Re: config incoming email in my domain cpanel
by Rafael Mora
El jue., 3 ago. 2017 a las 15:49, tlhackque via Mailman-users (<
mailman-users(a)mailman3.org>) escribió:
> I think you're confused.
>
> You already have mail.labbrands.com set up as the MX record for
> labbrands.com. And it has an A record with the same address as your
> webserver.
>
I'm working with the hostgator mailserver, we are not running a local
mailserver.
As suggested I added an A record like this:
[image: image.png]
Is it correct? is it redirecting to my Ip so I can redirect it to my
postfix/mm3 server?
>
> So if you're getting e-mail on that domain, there's another e-mail
> server running on that IP address. You can't have 2 servers on port
> 25. In that case, as has been noted before, you'll need to setup a
> relay in that server, not a firewall redirect. Depending on your MTA,
> you would need to relay to your internal server. And make sure your
> firewall setup allows your MTA to do this.
>
> We can see it's EXIM:
>
> telnet mail.labbrands.com 25
> Trying 192.185.51.89...
> Connected to mail.labbrands.com (192.185.51.89).
> Escape character is '^]'.
> help
> 220-gator4137.hostgator.com ESMTP Exim 4.87 #1 Thu, 03 Aug 2017 15:47:48
> -0500
> 220-We do not authorize the use of this system to transport unsolicited,
> 220 and/or bulk e-mail.
> 214-Commands supported:
> 214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
> quit
> 221 gator4137.hostgator.com closing connection
> Connection closed by foreign host.
>
> Or, consolidate all your e-mail to one server - which is a lot easier to
> manage unless you have a really big operation. Postfix is probably the
> right choice, but requires more setup.
>
> Although Mailman3 configuration is not well documented (as you've
> discovered), you may want to get help from someone with more general
> network and mail experience. You're now into territory that is, as
> Simon indicated, not Mailman-specific.
>
> On 03-Aug-17 16:28, Rafael Mora wrote:
> > El jue., 3 ago. 2017 a las 15:26, Mark Sapiro (<mark(a)msapiro.net>)
> escribió:
> >
> >> On 08/03/2017 01:22 PM, Rafael Mora wrote:
> >>> El jue., 3 ago. 2017 a las 15:18, Mark Sapiro (<mark(a)msapiro.net>)
> >> escribió:
> >>>> You need to forward port 25 for SMTP mail delivery and if you want the
> >>>> web UI (Postorius and HyperKitty) accessible from the outside, port 80
> >>>> for http and/or port 443 for https
> >>>> <
> >>>>
> >>
> https://www.iana.org/assignments/service-names-port-numbers/service-names-p…
> >>>>> .
> >>> I mean for incoming mail redirected from my hostgator hosting, because
> >> when
> >>> I suscribe an email address MM3 sends a confirmation email, so I have
> to
> >>> reply to be suscribed to the list.
> >>
> >> As I said, for mail delivery you need to forward port 25 to the Mailman
> >> server.
> >>
> > Ok so I'll redirect in my zentyal firewall the port 25 to my local
> centos7
> > with postfix and MM3 with IP 192.168.1.42. Thanks Mark.
> >
> >
> >>
> >> --
> >> Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
> >> San Francisco Bay Area, California better use your sense - B. Dylan
> >> _______________________________________________
> >> Mailman-users mailing list
> >> mailman-users(a)mailman3.org
> >> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
> >>
>
> --
> This communication may not represent my employer's views,
> if any, on the matters discussed.
>
> _______________________________________________
> Mailman-users mailing list
> mailman-users(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>
--
Atentamente / Best Regards
Ing. Rafael Mora
7 years, 3 months
Re: Docker Mailman3 installation frustration
by Abhilash Raj
Hi,
On Wed, Jul 12, 2017, at 02:04 PM, ccsmith(a)cetsi.com wrote:
<snip>
> Running "sudo docker exec -it mailman-web cat
> ../mailman-web-data/logs/mailmanweb.log" shows me:
>
> ERROR 2017-07-12 20:34:25,073 25 django.request Internal Server Error: /accounts/login/
> Traceback (most recent call last):
> File "/usr/local/lib/python2.7/site-packages/django/core/handlers/exception.py", line 39, in inner
> response = get_response(request)
> ... more stuff ...
> File "/usr/local/lib/python2.7/smtplib.py", line 747, in sendmail
> raise SMTPRecipientsRefused(senderrs)
> SMTPRecipientsRefused: {u'pacetechadmin(a)cetsi.com': (451, '4.3.0 <pacetechadmin(a)cetsi.com>: Temporary lookup failure')}
This is mostly because you didn't setup your Django instance to send
emails i.e. SMTP settings. When you try to login/sign up from the web
interface, it needs to verify your email account and fails with 500
error because SMTP being not configured.
> On the Docker host (ubuntuServer2), /var/log/mail.log shows:
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: error: open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: error: open /opt/mailman/core/var/data/postfix_lmtp: No such file or directory
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: connect from unknown[172.19.199.3]
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: regexp:/opt/mailman/core/var/data/postfix_domains is unavailable. open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains: regexp:/opt/mailman/core/var/data/postfix_domains: table lookup problem
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains lookup failure
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: regexp:/opt/mailman/core/var/data/postfix_domains is unavailable. open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains: regexp:/opt/mailman/core/var/data/postfix_domains: table lookup problem
> Jul 12 13:48:53 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains lookup failure
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: NOQUEUE: reject: RCPT from unknown[172.19.199.3]: 451 4.3.0 <pacetechadmin(a)cetsi.com>: Temporary lookup failure; from=<postorius(a)localhost.local> to=<pacetechadmin(a)cetsi.com> proto=ESMTP helo=<mailman-web>
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: error: open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: error: open /opt/mailman/core/var/data/postfix_lmtp: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: connect from unknown[172.19.199.3]
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: regexp:/opt/mailman/core/var/data/postfix_domains is unavailable. open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains: regexp:/opt/mailman/core/var/data/postfix_domains: table lookup problem
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: relay_domains lookup failure
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: regexp:/opt/mailman/core/var/data/postfix_lmtp is unavailable. open /opt/mailman/core/var/data/postfix_lmtp: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: regexp:/opt/mailman/core/var/data/postfix_lmtp lookup error for "root@localhost"
> Jul 12 13:48:54 ubuntuServer2 postfix/trivial-rewrite[19843]: warning: transport_maps lookup failure
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: NOQUEUE: reject: RCPT from unknown[172.19.199.3]: 451 4.3.0 <root@localhost>: Temporary lookup failure; from=<root(a)localhost.local> to=<root@localhost> proto=ESMTP helo=<mailman-web>
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: disconnect from unknown[172.19.199.3] ehlo=1 mail=1 rcpt=0/1 rset=1 quit=1 commands=4/5
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19931]: lost connection after RSET from unknown[172.19.199.3]
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19931]: disconnect from unknown[172.19.199.3] ehlo=1 mail=1 rcpt=0/1 rset=1 commands=3/4
>
> And /var/log/mail.err is filling up with:
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: error: open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:53 ubuntuServer2 postfix/smtpd[19931]: error: open /opt/mailman/core/var/data/postfix_lmtp: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: error: open /opt/mailman/core/var/data/postfix_domains: No such file or directory
> Jul 12 13:48:54 ubuntuServer2 postfix/smtpd[19932]: error: open /opt/mailman/core/var/data/postfix_lmtp: No such file or directory
This is, as mentioned in the Issue that Danil linked to, about postfix
complaining about non-existent transport maps.
