mailman3 not sending emails and archives not populating
by nyafum@yahoo.com
Hi Mark
Can you please help me resolve mailman3 issues? It was working well until recently and now no emails delivery to mailbox
The first issue, not receiving email from my list, it gets removed in postfix
/var/log/mailman3/smtp.log
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) handling connection
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'LHLO rush.ai.net'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'MAIL FROM:<kim(a)kim.net>'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) sender: kim(a)kim.net
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'RCPT TO:<shiftchange@ kim.net >'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) recip: shiftchange@ kim.net
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'DATA'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'QUIT'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) connection lost
May 06 22:08:46 2022 (6713) Connection lost during _handle_client()
/var/log/mail.log
May 6 22:30:57 rush postfix/qmgr[1554]: C0401140119: from=< kim(a)kim.net >, size=459278, nrcpt=1 (queue active)
May 6 22:30:57 rush postfix/smtpd[3872]: disconnect from ex13-3.ai.net[205.134.169.66] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
May 6 22:30:58 rush postfix/lmtp[3897]: C0401140119: to=< shiftchange(a)kim.net >, relay=127.0.0.1[127.0.0.1]:8024, delay=1.3, delays=0.8/0.01/0.01/0.5, dsn=2.0.0, status=sent (250 Ok)
May 6 22:30:58 rush postfix/qmgr[1554]: C0401140119: removed
I think the issue is with python3, below is my mailman.log
/var/log/mailman3/mailman.log
May 06 23:16:02 2022 (21149) in runner started.
May 06 23:17:18 2022 (21149) Uncaught runner exception: module 'time' has no attribute 'clock'
May 06 23:17:18 2022 (21149) Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/mailman/core/runner.py", line 173, in _one_iteration
self._process_one_file(msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/core/runner.py", line 266, in _process_one_file
keepqueued = self._dispose(mlist, msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/runners/incoming.py", line 79, in _dispose
process(mlist, msg, msgdata, start_chain)
File "/usr/lib/python3/dist-packages/mailman/core/chains.py", line 79, in process
link.function(mlist, msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/chains/hold.py", line 147, in _process
request_id = hold_message(mlist, msg, msgdata, SEMISPACE.join(reasons))
File "/usr/lib/python3/dist-packages/mailman/app/moderator.py", line 88, in hold_message
request_id = requestsdb.hold_request(
File "/usr/lib/python3/dist-packages/mailman/database/transaction.py", line 85, in wrapper
return function(args[0], config.db.store, *args[1:], **kws)
File "/usr/lib/python3/dist-packages/mailman/model/requests.py", line 100, in hold_request
token = getUtility(IPendings).add(pendable, timedelta(days=5000))
File "/usr/lib/python3/dist-packages/mailman/database/transaction.py", line 85, in wrapper
return function(args[0], config.db.store, *args[1:], **kws)
File "/usr/lib/python3/dist-packages/mailman/model/pending.py", line 91, in add
token = token_factory.new()
File "/usr/lib/python3/dist-packages/mailman/utilities/uid.py", line 79, in new
return self._next_unpredictable_id()
File "/usr/lib/python3/dist-packages/mailman/utilities/uid.py", line 155, in _next_unpredictable_id
x = random.random() + right_now % 1.0 + time.clock() % 1.0
AttributeError: module 'time' has no attribute 'clock'
May 06 23:17:18 2022 (21149) SHUNTING: 1651893438.227104+1458f689c5f8220ef4db9f18bf3999e312675cd9
The other issue that I need help with is my archives to populate in Postorius(hyperkitty).
Thanks in advance
Kim
3 years, 1 month
Re: converting bulk accept_these_nonmembers in migration from mailman 2 to 3
by Mark Sapiro
On 2/8/22 09:01, Lucio Chiappetti wrote:
Snipping to what I thing are the issues.
> What I found now (after the migration done by the administrators of the
> central seat) is that in mailman3:
>
> - accept_these_nonmembers is empty
> - there are 189 entries listed in Non-members (which look those
> formerly in accept_these_nonmembers)
And those non-members all have there moderation action set to Defer
which means their posts will be accepted but the additional checks such
as too big, etc. will still be applied.
> - hold_these_nonmembers was copied identical with the same regexp's
> as in mailman2
This is all expected. MM 3, unlike MM 2.1 has a concept of nonmembers
with moderation action, and this is intended to replace *_these_nonmembers.
The legacy *_these nonmembers attributes still exist to support regexps.
This is why the addresses were made nonmembers with the appropriate
moderation action, but the regexps were retained.
> - I have inspected a few of them and found that they have
> Administration options Moderation set to List default
I'm not sure what you are looking at here. Imported nonmembers should
all have moderation action set according to which *_these_nonmembers
they came from. Imported members should have their moderation action set
to Defer if they were unmoderated and if they were moderated, it should
be set based on the 2.1 list's member_moderation_action.
> - the effect of this apparently was that a post from some.guy(a)inaf.it
> (whose subscription address is guy(a)somewhere.inaf.it) was hold for
> moderation
>
> is this due to a loop with the regexp in hold_these_nonmembers ?
