[Mailman-Users] Re: Munge without CC or Reply-To

2021-03-17 Thread Diez 
El mar, 16-03-2021 a las 15:28 -0700, Mark Sapiro escribió:
> On 3/16/21 9:54 AM, Diez wrote:
> >
> > I'm trying to setup a list (I'm not the site admin), and I'd like
> > to
> > use Munge From setting, but I'd like not have Reply-To field or CC
> > field, but I suspect is not possible.
>
>
> One of the goals of Munge From is that for conformant MUAs (whatever
> that means because the RFC only suggests these behaviors), the
> behavior
> of reply and reply all should be consistent regardless of whether the
> From: is munged or not. That is why when the Form: is munged, the
> posters address is put in a Reply-To: or Cc: header.
>
> There is no setting other than anonymous list to not do this.
>
> > I was testing with anonymous_list, but the problem is that only a
> > certain member should send some kind of calls, but with
> > anonymous_list
> > anyone could send it.
>
>
> I do not understand. Moderation and moderation actions still apply to
> the poster even if the list is anonymous.

It would enough for me even I'll need a moderator. The initial idea was
get a list for an organization so members can't see email addresses of
the others and only one member (let's say the owner) was allowed to
send some contents, and preferably without the need for a moderator
(Law of least effort :-)).
With this scenario, any member could falsify a content corresponding to
the moderator and send it, all the headers would be the same, but
activating moderation we could detect these cases.

Thank you


>


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Munge without CC or Reply-To

2021-03-17 Thread Stephen J. Turnbull 
Diez writes:
 > The initial idea was
 > get a list for an organization so members can't see email addresses of
 > the others

This is what anonymous list does.

 > and only one member (let's say the owner) was allowed to send some
 > contents,

This is what Privacy Options | Sender Filters is for.  They are
independent of each other.  I think that setting

default_member_moderation: Yes

and if there are permitted posters who are not members of the list:

accept_these_nonmembers: 

and in Membership Management | Membership List, set Mod to true for
everyone (there's an Additional Member Task for this at the bottom of
the page), then unset Mod for the allowed posters (if they are
members).

 > and preferably without the need for a moderator (Law of
 > least effort :-)).

For this, in Privacy Options | Sender Filters set

member_moderation_action: reject (or discard, if members won't bug you
about posts they're not supposed to make that "disappear")

 > With this scenario, any member could falsify a content
 > corresponding to the moderator and send it,

There's no difference between a regular list and an anonymous list;
they'll get caught either way.  If you're worried about technically
sophisticated rascals, we can help you make sending fake mails to the
list much harder for them, but as I say, there's no difference in this
between regular lists and anonymous lists -- it's the way the mail
system works.

Steve
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Bader, Robert (Bob) 
I need to migrate my instance of mailman to a new server. Centos6 is going out 
of support, so I need to migrate to a centos7 server.
I have been searching  the lists and looked at https://wiki.list.org/x/4030682 
but still have some questions.

I am basically handed a new server that has Mailman & Apache  installed.

For moving over mailman it looks like I can just:


  *   Have incoming mail held Our mail is scanned before it gets to the 
server, so I can have the mail held while I perform the migration.
  *   Stop mailman service on new server
  *   Copy (or rsync) /var/lib/mailman/ to new server this will cover …/data & 
…/archives & …/lists
  *   chown -R root:mailman  For /var/lib/mailman/ **Current server has 
this owner & group ,one example  I saw had nobody:mailman , not sure if that 
makes difference?
  *   chmod -R a+rx,g+ws /var/lib/mailman/
  *   Copy (or rsync)  /etc/mailman/mm_cfg.py  to new server
  *   run /usr/lib/mailman/bin/mmsitepass on new server  * To setup new 
site password on the new server
  *   Have the DNS & MX records to point to the new server IP.  I need 
to give the server a new IP but can keep the same domain name.
  *   Startup mailman
  *   Test initial access
  *   Release incoming mail
  *   Test again
  *   Get a coffee or work on resume depending on how it goes 😊
Questions:

  *   Am I missing anything?
  *   Also old server is version 2.1.12 and new version is version 2.1.15. will 
that be an issue?


Side notes:

** I have tried this process to a test server and it looks good, except of 
course that the test server has a different DNS name and can’t send/receive 
mail. and when I connect to it I do not see any of my lists. I assume this 
because I am not accessing the test server via the same domain name as the old 
server... BUT I used the firefox add in LiveHosts (Switch your host/IP mappings 
in real time without editing your hosts file). So when I hit the IP of the test 
server it sends the domain of the old mailman server, so I actually see my 
lists and archives to verify email lists and archives copied over….. Pretty 
snazzy *














--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] is there a short instruction guide available?

2021-03-17 Thread Jeffrey Westgate 
We are trying to determine the best methods of taking a long-working mailman 
list server, with 43 active lists, and 'moving' it behind an F5.

We're not sure how mailman would handle inbound email from the F5... as part of 
our issue is we'd like to maintain the same URL for the frontend as we have 
now

Thanks for any assistance on this.

