 which is stripped off in my
> > nginx configuration...
> >
> > # mailman3.
> > location /mailman3/ {
> > uwsgi_pass unix:/run/mailman3/web/uwsgi.sock;
> > include uwsgi_params;
> > uwsgi_param SERVER_ADDR $server_addr;
> > uwsgi_modifier1 30;
> > uwsgi_param SCRIPT_NAME /mailman3;
> > }
> >
> > location /mailman3/static {
> > alias /var/lib/mailman3/web/static;
> > }
> >
> > location /mailman3/static/favicon.ico {
> > alias /var/lib/mailman3/web/static/postorius/img/favicon.ico;
> > }
> >
> > ...but I don't see this affecting the mailman to Hyperkitty
> > communication. Posting to lists and the Postorius and Hyperkitty
> > frontends seem to work fine.
>
> I have now fixed the 403 error (by setting MAILMAN_ARCHIVER_FROM to my
> public IP address). However I now get a 400 Bad Request error.
>
> I have traced this to the archive() function in
> hyperkitty/views/mailman.py which is expect a POST but is actually
> getting a GET, specifically...
>
> GET '/mailman3/hyperkitty/api/mailman/archive?key=...'
>
> ...which seems to be a fairly fundamental problem.
>
> Again, any suggestions would be welcome.
It should be sending POST request to archive emails[1]. How did you grab the above request? Was it from logs?
Do you have anything else in the logs? There should be something in the Mailman Core or web logs should have something.
[1]: https://gitlab.com/mailman/mailman-hyperkitty/blob/master/mailman_hyperkitt…
--
thanks,
Abhilash Raj (maxking)
5 years, 3 months
Re: Unable to get mailman3 working on Ubuntu 20.04 LTS
by Shawn Heisey
On 10/28/2021 5:28 PM, Abhilash Raj wrote:
> The instructions are basically in the issue description, pending move to a documentation page:
>
> https://github.com/maxking/docker-mailman/issues/293
>
> If you are upgrading the latest 0.4.x release from 0.3.x, you also want to look at
>
> https://asynchronous.in/docker-mailman/news/#upgrading-to-040-release
Awesome! Thank you for that info! I just upgraded from 0.4.1 (which
was the tag I used for the initial install) to 0.4.2 and it all looks
good. The lists are still there in the output of this command on the host:
docker exec -u mailman mailman-core mailman lists
After the upgrade, I sent a test message to one of the mailing lists
that looks like it worked perfectly.
I assumed that it would be necessary to update the tags in the
docker-compose.yaml file, and I did so. Should that be added to the
instructions?
One thing that was very non-obvious is how to get the containers to
start at boot time. A command like this, issued three times with the
actual ID values for the containers, took care of it for me:
docker update --restart=unless-stopped 0576df221c0b
If it is possible to have the docker-compose.yaml file set that flag
when it creates the containers, I think that would be a good idea. I
did notice that the postorius and mysql docker-compose configs do set
the database container (but not the mailman containers) to restart
always ... but my limited experience with docker tells me that
unless-stopped is a better option.
> If you can send a PR for the config you set up for Apache in Github, or just an issue, I can include it in the docs :-)
I created an issue and included a sanitized copy of my virtualhost config.
Thanks,
Shawn
3 years
Re: mailman 3.x upgrade and downgrade
by Mark Sapiro
On 7/12/22 6:12 AM, skooperit(a)gmail.com wrote:
> Hi all,
>
> I have a few contradictory questions.
>
> 1. How to upgrade the 3.x version?
>
> 2. Is it possible to migrate (downgrade) the lists from mailman 3.x to 2.1?
>
> 3. If so, what would be the best way to do that?
>
>
> My mailing list server is running on a CenOS-7x with postgreSQL and the following mailman packages:
>
> django-mailman3 1.3.5
> mailman 3.3.2
> mailman-hyperkitty 1.1.0
> mailman-web 0.0.3
> mailmanclient 3.3.2
> postorius 1.3.3
>
> We have ~200 lists with more than a decade of history.
So you have installed Mailman 3, apparently following
https://docs.mailman3.org/en/latest/install/virtualenv.html. There is a
caveat. Current released versions of HyperKitty (I don't see your
version above) don't work with mistune >= 2.0.0.
This is https://gitlab.com/mailman/hyperkitty/-/issues/431, fixed by
https://gitlab.com/mailman/hyperkitty/-/merge_requests/379 but not yet
released.
If your installed mistune is not 2.0.0rc1, you can work around this with
this patch
```
--- a/hyperkitty/lib/renderer.py
+++ b/hyperkitty/lib/renderer.py
@@ -4,7 +4,7 @@ from django.conf import settings
import mistune
from mistune.plugins.extra import plugin_url
-from mistune.scanner import escape_html, escape_url
+from mistune.util import escape_html, escape_url
class MyRenderer(mistune.HTMLRenderer):
```
Or you can downgrade mistune with
```
pip install mistune==2.0.0rc1
```
in your virtualenv.
