Re: Mails are not archived at all -- how to check if Hyperkitty is running or not?
by Stephen J. Turnbull
Franklin Weng writes:
> In Debian's setting, under /usr/share/mailman3-web/ are these files:
>
> manage.py
> settings_local.py -> /etc/mailman3/mailman-web.py
> settings_local.py.sample
> settings.py
> urls.py
> wsgi.py
That looks right. This is a typical Debian approach to preserving
local configuration automatically when Debian is upgraded.
> In the top of settings_locas.py there are comments saying that this
> file is to override default settings in
> /usr/share/mailman3-web/settings.py, so I suppose hyperkitty
> database should define here,
Yes.
> though it is different from /usr/share/mailman3-web/settings.py.
In Debian, you can't control the contents of that file. It may be
overwritten in any upgrade. That's why the settings_local.py approach
is used.
> In the settings_local.py, it defines sqliet3 and the file of 'NAME'
> /var/lib/mailman3/web/mailman3web.db exists and is a sqlite3 format file.
That's OK (until you need higher performance).
> But in settings.py (which is supposed to be overridden by setting_local.py)
> it defines using postgresql, which doesn't exist in my Debian system.
I assume it is overridden, unless Debian really messed up its
packaging. But it seem to be working for other users (at least, no
complaints I can recall).
> Is there any log I can trace the executing path?
You really don't want to do that.
> 14233 ? Ss 0:01 /usr/bin/uwsgi --plugin python3 --ini
> /etc/mailman3/uwsgi.ini
> 14236 ? Sl 0:00 /usr/bin/uwsgi --plugin python3 --ini
> /etc/mailman3/uwsgi.ini
I don't know much about uswgi, so I can't say whether multiple
processes with the same invocation is a problem. It's something to
keep in mind.
Recently uwsgi is problematic. There are multiple threads in the last
few weeks. Unfortunately, Mailman devs are mostly using Apache +
mod_swgi or gunicorn, so we can't be terribly helpful if there is a
problem with uwsgi. Apparently the Apache process with mod_swgi is
irrelevant.
> The /var/log/mailman3/web/mailman-web.log is at
> https://pastebin.com/U3jHR6JS
That log looks perfectly normal to me. Since the log looks normal,
you don't need to worry about uwsgi yet, but you should review the
threads in our archives.
The only thing that strikes me about the log is that there are no
accesses to ".../hyperkitty/api/...", which is how HyperKitty receives
messages to archive. Perhaps you simply didn't send any messages
during the period of the captured log, but if you did, it should be
there. Three questions:
1. Do you have HyperKitty configured as the Mailman archiver in Mailman?
2. In mailman.cfg do you have
[archiver.hyperkitty]
class: mailman_hyperkitty.Archiver
enable: yes
configuration: /path/to/here/mailman-hyperkitty.cfg
where the "configuration" value should give the full path to a
mailman-hyperkitty.cfg file?
3. Do your lists have archiving configured on in Postorius?
Steve
6 years, 2 months
Re: Mailman, etc. upgrade woes and persistent bugs
by Allan Hansen
Hi Stephen,
Thank you for your response.
I have let my users/moderators know how few resources are available for developing Mailman - that it’s not a system supported by hundreds of highly paid developers, testers, security experts, product managers, etc., and that the software is public-domain code. My own involvement in this is similar to yours.
A note to flush bounces to people upgrading may be a good idea. And yes, the disabled accounts were mostly on busy lists, but not all. I should also mention that a heck of a lot of them were sbcglobal.net users, which was interesting. AT&T apparently is not doing a good job for their clients (and they do have armies of staff who could). Maybe your users have better service providers than mine.
As for looking at subscription options, I have an authenticated (verified) Django account that I use for testing (non-owner but moderator). When I log in to that account (or as list owner with my usual account), the only field that is filled out in the ‘Subscription options’ dialog is the ‘Select Email’ pulldown menu. So yes, I think that there is an issue here.
I agree with you that to provide access to this information for people who don’t have verified Django accounts does not make sense. But those who have set up accounts should, and the moderators and owners definitely should. If not being able to see these settings is specific to my installation, I would appreciate getting it fixed. If needed I can provide screen shots to prove authentication and issue. Once a setting is modified, it becomes visible then and afterwards!
I thought about contacting you all at the time, but figured that I needed to get this done promptly (based on the reactions from my users/moderators, which were very prompt). :-)
Finally, about the ‘Change Address’ feature:
It’s really not complicated, Stephen, or rather, it should not be. People all the time move from one provider (like sbcglobal, hopefully) to another (like gmail). When they do, they generally want all instances of their old address strings everywhere necessary in Mailman/Postorius to be replaced with the new address, so they can use that instead. This is how the ‘Apply Globally’ address change worked in MM2 and that was more than good enough. If there are other use cases where they need to retain the old address for whatever reason, they would not use this feature, but add the new address to their account and then manage the old in some other way. Of the thousands of subscribers I have, maybe a handful are interested in maintaining more than one subscription address. All the rest simply use one address and when they get a new email address they want to use that instead for all their subscriptions everywhere and never see the old one again (other than in the archives, of course). Period. It’s really that simple in 99.9 % of the cases. Please don’t hold this up for the 0.1%.
Yours,
Allan
4 years, 11 months
mailman3 not sending emails and archives not populating
by nyafum@yahoo.com
Hi Mark
Can you please help me resolve mailman3 issues? It was working well until recently and now no emails delivery to mailbox
The first issue, not receiving email from my list, it gets removed in postfix
/var/log/mailman3/smtp.log
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) handling connection
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'LHLO rush.ai.net'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'MAIL FROM:<kim(a)kim.net>'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) sender: kim(a)kim.net
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'RCPT TO:<shiftchange@ kim.net >'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) recip: shiftchange@ kim.net
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'DATA'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) Data: b'QUIT'
May 06 22:08:46 2022 (6713) ('127.0.0.1', 50690) connection lost
May 06 22:08:46 2022 (6713) Connection lost during _handle_client()
/var/log/mail.log
May 6 22:30:57 rush postfix/qmgr[1554]: C0401140119: from=< kim(a)kim.net >, size=459278, nrcpt=1 (queue active)
May 6 22:30:57 rush postfix/smtpd[3872]: disconnect from ex13-3.ai.net[205.134.169.66] ehlo=2 starttls=1 mail=1 rcpt=1 bdat=1 quit=1 commands=7
May 6 22:30:58 rush postfix/lmtp[3897]: C0401140119: to=< shiftchange(a)kim.net >, relay=127.0.0.1[127.0.0.1]:8024, delay=1.3, delays=0.8/0.01/0.01/0.5, dsn=2.0.0, status=sent (250 Ok)
May 6 22:30:58 rush postfix/qmgr[1554]: C0401140119: removed
I think the issue is with python3, below is my mailman.log
/var/log/mailman3/mailman.log
May 06 23:16:02 2022 (21149) in runner started.