It is because all the legacy *_these_nonmember actions are applied
before nonmember moderation checks, so if an address matches a regex in
hold_these_nonmembers, the post will be held regardless of the
nonmember's moderation action. This may actually be a bug. I'll have to
think about that. I've filed
https://gitlab.com/mailman/mailman/-/issues/978 on this.
> the default action would be to let it pass
>
> Or should we set Administration options Moderation to Accept
> immediately ?
No. You can avoid this issue by adding the 189 nonmember addresses to
accept_these_nonmembers (as addresses, not regexps). Addresses still
work, and accept_these_nonmembers takes precedence over
hold_these_nonmembers just as in MM 2.1.
> - if so, how can we do it automatically for all 189 entries ?
> - or move back the 189 addresses to accept_these_nonmembers ?
Yes, move them back.
> - or for the future have persons posting with alternate addrresses
> accepted for the future WITH ONE CLICk ?
If they are nonmembers, you can accept the post and set moderation
action in one operation in Postorius, but the regexps in
hold_these_nonmembers will still take precedence.
> - AND LAST BUT NOT LEAST would the syntax @list1 in
> accept_these_nonmembers work in mailman3 ?
This is https://gitlab.com/mailman/mailman/-/issues/794 (still open)
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
3 years, 3 months
Re: moving list from mm3 -> mm3
by Jens Günther
Hey Stephen, thanks again for your reply! And also a late Happy New Year :-)
Am 04.01.24 um 15:20 schrieb Stephen J. Turnbull:
> > So my main question is now: does anybody know of a possibility with
> > this command to extract only writable attributes!?
>
> If you mean doing this so you can PUT all of those at once, I'm pretty
> sure it doesn't work that way. PUT creates or replaces a whole
> object. If there's an existing value with read-only attributes,
> that's not going to work. It may be possible to specify multiple
> values to PATCH, but that's beyond my knowledge.
Mh. I tried it this way:
- I curled the config
- tried to PUT it back into another list (didn't work b/c of read-only
attributes)
- I deleted all the attributes from the export
- then PUT this file and it worked
-> it only seems crazy to delete all the attributes myself, I would want
to curl and save only writable attributes :-)
> > Getting the config:
> > curl -u restadmin:restpass
> > localhost:8001/3.1/lists/listname.domain/config | jq > listname.domain
>
> Do you need to use curl (or anything other than Python 3) to do your
> work for some reason? Life is a lot easier if you use mailmanclient.
I don't need to use curl, no. This was just the only way I found till
right now to export and reimport the config of a list.
How would this work with mailmanclient? I'v never used it before and
didn't find a hop-in for the right usage right away. Could you point me
to the right direction or even write some sample-commands to get export
and import of a lists config? That would be awesome!
> > Just tried getting all the members:
> > curl -u restadmin:restpass
> > localhost:8001/3.1/lists/listname.domain/roster/member | jq >
> > listname.domain.members
> >
> > But putting them back seems to be a different thing:
> > curl -u restadmin:restpass -d @listname.domain.members -H "Content-Type:
> > application/json" -X PUT
> > localhost:8001/3.1/lists/listname.domain/roster/members
>
> Do you mean the difference between roster/member and roster/members?
> Not sure why the would be, would have to look at the source.
This was abviously my bad. It wasn't about members with s or not -> the
right one would always be without:
localhost:8001/3.1/lists/listname.domain/roster/member
-> I just tried to export and import members of a list via the API just
as I tried with the config. If you know of another way or how this could
work, I also would be really glad. (it works with "mailman members $list
> textfile" and reimport them via Postorius, I just tried it like that,
since on commandline it would be easier for a whole set of lists)
Thanks again and kind regards, Jens.
1 year, 4 months
Re: Can't post to my own list from HyperKitty
by Mark Sapiro
On 4/8/25 18:45, MegaBrutal via Mailman-users wrote:
>
> User-profile shows my GMail address as primary and my own-domain address as
> secondary. The third address is not present, because I actually wanted to
> get rid of it, and it seems I succeeded in that.
This is your Django user which has the two addresses associated with it.
> Mailman3/users shows me with the address I wanted to get rid of. If I click
> Manage, I see all 3 addresses, with (for some reason) only the GMail one
> being verified (strange because I'm sure I verified the other as well). And
> here's something interesting: it shows me as a member with my GMail address
> under subscriptions, but shows me with my megabrutal.com domain under
> ownerships.
These are your Mailman user and its addresses. They are not the same as
your Django user and its addresses. I don't think you can unlink an
address from your Mailman user in Postorius/HyperKitty. You can do that
in `mailman shell`.
```
$ mailman shell
Use commit() to commit changes.
Use abort() to discard changes since the last commit.
Exit with ctrl+D does an implicit commit() but exit() does not.
