[Mailman-Users] Erase single post from archive

2005-02-14 Thread Sythos
Hi all I've receive sometimes spam in open-post list, there is a way to erase it from archive? Regards, Sythos -- Sythos - http://www.sythos.net () ASCII Ribbon Campaign - against html/rtf/vCard in mail /\- against M$ attachments

Re: [Mailman-Users] Erase single post from archive

2005-02-14 Thread Brad Knowles
At 9:31 AM +0100 2005-02-14, Sythos wrote: I've receive sometimes spam in open-post list, there is a way to erase it from archive? If you go to the Mailman FAQ Wizard at http://www.python.org/cgi-bin/faqw-mm.py and search for archive, you should run across FAQ 3.3. -- Brad Knowles, [EMAIL

Re: [Mailman-Users] Erase single post from archive

2005-02-14 Thread Sythos
On Mon, Feb 14, 2005 at 10:43:13AM +0100, Brad Knowles wrote: I've receive sometimes spam in open-post list, there is a way to erase it from archive? If you go to the Mailman FAQ Wizard at http://www.python.org/cgi-bin/faqw-mm.py and search for archive, you should run across FAQ

Re: [Mailman-Users] Erase single post from archive

2005-02-14 Thread Brad Knowles
At 11:08 AM +0100 2005-02-14, Sythos wrote: I do wrong question, I've already done this way, but I'm looking for something via web for moderator (to execute way in FAQ3.3 the executor must have write right on system and a shell) Sorry, that's the only method that is available. -- Brad

[Mailman-Users] Reply-To list and poster in _some_ headers

2005-02-14 Thread david gordon
I have a 2.1.5 Mailman list set up so all replies go to the list. The setting Where are replies to list messages directed? Poster is strongly recommended for most mailing lists. is Explicit address and the Explicit Reply-To: header. is the email address of the list, ie [EMAIL PROTECTED]

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Florian Weimer
* Chuq Von Rospach: my position is simple (and unchanged): if it's not your project, don't make strategic decisions about it. Unfortunately, the crackers that began to attack Mailman sites in January didn't respect your wishes. Who has a say in the disclosure of a security bug? The person

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Brad Knowles
At 1:24 PM +0100 2005-02-14, Florian Weimer wrote: Who has a say in the disclosure of a security bug? In terms of who can post such things to this list? Well, as one of the core developers for Mailman, Chuq is one of the very few people who can have an absolute say in that. You're trying to

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Florian Weimer
* Brad Knowles: At 1:24 PM +0100 2005-02-14, Florian Weimer wrote: Who has a say in the disclosure of a security bug? In terms of who can post such things to this list? Well, as one of the core developers for Mailman, Chuq is one of the very few people who can have an absolute

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Brad Knowles
At 2:09 PM +0100 2005-02-14, Florian Weimer wrote: The underlying assumption seems to be that Mailman security bugs can only be disclosed by posting them on the Mailman lists. We have no more control over what you say or do on other lists than any other developer. Yes, if there is a security

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Brad Knowles
At 2:09 PM +0100 2005-02-14, Florian Weimer wrote: The underlying assumption seems to be that Mailman security bugs can only be disclosed by posting them on the Mailman lists. In response to this issue, FAQ 1.27 has been updated, and the mailman-users and mailman-developers mailing lists have

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Chuq Von Rospach
On Feb 14, 2005, at 4:24 AM, Florian Weimer wrote: You're trying to establish something like ownership of security bugs. No, I'm trying to get the people on this list to follow the STANDARD PROTOCOL that exists for disclosure of this data, actually. Which if people actually paid attention to

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread iane
--On February 14, 2005 07:40:29 -0800 Chuq Von Rospach [EMAIL PROTECTED] wrote: Again. So excuse me if I'm grumpy. I think I'm entitled. Not as much as Barry is, but he's far too polite to try to get people to behave. that's my job around here. Good on you. I was mightily pissed off when that

Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Jeff Donsbach
great just what we need 20 lines of .signature . On Mon, 14 Feb 2005, Brad Knowles wrote: In response to this issue, FAQ 1.27 has been updated, and the mailman-users and mailman-developers mailing lists have likewise been modified to include suitable text at the bottom of every

[Mailman-Users] Handling MM security problems

2005-02-14 Thread Carl Zwanzig
[long post ahead] This has gone past silly. I run MM. I'm concerned about security holes. I want to know about holes ASAP. I want to make the decision whether they are serious enough to stop all list processing or to ignore. I don't want someone else making these decisions for me. The

[Mailman-Users] Job -- Doing mailman install - need some help

2005-02-14 Thread Anne Shroeder - Internet Society
We're getting ready to migrate from a hosted solution to our own server, and I'd like very much to hire on a contractor to assist with the installation and testing part of this project. We also may need some help with migrating our current lists and archives. Are there any hired guns out there

[Mailman-Users] question for the python programmers

2005-02-14 Thread David Morse
I can't access the logs on a newly-created list on a newly installed mailman (version 2.1.5-6 / debian sid) If I look at the logs, this seems to be the problem admin(1853): File /usr/lib/mailman/Mailman/Cgi/private.py, line 42, in true_path admin(1853): parts = [x for x in

Re: [Mailman-Users] question for the python programmers

2005-02-14 Thread Mark Sapiro
David Morse [EMAIL PROTECTED] wrote: If I look at the logs, this seems to be the problem admin(1853): File /usr/lib/mailman/Mailman/Cgi/private.py, line 42, in true_path admin(1853): parts = [x for x in path.split(SLASH) if x not in ('.', '..')] admin(1853): NameError: global name

[Mailman-Users] okay to delete the mailing list called mailman?

