I am running mailman version 2.1.23. A while back I configured google’s recaptcha v1 on a mailman server to stop subscription abuse. I used the instructions provided here: https://www.dragonsreach.it/2014/05/03/adding-recaptcha-support-to-mailman/
Google announced that recaptcha v1 will end sometime in March 2018. I could not find any instructions for implementing recaptcha v2 with mailman so I took a deep dive into what was required. I set up a test Ubuntu 16.04 server and figured it out. I have no python programming experience so some aspects of this process do not follow best practices. If any of you are experienced at python programming and you have the time, I would appreciate it if you would provide some guidance on how to improve these instructions. There are two areas that need cleaning up. The first one is how to install requisite python modules so they are all located in one nice neat location. In my instructions below I had to add five sys.path.append statements so python could find the extra python modules. This is sloppy. Second, I do not know how to reference a variable from inside a web page template where the variable is defined in mm_cfg.py. For now I just hard coded it but it’s not elegant. These two question are python issues and not really mailman issues. So, for those of you who are running mailman v 2.1.23 (or something close) and you want to enable Google recaptcha v2, here is what I did: Environment Ubuntu 16.04 Mailman 2.1.23 Python 2.7.12 *** Install prerequisite python modules *** The server I tested with was a basic Ubuntu 16.04 install. I had to manually install the following software: sudo apt-get install python-dnspython sudo apt-get install python-distutils-extra sudo apt-get install python-setuptools sudo apt-get install python-dev sudo apt-get install build-essential sudo apt-get install python-requests Manually install these python modules using the command "python setup.py install" inside the source code directory: orderedmultidict furl recaptcha2 ( available at https://pypi.python.org/pypi/recaptcha2/0.1 ) *** Modify the listinfo.html file located at MAILMAN_HOME/templates/en/listinfo.html (assuming you are using English) *** Locate the </HEAD> tag and add this line above it: <script src='https://www.google.com/recaptcha/api.js'></script> Locate the <mm-digest-question-end> tag and add the following lines below it: <tr> <td BGCOLOR="#dddddd">Please fill out the following captcha</td> <td><div class="g-recaptcha" data-sitekey="ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890"></div></td> </tr> NOTE: Use your own google public key for data-sitekey above. The better way to do this would be to add your public key to mm_cfg.py and reference that variable inside this file. When I have more time I will figure out how to do this and update the directions. *** Add your google recaptcha public and private keys to MAILMAN_HOME/Mailman/mm_cfg.py *** Append them to the end of the file: PUBLIC_KEY = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" PRIVATE_KEY = "ABCDEFGHIJKLMNOPQRSTUVWXYZ1234567890" *** Edit the file MAILMAN_HOME/Mailman/Cgi/subscribe.py *** We are going to add three pieces of information to this file: 1) The paths to the additional python modules you installed 2) import commands for two modules and 3) the code to check the recaptcha result. Concerning item 1) I manually appended the location of all the modules using sys.path.append. A better way to do this would be to install the modules in one directory where python can find them. I've never worked with python before so I didn't know how to do this. I will take some time later to figure this out and simplify the install instructions MAYBE. In the file subscribe.py, locate the end of the paragraph that contains all the "from Mailman import" commands. In version 2.1.23 this is line 34. After line 34 add all the paths to the extra modules. Here is what I had for my Ubuntu 16.04 server: sys.path.append("/usr/local/lib/python2.7/dist-packages/recaptcha2-0.1-py2.7.egg") sys.path.append("/usr/lib/python2.7/dist-packages") sys.path.append("/usr/local/lib/python2.7/dist-packages/furl-1.0.1-py2.7.egg") sys.path.append("/usr/local/lib/python2.7/dist-packages/orderedmultidict-0.7.11-py2.7.egg") sys.path.append("/usr/lib/python2.7/dist-packages/requests-2.9.1.egg-info") Concerning item 2) immediately after the sys.path.append lines you just added, add these import commands: import requests import recaptcha2 Concerning item 3) this is the last step. Locate the line that reads "# Was an attempt made to subscribe the list to itself?" This should be somewhere around line 188 assuming you've added the above lines already. Directly above this line add the following code: # Google recaptcha v2 captcha_result = recaptcha2.verify( mm_cfg.SECRET_KEY, cgidata.getvalue('g-recaptcha-response', ""), os.environ.get('REMOTE_ADDR') ) if not captcha_result['success']: results.append(_('Invalid captcha')) That’s all. I have tested this in a development environment and it appears to work as expected. ------------------------------------------------------ Mailman-Users mailing list Mailman-Users@python.org https://mail.python.org/mailman/listinfo/mailman-users Mailman FAQ: http://wiki.list.org/x/AgA3 Security Policy: http://wiki.list.org/x/QIA9 Searchable Archives: http://www.mail-archive.com/mailman-users%40python.org/ Unsubscribe: https://mail.python.org/mailman/options/mailman-users/archive%40jab.org
