Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 10:15 PM -0800 2005-02-09, Chuq Von Rospach wrote: my position is simple (and unchanged): if it's not your project, don't make strategic decisions about it. it was barry's call. Barry and Toiko were working the issue and trying to get things ready. By having it prematurely disclosed to a wid

Re: [Mailman-Users] error importing archive

Michael P. Soulier wrote: > >I'm trying to import an mbox archive, but I'm getting a backtrace. > >Updating HTML for article 313 >Pickling archive state into /opt/mailman/archives/private/linux/pipermail.pck >Traceback (most recent call last): > File "./arch", line 187, in ? >main() > File ".

Re: [Mailman-Users] build problems

Michael P. Soulier wrote: > >I can't seem to get mailman 2.1.5 to build. > >Compiling /var/tmp/opt/mailman/Mailman/i18n.py ... >Compiling /var/tmp/opt/mailman/Mailman/mm_cfg.py ... >Compiling /var/tmp/opt/mailman/Mailman/versions.py ... >Traceback (most recent call last): > File "bin/update", line

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

However, I also take Chuq's point that all security announcements to this list, and all related mailman mailing lists hosted on python.org, should be made by Barry or one of the other core developers. Even if the information has been publicly released elsewhere, it is not appropriate to post

Re: [Mailman-Users] Mailman 2.1.5 bad pickle - getting there

Adam Steer wrote: > >...turns out we have just one badly-munged list. So, if anyone knows >how to clean up databases help would be welcome, otherwise, I'm just >retrieving the relevant list info and rebuilding it. Have you tried your config.pck.last? Is it munged too? -- Mark Sapiro <[EMAIL PROTE

[Mailman-Users] customising the HTML options a list manager sees.......

Hi, We have a situation here at the University that we wish to solve gracefully. We will eventually have around 11000 lists all running under mailman.(v2.1.5) The Australian Govt has in its infinite wisdom enabled the ANTI-SPAM compliabce act, which is both a good and a bad thing. To be complia

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 12:31 AM +0100 2005-02-10, Kai Schaetzl wrote: Either way, something like this should have been left to the project developers (i.e. barry) to disclose. Correct. But it's out and it's not Ron to blame, so I don't see a reason for slapping Ron for posting it finally to the list. There are tw

Re: [Mailman-Users] Mailman 2.1.5 bad pickle - getting there

Hi folks ...turns out we have just one badly-munged list. So, if anyone knows how to clean up databases help would be welcome, otherwise, I'm just retrieving the relevant list info and rebuilding it. /bin/check_db said: File "/usr/lib/mailman//Mailman/MailList.py", line 566, in __load d

Re: [Mailman-Users] Moderated approval via email

Pantejo, BarbaraFTL wrote: > >As the list admin/moderator, I received an email to approve a posting to a >particular mailing list, but the instructions on approving via a reply email >is confusing: > >"If you reply to this message and include an Approved: header with the list >passw

[Mailman-Users] error codes, checking mailman logs

I have extracted the following from various log files on my system, and am hoping someone can help me decipher them: Here's an error from /var/log/mailman/post: Feb 09 17:30:42 2005 (1735) post to 2ls from [EMAIL PROTECTED], size=1602, message-id=<[EMAIL PROTECTED]>, 1 failures other than w

Re: [Mailman-Users] Moderated approval via email

BarbaraFTL Pantejo wrote on Wed, 9 Feb 2005 12:07:48 -0500 : Is there a good reason for "Pantejo, BarbaraFTL" ??? > 2) Reply with the Subject line intact and place "Approved:{list password}" > as the first line of the reply message. > should work if your mail cli

Re: [Mailman-Users] SMTP_MAX_RCPT not working?

Kai Schaetzl wrote: > >Wow, that's what I call a quick answer :-) >The machine was rebooted on January 26 because of a kernel update, >mm_cfg.py was changed in December. Well, this response is not quite so fast, but ... Previously you wrote "So I set SMTP_MAX_RCPT = 5 in mm_cfg.py". I don't know

[Mailman-Users] Mailman 2.1.5 bad pickle - something awry here...