It will probably make sense to create those files, even empty, when the
containers startup!
Hope that helps!
--
Abhilash Raj
maxking(a)asynchronous.in
7 years, 4 months
Re: Mailman 3 Status Update Please?
by Barry Warsaw
On Jul 22, 2017, at 06:58, tlhackque via Mailman-users <mailman-users(a)mailman3.org> wrote:
>
> On 21-Jul-17 22:58, Barry Warsaw wrote:
>>
>> One big project that I’d love to see gain more traction is Lemme, our authenticating REST proxy. We just haven’t had much collective resources to spend working on it.
>>
>> https://gitlab.com/mailman/lemme
>
> The architectural problem with a separate proxy that provides separation
> of privilege is that the proxy has to be kept in sync with the core -
This can be true, as is the case for example in mailmanclient. I think that’s different than the lemme case though because mmclient is a language binding to a REST API, so it needs to know the details of the API in order to provide a high-fidelity binding. This could potentially be mitigated if we had a static representation of the API, and there have been discussions of that elsewhere, so let’s not dive too deeply into that discussion here.
Where I think lemme is different is that it would be a more pure HTTP command forwarding proxy with a bit of preprocessing. It wouldn’t need to know the details of the REST API and wouldn’t need to be explicitly kept in sync.
The general approach we hashed out a few Pycons ago is outlined here: https://gitlab.com/mailman/lemme/blob/master/OUTLINE.rst
> In addition, as the recent issues indicate, the REST API already has
> scaling problems - adding a proxy in the path will exacerbate those.
Yes, the proxy will not be very fast, but it’s also targeting a very different audience.
The current REST API, what I call the “administrative” API needs to be fast (and I’m confident we can make improvements to the existing implementation) because it’s there to serve Postorius, HyperKitty, and any other custom, tightly integrated front-ends. It provides full access to the API with no authorization because it trusts those front-ends implicitly, and those front-ends need the ability to perform any necessary action.
Lemme must fundamentally *not* trust its clients. Authentication is only the first part of its paranoia; it must also authorize the authenticated user and determine whether they have permissions to perform the requested action. It’s the authorization part that makes this a “big project” to me.
> Either way, the major work is (or should be) authorization tests in the
> core, with a touch of mapping an authenticated user to her(his)
> capabilities (for a list) in the database. Not a s"big" separate project.
I disagree about the bigness, but I can be convinced with code. :)
The core has no authorization or permission information built-in. It does have a user database, but I’ve always considered that to be tightly focused on the data needed to determine posting permissions, not access to the REST API. We also don’t have a model for how users map to API permissions. We’ve always recommended that the admin API be exposed only on trusted IPs (highly recommending localhost), but a proxy has to be exposed on the public internet for it to be useful. That, and because the admin API is default-open and the proxy must be default-closed, we want to segregate any possible vulnerabilities into an optional component. Not every site will want to allow their list operations to be scriptable.
To me, this all points to a separate proxy, developed as an official subproject. There we can experiment with permission models to find what works best and is the most understandable. We can allow others to experiment as well, and sites can opt into or out of running the proxy, or even the official proxy. Any vulnerabilities in the proxy can be fixed quickly, and rolled out on a different release schedule than Core.
Now, we’re careful, I think the bulk of lemme could be written with an eye toward some future integration with Core, although I would strongly recommend running it as a separate HTTP server than the admin API. That way, we can experiment with and develop lemme at its own pace, and once it stabilizes, we could consider bringing it in as a Core feature.
Cheers,
-Barry
7 years, 3 months
Re: Hyperkitty
by Massimiliano Paragnani
SOLVED!
I edited /etc/mailman3/mailman3-web.py adding in MAILMAN_ARCHIVER_FROM =
the ip of the server and finally starts to work
Il Ven 27 Gen 2023, 18:52 Massimiliano Paragnani <max.paragnani(a)gmail.com>
ha scritto:
> I set up the mailman3 services and lists, and we can send mail to the
> list successfully. However in the Archive section I couldn't see
> anything.