May 06 23:17:18 2022 (21149) Uncaught runner exception: module 'time' has no attribute 'clock'
May 06 23:17:18 2022 (21149) Traceback (most recent call last):
File "/usr/lib/python3/dist-packages/mailman/core/runner.py", line 173, in _one_iteration
self._process_one_file(msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/core/runner.py", line 266, in _process_one_file
keepqueued = self._dispose(mlist, msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/runners/incoming.py", line 79, in _dispose
process(mlist, msg, msgdata, start_chain)
File "/usr/lib/python3/dist-packages/mailman/core/chains.py", line 79, in process
link.function(mlist, msg, msgdata)
File "/usr/lib/python3/dist-packages/mailman/chains/hold.py", line 147, in _process
request_id = hold_message(mlist, msg, msgdata, SEMISPACE.join(reasons))
File "/usr/lib/python3/dist-packages/mailman/app/moderator.py", line 88, in hold_message
request_id = requestsdb.hold_request(
File "/usr/lib/python3/dist-packages/mailman/database/transaction.py", line 85, in wrapper
return function(args[0], config.db.store, *args[1:], **kws)
File "/usr/lib/python3/dist-packages/mailman/model/requests.py", line 100, in hold_request
token = getUtility(IPendings).add(pendable, timedelta(days=5000))
File "/usr/lib/python3/dist-packages/mailman/database/transaction.py", line 85, in wrapper
return function(args[0], config.db.store, *args[1:], **kws)
File "/usr/lib/python3/dist-packages/mailman/model/pending.py", line 91, in add
token = token_factory.new()
File "/usr/lib/python3/dist-packages/mailman/utilities/uid.py", line 79, in new
return self._next_unpredictable_id()
File "/usr/lib/python3/dist-packages/mailman/utilities/uid.py", line 155, in _next_unpredictable_id
x = random.random() + right_now % 1.0 + time.clock() % 1.0
AttributeError: module 'time' has no attribute 'clock'
May 06 23:17:18 2022 (21149) SHUNTING: 1651893438.227104+1458f689c5f8220ef4db9f18bf3999e312675cd9
The other issue that I need help with is my archives to populate in Postorius(hyperkitty).
Thanks in advance
Kim
3 years, 8 months
Re: converting bulk accept_these_nonmembers in migration from mailman 2 to 3
by Mark Sapiro
On 2/8/22 09:01, Lucio Chiappetti wrote:
Snipping to what I thing are the issues.
> What I found now (after the migration done by the administrators of the
> central seat) is that in mailman3:
>
> - accept_these_nonmembers is empty
> - there are 189 entries listed in Non-members (which look those
> formerly in accept_these_nonmembers)
And those non-members all have there moderation action set to Defer
which means their posts will be accepted but the additional checks such
as too big, etc. will still be applied.
> - hold_these_nonmembers was copied identical with the same regexp's
> as in mailman2
This is all expected. MM 3, unlike MM 2.1 has a concept of nonmembers
with moderation action, and this is intended to replace *_these_nonmembers.
The legacy *_these nonmembers attributes still exist to support regexps.
This is why the addresses were made nonmembers with the appropriate
moderation action, but the regexps were retained.
> - I have inspected a few of them and found that they have
> Administration options Moderation set to List default
I'm not sure what you are looking at here. Imported nonmembers should
all have moderation action set according to which *_these_nonmembers
they came from. Imported members should have their moderation action set
to Defer if they were unmoderated and if they were moderated, it should
be set based on the 2.1 list's member_moderation_action.
> - the effect of this apparently was that a post from some.guy(a)inaf.it
> (whose subscription address is guy(a)somewhere.inaf.it) was hold for
> moderation
>
> is this due to a loop with the regexp in hold_these_nonmembers ?
It is because all the legacy *_these_nonmember actions are applied
before nonmember moderation checks, so if an address matches a regex in
hold_these_nonmembers, the post will be held regardless of the
nonmember's moderation action. This may actually be a bug. I'll have to
think about that. I've filed
https://gitlab.com/mailman/mailman/-/issues/978 on this.
> the default action would be to let it pass
>
> Or should we set Administration options Moderation to Accept
> immediately ?
No. You can avoid this issue by adding the 189 nonmember addresses to
accept_these_nonmembers (as addresses, not regexps). Addresses still
work, and accept_these_nonmembers takes precedence over
hold_these_nonmembers just as in MM 2.1.
> - if so, how can we do it automatically for all 189 entries ?
> - or move back the 189 addresses to accept_these_nonmembers ?
Yes, move them back.
> - or for the future have persons posting with alternate addrresses
> accepted for the future WITH ONE CLICk ?
If they are nonmembers, you can accept the post and set moderation
action in one operation in Postorius, but the regexps in
hold_these_nonmembers will still take precedence.
> - AND LAST BUT NOT LEAST would the syntax @list1 in
> accept_these_nonmembers work in mailman3 ?
This is https://gitlab.com/mailman/mailman/-/issues/794 (still open)
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
3 years, 11 months
Re: moving list from mm3 -> mm3
by Jens Günther
Hey Stephen, thanks again for your reply! And also a late Happy New Year :-)
Am 04.01.24 um 15:20 schrieb Stephen J. Turnbull:
> > So my main question is now: does anybody know of a possibility with
> > this command to extract only writable attributes!?