>>> um = getUtility(IUserManager)
>>> usr = um.get_user('user(a)example.com') # any of the three addresses
>>> usr.addresses
prints a list of the 3 addresses. These are indexed as 0, 1, 2
>>> usr.preferred_address
prints the preferred address. If this is the one you want to delete, do
>>> usr.preferred_address = usr.addresses[n] # n is the index of one
you want
>>> del usr.addresses[n] # n is the index of the address you don't want
>>> usr.addresses.remove(n) # n is the index of the address you don't want
>>> commit()
```
It may not be clear from the above, but the idea is that you are
deleting the address you don't want from usr.addresses, but before that
if the one you don't want is the preferred_address, you need to set the
preferred address to one of the others.
Also, `del usr.addresses[n]` deletes the address record, but it is still
in the addresses list, thus the `usr.addresses.remove(n)`.
This is untested, so before committing you may want to verify that
`usr.addresses` now lists just the two addresses you want
> This might be the cause? Maybe HyperKitty wants to use my owner identity,
> which is not subscribed? Btw, is the owner not automatically considered as
> someone who can post to the list, they also need to be subscribed?
An owner is not a list member and has no special posting privileges. If
only members are allowed to post, the owner address must also be a
member to be allowed to post.
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
1 month, 4 weeks
Hyperkitty
by Massimiliano Paragnani
I set up the mailman3 services and lists, and we can send mail to the
list successfully. However in the Archive section I couldn't see
anything.
My configuration: ubuntu, milman core 3.2.2, postresql, postorius 1.2.4, hyperkitty 1.3.2
This is my mailman conf result:
[antispam] header_checks:
[antispam] jump_chain: hold
[archiver.mail_archive] class: mailman.archiving.mailarchive.MailArchive
[archiver.mail_archive] clobber_date: maybe
[archiver.mail_archive] clobber_skew: 1d
[archiver.mail_archive] configuration: python:mailman.config.mail_archive
[archiver.mail_archive] enable: no
[archiver.mhonarc] class: mailman.archiving.mhonarc.MHonArc
[archiver.mhonarc] clobber_date: maybe
[archiver.mhonarc] clobber_skew: 1d
[archiver.mhonarc] configuration: python:mailman.config.mhonarc
[archiver.mhonarc] enable: no
[archiver.prototype] class: mailman.archiving.prototype.Prototype
[archiver.prototype] clobber_date: maybe
[archiver.prototype] clobber_skew: 1d
[archiver.prototype] configuration: changeme
[archiver.prototype] enable: no
[bounces] register_bounces_every: 15m
[database] class: mailman.database.postgresql.PostgreSQLDatabase
[database] debug: no
[database] url: postgres://mailman3:--------------@localhost/mailman3
[devmode] enabled: no
[devmode] recipient:
[devmode] testing: no
[devmode] wait: 60s
[digests] mime_digest_keep_headers:
Date From To Cc Subject Message-ID Keywords
In-Reply-To References Content-Type MIME-Version
Content-Transfer-Encoding Precedence Reply-To
Message List-Post
[digests] plain_digest_keep_headers:
Message Date From
Subject To Cc
Message-ID Keywords
Content-Type
[dmarc] cache_lifetime: 7d
[dmarc] org_domain_data_url: https://publicsuffix.org/list/public_suffix_list.dat
[dmarc] resolver_lifetime: 5s
[dmarc] resolver_timeout: 3s
[language.ar] charset: utf-8
[language.ar] description: Arabic
[language.ar] enabled: yes
[language.ast] charset: iso-8859-1
[language.ast] description: Asturian
[language.ast] enabled: yes
[language.ca] charset: utf-8
[language.ca] description: Catalan
[language.ca] enabled: yes
[language.cs] charset: iso-8859-2
[language.cs] description: Czech
[language.cs] enabled: yes
[language.da] charset: iso-8859-1
[language.da] description: Danish
[language.da] enabled: yes
[language.de] charset: utf-8
[language.de] description: German
[language.de] enabled: yes
[language.el] charset: iso-8859-7
[language.el] description: Greek
[language.el] enabled: yes
[language.es] charset: iso-8859-1
[language.es] description: Spanish
[language.es] enabled: yes
[language.et] charset: iso-8859-15
[language.et] description: Estonian
[language.et] enabled: yes
[language.eu] charset: iso-8859-15
[language.eu] description: Euskara
[language.eu] enabled: yes
[language.fi] charset: iso-8859-1
[language.fi] description: Finnish
[language.fi] enabled: yes
[language.fr] charset: iso-8859-1
[language.fr] description: French
[language.fr] enabled: yes
[language.gl] charset: utf-8
[language.gl] description: Galician
[language.gl] enabled: yes