> My configuration: ubuntu, milman core 3.2.2, postresql, postorius 1.2.4,
> hyperkitty 1.3.2
>
> This is my mailman conf result:
>
> [antispam] header_checks:
> [antispam] jump_chain: hold
> [archiver.mail_archive] class: mailman.archiving.mailarchive.MailArchive
> [archiver.mail_archive] clobber_date: maybe
> [archiver.mail_archive] clobber_skew: 1d
> [archiver.mail_archive] configuration: python:mailman.config.mail_archive
> [archiver.mail_archive] enable: no
> [archiver.mhonarc] class: mailman.archiving.mhonarc.MHonArc
> [archiver.mhonarc] clobber_date: maybe
> [archiver.mhonarc] clobber_skew: 1d
> [archiver.mhonarc] configuration: python:mailman.config.mhonarc
> [archiver.mhonarc] enable: no
> [archiver.prototype] class: mailman.archiving.prototype.Prototype
> [archiver.prototype] clobber_date: maybe
> [archiver.prototype] clobber_skew: 1d
> [archiver.prototype] configuration: changeme
> [archiver.prototype] enable: no
> [bounces] register_bounces_every: 15m
> [database] class: mailman.database.postgresql.PostgreSQLDatabase
> [database] debug: no
> [database] url: postgres://mailman3:--------------@localhost/mailman3
> [devmode] enabled: no
> [devmode] recipient:
> [devmode] testing: no
> [devmode] wait: 60s
> [digests] mime_digest_keep_headers:
> Date From To Cc Subject Message-ID Keywords
> In-Reply-To References Content-Type MIME-Version
> Content-Transfer-Encoding Precedence Reply-To
> Message List-Post
> [digests] plain_digest_keep_headers:
> Message Date From
> Subject To Cc
> Message-ID Keywords
> Content-Type
> [dmarc] cache_lifetime: 7d
> [dmarc] org_domain_data_url:
> https://publicsuffix.org/list/public_suffix_list.dat
> [dmarc] resolver_lifetime: 5s
> [dmarc] resolver_timeout: 3s
> [language.ar] charset: utf-8
> [language.ar] description: Arabic
> [language.ar] enabled: yes
> [language.ast] charset: iso-8859-1
> [language.ast] description: Asturian
> [language.ast] enabled: yes
> [language.ca] charset: utf-8
> [language.ca] description: Catalan
> [language.ca] enabled: yes
> [language.cs] charset: iso-8859-2
> [language.cs] description: Czech
> [language.cs] enabled: yes
> [language.da] charset: iso-8859-1
> [language.da] description: Danish
> [language.da] enabled: yes
> [language.de] charset: utf-8
> [language.de] description: German
> [language.de] enabled: yes
> [language.el] charset: iso-8859-7
> [language.el] description: Greek
> [language.el] enabled: yes
> [language.es] charset: iso-8859-1
> [language.es] description: Spanish
> [language.es] enabled: yes
> [language.et] charset: iso-8859-15
> [language.et] description: Estonian
> [language.et] enabled: yes
> [language.eu] charset: iso-8859-15
> [language.eu] description: Euskara
> [language.eu] enabled: yes
> [language.fi] charset: iso-8859-1
> [language.fi] description: Finnish
> [language.fi] enabled: yes
> [language.fr] charset: iso-8859-1
> [language.fr] description: French
> [language.fr] enabled: yes
> [language.gl] charset: utf-8
> [language.gl] description: Galician
> [language.gl] enabled: yes
> [language.he] charset: utf-8
> [language.he] description: Hebrew
> [language.he] enabled: yes
> [language.hr] charset: iso-8859-2
> [language.hr] description: Croatian
> [language.hr] enabled: yes
> [language.hu] charset: iso-8859-2
> [language.hu] description: Hungarian
> [language.hu] enabled: yes
> [language.ia] charset: iso-8859-15
> [language.ia] description: Interlingua
> [language.ia] enabled: yes
> [language.it] charset: iso-8859-1
> [language.it] description: Italian
> [language.it] enabled: yes
> [language.ja] charset: euc-jp
> [language.ja] description: Japanese
> [language.ja] enabled: yes
> [language.ko] charset: euc-kr
> [language.ko] description: Korean
> [language.ko] enabled: yes
> [language.lt] charset: iso-8859-13
> [language.lt] description: Lithuanian
> [language.lt] enabled: yes
> [language.nl] charset: iso-8859-1
> [language.nl] description: Dutch
> [language.nl] enabled: yes
> [language.no] charset: iso-8859-1
> [language.no] description: Norwegian
> [language.no] enabled: yes
> [language.pl] charset: iso-8859-2
> [language.pl] description: Polish
> [language.pl] enabled: yes
> [language.pt] charset: iso-8859-1
> [language.pt] description: Protuguese
> [language.pt] enabled: yes
> [language.pt_BR] charset: iso-8859-1
> [language.pt_BR] description: Protuguese (Brazil)
> [language.pt_BR] enabled: yes
> [language.ro] charset: iso-8859-2
> [language.ro] description: Romanian
> [language.ro] enabled: yes
> [language.ru] charset: koi8-r
> [language.ru] description: Russian
> [language.ru] enabled: yes
> [language.sk] charset: utf-8
> [language.sk] description: Slovak
> [language.sk] enabled: yes
> [language.sl] charset: iso-8859-2
> [language.sl] description: Slovenian
> [language.sl] enabled: yes
> [language.sr] charset: utf-8
> [language.sr] description: Serbian
> [language.sr] enabled: yes
> [language.sv] charset: iso-8859-1
> [language.sv] description: Swedish
> [language.sv] enabled: yes
> [language.tr] charset: iso-8859-9
> [language.tr] description: Turkish
> [language.tr] enabled: yes
> [language.uk] charset: utf-8
> [language.uk] description: Ukrainian
> [language.uk] enabled: yes
> [language.vi] charset: utf-8
> [language.vi] description: Vietnamese
> [language.vi] enabled: yes
> [language.zh_CN] charset: utf-8
> [language.zh_CN] description: Chinese
> [language.zh_CN] enabled: yes
> [language.zh_TW] charset: utf-8
> [language.zh_TW] description: Chinese (Taiwan)
> [language.zh_TW] enabled: yes
> [logging.archiver] datefmt: %b %d %H:%M:%S %Y
> [logging.archiver] format: %(asctime)s (%(process)d) %(message)s
> [logging.archiver] level: info
> [logging.archiver] path: mailman.log
> [logging.archiver] propagate: no
> [logging.bounce] datefmt: %b %d %H:%M:%S %Y
> [logging.bounce] format: %(asctime)s (%(process)d) %(message)s
> [logging.bounce] level: info
> [logging.bounce] path: bounce.log
> [logging.bounce] propagate: no
> [logging.config] datefmt: %b %d %H:%M:%S %Y
> [logging.config] format: %(asctime)s (%(process)d) %(message)s
> [logging.config] level: info
> [logging.config] path: mailman.log
> [logging.config] propagate: no
> [logging.database] datefmt: %b %d %H:%M:%S %Y