>
> If you mean doing this so you can PUT all of those at once, I'm pretty
> sure it doesn't work that way. PUT creates or replaces a whole
> object. If there's an existing value with read-only attributes,
> that's not going to work. It may be possible to specify multiple
> values to PATCH, but that's beyond my knowledge.
Mh. I tried it this way:
- I curled the config
- tried to PUT it back into another list (didn't work b/c of read-only
attributes)
- I deleted all the attributes from the export
- then PUT this file and it worked
-> it only seems crazy to delete all the attributes myself, I would want
to curl and save only writable attributes :-)
> > Getting the config:
> > curl -u restadmin:restpass
> > localhost:8001/3.1/lists/listname.domain/config | jq > listname.domain
>
> Do you need to use curl (or anything other than Python 3) to do your
> work for some reason? Life is a lot easier if you use mailmanclient.
I don't need to use curl, no. This was just the only way I found till
right now to export and reimport the config of a list.
How would this work with mailmanclient? I'v never used it before and
didn't find a hop-in for the right usage right away. Could you point me
to the right direction or even write some sample-commands to get export
and import of a lists config? That would be awesome!
> > Just tried getting all the members:
> > curl -u restadmin:restpass
> > localhost:8001/3.1/lists/listname.domain/roster/member | jq >
> > listname.domain.members
> >
> > But putting them back seems to be a different thing:
> > curl -u restadmin:restpass -d @listname.domain.members -H "Content-Type:
> > application/json" -X PUT
> > localhost:8001/3.1/lists/listname.domain/roster/members
>
> Do you mean the difference between roster/member and roster/members?
> Not sure why the would be, would have to look at the source.
This was abviously my bad. It wasn't about members with s or not -> the
right one would always be without:
localhost:8001/3.1/lists/listname.domain/roster/member
-> I just tried to export and import members of a list via the API just
as I tried with the config. If you know of another way or how this could
work, I also would be really glad. (it works with "mailman members $list
> textfile" and reimport them via Postorius, I just tried it like that,
since on commandline it would be easier for a whole set of lists)
Thanks again and kind regards, Jens.
1 year, 11 months
Re: Can't post to my own list from HyperKitty
by Mark Sapiro
On 4/8/25 18:45, MegaBrutal via Mailman-users wrote:
>
> User-profile shows my GMail address as primary and my own-domain address as
> secondary. The third address is not present, because I actually wanted to
> get rid of it, and it seems I succeeded in that.
This is your Django user which has the two addresses associated with it.
> Mailman3/users shows me with the address I wanted to get rid of. If I click
> Manage, I see all 3 addresses, with (for some reason) only the GMail one
> being verified (strange because I'm sure I verified the other as well). And
> here's something interesting: it shows me as a member with my GMail address
> under subscriptions, but shows me with my megabrutal.com domain under
> ownerships.
These are your Mailman user and its addresses. They are not the same as
your Django user and its addresses. I don't think you can unlink an
address from your Mailman user in Postorius/HyperKitty. You can do that
in `mailman shell`.
```
$ mailman shell
Use commit() to commit changes.
Use abort() to discard changes since the last commit.
Exit with ctrl+D does an implicit commit() but exit() does not.
>>> um = getUtility(IUserManager)
>>> usr = um.get_user('user(a)example.com') # any of the three addresses
>>> usr.addresses
prints a list of the 3 addresses. These are indexed as 0, 1, 2
>>> usr.preferred_address
prints the preferred address. If this is the one you want to delete, do
>>> usr.preferred_address = usr.addresses[n] # n is the index of one
you want
>>> del usr.addresses[n] # n is the index of the address you don't want
>>> usr.addresses.remove(n) # n is the index of the address you don't want
>>> commit()
```
It may not be clear from the above, but the idea is that you are
deleting the address you don't want from usr.addresses, but before that
if the one you don't want is the preferred_address, you need to set the
preferred address to one of the others.
Also, `del usr.addresses[n]` deletes the address record, but it is still
in the addresses list, thus the `usr.addresses.remove(n)`.
This is untested, so before committing you may want to verify that
`usr.addresses` now lists just the two addresses you want
> This might be the cause? Maybe HyperKitty wants to use my owner identity,
> which is not subscribed? Btw, is the owner not automatically considered as
> someone who can post to the list, they also need to be subscribed?
An owner is not a list member and has no special posting privileges. If
only members are allowed to post, the owner address must also be a
member to be allowed to post.
--
Mark Sapiro <mark(a)msapiro.net> The highway is for gamblers,
San Francisco Bay Area, California better use your sense - B. Dylan
9 months
Hyperkitty
by Massimiliano Paragnani
I set up the mailman3 services and lists, and we can send mail to the
list successfully. However in the Archive section I couldn't see
anything.