2005-02-14 Thread David Morse
Debian advised me to create a mailing list called mailman after installing mailman, saying that mailman wouldn't work until it had at least one list to go off of. Now that I have another list, called something other than mailman, is it OK to delete the list named mailman? (And thus have no

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Barry Warsaw
On Wed, 2005-02-09 at 17:00, Tokio Kikuchi wrote: I've tested with my 1.3.29 installation and verified apache PATH_INFO does convert '//' to '/'. Barry also wanted to clarify which apache version/installation (combination with mailman) is valnerable. Return code of 200 doesn't mean

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Barry Warsaw
On Mon, 2005-02-14 at 10:23, Brad Knowles wrote: In response to this issue, FAQ 1.27 has been updated Wow Brad, I was just about to change this to read [EMAIL PROTECTED] but you beat me to it by seconds. :) , and the mailman-users and mailman-developers mailing lists have likewise

Re: [Mailman-Users] okay to delete the mailing list called mailman?

2005-02-14 Thread Brad Knowles
At 4:59 PM -0500 2005-02-14, David Morse wrote: Debian advised me to create a mailing list called mailman after installing mailman, saying that mailman wouldn't work until it had at least one list to go off of. Not quite accurate. See

Re: [Mailman-Developers] Re: [Mailman-Users] security heads up - path traversal with 2.1.5

2005-02-14 Thread Brad Knowles
At 5:12 PM -0500 2005-02-14, Barry Warsaw wrote: In response to this issue, FAQ 1.27 has been updated Wow Brad, I was just about to change this to read [EMAIL PROTECTED] but you beat me to it by seconds. :) Mark had clued me in that someone had changed the security-related pages at

[Mailman-Users] Arch Command

2005-02-14 Thread Hunter Hillegas
My only list is not updating the archives as messages come in. Does the 'arch' command need to be in one of the cron jobs? MM2.1.5 Hunter -- Mailman-Users mailing list Mailman-Users@python.org

Re: [Mailman-Users] okay to delete the mailing list called mailman?

2005-02-14 Thread Mark Sapiro
David Morse wrote: Debian advised me to create a mailing list called mailman after installing mailman, saying that mailman wouldn't work until it had at least one list to go off of. Now that I have another list, called something other than mailman, is it OK to delete the list named mailman?

Re: [Mailman-Users] Arch Command

2005-02-14 Thread Mark Sapiro
Hunter Hillegas wrote: My only list is not updating the archives as messages come in. Does the 'arch' command need to be in one of the cron jobs? No. Assuming archiving is turned on for the list, is the ArchRunner qrunner running? Are permissions correct on the archive/private/listname and

[Mailman-Users] list admin passwords failing

2005-02-14 Thread Iain Pople
Hi, I have noticed in the last couple of days that all my list admin passwords are failing. I.e. I can't login to my lists via the admin web interface. I've had a look through the logs and can't see anything strange there. When I try and login the page just reloads with the password prompt

[Mailman-Users] Re: list admin passwords failing

2005-02-14 Thread Iain Pople
I should also mention that this is not a cookies issue (at least not on the client end). I have tried with several browsers and double checked that cookies are enabled. Iain Pople wrote: Hi, I have noticed in the last couple of days that all my list admin passwords are failing. I.e. I can't

Re: [Mailman-Users] list admin passwords failing

2005-02-14 Thread Mark Sapiro
Iain Pople wrote: I have noticed in the last couple of days that all my list admin passwords are failing. I.e. I can't login to my lists via the admin web interface. I've had a look through the logs and can't see anything strange there. When I try and login the page just reloads with the

Re: [Mailman-Users] Re: list admin passwords failing

2005-02-14 Thread Mark Sapiro
Iain Pople wrote: I should also mention that this is not a cookies issue (at least not on the client end). I have tried with several browsers and double checked that cookies are enabled. And cookies not being enabled or not working wouldn't cause the symptom you see anyway. Without cookies,

[Mailman-Users] Re: list admin passwords failing

2005-02-14 Thread Iain Pople
thanks for that. I had a look at the URL and maybe it has something to do with my redirects. I have the following rule: RewriteRule ^/$ http://%{HTTP_HOST}/cgi-bin/mailman/listinfo [R] Which essentially redirects pages from http://lists.domain.com -

Re: [Mailman-Users] Re: list admin passwords failing

2005-02-14 Thread Mark Sapiro
Iain Pople wrote: thanks for that. I had a look at the URL and maybe it has something to do with my redirects. I have the following rule: RewriteRule ^/$ http://%{HTTP_HOST}/cgi-bin/mailman/listinfo [R] Which essentially redirects pages from http://lists.domain.com -