[language.he] charset: utf-8
[language.he] description: Hebrew
[language.he] enabled: yes
[language.hr] charset: iso-8859-2
[language.hr] description: Croatian
[language.hr] enabled: yes
[language.hu] charset: iso-8859-2
[language.hu] description: Hungarian
[language.hu] enabled: yes
[language.ia] charset: iso-8859-15
[language.ia] description: Interlingua
[language.ia] enabled: yes
[language.it] charset: iso-8859-1
[language.it] description: Italian
[language.it] enabled: yes
[language.ja] charset: euc-jp
[language.ja] description: Japanese
[language.ja] enabled: yes
[language.ko] charset: euc-kr
[language.ko] description: Korean
[language.ko] enabled: yes
[language.lt] charset: iso-8859-13
[language.lt] description: Lithuanian
[language.lt] enabled: yes
[language.nl] charset: iso-8859-1
[language.nl] description: Dutch
[language.nl] enabled: yes
[language.no] charset: iso-8859-1
[language.no] description: Norwegian
[language.no] enabled: yes
[language.pl] charset: iso-8859-2
[language.pl] description: Polish
[language.pl] enabled: yes
[language.pt] charset: iso-8859-1
[language.pt] description: Protuguese
[language.pt] enabled: yes
[language.pt_BR] charset: iso-8859-1
[language.pt_BR] description: Protuguese (Brazil)
[language.pt_BR] enabled: yes
[language.ro] charset: iso-8859-2
[language.ro] description: Romanian
[language.ro] enabled: yes
[language.ru] charset: koi8-r
[language.ru] description: Russian
[language.ru] enabled: yes
[language.sk] charset: utf-8
[language.sk] description: Slovak
[language.sk] enabled: yes
[language.sl] charset: iso-8859-2
[language.sl] description: Slovenian
[language.sl] enabled: yes
[language.sr] charset: utf-8
[language.sr] description: Serbian
[language.sr] enabled: yes
[language.sv] charset: iso-8859-1
[language.sv] description: Swedish
[language.sv] enabled: yes
[language.tr] charset: iso-8859-9
[language.tr] description: Turkish
[language.tr] enabled: yes
[language.uk] charset: utf-8
[language.uk] description: Ukrainian
[language.uk] enabled: yes
[language.vi] charset: utf-8
[language.vi] description: Vietnamese
[language.vi] enabled: yes
[language.zh_CN] charset: utf-8
[language.zh_CN] description: Chinese
[language.zh_CN] enabled: yes
[language.zh_TW] charset: utf-8
[language.zh_TW] description: Chinese (Taiwan)
[language.zh_TW] enabled: yes
[logging.archiver] datefmt: %b %d %H:%M:%S %Y
[logging.archiver] format: %(asctime)s (%(process)d) %(message)s
[logging.archiver] level: info
[logging.archiver] path: mailman.log
[logging.archiver] propagate: no
[logging.bounce] datefmt: %b %d %H:%M:%S %Y
[logging.bounce] format: %(asctime)s (%(process)d) %(message)s
[logging.bounce] level: info
[logging.bounce] path: bounce.log
[logging.bounce] propagate: no
[logging.config] datefmt: %b %d %H:%M:%S %Y
[logging.config] format: %(asctime)s (%(process)d) %(message)s
[logging.config] level: info
[logging.config] path: mailman.log
[logging.config] propagate: no
[logging.database] datefmt: %b %d %H:%M:%S %Y
[logging.database] format: %(asctime)s (%(process)d) %(message)s
[logging.database] level: warn
[logging.database] path: mailman.log
[logging.database] propagate: no
[logging.debug] datefmt: %b %d %H:%M:%S %Y
[logging.debug] format: %(asctime)s (%(process)d) %(message)s
[logging.debug] level: info
[logging.debug] path: debug.log
[logging.debug] propagate: no
[logging.error] datefmt: %b %d %H:%M:%S %Y
[logging.error] format: %(asctime)s (%(process)d) %(message)s
[logging.error] level: info
[logging.error] path: mailman.log
[logging.error] propagate: no
[logging.fromusenet] datefmt: %b %d %H:%M:%S %Y
[logging.fromusenet] format: %(asctime)s (%(process)d) %(message)s
[logging.fromusenet] level: info
[logging.fromusenet] path: mailman.log
[logging.fromusenet] propagate: no
[logging.http] datefmt: %b %d %H:%M:%S %Y
[logging.http] format: %(asctime)s (%(process)d) %(message)s
[logging.http] level: info
[logging.http] path: mailman.log
[logging.http] propagate: no
[logging.locks] datefmt: %b %d %H:%M:%S %Y
[logging.locks] format: %(asctime)s (%(process)d) %(message)s
[logging.locks] level: info
[logging.locks] path: mailman.log
[logging.locks] propagate: no
[logging.mischief] datefmt: %b %d %H:%M:%S %Y
[logging.mischief] format: %(asctime)s (%(process)d) %(message)s
[logging.mischief] level: info
[logging.mischief] path: mailman.log
[logging.mischief] propagate: no
[logging.plugins] datefmt: %b %d %H:%M:%S %Y
[logging.plugins] format: %(asctime)s (%(process)d) %(message)s
[logging.plugins] level: info
[logging.plugins] path: plugins.log