> [logging.database] format: %(asctime)s (%(process)d) %(message)s
> [logging.database] level: warn
> [logging.database] path: mailman.log
> [logging.database] propagate: no
> [logging.debug] datefmt: %b %d %H:%M:%S %Y
> [logging.debug] format: %(asctime)s (%(process)d) %(message)s
> [logging.debug] level: info
> [logging.debug] path: debug.log
> [logging.debug] propagate: no
> [logging.error] datefmt: %b %d %H:%M:%S %Y
> [logging.error] format: %(asctime)s (%(process)d) %(message)s
> [logging.error] level: info
> [logging.error] path: mailman.log
> [logging.error] propagate: no
> [logging.fromusenet] datefmt: %b %d %H:%M:%S %Y
> [logging.fromusenet] format: %(asctime)s (%(process)d) %(message)s
> [logging.fromusenet] level: info
> [logging.fromusenet] path: mailman.log
> [logging.fromusenet] propagate: no
> [logging.http] datefmt: %b %d %H:%M:%S %Y
> [logging.http] format: %(asctime)s (%(process)d) %(message)s
> [logging.http] level: info
> [logging.http] path: mailman.log
> [logging.http] propagate: no
> [logging.locks] datefmt: %b %d %H:%M:%S %Y
> [logging.locks] format: %(asctime)s (%(process)d) %(message)s
> [logging.locks] level: info
> [logging.locks] path: mailman.log
> [logging.locks] propagate: no
> [logging.mischief] datefmt: %b %d %H:%M:%S %Y
> [logging.mischief] format: %(asctime)s (%(process)d) %(message)s
> [logging.mischief] level: info
> [logging.mischief] path: mailman.log
> [logging.mischief] propagate: no
> [logging.plugins] datefmt: %b %d %H:%M:%S %Y
> [logging.plugins] format: %(asctime)s (%(process)d) %(message)s
> [logging.plugins] level: info
> [logging.plugins] path: plugins.log
> [logging.plugins] propagate: no
> [logging.root] datefmt: %b %d %H:%M:%S %Y
> [logging.root] format: %(asctime)s (%(process)d) %(message)s
> [logging.root] level: info
> [logging.root] path: mailman.log
> [logging.root] propagate: no
> [logging.runner] datefmt: %b %d %H:%M:%S %Y
> [logging.runner] format: %(asctime)s (%(process)d) %(message)s
> [logging.runner] level: info
> [logging.runner] path: mailman.log
> [logging.runner] propagate: no
> [logging.smtp] datefmt: %b %d %H:%M:%S %Y
> [logging.smtp] every: $msgid smtp to $listname for $recip recips,
> completed in $time seconds
> [logging.smtp] failure: $msgid delivery to $recip failed with code
> $smtpcode, $smtpmsg
> [logging.smtp] format: %(asctime)s (%(process)d) %(message)s
> [logging.smtp] level: info
> [logging.smtp] path: smtp.log
> [logging.smtp] propagate: no
> [logging.smtp] refused: $msgid post to $listname from $sender, $size
> bytes, $refused failures
> [logging.smtp] success: $msgid post to $listname from $sender, $size bytes
> [logging.subscribe] datefmt: %b %d %H:%M:%S %Y
> [logging.subscribe] format: %(asctime)s (%(process)d) %(message)s
> [logging.subscribe] level: info
> [logging.subscribe] path: mailman.log
> [logging.subscribe] propagate: no
> [logging.vette] datefmt: %b %d %H:%M:%S %Y
> [logging.vette] format: %(asctime)s (%(process)d) %(message)s
> [logging.vette] level: info
> [logging.vette] path: mailman.log
> [logging.vette] propagate: no
> [mailman] cache_life: 7d
> [mailman] default_language: en
> [mailman] email_commands_max_lines: 10
> [mailman] filtered_messages_are_preservable: no
> [mailman] html_to_plain_text_command: /usr/bin/lynx -dump $filename
> [mailman] layout: debian
> [mailman] listname_chars: [-_.0-9a-z]
> [mailman] noreply_address: noreply
> [mailman] pending_request_life: 3d
> [mailman] post_hook:
> [mailman] pre_hook:
> [mailman] sender_headers: from from_ reply-to sender
> [mailman] site_owner: max.paragnani(a)gmail.com
> [mta] configuration: python:mailman.config.postfix
> [mta] delivery_retry_period: 5d
> [mta] incoming: mailman.mta.postfix.LMTP
> [mta] lmtp_host: 127.0.0.1
> [mta] lmtp_port: 8024
> [mta] max_autoresponses_per_day: 10
> [mta] max_delivery_threads: 0
> [mta] max_recipients: 500
> [mta] max_sessions_per_connection: 0
> [mta] outgoing: mailman.mta.deliver.deliver
> [mta] remove_dkim_headers: no
> [mta] smtp_host: localhost
> [mta] smtp_pass:
> [mta] smtp_port: 25
> [mta] smtp_user:
> [mta] verp_confirm_format: $address+$cookie
> [mta] verp_confirm_regexp: ^(.*<)?(?P<addr>[^+]+?)\+(?P<cookie>[^@]+)@.*$
> [mta] verp_confirmations: no
> [mta] verp_delimiter: +
> [mta] verp_delivery_interval: 0
> [mta] verp_format: ${bounces}+${local}=${domain}
> [mta] verp_personalized_deliveries: no
> [mta] verp_probe_format: $bounces+$token@$domain
> [mta] verp_probe_regexp: ^(?P<bounces>[^+]+?)\+(?P<token>[^@]+)@.*$
> [mta] verp_probes: no
> [mta] verp_regexp:
> ^(?P<bounces>[^+]+?)\+(?P<local>[^=]+)=(?P<domain>[^@]+)@.*$
> [nntp] host:
> [nntp] password:
> [nntp] port:
> [nntp] remove_headers:
> nntp-posting-host nntp-posting-date x-trace
> x-complaints-to xref date-received posted
> posting-version relay-version received
> [nntp] rewrite_duplicate_headers:
> To X-Original-To
> CC X-Original-CC
> Content-Transfer-Encoding X-Original-Content-Transfer-Encoding
> MIME-Version X-MIME-Version
> [nntp] user:
> [passwords] configuration: python:mailman.config.passlib
> [passwords] password_length: 8
> [plugin.master] class:
> [plugin.master] component_package:
> [plugin.master] configuration:
> [plugin.master] enabled: no
> [shell] banner: Welcome to the GNU Mailman shell
> [shell] history_file:
> [shell] prompt: >>>
> [shell] use_ipython: no
> [styles] default: legacy-default
> [webservice] admin_pass: ---------------------------------
> [webservice] admin_user: restadmin
> [webservice] api_version: 3.1
> [webservice] hostname: localhost
> [webservice] port: 8001
> [webservice] show_tracebacks: yes
> [webservice] use_https: no
> _______________________________________________
> Mailman-users mailing list -- mailman-users(a)mailman3.org
> To unsubscribe send an email to mailman-users-leave(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
> Archived at:
> https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/message…
>
> This message sent to max.paragnani(a)gmail.com
>
1 year, 9 months
Re: New releases
by Danil Smirnov
On Tue, 9 Jun 2020 at 00:05, Mark Sapiro <mark(a)msapiro.net> wrote:
> The first row of horizontal tabs is unchanged, but the `Settings` tab
> used to have a second horizontal row and now has a vertical list on the
> left.