[ a big part of the reason is we have automated certificate replacement, versus 
now only being able to get a 1yr cert; annual manual replacement is more time 
consuming than we care for it to be.]

--
Jeff


--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: is there a short instruction guide available?

2021-03-17 Thread Carl Zwanzig 

On 3/17/2021 9:04 AM, Jeffrey Westgate wrote:

We are trying to determine the best methods of taking a long-working
mailman list server, with 43 active lists, and 'moving' it behind an F5.
Unless I'm dreadfully mistaken, the f5 should be transparent to the traffic 
if the rules are set correctly. (Been a long time since I dealt with one.) 
You may have to add some DNS names for the moved server and will have some 
downtime while testing.


z!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Carl Zwanzig 

On 3/17/2021 8:32 AM, Bader, Robert (Bob) wrote:


I am basically handed a new server that has Mailman & Apache  installed.

Danger are those current software?


   *   Am I missing anything?

Yes...


   *   Also old server is version 2.1.12 and new version is version 2.1.15. 
will that be an issue?
Yes, upgrade to the current mailman, 2.1.15 is _ancient_. Heck, isn't centos 
7 considered ancient at this point?


IMHO it's almost always better to install mailman from source than from an 
old package.



A couple of other things-
test the new MTA before trying with mailman
do all the copies before setting permissions

z!
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Munge without CC or Reply-To

2021-03-17 Thread Mark Sapiro 
On 3/17/21 5:49 AM, Diez wrote:
> 
> With this scenario, any member could falsify a content corresponding to
> the moderator and send it, all the headers would be the same, but
> activating moderation we could detect these cases.


See the "How to restrict the list so only authorized persons can post:"
section and the "more secure alternative" method in the "How to post to
the announcement list:"section at .

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Mark Sapiro 
On 3/17/21 8:32 AM, Bader, Robert (Bob) wrote:
> 
> For moving over mailman it looks like I can just:
> 
> 
>   *   Have incoming mail held Our mail is scanned before it gets to the 
> server, so I can have the mail held while I perform the migration.
>   *   Stop mailman service on new server
>   *   Copy (or rsync) /var/lib/mailman/ to new server this will cover …/data 
> & …/archives & …/lists
>   *   chown -R root:mailman  For /var/lib/mailman/ **Current server has 
> this owner & group ,one example  I saw had nobody:mailman , not sure if that 
> makes difference?

Only group is significant. Owner doesn't matter and is usually the user
that did the installation or the Mailman user or the web server user
depending on what created the file.


>   *   chmod -R a+rx,g+ws /var/lib/mailman/

It would be better for this and the above to use the -a option on the
rsync and copy and just run Mailman's bin/check_perms after. Your chmod
will not set g+r which is required (if missing). it will also set g+s on
files as well as directories. the only files that should be g+s are the
wrappers in cgi-bin and mail/mailman although in RHEL/CENTOS, these are
in /usr/lib/mailman, not /var/lib/mailman/.


>   *   Copy (or rsync)  /etc/mailman/mm_cfg.py  to new server
>   *   run /usr/lib/mailman/bin/mmsitepass on new server  * To setup new 
> site password on the new server
>   *   Have the DNS & MX records to point to the new server IP.  I 
> need to give the server a new IP but can keep the same domain name.
>   *   Startup mailman
>   *   Test initial access
>   *   Release incoming mail
>   *   Test again
>   *   Get a coffee or work on resume depending on how it goes 😊
> Questions:
> 
>   *   Am I missing anything?
>   *   Also old server is version 2.1.12 and new version is version 2.1.15. 
> will that be an issue?

No, moving data from 2.1.12 to 2.1.15 is not an issue, but as Carl says,
Installing a newer version from source on the new server might be
preferable. See  for info on upgrading
the CentOS 2.1.15 installation from source. I would recommend going to
2.1.34 or the head of the
 branch


> 
> Side notes:
> 
> ** I have tried this process to a test server and it looks good, except 
> of course that the test server has a different DNS name and can’t 
> send/receive mail. and when I connect to it I do not see any of my lists. I 
> assume this because I am not accessing the test server via the same domain 
> name as the old server... BUT I used the firefox add in LiveHosts (Switch 
> your host/IP mappings in real time without editing your hosts file). So when 
> I hit the IP of the test server it sends the domain of the old mailman 
> server, so I actually see my lists and archives to verify email lists and 
> archives copied over….. Pretty snazzy *


If you set VIRTUAL_HOST_OVERVIEW = Off in mm_cfg.py, mailman will show
all lists regardless of domain.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Bader, Robert (Bob) 
Thanks for the info,

So in working with our server team that latest package for centos7 is 2.1.15, 
However we are  finding out that Rhel back ports for security fixes 
(https://access.redhat.com/security/updates/backporting/)
So I am running 2.1.15 with the security patch’s up to and in 2.1.34???  this 
is very interesting and confusion to determine what version you are on.  They 
reason we are doing via packages, is so we can have automated systems that keep 
systems security patched/updated. If were just always install the 
latest/greatest versions of software, then we could encounter other issues.  I 
don’t think we would hit that with mailman though.