My configuration: ubuntu, milman core 3.2.2, postresql, postorius 1.2.4, hyperkitty 1.3.2
This is my mailman conf result:
[antispam] header_checks:
[antispam] jump_chain: hold
[archiver.mail_archive] class: mailman.archiving.mailarchive.MailArchive
[archiver.mail_archive] clobber_date: maybe
[archiver.mail_archive] clobber_skew: 1d
[archiver.mail_archive] configuration: python:mailman.config.mail_archive
[archiver.mail_archive] enable: no
[archiver.mhonarc] class: mailman.archiving.mhonarc.MHonArc
[archiver.mhonarc] clobber_date: maybe
[archiver.mhonarc] clobber_skew: 1d
[archiver.mhonarc] configuration: python:mailman.config.mhonarc
[archiver.mhonarc] enable: no
[archiver.prototype] class: mailman.archiving.prototype.Prototype
[archiver.prototype] clobber_date: maybe
[archiver.prototype] clobber_skew: 1d
[archiver.prototype] configuration: changeme
[archiver.prototype] enable: no
[bounces] register_bounces_every: 15m
[database] class: mailman.database.postgresql.PostgreSQLDatabase
[database] debug: no
[database] url: postgres://mailman3:--------------@localhost/mailman3
[devmode] enabled: no
[devmode] recipient:
[devmode] testing: no
[devmode] wait: 60s
[digests] mime_digest_keep_headers:
Date From To Cc Subject Message-ID Keywords
In-Reply-To References Content-Type MIME-Version
Content-Transfer-Encoding Precedence Reply-To
Message List-Post
[digests] plain_digest_keep_headers:
Message Date From
Subject To Cc
Message-ID Keywords
Content-Type
[dmarc] cache_lifetime: 7d
[dmarc] org_domain_data_url: https://publicsuffix.org/list/public_suffix_list.dat
[dmarc] resolver_lifetime: 5s
[dmarc] resolver_timeout: 3s
[language.ar] charset: utf-8
[language.ar] description: Arabic
[language.ar] enabled: yes
[language.ast] charset: iso-8859-1
[language.ast] description: Asturian
[language.ast] enabled: yes
[language.ca] charset: utf-8
[language.ca] description: Catalan
[language.ca] enabled: yes
[language.cs] charset: iso-8859-2
[language.cs] description: Czech
[language.cs] enabled: yes
[language.da] charset: iso-8859-1
[language.da] description: Danish
[language.da] enabled: yes
[language.de] charset: utf-8
[language.de] description: German
[language.de] enabled: yes
[language.el] charset: iso-8859-7
[language.el] description: Greek
[language.el] enabled: yes
[language.es] charset: iso-8859-1
[language.es] description: Spanish
[language.es] enabled: yes
[language.et] charset: iso-8859-15
[language.et] description: Estonian
[language.et] enabled: yes
[language.eu] charset: iso-8859-15
[language.eu] description: Euskara
[language.eu] enabled: yes
[language.fi] charset: iso-8859-1
[language.fi] description: Finnish
[language.fi] enabled: yes
[language.fr] charset: iso-8859-1
[language.fr] description: French
[language.fr] enabled: yes
[language.gl] charset: utf-8
[language.gl] description: Galician
[language.gl] enabled: yes
[language.he] charset: utf-8
[language.he] description: Hebrew
[language.he] enabled: yes
[language.hr] charset: iso-8859-2
[language.hr] description: Croatian
[language.hr] enabled: yes
[language.hu] charset: iso-8859-2
[language.hu] description: Hungarian
[language.hu] enabled: yes
[language.ia] charset: iso-8859-15
[language.ia] description: Interlingua
[language.ia] enabled: yes
[language.it] charset: iso-8859-1
[language.it] description: Italian
[language.it] enabled: yes
[language.ja] charset: euc-jp
[language.ja] description: Japanese
[language.ja] enabled: yes
[language.ko] charset: euc-kr
[language.ko] description: Korean
[language.ko] enabled: yes
[language.lt] charset: iso-8859-13
[language.lt] description: Lithuanian
[language.lt] enabled: yes
[language.nl] charset: iso-8859-1
[language.nl] description: Dutch
[language.nl] enabled: yes
[language.no] charset: iso-8859-1
[language.no] description: Norwegian
[language.no] enabled: yes
[language.pl] charset: iso-8859-2
[language.pl] description: Polish
[language.pl] enabled: yes
[language.pt] charset: iso-8859-1
[language.pt] description: Protuguese
[language.pt] enabled: yes
[language.pt_BR] charset: iso-8859-1
[language.pt_BR] description: Protuguese (Brazil)
[language.pt_BR] enabled: yes
[language.ro] charset: iso-8859-2
[language.ro] description: Romanian
[language.ro] enabled: yes
[language.ru] charset: koi8-r
[language.ru] description: Russian
[language.ru] enabled: yes
[language.sk] charset: utf-8
[language.sk] description: Slovak
[language.sk] enabled: yes
[language.sl] charset: iso-8859-2
[language.sl] description: Slovenian
[language.sl] enabled: yes
[language.sr] charset: utf-8
[language.sr] description: Serbian
[language.sr] enabled: yes
[language.sv] charset: iso-8859-1
[language.sv] description: Swedish
[language.sv] enabled: yes
[language.tr] charset: iso-8859-9
[language.tr] description: Turkish
[language.tr] enabled: yes
[language.uk] charset: utf-8
[language.uk] description: Ukrainian
[language.uk] enabled: yes
[language.vi] charset: utf-8
[language.vi] description: Vietnamese
[language.vi] enabled: yes
[language.zh_CN] charset: utf-8
[language.zh_CN] description: Chinese
[language.zh_CN] enabled: yes
[language.zh_TW] charset: utf-8
[language.zh_TW] description: Chinese (Taiwan)
[language.zh_TW] enabled: yes
[logging.archiver] datefmt: %b %d %H:%M:%S %Y
[logging.archiver] format: %(asctime)s (%(process)d) %(message)s
[logging.archiver] level: info
[logging.archiver] path: mailman.log
[logging.archiver] propagate: no
[logging.bounce] datefmt: %b %d %H:%M:%S %Y
[logging.bounce] format: %(asctime)s (%(process)d) %(message)s
[logging.bounce] level: info
[logging.bounce] path: bounce.log
[logging.bounce] propagate: no
[logging.config] datefmt: %b %d %H:%M:%S %Y
[logging.config] format: %(asctime)s (%(process)d) %(message)s
