FAQ
Finally got some time set aside to upgrade to mailman 2.1 on my Red Hat
7.3 system.
After upgrading Python to 2.2.2 (which was very smooth) and copying
/home/mailman to /usr/local/mailman, the upgrade was bumpy. Four
mailing lists caused python tracebacks during "make install" - had to
chmod 0 the directories to proceed. I can manually recreate these 4
lists, if I can get that far. I did have to set the with-gid to apache.

But the 2.1 system has a cookie problem when subscribing users through
the web admin interface. Every mouse click generates a warning about
needing cookies enabled and insisting that I enter the password. Once I
do, it goes to the next screen but doesn't do any work.

I've tried two browsers to make sure it wasn't the client. Both
browsers work fine with the old mailman, which I've backed out to.

My web servers is Apache (nee RH 7.3) and the client is a Red Hat 8.0
system running Mozilla and Galeon as the browsers.

Are there any known cookie issues (the FAQ is silent on the subject) or
suggested fixes or workarounds?

Thanks,

Mary Ann

Search Discussions

  • Angel Gabriel at Jan 20, 2003 at 4:56 pm
    I was nosing around the SpamCop website, because I was trying to report some
    b*stard that keeps spamming my main address, adn I found the following
    paragraphs

    ***
    In order to avoid spamming, mailing lists must implement a secure opt-in
    procedure. Many so-called "opt-in" lists are nothing of the sort. Beware
    anyone who wants to sell you lists. You will be disappointed.

    I cannot stress strongly enough the need for secure opt-in. Many web-sites
    now feature "click-through" confirmation, or checkboxes which must be
    unchecked. However the initial sign up is accomplished, whether on a web
    site, or by email - the final confirmation phase must include a random code
    which is emailed to the intended recipient. If that code is not returned by
    the user, you must not add the address to your list. If you do not follow
    this procedure, you will inevitably spam somebody, whether or not that is
    your intent.

    If you implement this type of secure opt-in, and one of your subscribers has
    still reported your mailing as spam, please gather all the data on the
    incident and report it.
    If you do not have a working opt-in process, you should clean your list by
    reconfirming all subscribers using a secure opt-in procedure as described
    above. The most important part of this confirmation is that if a subscriber
    takes no action, then that subscriber is de-listed.
    ***

    The bit that intrested me, was the final part, how can I reconfirm all my
    subscribers??
  • Dan Wilder at Jan 20, 2003 at 5:47 pm

    On Mon, Jan 20, 2003 at 04:56:58PM -0000, Angel Gabriel wrote:
    I was nosing around the SpamCop website, because I was trying to report some
    b*stard that keeps spamming my main address, adn I found the following
    paragraphs

    ***
    In order to avoid spamming, mailing lists must implement a secure opt-in
    procedure. Many so-called "opt-in" lists are nothing of the sort. Beware
    anyone who wants to sell you lists. You will be disappointed.

    I cannot stress strongly enough the need for secure opt-in. Many web-sites
    now feature "click-through" confirmation, or checkboxes which must be
    unchecked. However the initial sign up is accomplished, whether on a web
    site, or by email - the final confirmation phase must include a random code
    which is emailed to the intended recipient. If that code is not returned by
    the user, you must not add the address to your list. If you do not follow
    this procedure, you will inevitably spam somebody, whether or not that is
    your intent.

    If you implement this type of secure opt-in, and one of your subscribers has
    still reported your mailing as spam, please gather all the data on the
    incident and report it.
    If you do not have a working opt-in process, you should clean your list by
    reconfirming all subscribers using a secure opt-in procedure as described
    above. The most important part of this confirmation is that if a subscriber
    takes no action, then that subscriber is de-listed.
    ***

    The bit that intrested me, was the final part, how can I reconfirm all my
    subscribers??
    Send email to each list advising that you'll unsubscribe everybody on
    xx day and they'll need to re-subscribe. Set up a procmail front-end
    on each list that saves copies of all list-request mail.

    Or ignore Julian Haight and his SpamCop site. He's trying to set himself
    up as legislature, judge, jury, and executioner all rolled into one.
    Nobody's benevolent and fair enough be allowed to do that. Let him get
    his kicks by purchasing an old police car and driving around town in blue
    khakis wearing dime-store tin badge, instead.