>
Yeah Mark, thanks - now I see it :)
> After you upgraded did you run these django-admin commands?
> ```
> django-admin collectstatic --clear --noinput --verbosity 0
> django-admin compress
> django-admin compilemessages
> django-admin migrate
> ```
> These 4 commands should be run after every update to Postorius,
> HyperKitty or django_mainlman3.
>
Hm, interesting... Could you point me to some related docs please?
To upgrade, I've just bumped app versions in my Dockerfiles, built and
restarted...
Mailman-core worked right away with no issues.
Mailman-web (Hyperkitty) failed with the error:
----------
ERROR 2020-06-08 19:46:41,942 14 django.request Internal Server Error:
/hyperkitty/
Traceback (most recent call last):
File "/usr/lib/python3.6/site-packages/compressor/base.py", line 282, in
precompile
mod = import_module(mod_name)
File "/usr/lib/python3.6/importlib/__init__.py", line 126, in
import_module
return _bootstrap._gcd_import(name[level:], package, level)
File "<frozen importlib._bootstrap>", line 994, in _gcd_import
File "<frozen importlib._bootstrap>", line 971, in _find_and_load
File "<frozen importlib._bootstrap>", line 953, in _find_and_load_unlocked
ModuleNotFoundError: No module named 'sassc -t compressed {infile}
{outfile}'
During handling of the above exception, another exception occurred:
Traceback (most recent call last):
File
"/usr/lib/python3.6/site-packages/django/core/handlers/exception.py", line
34, in inner
response = get_response(request)
File "/usr/lib/python3.6/site-packages/django/core/handlers/base.py",
line 115, in _get_response
response = self.process_exception_by_middleware(e, request)
File "/usr/lib/python3.6/site-packages/django/core/handlers/base.py",
line 113, in _get_response
response = wrapped_callback(request, *callback_args, **callback_kwargs)
File "/usr/lib/python3.6/site-packages/hyperkitty/views/index.py", line
118, in index
return render(request, "hyperkitty/index.html", context)
File "/usr/lib/python3.6/site-packages/django/shortcuts.py", line 36, in
render
content = loader.render_to_string(template_name, context, request,
using=using)
File "/usr/lib/python3.6/site-packages/django/template/loader.py", line
62, in render_to_string
return template.render(context, request)
File
"/usr/lib/python3.6/site-packages/django/template/backends/django.py", line
61, in render
return self.template.render(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
171, in render
return self._render(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
163, in _render
return self.nodelist.render(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
937, in render
bit = node.render_annotated(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
904, in render_annotated
return self.render(context)
File "/usr/lib/python3.6/site-packages/django/template/loader_tags.py",
line 150, in render
return compiled_parent._render(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
163, in _render
return self.nodelist.render(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
937, in render
bit = node.render_annotated(context)
File "/usr/lib/python3.6/site-packages/django/template/base.py", line
904, in render_annotated
return self.render(context)
File
"/usr/lib/python3.6/site-packages/compressor/templatetags/compress.py",
line 143, in render
return self.render_compressed(context, self.kind, self.mode,
forced=forced)
File
"/usr/lib/python3.6/site-packages/compressor/templatetags/compress.py",
line 119, in render_compressed
rendered_output = compressor.output(mode, forced=forced,
basename=file_basename)
File "/usr/lib/python3.6/site-packages/compressor/css.py", line 46, in
output
ret.append(subnode.output(*args, **kwargs))
File "/usr/lib/python3.6/site-packages/compressor/css.py", line 48, in
output
return super(CssCompressor, self).output(*args, **kwargs)
File "/usr/lib/python3.6/site-packages/compressor/base.py", line 314, in
output
output = '\n'.join(self.filter_input(forced))
File "/usr/lib/python3.6/site-packages/compressor/base.py", line 254, in
filter_input
for hunk in self.hunks(forced):
File "/usr/lib/python3.6/site-packages/compressor/base.py", line 228, in
hunks
precompiled, value = self.precompile(value, **options)
File "/usr/lib/python3.6/site-packages/compressor/base.py", line 287, in
precompile
return True, filter.input(**kwargs)
File "/usr/lib/python3.6/site-packages/compressor/filters/base.py", line
239, in input
return super(CachedCompilerFilter, self).input(**kwargs)
File "/usr/lib/python3.6/site-packages/compressor/filters/base.py", line
206, in input
raise FilterError(err)
compressor.exceptions.FilterError: Error: It's not clear which file to
import for '@import "../libs/bootstrap/stylesheets/bootstrap"'.
Candidates:
../libs/bootstrap/stylesheets/_bootstrap.scss
../libs/bootstrap/stylesheets/bootstrap.scss
Please delete or rename all but one of these files.
on line 4 of
../mailman-web-data/static/hyperkitty/sass/hyperkitty.scss
>> @import "../libs/bootstrap/stylesheets/bootstrap";
----------
I've fixed the error by removing the older file which is
/opt/mailman-web-data/static/hyperkitty/libs/bootstrap/stylesheets/_bootstrap.scss
After that everything seems to be working fine.