[logging.plugins] propagate: no
[logging.root] datefmt: %b %d %H:%M:%S %Y
[logging.root] format: %(asctime)s (%(process)d) %(message)s
[logging.root] level: info
[logging.root] path: mailman.log
[logging.root] propagate: no
[logging.runner] datefmt: %b %d %H:%M:%S %Y
[logging.runner] format: %(asctime)s (%(process)d) %(message)s
[logging.runner] level: info
[logging.runner] path: mailman.log
[logging.runner] propagate: no
[logging.smtp] datefmt: %b %d %H:%M:%S %Y
[logging.smtp] every: $msgid smtp to $listname for $recip recips, completed in $time seconds
[logging.smtp] failure: $msgid delivery to $recip failed with code $smtpcode, $smtpmsg
[logging.smtp] format: %(asctime)s (%(process)d) %(message)s
[logging.smtp] level: info
[logging.smtp] path: smtp.log
[logging.smtp] propagate: no
[logging.smtp] refused: $msgid post to $listname from $sender, $size bytes, $refused failures
[logging.smtp] success: $msgid post to $listname from $sender, $size bytes
[logging.subscribe] datefmt: %b %d %H:%M:%S %Y
[logging.subscribe] format: %(asctime)s (%(process)d) %(message)s
[logging.subscribe] level: info
[logging.subscribe] path: mailman.log
[logging.subscribe] propagate: no
[logging.vette] datefmt: %b %d %H:%M:%S %Y
[logging.vette] format: %(asctime)s (%(process)d) %(message)s
[logging.vette] level: info
[logging.vette] path: mailman.log
[logging.vette] propagate: no
[mailman] cache_life: 7d
[mailman] default_language: en
[mailman] email_commands_max_lines: 10
[mailman] filtered_messages_are_preservable: no
[mailman] html_to_plain_text_command: /usr/bin/lynx -dump $filename
[mailman] layout: debian
[mailman] listname_chars: [-_.0-9a-z]
[mailman] noreply_address: noreply
[mailman] pending_request_life: 3d
[mailman] post_hook:
[mailman] pre_hook:
[mailman] sender_headers: from from_ reply-to sender
[mailman] site_owner: max.paragnani(a)gmail.com
[mta] configuration: python:mailman.config.postfix
[mta] delivery_retry_period: 5d
[mta] incoming: mailman.mta.postfix.LMTP
[mta] lmtp_host: 127.0.0.1
[mta] lmtp_port: 8024
[mta] max_autoresponses_per_day: 10
[mta] max_delivery_threads: 0
[mta] max_recipients: 500
[mta] max_sessions_per_connection: 0
[mta] outgoing: mailman.mta.deliver.deliver
[mta] remove_dkim_headers: no
[mta] smtp_host: localhost
[mta] smtp_pass:
[mta] smtp_port: 25
[mta] smtp_user:
[mta] verp_confirm_format: $address+$cookie
[mta] verp_confirm_regexp: ^(.*<)?(?P<addr>[^+]+?)\+(?P<cookie>[^@]+)@.*$
[mta] verp_confirmations: no
[mta] verp_delimiter: +
[mta] verp_delivery_interval: 0
[mta] verp_format: ${bounces}+${local}=${domain}
[mta] verp_personalized_deliveries: no
[mta] verp_probe_format: $bounces+$token@$domain
[mta] verp_probe_regexp: ^(?P<bounces>[^+]+?)\+(?P<token>[^@]+)@.*$
[mta] verp_probes: no
[mta] verp_regexp: ^(?P<bounces>[^+]+?)\+(?P<local>[^=]+)=(?P<domain>[^@]+)@.*$
[nntp] host:
[nntp] password:
[nntp] port:
[nntp] remove_headers:
nntp-posting-host nntp-posting-date x-trace
x-complaints-to xref date-received posted
posting-version relay-version received
[nntp] rewrite_duplicate_headers:
To X-Original-To
CC X-Original-CC
Content-Transfer-Encoding X-Original-Content-Transfer-Encoding
MIME-Version X-MIME-Version
[nntp] user:
[passwords] configuration: python:mailman.config.passlib
[passwords] password_length: 8
[plugin.master] class:
[plugin.master] component_package:
[plugin.master] configuration:
[plugin.master] enabled: no
[shell] banner: Welcome to the GNU Mailman shell
[shell] history_file:
[shell] prompt: >>>
[shell] use_ipython: no
[styles] default: legacy-default
[webservice] admin_pass: ---------------------------------
[webservice] admin_user: restadmin
[webservice] api_version: 3.1
[webservice] hostname: localhost
[webservice] port: 8001
[webservice] show_tracebacks: yes
[webservice] use_https: no
2 years, 4 months
Re: signup / registration error - permissions and cert chains
by Victoriano Giralt
El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
> I'd like for regular (non-admin) list subscribers to be able to manage
> their subscription preferences and view list archives.
That's a good way to go :-)
My response is more of a (very) old sysadmin and Django user (since 2008)
hunch that a proper one based on code and documentation review, but I've been
trying to contribute several times and always (super) Mark Sapiro beats me :-)
> If I'm reading the error correctly, this is related to an inability to
> verify the cert chain. The /etc/mailman3/settings.py file points to the
> same cert and key files used by Nginx, Postfix, and Dovecot.