To answer your questions, to migrate your lists, you use `mailman
import21` and to migrate archives, `mailman-web hyperkitty_import`. Give
these commands with the `--help` option for more info.
Downgrading lists from Mailman 3 to Mailman 2.1 is not currently
possible. There is no inverse to `mailman import21`. You can export a
HyperKitty archive as a mbox to use as input to Mailman 2.1s bin/arch.
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
2 years, 4 months
Re: [Mailman-Developers] Mailman 3.1 beta coming soon
by Florian Fuchs
On Sat, Dec 03, 2016 at 17:25:24PM -0800, Terri Oda wrote:
>On 2016-12-03 12:22 PM, Florian Fuchs wrote:
>>I did some manual integration testing today
>>(core+mailmanclient+postorius) which looked fine so far. I didn't get
>>to test HyperKitty and the bundler though, so any help testing those
>>would be very much appreciated. I will have some more time tomorrow.
>
>I tried to do some testing based on these wiki instructions last weekend
>https://wiki.list.org/HyperKitty/DevelopmentSetupGuide
>
>and hit a "[Errno 61] Connection refused" issue when attempting to log
>in to Postorius. I suspect it might be an issue with the mac, since
>googling for the error (it's a django one) seems to find a lot of
>people on macs with problems, but I didn't manage to narrow it down
>more than that to make a useful bug report.
Do you have a traceback somewhere? If you're logging in for the first
time, it *might* have to do with allauth trying to verify your email
address by sending you an confirmation email (which probably fails if
you don't have smtp set up on your mac).
If that's the case, we should probably try to catch this condition and
display a useful error message instead of just letting it break.
Cheers
Florian
>I did set up a new linux install on another machine to work on next,
>though, so I may have something else to say on that front tomorrow.
>
> Terri
>
>
>_______________________________________________
>Mailman-Developers mailing list
>Mailman-Developers(a)python.org
>https://mail.python.org/mailman/listinfo/mailman-developers
>Mailman FAQ: http://wiki.list.org/x/AgA3
>Searchable Archives: http://www.mail-archive.com/mailman-developers%40python.org/
>Unsubscribe: https://mail.python.org/mailman/options/mailman-developers/f%40florianfuchs…
>
>Security Policy: http://wiki.list.org/x/QIA9
7 years, 11 months
use_https not being honored?
by Stephen J. Turnbull
sean.p.kiernan--- via Mailman-users writes:
> Using Mailman core 3.3.5, and Mailman API 3.1, I have use_https:
> yes set in my mailman.cfg so that I can use https for calls to the
> API,
Despite the name, that's not what use_https does. It means to use
"https" when formatting its URL, and AFAICS that's all it does. In
particular it does not configure gunicorn (which provides the REST
server) to use HTTPS as far as I can tell.
> however even in mailman.log, it still says it is using http:
>
> [2022-06-01 09:35:54 -0500] [959009] [INFO] Starting gunicorn 20.1.0
> [2022-06-01 09:35:54 -0500] [959009] [INFO] Listening at: http://hostname:8001 (959009)
>
> GET and POST requests work fine if I use http, but fail when trying
> to use https.
You need to set some or all of the settings here where gunicorn can
find them.
https://docs.gunicorn.org/en/stable/settings.html#ssl
I believe this can be done either in the gunicorn.cfg file or in the
[webservice] section of mailman.cfg. This is separate configuration
information from any configuration of server credentials you provide
for Postorius or HyperKitty.
> I've only recently started using Mailman so if there are additional
> logs or system information I need to help with this?
I'm pretty sure what I wrote above diagnoses the issue correctly, but
for the future "didn't work" doesn't tell us enough. You should
always provide the exact error message, exactly as presented. If you
get a traceback of function calls, you should provide that whole thing
as well. You may redact "sensitive" information (which includes
personal names, usernames, passwords, and the like, but for some folks
also things like IP addresses and domain names). However, try to
ensure that there's a one-to-one relation between redacted items and
the substitutes.
Steve
2 years, 5 months
Re: Not able to start mailman server
by Mark Sapiro
On 8/5/21 12:53 AM, Kartheek Reddy Bondugula wrote:
> Hi,
>
> I am trying to setup postorius using this website -
>
> https://docs.mailman3.org/projects/mailman/en/release-3.0/src/mailman/docs/W...
That documentation is out of date.