    If spam is troubling you, consider installing SpamAssassin (but
    configure it not to use SpamCop's lists). SpamAssassin does pretty
    well all by itself by just looking for patterns, and it calls on
    several blacklist services in addition. Actively maintained,
    it is doing a pretty good job here at screening out spam from
    several very actively-spammed mailboxes: 8:1 incoming
    spam to substance ratio in two of them. Better, it gets very few
    false positives.

    http://spamassassin.org

    SpamAssassin uses Vipul's Razor, a blacklisting service also known as
    SpamNet. Individual spams are quickly cataloged and a cryptographic
    hash of the body of the spam propogated to numerous Razor servers.
    Your incoming mail is checked by SpamAssassin against known hashes,
    and scored as possible spam on a match. If other factors also
    suggest it is spam, SpamAssassin will add a header which can
    then be filtered on.

    http://razor.sourceforge.net

    Duplicate incoming mail can be detected and sidelined using a
    filter I recently published in this forum. I'm testing an updated
    version whose database doesn't grow without limit. If you're getting
    a lot of the same spam, you can eliminate all but the first copy
    with this filter, and eliminate those annoying multiple CCs of other
    mail, too.

    Procmail is your friend with respect to all this. Everybody here
    uses a procmail recipe to sort incoming mail, calling filters as
    desired, sidelining mail from particular senders or sites. The
    manpage is a bit formidable but once you get the hang of it,
    procmail recipes are quite easy to write and maintain.

    There's some interesting work going on with Bayesian filters. These
    score spam based on word frequencies. I've tried a couple, but so
    far found the results much inferior to those of SpamAssasssin.

    --
    -----------------------------------------------------------------
    Dan Wilder <dan at ssc.com> Technical Manager
    SSC, Inc. P.O. Box 55549 Phone: 206-782-8808
    Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
    -----------------------------------------------------------------
  • David Gibbs at Jan 20, 2003 at 6:04 pm
    "Angel Gabriel" <badmangabriel at lycos.co.uk> wrote in message
    news:NHBBLHLGKLGFMDNCJJENOEOFCAAA.badmangabriel at lycos.co.uk...
    The bit that intrested me, was the final part, how can I reconfirm all my
    subscribers??
    Simply sending the monthly password reminder should be sufficient.

    david
  • Dan Wilder at Jan 20, 2003 at 6:28 pm

    On Mon, Jan 20, 2003 at 12:04:16PM -0600, David Gibbs wrote:
    "Angel Gabriel" <badmangabriel at lycos.co.uk> wrote in message
    news:NHBBLHLGKLGFMDNCJJENOEOFCAAA.badmangabriel at lycos.co.uk...
    The bit that intrested me, was the final part, how can I reconfirm all my
    subscribers??
    Simply sending the monthly password reminder should be sufficient.
    Which confirms that the recipient email address exists. It does
    not confirm that each subscriber wanted to be on your list.

    I believe the latter is what the website Angel mentions urges, and
    would require of all of us, had they means to do so.

    --
    -----------------------------------------------------------------
    Dan Wilder <dan at ssc.com> Technical Manager
    SSC, Inc. P.O. Box 55549 Phone: 206-782-8808
    Seattle, WA 98155-0549 URL http://www.linuxjournal.com/
    -----------------------------------------------------------------
  • David Gibbs at Jan 20, 2003 at 7:17 pm
    "Dan Wilder" <dan at ssc.com> wrote in message
    news:20030120102827.A27822 at ssc.com...
    Simply sending the monthly password reminder should be sufficient.
    Which confirms that the recipient email address exists. It does
    not confirm that each subscriber wanted to be on your list.
    The password reminder informs someone how they can unsubscribe ... so what
    difference does it make? If they don't want to be on the list anymore, they
    should just unsubscribe.

    As long as the list policy is 'confirm' on subscribe, you know they wanted
    to be subscribed in the first place.

    JMHO, of course.

    david
  • Angel Gabriel at Jan 20, 2003 at 9:22 pm
    OH OKAY! **duh** I've never got a password reminder, because I run the
    lists! But I'll set up a test list and see what it looks like! I understand
    now!