You are right in your diagnose but not in your interpretation (see my comment
below inside the traceback). It is certificate related, but not for server
TLS, but for CLIENT authentication.
> EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
> EMAIL_HOST = 'localhost'
> EMAIL_PORT = 25
> EMAIL_HOST_USER = 'dnewman(a)networktest.com'
> EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know'
> EMAIL_USE_TLS = 'True'
> EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt'
> EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
All these settings above are used for SENDING messages and, if I'm not
mistaken, the SSL key and cert are used for authenticating the user sending
the email. Actually, using TLS and SMTP Auth for localhost is a bit too much.
I've been configuring SMTP servers since 1990 and my mail servers just accept
mail form localhost, if they are broken into, the user and password have
already been exposed :-)
> But this might only be for email, not Postorius/Django.
You are right (if I also am)
> What additional configuration is needed to allow regular users to create
> and manage their own accounts?
I'd say that is more what is not needed (the SMTP TLS authentication)
I'll remove the "noise". These are the tell tale lines:
> "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt
> p.py", line 67, in open
> self.connection.starttls(keyfile=self.ssl_keyfile,
> certfile=self.ssl_certfile)
The SMTP Django backend is trying to connect to the mail server to send the
Mailman account confirmation message and failing, probably because the user
Django runs as cannot open the private key (which is a very sensible thing if
that private key is the one used for the web facing TLS certificate, I can
tell you how bad in private or search for my name, wasd, apache and VMS ;-))
That certificate is not needed for sending email from Django, and, as I said,
not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on
port 25 is not even recommended practice.
Happy, healthy, safe and well ventilated New Year to all.
--
Victoriano Giralt Innovation Director
Digital Transformation Vicerectorate University of Malaga
+34952131415 SPAIN
==================================================================
Note: signature.asc is the electronic signature of present message
A: Yes.
> Q: Are you sure ?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email ?
3 years, 5 months
mailman3 on new Debian 12 installation, got ssl apache working on all URLs except /mailman3
by Philip Bondi
Hello to all:
Giant thank you to the community, Mark, Stephen, everyone. I have a lot of follow-up tasks in previous posts. Blazing forward on critical path flaws, first.
I require a Debian 12 VM that supports:
- Subversion
- Let's Encrypt and required challenges
- IMAP server
- mailman3
- DKIM server
I found this post helpful. https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/…
I think I've noticed that posters avoid less than sign and express as html.
I hacked it into this, which I tried to anonymize. My alias /static/ had to point to different location for my installation. I have ssl working for Subversion and my Let's Encrypt challenges. And 6 of those ProxyPass seem to work through ssl, except for /mailman3. That fails. Surfing to example.com/mailman3 gets.
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
DocumentRoot /var/www/html/example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAdmin pjbondi(a)systemdatabase.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/
ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
Alias /static/ /opt/mailman/web/static/
<Directory "/opt/mailman/web/static/">
Require all granted
</Directory>
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-Proto
<If "%{HTTPS} =~ /on/">
RequestHeader set X-Forwarded-Proto "https"
</If>
</IfModule>
<IfModule mod_proxy.c>
ProxyPreserveHost On
ProxyPass "/postorius" "http://127.0.0.1:8000/postorius"
ProxyPass "/hyperkitty" "http://127.0.0.1:8000/hyperkitty"
ProxyPass "/accounts" "http://127.0.0.1:8000/accounts"
ProxyPass "/admin" "http://127.0.0.1:8000/admin"
ProxyPass "/user-profile" "http://127.0.0.1:8000/user-profile"
ProxyPass "/mailman3" "http://127.0.0.1:8000/mailman3"
ProxyPass "/archives" "http://127.0.0.1:8000/archives"
# https://github.com/maxking/docker-mailman/issues/525
#ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassReverse / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassMatch "^/$" "http://127.0.0.1:8000/mailman3"
</IfModule>
</VirtualHost>
</IfModule>
I was noticing that there's no mailman3 sub-dir, here. I tried changing to http://127.0.0.1:8000/django-mailman3, but that didn't work.
(venv) mailman@shackleton12:~$ ls -alF /opt/mailman/web/static/
total 40
drwxr-xr-x 10 mailman mailman 4096 Mar 24 16:03 ./
drwxr-xr-x 4 root root 4096 Mar 24 16:01 ../
drwxr-xr-x 3 mailman mailman 4096 Mar 24 16:03 account/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 admin/
drwxr-xr-x 4 mailman mailman 4096 Mar 25 08:07 CACHE/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django_extensions/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django-mailman3/
drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 hyperkitty/
drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 postorius/
drwxr-xr-x 7 mailman mailman 4096 Mar 24 16:03 rest_framework/
Any ideas? What log file should I share? I've looked at apache and uwsgi logs, but I don't know what's relevant. I cannot seem to find an error in logs around mailman3 URL
2 months, 1 week
Re: config incoming email in my domain cpanel
by tlhackque
I think you're confused.
You already have mail.labbrands.com set up as the MX record for
labbrands.com. And it has an A record with the same address as your
webserver.