My best regards,
Danil Smirnov
4 years, 5 months
Re: Source Installation Assistance
by actionmystique@gmail.com
mark.van.holsteijn@gmail.com
I stumbled across the same issue as Brian Carpenter within a slightly different environment:
Ubuntu focal 20.04
PostgreSQL 12.1-1
I tried to replace the following line in ```/usr/lib/python3/dist-packages/hyperkitty/migrations/0007_allauth_20160808_1604.py``` from ```python3-django-hyperkitty``` (1.3.0-1ubuntu1):
```
cursor.execute("SELECT 1 from social_auth_usersocialauth")
```
with
```
cursor.execute("SELECT 1 from information_schema.tables where table_name ='social_auth_usersocialauth' and to_regclass('social_auth_usersocialauth') is not null")
```
then
```
python3 manage.py makemigrations
```
leads to a different issue:
```
"Traceback (most recent call last):",
" File \"/usr/lib/python3/dist-packages/django/db/backends/utils.py\", line 84, in _execute",
" return self.cursor.execute(sql, params)",
"psycopg2.errors.UndefinedTable: relation \"social_auth_usersocialauth\" does not exist",
"LINE 3: FROM social_auth_usersocialauth usa",
" ^",
"",
"",
"The above exception was the direct cause of the following exception:",
"",
"Traceback (most recent call last):",
" File \"manage.py\", line 10, in <module>",
" execute_from_command_line(sys.argv)",
" File \"/usr/lib/python3/dist-packages/django/core/management/__init__.py\", line 381, in execute_from_command_line",
" utility.execute()",
" File \"/usr/lib/python3/dist-packages/django/core/management/__init__.py\", line 375, in execute",
" self.fetch_command(subcommand).run_from_argv(self.argv)",
" File \"/usr/lib/python3/dist-packages/django/core/management/base.py\", line 323, in run_from_argv",
" self.execute(*args, **cmd_options)",
" File \"/usr/lib/python3/dist-packages/django/core/management/base.py\", line 364, in execute",
" output = self.handle(*args, **options)",
" File \"/usr/lib/python3/dist-packages/django/core/management/base.py\", line 83, in wrapped",
" res = handle_func(*args, **kwargs)",
" File \"/usr/lib/python3/dist-packages/django/core/management/commands/migrate.py\", line 234, in handle",
" fake_initial=fake_initial,",
" File \"/usr/lib/python3/dist-packages/django/db/migrations/executor.py\", line 117, in migrate",
" state = self._migrate_all_forwards(state, plan, full_plan, fake=fake, fake_initial=fake_initial)",
" File \"/usr/lib/python3/dist-packages/django/db/migrations/executor.py\", line 147, in _migrate_all_forwards",
" state = self.apply_migration(state, migration, fake=fake, fake_initial=fake_initial)",
" File \"/usr/lib/python3/dist-packages/django/db/migrations/executor.py\", line 245, in apply_migration",
" state = migration.apply(state, schema_editor)",
" File \"/usr/lib/python3/dist-packages/django/db/migrations/migration.py\", line 124, in apply",
" operation.database_forwards(self.app_label, schema_editor, old_state, project_state)",
" File \"/usr/lib/python3/dist-packages/django/db/migrations/operations/special.py\", line 190, in database_forwards",
" self.code(from_state.apps, schema_editor)",
" File \"/usr/lib/python3/dist-packages/hyperkitty/migrations/0007_allauth_20160808_1604.py\", line 43, in migrate_social_users",
" \"\"\", (provider_old,))",
" File \"/usr/lib/python3/dist-packages/django/db/backends/utils.py\", line 67, in execute",
" return self._execute_with_wrappers(sql, params, many=False, executor=self._execute)",
" File \"/usr/lib/python3/dist-packages/django/db/backends/utils.py\", line 76, in _execute_with_wrappers",
" return executor(sql, params, many, context)",
" File \"/usr/lib/python3/dist-packages/django/db/backends/utils.py\", line 84, in _execute",
" return self.cursor.execute(sql, params)",
" File \"/usr/lib/python3/dist-packages/django/db/utils.py\", line 89, in __exit__",
" raise dj_exc_value.with_traceback(traceback) from exc_value",
" File \"/usr/lib/python3/dist-packages/django/db/backends/utils.py\", line 84, in _execute",
" return self.cursor.execute(sql, params)",
"django.db.utils.ProgrammingError: relation \"social_auth_usersocialauth\" does not exist",
"LINE 3: FROM social_auth_usersocialauth usa",
" ^"
],
"stdout_lines": [
"No changes detected",
"Operations to perform:",
" Apply all migrations: account, admin, auth, contenttypes, django_mailman3, django_q, hyperkitty, postorius, sessions, sites, socialaccount",
"Running migrations:",
" Applying contenttypes.0001_initial... OK",
" Applying auth.0001_initial... OK",
" Applying account.0001_initial... OK",
" Applying account.0002_email_max_length... OK",
" Applying admin.0001_initial... OK",
" Applying admin.0002_logentry_remove_auto_add... OK",
" Applying admin.0003_logentry_add_action_flag_choices... OK",
" Applying contenttypes.0002_remove_content_type_name... OK",
" Applying auth.0002_alter_permission_name_max_length... OK",
" Applying auth.0003_alter_user_email_max_length... OK",
" Applying auth.0004_alter_user_username_opts... OK",
" Applying auth.0005_alter_user_last_login_null... OK",
" Applying auth.0006_require_contenttypes_0002... OK",
" Applying auth.0007_alter_validators_add_error_messages... OK",
" Applying auth.0008_alter_user_username_max_length... OK",
" Applying auth.0009_alter_user_last_name_max_length... OK",
" Applying auth.0010_alter_group_name_max_length... OK",
" Applying auth.0011_update_proxy_permissions... OK",
" Applying sites.0001_initial... OK",
" Applying django_mailman3.0001_initial... OK",
" Applying django_mailman3.0002_maildomain... OK",
" Applying django_q.0001_initial... OK",
" Applying django_q.0002_auto_20150630_1624... OK",
" Applying django_q.0003_auto_20150708_1326... OK",
" Applying django_q.0004_auto_20150710_1043... OK",
" Applying django_q.0005_auto_20150718_1506... OK",
" Applying django_q.0006_auto_20150805_1817... OK",
" Applying django_q.0007_ormq... OK",
" Applying django_q.0008_auto_20160224_1026... OK",
" Applying django_q.0009_auto_20171009_0915... OK",
" Applying socialaccount.0001_initial... OK",
" Applying socialaccount.0002_token_max_lengths... OK",
" Applying socialaccount.0003_extra_data_default_dict... OK",
" Applying hyperkitty.0001_initial... OK",
" Applying hyperkitty.0002_auto_20150311_0913... OK",
" Applying hyperkitty.0003_thread_starting_email... OK",
" Applying hyperkitty.0004_archived_date_and_subject... OK",
" Applying hyperkitty.0005_MailingList_list_id... OK",
" Applying hyperkitty.0006_thread_on_delete... OK",
" Applying hyperkitty.0007_allauth_20160808_1604..."
]
```
4 years, 11 months
Basic settings for a discussion list
by paul@arenson.org
Over the last 20 hours I have been trying to figure out setup for list members to sign up. One person has kindly helped out, though I am still unsure of the difference between the several signups. That thread is here and I welcome more advice.
https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/…
But it occurs to me that my problem is that I have not actually configured my list. So this thread is for help on that. I have found a guide for general users here: http://docs.mailman3.org/en/latest/userguide.html
But I have only found a highly technical guide for administrators here:
https://docs.mailman3.org/projects/mailmanclient/en/latest/src/mailmanclien…
It is written for coders and I am looking for a guide similar to the one for users. It seems not to exist yet.