[logging.config] level: info
[logging.config] path: mailman.log
[logging.config] propagate: no
[logging.database] datefmt: %b %d %H:%M:%S %Y
[logging.database] format: %(asctime)s (%(process)d) %(message)s
[logging.database] level: warn
[logging.database] path: mailman.log
[logging.database] propagate: no
[logging.debug] datefmt: %b %d %H:%M:%S %Y
[logging.debug] format: %(asctime)s (%(process)d) %(message)s
[logging.debug] level: info
[logging.debug] path: debug.log
[logging.debug] propagate: no
[logging.error] datefmt: %b %d %H:%M:%S %Y
[logging.error] format: %(asctime)s (%(process)d) %(message)s
[logging.error] level: info
[logging.error] path: mailman.log
[logging.error] propagate: no
[logging.fromusenet] datefmt: %b %d %H:%M:%S %Y
[logging.fromusenet] format: %(asctime)s (%(process)d) %(message)s
[logging.fromusenet] level: info
[logging.fromusenet] path: mailman.log
[logging.fromusenet] propagate: no
[logging.http] datefmt: %b %d %H:%M:%S %Y
[logging.http] format: %(asctime)s (%(process)d) %(message)s
[logging.http] level: info
[logging.http] path: mailman.log
[logging.http] propagate: no
[logging.locks] datefmt: %b %d %H:%M:%S %Y
[logging.locks] format: %(asctime)s (%(process)d) %(message)s
[logging.locks] level: info
[logging.locks] path: mailman.log
[logging.locks] propagate: no
[logging.mischief] datefmt: %b %d %H:%M:%S %Y
[logging.mischief] format: %(asctime)s (%(process)d) %(message)s
[logging.mischief] level: info
[logging.mischief] path: mailman.log
[logging.mischief] propagate: no
[logging.plugins] datefmt: %b %d %H:%M:%S %Y
[logging.plugins] format: %(asctime)s (%(process)d) %(message)s
[logging.plugins] level: info
[logging.plugins] path: plugins.log
[logging.plugins] propagate: no
[logging.root] datefmt: %b %d %H:%M:%S %Y
[logging.root] format: %(asctime)s (%(process)d) %(message)s
[logging.root] level: info
[logging.root] path: mailman.log
[logging.root] propagate: no
[logging.runner] datefmt: %b %d %H:%M:%S %Y
[logging.runner] format: %(asctime)s (%(process)d) %(message)s
[logging.runner] level: info
[logging.runner] path: mailman.log
[logging.runner] propagate: no
[logging.smtp] datefmt: %b %d %H:%M:%S %Y
[logging.smtp] every: $msgid smtp to $listname for $recip recips, completed in $time seconds
[logging.smtp] failure: $msgid delivery to $recip failed with code $smtpcode, $smtpmsg
[logging.smtp] format: %(asctime)s (%(process)d) %(message)s
[logging.smtp] level: info
[logging.smtp] path: smtp.log
[logging.smtp] propagate: no
[logging.smtp] refused: $msgid post to $listname from $sender, $size bytes, $refused failures
[logging.smtp] success: $msgid post to $listname from $sender, $size bytes
[logging.subscribe] datefmt: %b %d %H:%M:%S %Y
[logging.subscribe] format: %(asctime)s (%(process)d) %(message)s
[logging.subscribe] level: info
[logging.subscribe] path: mailman.log
[logging.subscribe] propagate: no
[logging.vette] datefmt: %b %d %H:%M:%S %Y
[logging.vette] format: %(asctime)s (%(process)d) %(message)s
[logging.vette] level: info
[logging.vette] path: mailman.log
[logging.vette] propagate: no
[mailman] cache_life: 7d
[mailman] default_language: en
[mailman] email_commands_max_lines: 10
[mailman] filtered_messages_are_preservable: no
[mailman] html_to_plain_text_command: /usr/bin/lynx -dump $filename
[mailman] layout: debian
[mailman] listname_chars: [-_.0-9a-z]
[mailman] noreply_address: noreply
[mailman] pending_request_life: 3d
[mailman] post_hook:
[mailman] pre_hook:
[mailman] sender_headers: from from_ reply-to sender
[mailman] site_owner: max.paragnani(a)gmail.com
[mta] configuration: python:mailman.config.postfix
[mta] delivery_retry_period: 5d
[mta] incoming: mailman.mta.postfix.LMTP
[mta] lmtp_host: 127.0.0.1
[mta] lmtp_port: 8024
[mta] max_autoresponses_per_day: 10
[mta] max_delivery_threads: 0
[mta] max_recipients: 500
[mta] max_sessions_per_connection: 0
[mta] outgoing: mailman.mta.deliver.deliver
[mta] remove_dkim_headers: no
[mta] smtp_host: localhost
[mta] smtp_pass:
[mta] smtp_port: 25
[mta] smtp_user:
[mta] verp_confirm_format: $address+$cookie
[mta] verp_confirm_regexp: ^(.*<)?(?P<addr>[^+]+?)\+(?P<cookie>[^@]+)@.*$
[mta] verp_confirmations: no
[mta] verp_delimiter: +
[mta] verp_delivery_interval: 0
[mta] verp_format: ${bounces}+${local}=${domain}
[mta] verp_personalized_deliveries: no
[mta] verp_probe_format: $bounces+$token@$domain
[mta] verp_probe_regexp: ^(?P<bounces>[^+]+?)\+(?P<token>[^@]+)@.*$
[mta] verp_probes: no
[mta] verp_regexp: ^(?P<bounces>[^+]+?)\+(?P<local>[^=]+)=(?P<domain>[^@]+)@.*$
[nntp] host:
[nntp] password:
[nntp] port:
[nntp] remove_headers:
nntp-posting-host nntp-posting-date x-trace
x-complaints-to xref date-received posted
posting-version relay-version received
[nntp] rewrite_duplicate_headers:
To X-Original-To
CC X-Original-CC
Content-Transfer-Encoding X-Original-Content-Transfer-Encoding
MIME-Version X-MIME-Version
[nntp] user:
[passwords] configuration: python:mailman.config.passlib
[passwords] password_length: 8
[plugin.master] class:
[plugin.master] component_package:
[plugin.master] configuration:
[plugin.master] enabled: no
[shell] banner: Welcome to the GNU Mailman shell
[shell] history_file:
[shell] prompt: >>>
[shell] use_ipython: no
[styles] default: legacy-default
[webservice] admin_pass: ---------------------------------
[webservice] admin_user: restadmin
[webservice] api_version: 3.1
[webservice] hostname: localhost
[webservice] port: 8001
[webservice] show_tracebacks: yes
[webservice] use_https: no
2 years, 11 months
Re: Reg Archive Inactive Status
by Nirmal J
If you don't mind can you please take remote access of my server through any desk or any other software and check it please.