So if you're getting e-mail on that domain, there's another e-mail
server running on that IP address. You can't have 2 servers on port
25. In that case, as has been noted before, you'll need to setup a
relay in that server, not a firewall redirect. Depending on your MTA,
you would need to relay to your internal server. And make sure your
firewall setup allows your MTA to do this.
We can see it's EXIM:
telnet mail.labbrands.com 25
Trying 192.185.51.89...
Connected to mail.labbrands.com (192.185.51.89).
Escape character is '^]'.
help
220-gator4137.hostgator.com ESMTP Exim 4.87 #1 Thu, 03 Aug 2017 15:47:48
-0500
220-We do not authorize the use of this system to transport unsolicited,
220 and/or bulk e-mail.
214-Commands supported:
214 AUTH STARTTLS HELO EHLO MAIL RCPT DATA NOOP QUIT RSET HELP
quit
221 gator4137.hostgator.com closing connection
Connection closed by foreign host.
Or, consolidate all your e-mail to one server - which is a lot easier to
manage unless you have a really big operation. Postfix is probably the
right choice, but requires more setup.
Although Mailman3 configuration is not well documented (as you've
discovered), you may want to get help from someone with more general
network and mail experience. You're now into territory that is, as
Simon indicated, not Mailman-specific.
On 03-Aug-17 16:28, Rafael Mora wrote:
> El jue., 3 ago. 2017 a las 15:26, Mark Sapiro (<mark(a)msapiro.net>) escribió:
>
>> On 08/03/2017 01:22 PM, Rafael Mora wrote:
>>> El jue., 3 ago. 2017 a las 15:18, Mark Sapiro (<mark(a)msapiro.net>)
>> escribió:
>>>> You need to forward port 25 for SMTP mail delivery and if you want the
>>>> web UI (Postorius and HyperKitty) accessible from the outside, port 80
>>>> for http and/or port 443 for https
>>>> <
>>>>
>> https://www.iana.org/assignments/service-names-port-numbers/service-names-p…
>>>>> .
>>> I mean for incoming mail redirected from my hostgator hosting, because
>> when
>>> I suscribe an email address MM3 sends a confirmation email, so I have to
>>> reply to be suscribed to the list.
>>
>> As I said, for mail delivery you need to forward port 25 to the Mailman
>> server.
>>
> Ok so I'll redirect in my zentyal firewall the port 25 to my local centos7
> with postfix and MM3 with IP 192.168.1.42. Thanks Mark.
>
>
>>
>> --
>> Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
>> San Francisco Bay Area, California better use your sense - B. Dylan
>> _______________________________________________
>> Mailman-users mailing list
>> mailman-users(a)mailman3.org
>> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>>
--
This communication may not represent my employer's views,
if any, on the matters discussed.
7 years, 10 months
Re: admin/login/ cannot be accessed
by Abhilash Raj
On Wed, Dec 11, 2019, at 9:25 AM, jean-christophe manciot wrote:
> Ubuntu 20.04
> python3-django 2:2.2.6-1ubuntu1
> python3-django-hyperkitty 1.3.1 (built from sources)
> mailman3-full 3.2.2-1
Which version of Django are you using?
>
> Nginx server configuration:
> ```
> ...
> ########
> # Static
> ########
> location /favicon.ico
> {
> alias <mysite_dir>/static/hyperkitty/img/favicon.ico;
> }
> location /static/favicon.ico
> {
> alias <mysite_dir>/static/postorius/img/favicon.ico;
> }
> location /static/
> {
> alias <mysite_dir>/static/;
> }
>
> #######################
> # Upstream uwsgi server
> #######################
> location /
> {
> include /etc/nginx/uwsgi_params;
> uwsgi_pass 127.0.0.1:<uwsgi_server_port>;
> }
> ...
> ```
> where:
> - <mysite_dir> is a symlink to <django_dir>/static
> - <uwsgi_server_port> matches the one defined in ```/etc/mailman3/uwsgi.ini```:
> ```
> [uwsgi]
> # Port on which uwsgi will be listening.
> uwsgi-socket = 127.0.0.1:<uwsgi_server_port>
> ```
>
The config looks good to me in a quick glance.
> All 3 systemd services run fine:
> - mailman3
> - mailman3-web
> - qcluster
>
> I'm trying to login to the django administration pages.
> I get the django administration login page at:
> https://mysite/admin/login/
> Logging in with the admin credentials leads to:
> ```
> This site can’t be reached
> The webpage at https://mysite/admin/login/ might be temporarily down or
> it may have moved permanently to a new web address.
> ERR_HTTP2_PROTOCOL_ERROR
> ```
> This is very strange because it is the URL which I used to get the
> login page in the first place.
Looking at the error, it seems like something somewhere is re-directing to HTTP/2 or the request is based off of HTTP/2 and all the components in the stack don't support HTTP/2, leading to the error message.
I haven't played a lot with HTTP/2 yet so I am not sure which specific component in the stack could be incompatible here.
>
> If I launch a test web server at another port with:
> ```
> <django_dir># python3 manage.py runserver <mysite_ip_address>:8080
> Performing system checks...