WHAT I WANT
Discussion only list. Ideally anyone who signs up via the various ways should be able to get the archives and post via email and the interface if they want. The list should be closed to others.
In the absence of any guide, all I can do is cross check with you guys and hope I am on the right track. I am non technical, although I managed a Mailman 2 list without difficulty.
1) FIRST ANOMALY
Under https://list.tokyoprogressive.org/postorius/accounts/subscriptions/
I see myself twice:
List Name Subscription Address Delivery Mode Role
discuss.list.tokyoprogressive.org paul(a)tokyoprogressive.org None member
discuss.list.tokyoprogressive.org paul(a)tokyoprogressive.org regular owner
Is this correct? I added My name in one field somewhere and this is the result. I even got a welcome message.
I think it is because I subscribed to my own list.If this was not necessary, what should I do?
Global based preferences are listed. Address and email based ones are not showing either enabled or disabled.
2) MANAGE LISTS
For myself I have done the following in my MAILING LIST SETTINGS
Subscribe to this list
My email and name
(Maybe that is why i am listed twice)
Now I see
3) Users
For now only me- I am listed as member and owner.
There will be no other moderators or owners
I have no idea what a non member is (if they register aren't they a member?)
4) Templates
This is showing nothing at this point. Before it was. I am not sure what i did to stop it from showing. Perhaps because I made it a private list?
5) Settings
a) List identity
I have it set for NOT SHOWING on the Index page because I will link to it from my news magazine website as a way to comment on articles. Is this ok? Other data will be filled in later. I think I am confusing this with private list. I also will have no other list.
b) AUTO RESPOND LIST OWNER-- I added a short note thanking people. Respond and Continue Processing
c) AUTO RESPOND POSTER--Your message has been been received. If you are a member, it should be posted soon. Respond and Continue Processing
d) AUTO RESPOND REQUESTS--No auto response
OTHER THINGS DEFAULT
e) URL WELCOME MESSAGE--NOT SURE. I want people to subscribe themselves but I also have 500 people from another list from DADA I will import. I want them automatically be able to post. Is it possible? If so, I hope to add them manually. DO I compose a text on my website and welcome them by adding the URL, or enter it in my list?
f) NOTIFY OF MEMBERSHIP CHANGES--Yes
g) ALTER MESSAGES ---I have left most things as they are. However, as this is a discussion list, I want replies ONLY to go to the list. I chose that.
h) DMARC --I have left as is
i) DIGEST--I have left as is
6) MASS OPERATIONS--I have left as is
7) BAN--left as is
8) MESSAGE ACCEPTANCE--I have left as is
9) HEADER FILTERS--left as is
10) ARCHIVES--Private Archives (Maybe this is why templates do not show???)
11) SUBSCRIPTION POLICY--MODERATE-- I intend to send them an email to confirm their reasons for subscribing to avoid spammers.
LAST THING. My Gravity does not work. I edited it online as per instructions but it does not appear.
That is all I can think of.
Thanks in advance.
paul
5 years, 2 months
Re: how to integrate subscription into static jekyll website
by Hagen Bauer
Since I am running mailman in a docker container I thought it may be an
approach to put https://github.com/dthree/mailit along.
This seems to be used by a good amount of people and would allow me to
have a rest api just for sending the mails to mailman.
I am not a javascript specialist but currently I do not see any security
risks.
Do I miss something?
Regards
Hagen
On 10/19/18 8:05 PM, Stephen J. Turnbull wrote:
> Hagen Bauer writes:
>
> > Has anybody tried to hide the direct api access behind a nginx reverse
> > proxy url?
>
> Sounds straightforward.
>
> I doubt anybody's done it, though, because you still face the problem
> that anybody with that access is a site manager, with unclear limits
> on their power outside of Mailman. (Shouldn't be much they can do
> outside of Mailman, but I wouldn't bet my host on it.) In many cases,
> the real site manager is also the host admin, so they have sufficient
> access to a shell account. There's no need for her to have a proxy;
> why make it available to people who are supposed to have less power?
>
> Note I'm *not* saying this *never* makes sense. I'm just saying that
> in a lot of cases it won't buy you very much because Mailman isn't set
> up to provide granular authorization of REST endpoints.
>
> > on the Webseite I would have a url like this
> >
> > mailmanserver.tld/subcsribe/user(a)mail.com
> >
> > And within the nginx proxy configuration on the server this would
> > translate to
> >
> > localhost:80xx/"mailman-restapi-with-credentials"user(a)mail.com
>
> First of all, the address to subscribe is a variable, so at a bare
> minimum your nice static site has to provide a form, which isn't very
> static. I guess you could put the URL to the nginx proxy as the
> action URL in the form, but then the proxy needs to deal with a
> form-encoded query string to translate to the appropriate REST
> endpoint.
>
> I suppose you could also have the user type the URL including the
> email address into the browser address bar, but Abhilash's idea of
> providing a mailto:subscribe@mailmanserver.tld URL seems more
> convenient. The mailto URL also solves the problem of confirming
> ownership of the mailbox, since that logic is built in to the
> subscribe-by-mail code.
>
> Second, if your proxy is configured very carefully, you might be able
> to restrict this to only the exact operations you want to expose, here
> subscription. However, although the email interface implements
> verification by providing a one-time token that must be read from the
> mailbox of the address (and so proves ownership of the mailbox), I
> don't think the REST API implements operations like that. IIRC that
> is implemented in Postorius. (Abhilash?) If my memory is correct,
> you would also need to implement that, and that's definitely not static.
>
> > So the public does not see the credentials. And if my nginx host
> > config is hacked I have a problem anyway.
>
> I can't speak for Abhilash, but what would worry me is not that nginx
> is already hacked, but rather that if not properly configured, it
> might be possible for someone to access REST endpoints you don't want
> exposed through this interface, and maybe even to other parts of the
> webserver. To give a simple example, consider a variant on the
> ancient Apache traversal bug:
>
> mailmanserver.tld/subscribe/../unsubscribe/user(a)mail.com
>
> Probably nginx and/or Mailman and/or your proposed proxy config are
> already capable of stopping this particular well-known attack, but
> undoubtedly there are more sophisticated attacks that I don't know
> about.
> _______________________________________________
> Mailman-users mailing list -- mailman-users(a)mailman3.org
> To unsubscribe send an email to mailman-users-leave(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>
6 years, 1 month
Re: Member Issue Discovered
by Brian Carpenter
On 10/20/20 11:19 PM, Mark Sapiro wrote:
> On 10/20/20 6:54 AM, Brian Carpenter wrote:
>> Respectively, I think you are asking the wrong question here. The real
>> question is why isn't a display_name being removed when a list
>> subscriber is unsubscribed.
