On Saturday, July 26, 2003, at 01:45 AM, Glenn Sieb wrote:
Hi everyone...
I currently run Mailman (2.1) (which I love.. great job, guys!), and use
it to run a few private lists behind SSL. I have recently been asked to do
some virtual domain hosting for some friends, and would like to provide
them with their own Mailman lists, should they wish.
Before commenting on the detail of what you do I make the observation that using Secure HTTP and private mail archives are not the same topic.
Mailman's private archive feature is based on a cookie based authentication scheme and the delivery of private archive pages via one of Mailman's CGI scripts (while public archive pages are delivered by the web server without the use of a MM VGI script).
Secure HTTP is a means of:
a. preventing snooping of HTTP request/response content in communication between the client and server.
b. authenticating the server to the client via the server-side certificates.
c. much less frequently used: authenticating the client to the server (and potentially the user) via client-side certificates.
Using HTTPS can prevent user credentials being snooped when using low security authentication schemes such as HTTP's Basic Authentication or cookie based authentication.
But MM's list archive privacy does not require HTTPS; use of HTTPS merely 'hardens' the protection the list privacy scheme offers.
The converse is also true; using HTTPS is not a constraint on reaching public archive pages.
In mm_cfg.py I have:
Commenting on this mm_cfg.py:
You should read the comments in $prefix/Mailman/Defaults.py.
DEFAULT_EMAIL_HOST = 'lists.wingfoot.org' DEFAULT_URL_HOST = 'www.wingfoot.org' DEFAULT_URL_PATTERN = 'https://%s/mailman/'
DEFAULT_URL is obsolete and only for compatibility reasons, is defined as None in Defaults.py and should not be defined in mm_cfg.py.
DEFAULT_URL = 'https://www.wingfoot.org/mailman/' PUBLIC_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
There is not such animal as PRIVATE_ARCHIVE_URL in the MM lexicon. This variable is being completely ignored.
Private archives are served by a Mailman CGI script in file $prefix/Mailman/Cgi/private.py which is invoked (assuming a default install) by the URI /mailman/private
The URL for private archive access is formed from the virtual hostname (the url host that is) using the DEFAULT_URL_PATTERN. The ScriptAlias you put in your httpd.conf file associates that URL with the Mailman CGI program.
PRIVATE_ARCHIVE_URL = 'https://%(hostname)s/pipermail/%(listname)s'
VIRTUAL_HOSTS = {'www.wingfoot.org':'lists.wingfoot.org', 'www.domain2.org':'lists.domain2.org', 'www.domain3.com':'lists.domain3.com', 'www.domain4.org':'lists.domain4.org'} add_virtualhost(DEFAULT_URL_HOST,DEFAULT_EMAIL_HOST) add_virtualhost('www.domain2.org','lists.domain2.org') add_virtualhost('www.domain3.com','lists.domain3.com') add_virtualhost('www.domain4.org','lists.domain4.org')
Now.. when I create a list under Wingfoot, it has all the
https://www.wingfoot.org/mailman/listinfo stuff all correct. Since, that's
how I access my listserver, this is the expected behavior... :)
When I create one, say, from domain2, it *also* gets
https://www.domain2.org/mailman/listinfo stuff... even though the URL to
access that list is in http://www.domain2.org/mailman/listinfo :-/
This is no surprise as URLs for all Mailman CGI programs are formed from DEFAULT_URL_PATTERN
I have tried commenting out the DEFAULT_URL_PATTERN to no avail. If I
change it to http://%s/etc that works.. but then lists on Wingfoot break.
Which is a pretty good hint that you do not want to do this. Again read the comments in Defaults.py before you mess with this stuff.
btw: I assume you are restarting mailmanctl running fix_url.py after fixing your mm_cfg.py.
Is what I'm trying to do possible with one instance of Mailman? Should I
install a 2nd instance? Can I even do that?
If you want to use HTTPS for private archives and HTTP for public archives, the simplest approach is to say:
DEFAULT_URL = None PUBLIC_ARCHIVE_URL = 'http://%(hostname)s/pipermail/%(listname)s' DEFAULT_URL_PATTERN = 'https://%s/mailman/'
With this, all access to Mailman CGI scripts, not just /mailman/private, will go via HTTPS but the links to public list archives will go via HTTP.
You could do some cute stuff with httpd.conf RewriteRules but it isn't really necessary to have a working solution.
As a matter of interest, what do you have in your httpd.conf for handling Mailman related access, thatis what Alias, ScriptAlias and such did you add to httpd.conf for MM.
Hopefully this is chewy-good-for-thought stuff and not a "You idjit! Read
the archives!" (I checked, but didn't see anything that screamed
"Conclusive".)
Thanks guys.. and again, I appreciate all the help you've been over the
past not-quite-year, and all your hard work and effort into the Mailman
project. :)
Thanks, Glenn --- The original portions of this message are the copyright of the author (c)1998-2002 Glenn E. Sieb. ICQ UIN: 300395 IRC Nick: Rainbear "All acts of Love and Pleasure are Her rituals"-Charge of the Goddess
------------------------------------------------------ Mailman-Users mailing list [EMAIL PROTECTED] http://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://www.python.org/cgi-bin/faqw-mm.py Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/
This message was sent to: [EMAIL PROTECTED] Unsubscribe or change your options at http://mail.python.org/mailman/options/mailman-users/archive%40jab.org