-----Original Message-----
From: Nirmal <nirmal(a)iitm.ac.in>
To: Nirmal <nirmal(a)iitm.ac.in>
Cc: Stephen <steve(a)turnbull.jp>; mailman-users <mailman-users(a)mailman3.org>
Date: Friday, 26 September 2025 3:30 PM IST
Subject: Re: [MM3-users] Re: Reg Archive Inactive Status
DNS Report for that list1.iitm.ac.in is 10.24.5.52
-----Original Message-----
From: Nirmal <nirmal(a)iitm.ac.in>
To: Nirmal <nirmal(a)iitm.ac.in>
Cc: Stephen <steve(a)turnbull.jp>; mailman-users <mailman-users(a)mailman3.org>
Date: Friday, 26 September 2025 3:28 PM IST
Subject: Re: [MM3-users] Re: Reg Archive Inactive Status
Yes I have it. I am also sharing that also settings_local.py file
# This file is imported by the Mailman Suite. It is used to override
# the default settings from /usr/share/mailman3-web/settings.py.
# SECURITY WARNING: keep the secret key used in production secret!
SECRET_KEY = 'vWzgIJ1Hvjgy4yXJz7l71vpxX6+pJcBLMdv8mWNNAd0ajVr1'
ADMINS = (
('Mailman Suite Admin', 'nirmal(a)iitm.ac.in'),
)
# Hosts/domain names that are valid for this site; required if DEBUG is False
# See https://docs.djangoproject.com/en/1.8/ref/settings/#allowed-hosts
# Set to '*' per default in the Deian package to allow all hostnames. Mailman3
# is meant to run behind a webserver reverse proxy anyway.
ALLOWED_HOSTS = [
#"localhost", # Archiving API from Mailman, keep it.
# "lists.your-domain.org",
# Add here all production URLs you may have.
'*'
]
# Mailman API credentials
MAILMAN_REST_API_URL = 'http://localhost:8001'
MAILMAN_REST_API_USER = 'restadmin'
MAILMAN_REST_API_PASS = '/EqNGU+Mj8udFpw4ueIkhWXzAy3kJIy17wwzChrXb3P8Vh4e'
MAILMAN_ARCHIVER_KEY = 'n/ZZnR5bRgNdUEyNK4p731C1+gWJLw0/'
MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1', '10.24.5.52')
# Application definition
INSTALLED_APPS = (
'hyperkitty',
'postorius',
'django_mailman3',
# Uncomment the next line to enable the admin:
'django.contrib.admin',
# Uncomment the next line to enable admin documentation:
# 'django.contrib.admindocs',
'django.contrib.auth',
'django.contrib.contenttypes',
'django.contrib.sessions',
'django.contrib.sites',
'django.contrib.messages',
'django.contrib.staticfiles',
'rest_framework',
'django_gravatar',
'compressor', 'haystack',
'django_extensions',
'django_q',
'allauth',
'allauth.account',
'allauth.socialaccount',
'django_mailman3.lib.auth.fedora',
#'allauth.socialaccount.providers.openid',
#'allauth.socialaccount.providers.github',
#'allauth.socialaccount.providers.gitlab',
#'allauth.socialaccount.providers.google',
#'allauth.socialaccount.providers.facebook',
#'allauth.socialaccount.providers.twitter',
#'allauth.socialaccount.providers.stackexchange',
)
# Database
# https://docs.djangoproject.com/en/1.8/ref/settings/#databases
DATABASES = {
'default': {
# Use 'sqlite3', 'postgresql_psycopg2', 'mysql', 'sqlite3' or 'oracle'.
'ENGINE': 'django.db.backends.sqlite3',
#'ENGINE': 'django.db.backends.postgresql_psycopg2',
#'ENGINE': 'django.db.backends.mysql',
# DB name or path to database file if using sqlite3.
'NAME': '/var/lib/mailman3/web/mailman3web.db',
# The following settings are not used with sqlite3:
'USER': '',
'PASSWORD': '',
# HOST: empty for localhost through domain sockets or '127.0.0.1' for
# localhost through TCP.
'HOST': '',
# PORT: set to empty string for default.
'PORT': '',
# OPTIONS: Extra parameters to use when connecting to the database.
'OPTIONS': {
# Set sql_mode to 'STRICT_TRANS_TABLES' for MySQL. See
# https://docs.djangoproject.com/en/1.11/ref/ # databases/#setting-sql-mode
#'init_command': "SET sql_mode='STRICT_TRANS_TABLES'",
},
}
}
# If you're behind a proxy, use the X-Forwarded-Host header
# See https://docs.djangoproject.com/en/1.8/ref/settings/#use-x-forwarded-host
USE_X_FORWARDED_HOST = True
# And if your proxy does your SSL encoding for you, set SECURE_PROXY_SSL_HEADER
# https://docs.djangoproject.com/en/1.8/ref/settings/#secure-proxy-ssl-header
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_PROTO', 'https')
# SECURE_PROXY_SSL_HEADER = ('HTTP_X_FORWARDED_SCHEME', 'https')
# Other security settings
# SECURE_SSL_REDIRECT = True
# If you set SECURE_SSL_REDIRECT to True, make sure the SECURE_REDIRECT_EXEMPT
# contains at least this line:
# SECURE_REDIRECT_EXEMPT = [
# "archives/api/mailman/.*", # Request from Mailman.
# ]
# SESSION_COOKIE_SECURE = True
# SECURE_CONTENT_TYPE_NOSNIFF = True
# SECURE_BROWSER_XSS_FILTER = True
# CSRF_COOKIE_SECURE = True
# CSRF_COOKIE_HTTPONLY = True
# X_FRAME_OPTIONS = 'DENY'
# Internationalization
# https://docs.djangoproject.com/en/1.8/topics/i18n/ LANGUAGE_CODE = 'en-us'
TIME_ZONE = 'UTC'
USE_I18N = True
USE_L10N = True
USE_TZ = True
# Set default domain for email addresses.
EMAILNAME = 'list1.iitm.ac.in'
# If you enable internal authentication, this is the address that the emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#default-from-email
# DEFAULT_FROM_EMAIL = "mailing-lists(a)you-domain.org"
DEFAULT_FROM_EMAIL = 'postorius@{}'.format(EMAILNAME)