>
> I'd like to understand the real requirement. It seems to me that this
> issue has come up because a list admin wanted to change the display name
> shown in the membership roster for a user. Since there is currently no
> UI to do this, the list admin tried to do it by unsubscribing and
> resubscribing the user. That didn't work which led to this
> "unsubscribing a user should remove the user's information" thread, but
> the real issue is the lack of a UI for changing display names. It seems
> if that UI existed and was available, the "unsubscribing a user should
> remove the user's information" issue would never have been raised.
There are two real requirements. One is to be able to do something as
easy as changing a name for a list member. I did a lot of testing with
the relationship between a name used for a subscription versus a name
used for registering via the U.I. (Postorius/Django) and it is very
confusing. I still am having a very difficult time understanding the
logic presented here for the way Mailman 3 handles user information.
The second requirement is ALL data should be removed if someone
unsubscribes from a list that is just a list member of a single list. I
feel very strongly about that. I don't really care for the reasoning
behind why the data is retained. I just think it should be removed for a
list member who has no need for an account that manages multiple email
address and is subscribed to multiple lists.
I host many single lists. So it is very important to me, and as an
advocate for my clients, I will state very clearly how important it is
to me (and my clients) regards of other user scenarios out there
(looking at you Mr. Turnbull). I care about my own.
> So perhaps what we should be talking about is UIs for changing user
> information, what they would look like and who should be able to change
> what.
That is a start and I thought I brought that up. We also need a separate
conversation on the retention of data apparently.
> Note that I personally am a member of many lists, an admin of multiple
> lists and a site admin for multiple mailman installations. I am well
> aware of the frustrations of list admins who wind up just doing it
> because it's way easier than instruction some users as to how to do it
> themselves. However, I don't think that is necessarily sufficient reason
> to hand over control of global, non-list specific user information to
> the admin of one particular list that the user happens to be a member of.
I never asked for global control for list owners. You have made that
almost a necessity with the multiple email address per user account
feature that you brought in. I don't think List owners should have
global control but server owners certainly do. But the rightful
avoidance of such control for List owners, I think has resulted in a
wrongful limiting of what they can do currently.
I so disagree with S. Turnbull's disparaging comments that I think we
ought to be designing for List owners primarily and not list
members/users when it comes to user interfaces. From what I see, it is
mostly server and list owners that are interacting with this
(mailman-user) list and not list members/users. In my experience, I
never hear from list members. Just list owners. Whatever issue list
owners have with their own list members are easily handled by them when
it comes to Mailman 2. Not so much with Mailman 3.
>
> Even in mailman 2.1, while a list admin could go to a user's options
> page for the list and change things, the "change globally" check boxes
> only worked for the user, not for the list admin.
>
--
Brian Carpenter
Harmonylists.com
Emwd.com
4 years, 1 month
Re: signup / registration error - permissions and cert chains
by David Newman
On Dec 31, 2021, at 03:43, Victoriano Giralt <victoriano(a)uma.es> wrote:
>
> El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
>> I'd like for regular (non-admin) list subscribers to be able to manage
>> their subscription preferences and view list archives.
>
> That's a good way to go :-)
>
> My response is more of a (very) old sysadmin and Django user (since 2008)
> hunch that a proper one based on code and documentation review, but I've been
> trying to contribute several times and always (super) Mark Sapiro beats me :-)
>
>> If I'm reading the error correctly, this is related to an inability to
>> verify the cert chain. The /etc/mailman3/settings.py file points to the
>> same cert and key files used by Nginx, Postfix, and Dovecot.
>
> You are right in your diagnose but not in your interpretation (see my comment
> below inside the traceback). It is certificate related, but not for server
> TLS, but for CLIENT authentication.
>
>
>> EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
>> EMAIL_HOST = 'localhost'
>> EMAIL_PORT = 25
>> EMAIL_HOST_USER = 'dnewman(a)networktest.com'
>> EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know'
>> EMAIL_USE_TLS = 'True'
>> EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt'
>> EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
>
> All these settings above are used for SENDING messages and, if I'm not
> mistaken, the SSL key and cert are used for authenticating the user sending
> the email. Actually, using TLS and SMTP Auth for localhost is a bit too much.
> I've been configuring SMTP servers since 1990 and my mail servers just accept
> mail form localhost, if they are broken into, the user and password have
> already been exposed :-)
>
>> But this might only be for email, not Postorius/Django.
>
> You are right (if I also am)
>
>> What additional configuration is needed to allow regular users to create
>> and manage their own accounts?
>
> I'd say that is more what is not needed (the SMTP TLS authentication)
>
> I'll remove the "noise". These are the tell tale lines:
>
>> "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt
>> p.py", line 67, in open
>> self.connection.starttls(keyfile=self.ssl_keyfile,
>> certfile=self.ssl_certfile)
>
> The SMTP Django backend is trying to connect to the mail server to send the
> Mailman account confirmation message and failing, probably because the user
> Django runs as cannot open the private key (which is a very sensible thing if
> that private key is the one used for the web facing TLS certificate, I can
> tell you how bad in private or search for my name, wasd, apache and VMS ;-))
>
> That certificate is not needed for sending email from Django, and, as I said,
> not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on
> port 25 is not even recommended practice.
Hi Victoriano,
Thanks for this. I could use some clarification on what specific changes you are suggesting. I *think* you are saying to remove the EMAIL_USE_TLS stuff and also move to another port (maybe 587), but I am not sure.
Also, the reason I added the TLS in the first place was that I was getting errors without it. And I am unclear why the cert / private key pair do not work for Django when they do work OK for Postfix, Nginx, and Dovecot.
Thanks for clarifying — and happy and safe 2022 to you as well!
dn
>
> Happy, healthy, safe and well ventilated New Year to all.
>
> --
> Victoriano Giralt Innovation Director
> Digital Transformation Vicerectorate University of Malaga
> +34952131415 SPAIN
> ==================================================================
> Note: signature.asc is the electronic signature of present message
> A: Yes.
>> Q: Are you sure ?
>>> A: Because it reverses the logical flow of conversation.
>>>> Q: Why is top posting annoying in email ?
>
>
>
> _______________________________________________
> Mailman-users mailing list -- mailman-users(a)mailman3.org
> To unsubscribe send an email to mailman-users-leave(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
2 years, 10 months