Start at https://docs.mailman3.org/en/latest/
> I am trying to create a mailling list and it web interface for the users in my group
>
> The command 'pip install -e ./'(python3) runs successfully but still i am not able to start the server
Is the result the same as in your post at
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message…,
i.e.,
/usr/local/Cellar/python(a)3.9/3.9.5/bin/python3.9: can't open file
'/usr/local/opt/python(a)3.9/bin/master': [Errno 2] No such file or directory
> my mailman info shows -
>
> GNU Mailman 3.3.5b1 (Tom Sawyer)
> Python 3.9.5 (default, May 4 2021, 03:36:27)
> [Clang 12.0.0 (clang-1200.0.32.29)]
> config file: /Users/.../Documents/mailman/var/etc/mailman.cfg
> db url: sqlite:////Users/.../Documents/mailman/var/data/mailman.db
> devmode: DISABLED
> REST root url: http://localhost:8001/3.1/
> REST credentials: restadmin:restpass
We recommend following this guide
https://docs.mailman3.org/en/latest/install/virtualenv.html
What is the content of the
/Users/.../Documents/mailman/var/etc/mailman.cfg file?
The 'pip install -e ./' command should have created a bin/ directory
containing both `mailman` and `master` executable files and this
`mailman` command is the one you should be running. It appears the
`mailman` command you are running is
'/usr/local/opt/python(a)3.9/bin/mailman'. If that is in fact a symlink to
a different bin/mailman file, there should also be a symlink from
'/usr/local/opt/python(a)3.9/bin/master' to the existing bin/master or you
should adjust your path.
What do `which -a mailman` and `which -a master` show?
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
3 years, 3 months
Re: mailman admin (django) interface does not work anymore after deleting website example.com
by Abhilash Raj
On Sun, Mar 10, 2019, at 9:00 AM, Torge Riedel wrote:
> Am 10.03.19 um 16:44 schrieb Mark Sapiro:
> > On 3/10/19 8:18 AM, Torge Riedel wrote:
> >> I deleted the existing "example.com" and added a new one
> >> "lists.mydomain.de".
> >>
> >> Now the admin (django) interface always gives "An error occurred while
> >> processing your request". After one of the first navigation clicks I saw
> >> a message that "site with id 1 is missing".
> >
> > In your Django settings your have
> >
> > SITE_ID = 1
> >
> > which pointed to the example.com domain you deleted.
> >
> > You need to override this in settings_local.py. Probably
> >
> > SITE_ID = 2
> >
> > but if that doesn't work, try '0'
> >
> Ah, thank you Mark. That makes a kind of sense. I changed the database
> directly to fix it. And renamed example.com to lists.mydomain.de. Now
> the error is gone.
>
> I'm wondering why the initial database set up of postorius (?) adds
> "example.com". Is there a way to directly add my domain instead?
> Somewhere in settings_local.py?
Django does that and there doesn't seem to be a way to override that to
something else during initial migration. Or nothing I have found yet.
Only way is to edit "example.com" to something you'd like or add another
domain entry and change SITE_ID to point o that.
> _______________________________________________
> Mailman-users mailing list -- mailman-users(a)mailman3.org
> To unsubscribe send an email to mailman-users-leave(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>
--
thanks,
Abhilash Raj (maxking)
5 years, 8 months
Re: [Django] ERROR (EXTERNAL IP): Service Unavailable
by Mark Sapiro
On 2/25/21 9:38 AM, dancab(a)caltech.edu wrote:
> Mark,
>
> Is it only this list that has an issue?
>
> Yes, this is the only list that is having the issue.
>
> Can you visit other pages for this list?
>
> Yes, I'm able to view the members list, list settings, templates, etc.
>
> I've restarted the service and tried to access the held messages for the list once again. Here's what is in the mailman log.
>
>
> ERROR 2021-02-25 17:28:14,197 393 postorius Mailman REST API not available
> Traceback (most recent call last):
> File "/opt/mailmanve/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 706, in urlopen
> chunked=chunked,
> File "/opt/mailmanve/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 445, in _make_request
> six.raise_from(e, None)
> File "<string>", line 3, in raise_from
> File "/opt/mailmanve/lib64/python3.6/site-packages/urllib3/connectionpool.py", line 440, in _make_request
> httplib_response = conn.getresponse()
> File "/usr/lib64/python3.6/http/client.py", line 1346, in getresponse
> response.begin()
> File "/usr/lib64/python3.6/http/client.py", line 307, in begin
> version, status, reason = self._read_status()
> File "/usr/lib64/python3.6/http/client.py", line 276, in _read_status
> raise RemoteDisconnected("Remote end closed connection without"
> http.client.RemoteDisconnected: Remote end closed connection without response
This is from Django's log. What's in Mailman core's mailman.log?
Since everything else is accessing the REST API with no problem, I think
core must be stuck on something and timing out. Is there a time delay
between trying to get the held messages view and the "Mailman REST API
not available. Please start Mailman core." response?
Also is there a non-zero count in the badge on the Held messages tab?
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
3 years, 9 months