# If you enable email reporting for error messages, this is where those emails
# will appear to be coming from. Make sure you set a valid domain name,
# otherwise the emails may get rejected.
# https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
# SERVER_EMAIL = 'root(a)your-domain.org'
SERVER_EMAIL = 'root@{}'.format(EMAILNAME)
# Django Allauth
ACCOUNT_DEFAULT_HTTP_PROTOCOL = "https"
#
# Social auth
#
SOCIALACCOUNT_PROVIDERS = {
#'openid': {
# 'SERVERS': [
# dict(id='yahoo',
# name='Yahoo',
# openid_url='http://me.yahoo.com'),
# ],
#},
#'google': {
# 'SCOPE': ['profile', 'email'],
# 'AUTH_PARAMS': {'access_type': 'online'},
#}, #'facebook': {
# 'METHOD': 'oauth2',
# 'SCOPE': ['email'],
# 'FIELDS': [
# 'email',
# 'name',
# 'first_name',
# 'last_name',
# 'locale',
# 'timezone',
# ],
# 'VERSION': 'v2.4',
#},
}
# On a production setup, setting COMPRESS_OFFLINE to True will bring a
# significant performance improvement, as CSS files will not need to be
# recompiled on each requests. It means running an additional "compress"
# management command after each code upgrade.
# http://django-compressor.readthedocs.io/en/latest/usage/#offline-compression
COMPRESS_OFFLINE = True
POSTORIUS_TEMPLATE_BASE_URL = 'http://localhost/mailman3/'
SITE_ID = 2
import ldap
from django_auth_ldap.config import LDAPSearch # LDAP server URI
AUTH_LDAP_SERVER_URI = "ldap://127.0.0.1"
# Bind DN & password (service account from IITM LDAP admin)
AUTH_LDAP_BIND_DN = "cn=ldapreader,ou=Services,dc=iitm,dc=ac,dc=in"
AUTH_LDAP_BIND_PASSWORD = "642126"
# Where to search for users
AUTH_LDAP_USER_SEARCH = LDAPSearch(
"ou=People,dc=iitm,dc=ac,dc=in",
ldap.SCOPE_SUBTREE,
"(uid=%(user)s)"
)
# Map LDAP attributes to Django user fields
AUTH_LDAP_USER_ATTR_MAP = {
"first_name": "cn",
"last_name": "sn",
# "email": "mail" # optional if not present
}
# Authentication backends (LDAP first, fallback to Django DB)
AUTHENTICATION_BACKENDS = [
"django_auth_ldap.backend.LDAPBackend",
"django.contrib.auth.backends.ModelBackend",
]
import logging
logger = logging.getLogger('django_auth_ldap')
logger.setLevel(logging.DEBUG)
logger.addHandler(logging.StreamHandler())
-----Original Message-----
From: Nirmal <nirmal(a)iitm.ac.in>
To: Stephen <steve(a)turnbull.jp>
Cc: mailman-users <mailman-users(a)mailman3.org>
Date: Friday, 26 September 2025 3:27 PM IST
Subject: Re: [MM3-users] Re: Reg Archive Inactive Status
Yes I have it. I am also sharing that also settings_local.py
-----Original Message-----
From: Stephen <steve(a)turnbull.jp>
To: Nirmal <nirmal(a)iitm.ac.in>
Cc: mailman-users <mailman-users(a)mailman3.org>
Date: Friday, 26 September 2025 3:09 PM IST
Subject: [MM3-users] Re: Reg Archive Inactive Status
Nirmal J via Mailman-users writes:
> Hereby I am sharing the full settings.py file.
Are you sure this is the settings.py being used by your installation?
It appears to be the distribution file, unchanged.
> MAILMAN_ARCHIVER_FROM = ('127.0.0.1', '::1')# Application definition
If this is from the installed settings.py, it isn't going to work,
since you specified a routable domain (I think, although
"list1.iitm.ac.in" is not in the public DNS), which will have a
routable address, not localhost.
What IP does your DNS report for "list1.iitm.ac.in"?
> HOSTNAME = 'localhost.local'
That isn't what you told Mailman via hyperkitty.cfg. I'm not sure it
matters, but I think you should make sure all the config files agree
on the name of the host.
> # If you enable email reporting for error messages, this is where those emails
> # will appear to be coming from. Make sure you set a valid domain name,
> # otherwise the emails may get rejected.
> # https://docs.djangoproject.com/en/1.8/ref/settings/#std:setting-SERVER_EMAIL
> # SERVER_EMAIL = 'root(a)your-domain.org'
> SERVER_EMAIL = 'root@{}'.format(HOSTNAME)
This can be problematic, at least if you enable error messages by email.
> try:
> from settings_local import *
> except ImportError:
> pass
Do you have a "settings_local.py" file?
--
GNU Mailman consultant (installation, migration, customization)
Sirius Open Source https://www.siriusopensource.com/
Software systems consulting in Europe, North America, and Japan
3 months, 2 weeks
Re: signup / registration error - permissions and cert chains
by Victoriano Giralt
El viernes, 31 de diciembre de 2021 1:48:38 (CET) David Newman escribió:
> I'd like for regular (non-admin) list subscribers to be able to manage
> their subscription preferences and view list archives.
That's a good way to go :-)
My response is more of a (very) old sysadmin and Django user (since 2008)
hunch that a proper one based on code and documentation review, but I've been
trying to contribute several times and always (super) Mark Sapiro beats me :-)
> If I'm reading the error correctly, this is related to an inability to
> verify the cert chain. The /etc/mailman3/settings.py file points to the
> same cert and key files used by Nginx, Postfix, and Dovecot.
You are right in your diagnose but not in your interpretation (see my comment
below inside the traceback). It is certificate related, but not for server
TLS, but for CLIENT authentication.