Hi folks - help required with a Mailman issue. If I look at either of the listinfo or admin 'list of lists' [http://mailman.site/mailman/listinfo/ or /admin/] I get a 'we've hit a bug response' Here's the traceback --- traceback (most recent call last): File "/usr/lib/mailman//scripts/driver",

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

Chuq Von Rospach wrote on Wed, 9 Feb 2005 12:47:34 -0800: > Either way, something like this should have been left to the project > developers (i.e. barry) to disclose. Correct. But it's out and it's not Ron to blame, so I don't see a reason for slapping Ron for posting it finally to the list.

[Mailman-Users] running arch

Hello again, I'm trying to import an archive, and make it end at a particular article using --end. ./arch --wipe --end=150 linux The help says this -e M --end=M End indexing at article M. This script is not very efficient with respect to memory management, and for larg

[Mailman-Users] error importing archive

Hey people, I'm trying to import an mbox archive, but I'm getting a backtrace. Updating HTML for article 313 Pickling archive state into /opt/mailman/archives/private/linux/pipermail.pck Traceback (most recent call last): File "./arch", line 187, in ? main() File "./arch", line 175, in m

[Mailman-Users] build problems

Hey people, I can't seem to get mailman 2.1.5 to build. Compiling /var/tmp/opt/mailman/Mailman/i18n.py ... Compiling /var/tmp/opt/mailman/Mailman/mm_cfg.py ... Compiling /var/tmp/opt/mailman/Mailman/versions.py ... Traceback (most recent call last): File "bin/update", line 46, in ? import

RE: [Mailman-Users] security heads up - path traversal with 2.1.5

Well, as long as the cat is out of the bag, here is some info that might be helpful to folks. I was told the security alert was made public this afternoon so not much is being compromised by helping folks address the issue given its new found visibility :-( Red Hat has patched all of its Mailman rp

Re: [Mailman-Users] Subject_prefix doesn't get added for posts from one domain - Solved

So here is the answer, The domain that I used to setup the mailman server used to be managed by the domain/server that was sending the problem posts. They still had this domain in the virtualdomain file for their qmail server. Now why the email was even getting out of their qmail server and actua

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

Hi, Ron Brogden wrote: Hey folks. I haven't see an official post here yet but as this has already gone out on at least one full-disclosure list I thought it worth mentioning since this will be an actively exploited 0 day: http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.ht

[Mailman-Users] Archives disk space: are .txt files needed?

I'm doing the admin of a Mailman server with 280+ lists and I'm fighting with archive sizes. Mailman is on a 5 gig partition, and 4 gigs of that is taken up by ~mailman/archives. In some cases the archives are big because the list gets dozens of posts a day. In other cases, people use them to sen

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

If Barry didn't know about it, disclosing it without his approval was wrong. if barry DID know, and hadn't done the disclosure himself, doing it without his approval was wrong, because Barry likely had a reason why he hadn't mentioned it yet. Either way, something like this should have been le

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 12:08 PM -0800 2005-02-09, Ron Brogden wrote: Hello Brad. I was under the impression that the Mailman team already knew about this issue which is why I didn't go through the above procedure. That's why I said "Generally speaking". I wasn't aware that Barry had suggested a fix, or that he w

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

On February 9, 2005 11:52, Brad Knowles wrote: > Generally speaking, notices of security issues should be dealt > with according to the instructions at > . Hello Brad. I was under the impression that the Mailman team already

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

At 11:19 AM -0800 2005-02-09, Ron Brogden wrote: Hey folks. I haven't see an official post here yet but as this has already gone out on at least one full-disclosure list I thought it worth mentioning since this will be an actively exploited 0 day: http://lists.netsys.com/pipermail/full-disclos