    -----Original Message-----
    From: mailman-users-bounces+badmangabriel=lycos.co.uk at python.org
    [mailto:mailman-users-bounces+badmangabriel=lycos.co.uk at python.org]On
    Behalf Of David Gibbs
    Sent: Monday, January 20, 2003 7:17 PM
    To: mailman-users at python.org
    Subject: [Mailman-Users] Re: Re: Cleaning my mailing lists


    "Dan Wilder" <dan at ssc.com> wrote in message
    news:20030120102827.A27822 at ssc.com..
    Simply sending the monthly password reminder should be sufficient
    Which confirms that the recipient email address exists. It does
    not confirm that each subscriber wanted to be on your list
    The password reminder informs someone how they can unsubscribe ... so what
    difference does it make? If they don't want to be on the list anymore, they
    should just unsubscribe

    As long as the list policy is 'confirm' on subscribe, you know they wanted
    to be subscribed in the first place

    JMHO, of course

    david




    ------------------------------------------------------
    Mailman-Users mailing list
    Mailman-Users at python.org
    http://mail.python.org/mailman/listinfo/mailman-users
    Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py
    Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/

    This message was sent to: badmangabriel at lycos.co.uk
    Unsubscribe or change your options at
    http://mail.python.org/mailman/options/mailman-users/badmangabriel%40lycos.c
    o.uk
  • Bryan Fullerton at Jan 20, 2003 at 7:03 pm

    On Saturday, January 18, 2003, at 08:45 PM, Mary Ann Horton wrote:

    Are there any known cookie issues (the FAQ is silent on the subject)
    or suggested fixes or workarounds?
    Yes. Mailman 2.0 cookies contain a :, which breaks Mailman 2.1 web auth
    (because it breaks Python's cookie handling).

    https://sourceforge.net/tracker/
    index.php?funcÞtail&aidf4466&group_id3&atid0103

    The workaround is to not have Mailman 2.0 cookies with the same URI (ie
    /mailman) as your 2.1 lists for your host in your browser.

    If you're using a sane browser (anything other than IE), you should be
    able to delete your cookies using your browser's cookie manager and
    have it work. In theory Mailman cookies (both 2.0 and 2.1) should be
    removed when you exit the browser as well, but I've found this may not
    be the case with IE - it may require a reboot, probably because IE
    doesn't actually exit when you close the app.

    If you've moved *all* your Mailman 2.0 lists to 2.1, this should be a
    one-time thing - once you have the 2.0 cookies removed, they shouldn't
    come back. If you've only moved some of your lists and are running both
    in the same URI on your site, this is a huge pain in the ass.

    Bryan
  • Angel Gabriel at Jan 20, 2003 at 10:22 pm
    I'm thinking of adding a DNS to my network, it currently doesn't have it,
    some when mail outs go out they take a bit of time. What I would like to do,
    is add a DNS server to the same subnet as mine, and have my DHCP server make
    reference to it as the DNS server.

    My question is, would it be quicker to have the DNS on the same machine as
    mailman, I'm using Postfix by the way, *go postfix!*
  • Chuq Von Rospach at Jan 20, 2003 at 10:16 pm

    On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:

    My question is, would it be quicker to have the DNS on the same
    machine as
    mailman,
    Yes, sometimes very significantly.


    --
    Chuq Von Rospach, Architech
    chuqui at plaidworks.com -- http://www.plaidworks.com/chuqui/blog/

    Yes, I am an agent of Satan, but my duties
    are largely ceremonial.
  • Angel Gabriel at Jan 20, 2003 at 10:49 pm
    Damn, this posses a problem! I'm going to have to make do with having a DNS
    server on the same subnet, and when I get the chance, I'll link the two via
    secondary network cards, and a seperate hub. That way, it should be as fast
    as it can go.

    -----Original Message-----
    From: Chuq Von Rospach [mailto:chuqui at plaidworks.com]
    Sent: Monday, January 20, 2003 10:16 PM
    To: Angel Gabriel
    Cc: mailman-users at python.org
    Subject: Re: [Mailman-Users] Local DNS vs. DNS on the same subnet


    On Monday, January 20, 2003, at 02:22 PM, Angel Gabriel wrote:

    My question is, would it be quicker to have the DNS on the same
    machine as
    mailman,
    Yes, sometimes very significantly


    --
    Chuq Von Rospach, Architech
    chuqui at plaidworks.com -- http://www.plaidworks.com/chuqui/blog/

    Yes, I am an agent of Satan, but my duties
    are largely ceremonial


    .

Related Discussions

Discussion Navigation
viewthread | post
Discussion Overview
groupmailman-users @
categoriespython
postedJan 19, '03 at 1:45a
activeJan 20, '03 at 10:49p
posts11
users6
websitelist.org

People

Translate

site design / logo © 2022 Grokbase