> EMAIL_BACKEND = 'django.core.mail.backends.smtp.EmailBackend'
> EMAIL_HOST = 'localhost'
> EMAIL_PORT = 25
> EMAIL_HOST_USER = 'dnewman(a)networktest.com'
> EMAIL_HOST_PASSWORD = 'wouldnt-you-like-to-know'
> EMAIL_USE_TLS = 'True'
> EMAIL_SSL_CERTFILE = '/etc/ssl/certs/myhost.crt'
> EMAIL_SSL_KEYFILE = '/etc/ssl/private/myhost.key'
All these settings above are used for SENDING messages and, if I'm not
mistaken, the SSL key and cert are used for authenticating the user sending
the email. Actually, using TLS and SMTP Auth for localhost is a bit too much.
I've been configuring SMTP servers since 1990 and my mail servers just accept
mail form localhost, if they are broken into, the user and password have
already been exposed :-)
> But this might only be for email, not Postorius/Django.
You are right (if I also am)
> What additional configuration is needed to allow regular users to create
> and manage their own accounts?
I'd say that is more what is not needed (the SMTP TLS authentication)
I'll remove the "noise". These are the tell tale lines:
> "/opt/mailman/venv/lib/python3.9/site-packages/django/core/mail/backends/smt
> p.py", line 67, in open
> self.connection.starttls(keyfile=self.ssl_keyfile,
> certfile=self.ssl_certfile)
The SMTP Django backend is trying to connect to the mail server to send the
Mailman account confirmation message and failing, probably because the user
Django runs as cannot open the private key (which is a very sensible thing if
that private key is the one used for the web facing TLS certificate, I can
tell you how bad in private or search for my name, wasd, apache and VMS ;-))
That certificate is not needed for sending email from Django, and, as I said,
not even SMTP Auth for sending via localhost. Actually, doing SMTP Auth on
port 25 is not even recommended practice.
Happy, healthy, safe and well ventilated New Year to all.
--
Victoriano Giralt Innovation Director
Digital Transformation Vicerectorate University of Malaga
+34952131415 SPAIN
==================================================================
Note: signature.asc is the electronic signature of present message
A: Yes.
> Q: Are you sure ?
>> A: Because it reverses the logical flow of conversation.
>>> Q: Why is top posting annoying in email ?
4 years
mailman3 on new Debian 12 installation, got ssl apache working on all URLs except /mailman3
by Philip Bondi
Hello to all:
Giant thank you to the community, Mark, Stephen, everyone. I have a lot of follow-up tasks in previous posts. Blazing forward on critical path flaws, first.
I require a Debian 12 VM that supports:
- Subversion
- Let's Encrypt and required challenges
- IMAP server
- mailman3
- DKIM server
I found this post helpful. https://lists.mailman3.org/archives/list/mailman-users@mailman3.org/thread/…
I think I've noticed that posters avoid less than sign and express as html.
I hacked it into this, which I tried to anonymize. My alias /static/ had to point to different location for my installation. I have ssl working for Subversion and my Let's Encrypt challenges. And 6 of those ProxyPass seem to work through ssl, except for /mailman3. That fails. Surfing to example.com/mailman3 gets.
Service Unavailable
The server is temporarily unable to service your request due to maintenance downtime or capacity problems. Please try again later.
<IfModule mod_ssl.c>
<VirtualHost *:80>
ServerName example.com
Redirect permanent / https://example.com/
DocumentRoot /var/www/html/example.com/
</VirtualHost>
<VirtualHost *:443>
SSLEngine on
ServerAdmin pjbondi(a)systemdatabase.com
ServerName example.com
ServerAlias www.example.com
DocumentRoot /var/www/html/example.com/
ErrorLog ${APACHE_LOG_DIR}/example.com_error.log
CustomLog ${APACHE_LOG_DIR}/example.com_access.log combined
Include /etc/letsencrypt/options-ssl-apache.conf
SSLCertificateFile /etc/letsencrypt/live/example.com-0001/fullchain.pem
SSLCertificateKeyFile /etc/letsencrypt/live/example.com-0001/privkey.pem
Alias /static/ /opt/mailman/web/static/
<Directory "/opt/mailman/web/static/">
Require all granted
</Directory>
<IfModule mod_headers.c>
RequestHeader unset X-Forwarded-Proto
<If "%{HTTPS} =~ /on/">
RequestHeader set X-Forwarded-Proto "https"
</If>
</IfModule>
<IfModule mod_proxy.c>
ProxyPreserveHost On
ProxyPass "/postorius" "http://127.0.0.1:8000/postorius"
ProxyPass "/hyperkitty" "http://127.0.0.1:8000/hyperkitty"
ProxyPass "/accounts" "http://127.0.0.1:8000/accounts"
ProxyPass "/admin" "http://127.0.0.1:8000/admin"
ProxyPass "/user-profile" "http://127.0.0.1:8000/user-profile"
ProxyPass "/mailman3" "http://127.0.0.1:8000/mailman3"
ProxyPass "/archives" "http://127.0.0.1:8000/archives"
# https://github.com/maxking/docker-mailman/issues/525
#ProxyPass / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassReverse / unix:/run/mailman3-web/uwsgi.sock|uwsgi://localhost/
#ProxyPassMatch "^/$" "http://127.0.0.1:8000/mailman3"
</IfModule>
</VirtualHost>
</IfModule>
I was noticing that there's no mailman3 sub-dir, here. I tried changing to http://127.0.0.1:8000/django-mailman3, but that didn't work.
(venv) mailman@shackleton12:~$ ls -alF /opt/mailman/web/static/
total 40
drwxr-xr-x 10 mailman mailman 4096 Mar 24 16:03 ./
drwxr-xr-x 4 root root 4096 Mar 24 16:01 ../
drwxr-xr-x 3 mailman mailman 4096 Mar 24 16:03 account/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 admin/
drwxr-xr-x 4 mailman mailman 4096 Mar 25 08:07 CACHE/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django_extensions/
drwxr-xr-x 5 mailman mailman 4096 Mar 24 16:03 django-mailman3/
drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 hyperkitty/
drwxr-xr-x 6 mailman mailman 4096 Mar 24 16:03 postorius/
drwxr-xr-x 7 mailman mailman 4096 Mar 24 16:03 rest_framework/
Any ideas? What log file should I share? I've looked at apache and uwsgi logs, but I don't know what's relevant. I cannot seem to find an error in logs around mailman3 URL
9 months, 2 weeks