>
> System check identified no issues (0 silenced).
> December 11, 2019 - 17:50:48
> Django version 2.2.6, using settings 'settings'
> Starting development server at http://<mysite_ip_address>:8080/
> Quit the server with CONTROL-C.
> ```
> and access it at ```http://<mysite_ip_address>:8080/admin/login/``` to
> login with the same credentials as before, I get through and all the
> django administration lines appear, although in a degraded layout:
> ```
> Site administration
> Accounts
> Email addresses Add Change
> Authentication and Authorization
> Groups Add Change
> Users Add Change
> Django Mailman 3
> Mail domains Add Change
> Profiles Add Change
> ...
> ```
> Any idea what could be happening here?
Degraded layout is due to missing static files since the development server that you spun off doesn't serve static files. So, that is okay.
> _______________________________________________
> Mailman-users mailing list -- mailman-users(a)mailman3.org
> To unsubscribe send an email to mailman-users-leave(a)mailman3.org
> https://lists.mailman3.org/mailman3/lists/mailman-users.mailman3.org/
>
--
thanks,
Abhilash Raj (maxking)
5 years, 5 months
Re: [Spam] Installation Help on Ubuntu 18
by Odhiambo Washington
On Sun, 26 Jul 2020 at 18:22, Mark Sapiro <mark(a)msapiro.net> wrote:
> On 7/26/20 12:37 AM, Stephen J. Turnbull wrote:
> >
> > That's not our guide, we don't support it, and at least I don't
> > recognize the author offhand, can't speak for the rest of the team.
>
>
> The author has been involved in a few threads on this list.
>
>
> > Now that our NO WARRANTY notice is out of the way, I will say that
> > guide is written in very good style, with great attention to detail
> > and appropriate warnings about delicate parts of the procedure. If
> > you end up succeeding with it, I'll add a link to it to our docs.
>
>
> It is currently linked from the first paragraph at
> <https://wiki.list.org/DOC/Mailman%203%20installation%20experience>.
>
I followed the steps outlined in the subject document and got mailman3
running.
However, what is missing in that document is the process of setting up a
webserver for accessing the MM3 UI.
I have spent two days trying to figure out that aspect and discovered a few
things (I could be wrong in what I think):
1. For one to use the uwsgi.ini that is dropped in /etc/mailman3/ by the
installation process, the uwsgi daemon must be installed:
*apt install uwsgi-core uwsgi*
2. The uwsgi.ini must be linked in the directory where the uwsgi daemon
looks for config files:
*cp /etc/mailman3/uwsgi.ini /etc/uwsgi/apps-available/uwsgi.ini*
*ln -s /etc/uwsgi/apps-available/uwsgi.ini
/etc/uwsgi/apps-enabled/uwsgi.ini*
3. The uwsgi daemon needs to be started
*systemctl start uwsgi*
root@lists:/etc/mailman3# ps ax | grep wsgi
5838 ? S 0:00 /usr/bin/uwsgi --ini
/usr/share/uwsgi/conf/default.ini --ini /etc/uwsgi/apps-enabled/uwsgi.ini
--daemonize /var/log/uwsgi/app/uwsgi.log
5841 ? Sl 0:00 /usr/bin/uwsgi --ini
/usr/share/uwsgi/conf/default.ini --ini /etc/uwsgi/apps-enabled/uwsgi.ini
--daemonize /var/log/uwsgi/app/uwsgi.log
5842 ? Sl 0:00 /usr/bin/uwsgi --ini
/usr/share/uwsgi/conf/default.ini --ini /etc/uwsgi/apps-enabled/uwsgi.ini
--daemonize /var/log/uwsgi/app/uwsgi.log
Now that uwsgi daemon is running, the last step would be to configure the
webserver to serve the MM3 pages.
The apache config snippet dropped by the mailman3 install process in
/etc/mailman3/apache.conf contains:
<BEGIN>
Alias /mailman3/favicon.ico
/var/lib/mailman3/web/static/postorius/img/favicon.ico
Alias /mailman3/static /var/lib/mailman3/web/static
<Directory "/var/lib/mailman3/web/static">
Require all granted
</Directory>
<IfModule mod_proxy_uwsgi.c>
ProxyPass /mailman3/favicon.ico !
ProxyPass /mailman3/static !
ProxyPass /mailman3
unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
</IfModule>
<END>
I added those to a virtualhost where I am running mailman2.x, but I
couldn't access any of the defined aliases:
https://lists.my.site/mailman3/static/ - gives "You don't have permission
to access this resource."
Apache says
AH01276: Cannot serve directory /var/lib/mailman3/web/static/: No matching
DirectoryIndex (index.html,index.cgi,index.pl,index.php,index.xhtml,index.htm)
found, and server-generated directory index forbidden by Options directive
I am stuck at that point ...
--
Best regards,
Odhiambo WASHINGTON,
Nairobi,KE
+254 7 3200 0004/+254 7 2274 3223
"Oh, the cruft.", grep ^[^#] :-)
4 years, 10 months