[Mailman-Users] Non-Profit Organization Needs Help With Mailman

`Polycystic Ovarian Syndrome Association. http://www.pcosupport.org (Englewood, CO, USA) === **Job Description**: Polycystic Ovarian Syndrome Association, a volunteer operated, non-profit organization, is seeking a a person to trouble

[Mailman-Users] security heads up - path traversal with 2.1.5

Hey folks. I haven't see an official post here yet but as this has already gone out on at least one full-disclosure list I thought it worth mentioning since this will be an actively exploited 0 day: http://lists.netsys.com/pipermail/full-disclosure/2005-February/031562.html Basically, there is

Re: [Mailman-Users] Auto Subscriptions to Mailman list

I don't have a script for this purpose only but what I have is a PHP program that manages all of the users on my system and when I select a user I see all of their information and a list of check boxes for all of the different lists that this user could be subscribed to. It could probably be m

Re: [Mailman-Users] Low level smtp error - connection refused

Meant to send to the whole list, in case anyone's interested... assign the port to SMTPPORT if it's not 25. I did that, and it seems to be working now. Thanks very much. I'm not sure if this would have changed your take on this or not, but I am able to telnet from the box to the ip and the domain

[Mailman-Users] Auto Subscriptions to Mailman list

Question, has anyone written a script to automate the subscription/unsubscription request for all mailman lists. Through some type of web form process or through an email client, that a certain individual could subscribe/unsubscribe a user to any of the mailman lists without being prompted or

[Mailman-Users] Moderated approval via email

As the list admin/moderator, I received an email to approve a posting to a particular mailing list, but the instructions on approving via a reply email is confusing: "If you reply to this message and include an Approved: header with the list password in it, the message will be approved for posti

Re: [Mailman-Users] SMTP_MAX_RCPT not working?

Mark Sapiro wrote on Wed, 9 Feb 2005 08:32:27 -0800: > Why do you think that? As a counterexample mine have been running > since Sept 26, 2004. Did you explicitly do a "mailmanctl restart"? > Wow, that's what I call a quick answer :-) The machine was rebooted on January 26 because of a kernel u

Re: [Mailman-Users] SMTP_MAX_RCPT not working?

Kai Schaetzl wrote: >So I set SMTP_MAX_RCPT = 5 in mm_cfg.py. However, I still see the same >problem which means that Mailman seems to not obey this setting. I changed >this several weeks ago and all Mailman runners have surely been restarted >since then. Why do you think that? As a counterex

[Mailman-Users] SMTP_MAX_RCPT not working?

We have set MaxRecipientsPerMessage=5 in sendmail.cf on our servers to counteract some spammers delivering for dozens of users. The side effect of this is that when sending via mailman to our own clients it takes quite a while because Mailman tries to send to more recipients with each envelope

Re: [Mailman-Users] emergency moderation (v 2.1.5)

David W Smith wrote: > >I've switched on emergency moderation for a few for our mailing lists >(using v 2.1.5 on a Debian Woody box) and thought I would receive email >notification of any postings held for moderation. But this has turned out >not to be the case. The following is the docstring f

Re: [Mailman-Users] Mailman + giant lists + the infinite weight of the cosmos

At 11:29 PM +0100 2005-02-08, Brad Knowles wrote: Mac OS X 10.3.7 seems to use Python 2.3 by default. The new db package sounds very promising. Will my Python pickles automatically use this new "db package" without requiring any work on my part? I'm not one hundred percent sure, but I wou

Re: [Mailman-Users] emergency moderation (v 2.1.5)

At 9:54 AM + 2005-02-09, David W Smith wrote: I've switched on emergency moderation for a few for our mailing lists (using v 2.1.5 on a Debian Woody box) and thought I would receive email notification of any postings held for moderation. But this has turned out not to be the case. You shou

[Mailman-Users] emergency moderation (v 2.1.5)

Hi, I've switched on emergency moderation for a few for our mailing lists (using v 2.1.5 on a Debian Woody box) and thought I would receive email notification of any postings held for moderation. But this has turned out not to be the case. Does anyone know if email notifications should be sent