Mailman 2.1.34 is the latest correct, is it still being developed? I thought it 
was done and no longer being developed and patched but looking for that stated 
somewhere.

Also I agree, centos7 is ancient BUT it still has support where centos6 
support/patching is ending. There was talk I believe about going to centos8 but 
there are compatibility issues so centos7 was chosen.
I don’t get to choose the server OS…. I just run the mailman.



--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Mark Sapiro 
On 3/17/21 12:12 PM, Bader, Robert (Bob) wrote:
> 
> Mailman 2.1.34 is the latest correct, is it still being developed? I thought 
> it was done and no longer being developed and patched but looking for that 
> stated somewhere.

See, e.g., the release announcement for Mailman 2.1.34 at

which says in part


As noted Mailman 2.1.30 was the last feature release of the Mailman 2.1
branch from the GNU Mailman project. There has been some discussion as
to what this means. It means there will be no more releases from the GNU
Mailman project containing any new features. There may be future patch
releases to address the following:

   i18n updates.
   security issues.
   bugs affecting operation for which no satisfactory workaround exists.

Mailman 2.1.34 is the fourth such patch release.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Barry S. Finkel 

On 3/17/2021 2:12 PM, Bader, Robert (Bob) wrote:

Thanks for the info,

So in working with our server team that latest package for centos7 is 2.1.15, 
However we are  finding out that Rhel back ports for security fixes 
(https://access.redhat.com/security/updates/backporting/)
So I am running 2.1.15 with the security patch’s up to and in 2.1.34???  this 
is very interesting and confusion to determine what version you are on.  They 
reason we are doing via packages, is so we can have automated systems that keep 
systems security patched/updated. If were just always install the 
latest/greatest versions of software, then we could encounter other issues.  I 
don’t think we would hit that with mailman though.

Mailman 2.1.34 is the latest correct, is it still being developed? I thought it 
was done and no longer being developed and patched but looking for that stated 
somewhere.

Also I agree, centos7 is ancient BUT it still has support where centos6 
support/patching is ending. There was talk I believe about going to centos8 but 
there are compatibility issues so centos7 was chosen.
I don’t get to choose the server OS…. I just run the mailman.



When I was administering Mailman on Ubuntu, I decided that I had to use
the Mailman source.  I looked at the Ubuntu patches, and most were
undocumented.  And one removed a library that, on occasion, was
required.  And I had no confidence that the Ubuntu Mailman support
team would know as much as the people on this list, and, at the time,
Ubuntu was not giving their patches back to the Mailman development
team.  So I spent some time and built a package from the Mailman
source.  It took me some time, as I was not really familiar with
packages.  But once I got a package built, and it ran fine, I then had
the instructions for building a package from subsequent new source
distributions.

I do not know about Centos Mailman, but if Centos has taken 2.1.15 and
retrofitted subsequent security patches, then the 2.1.15 version would
not have all of the non-security (DMARC et alia) enhancements.

--Barry Finkel
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
   https://mail.python.org/archives/list/mailman-users@python.org/

[Mailman-Users] Re: Migration to new server questions after having done research & testing ahead of time.

2021-03-17 Thread Mark Sapiro 
On 3/17/21 1:09 PM, Barry S. Finkel wrote:
> 
> When I was administering Mailman on Ubuntu, I decided that I had to use
> the Mailman source.  I looked at the Ubuntu patches, and most were
> undocumented.  And one removed a library that, on occasion, was
> required.  And I had no confidence that the Ubuntu Mailman support
> team would know as much as the people on this list, and, at the time,
> Ubuntu was not giving their patches back to the Mailman development
> team.

Actually, Ubuntu has almost no involvement in this. Their Mailman
packages come straight from Debian.


> I do not know about Centos Mailman, but if Centos has taken 2.1.15 and
> retrofitted subsequent security patches, then the 2.1.15 version would
> not have all of the non-security (DMARC et alia) enhancements.

I'm not certain, but I think the RHEL/CentOS Mailman 2.1.15 has the
DMARC mitigations retrofitted.

However, I do agree with Barry F that installing Mailman (2.1.or 3) from
the GNU Mailman project releases is the way to go. I understand the
motivations for using packages (most things on the servers I admin are
installed as packages) and if you are comfortable with what the package
provides and willing to get your support from the packager, then the
package is a viable option. Otherwise, maybe not.

-- 
Mark Sapiro The highway is for gamblers,
San Francisco Bay Area, Californiabetter use your sense - B. Dylan
--
Mailman-Users mailing list -- mailman-users@python.org
To unsubscribe send an email to mailman-users-le...@python.org
https://mail.python.org/mailman3/lists/mailman-users.python.org/
Mailman FAQ: http://wiki.list.org/x/AgA3
Security Policy: http://wiki.list.org/x/QIA9
Searchable Archives: https://www.mail-archive.com/mailman-users@python.org/
https://mail.python.org/archives/list/mailman-users@python.org/