mailman-2.1.20/ACKNOWLEDGMENTS0000644000000000000000000001240012506553655013521 0ustar 00000000000000Mailman - The GNU Mailing List Management System Copyright (C) 1998-2007 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA The following folks are or have been core developers of Mailman (in reverse alphabetical order): Barry Warsaw, Mailman's yappy guard dog Thomas Wouters, Mailman's Dutch treat John Viega, Mailman's inventor Mark Sapiro, Mailman's compulsive responder Harald Meland, Norse Mailman Ken Manheimer, Mailman's savior Tokio Kikuchi, Mailman's weatherman Scott Cotton, Cookie-Monster They can be contacted directly via mailman-cabal@python.org. Here is the list of other contributors who have donated large bits of code, and have assigned copyright for contributions to the FSF: Juan Carlos Rey Anaya Richard Barrett Stephan Berndts Norbert Bollow Ben Gertzfield Victoriano Giralt Mads Kiilerich The Dragon De Monsyne Les Niles Terri Oda Simone Piunno Thanks also go to the following people for their important contributions in other aspects of the Mailman project: Brad Knowles JC Dill Thanks also to Dragon for his winning Mailman logo contribution, and to Terri Oda for the neat shortcut icon and the member documentation. Control.com sponsored development of several Mailman 2.1 features, including topics filters, external membership sources, and initial virtual mailing list support. My thanks especially to Dan Pierson and Ken Crater from Control.com. Here is the list of other people who have contributed useful ideas, suggestions, bug fixes, testing, etc., or who have been very helpful in answering questions on mailman-users. David Abrahams William Ahern Terry Allen Jose Paulo Moitinho de Almeida Sven Anderson Matthias Andree Anton Antonov Mike Avery Stonewall Ballard Moreno Baricevic Jeff Berliner Stuart Bishop David Blomquist Bojan Søren Bondrup Grant Bowman Alessio Bragadini J. D. Bronson Stan Bubrouski Daniel Buchmann Ben Burnett Ted Cabeen Mentor Cana John Carnes Julio A. Cartaya Claudio Cattazzo Donn Cave David Champion Hye-Shik Chang Eric D. Christensen Tom G. Christensen Paul Cox Stefaniu Criste Robert Daeley Ned Dawes Emilio Delgado John Dennis Stefan Divjak Maximillian Dornseif Fred Drake Maxim Dzumanenko Piarres Beobide Egaña Rob Ellis Kerem Erkan Fil Patrick Finnerty Bob Fleck Erik Forsberg Darrell Fuhriman Robert Garrigós Carson Gaspar Pascal GEORGE Vadim Getmanshchuk David Gibbs Dmitri I GOULIAEV Terry Grace Federico Grau Pekka Haavisto David Habben Stig Hackvan Jeff Hahn Terry Hardie Paul Hebble Tollef Fog Heen Peer Heinlein James Henstridge Walter Hop Bert Hubert Henny Huisman Jeremy Hylton Ikeda Soji Rostyk Ivantsiv Ron Jarrell Matthias Juchem Tamito KAJIYAMA Nino Katic SHIGENO Kazutaka Ashley M. Kirchner Matthias Klose Harald Koch Eddie Kohler Chris Kolar Uros Kositer Andrew Kuchling Ricardo Kustner L'homme Moderne Sylvain Langlade Ed Lau J C Lawrence Greg Lindahl Christopher P. Lindsey Martin von Loewis Dario Lopez-Kästen Tanner Lovelace Jay Luker Gergely Madarasz Luca Maranzano John A. Martin Andrew Martynov Jason R. Mastaler Michael Mclay Michael Meltzer Marc MERLIN Nigel Metheringham Dan Mick Garey Mills Martin Mokrejs Michael Fischer v. Mollard David Martínez Moreno Dirk Mueller Jonas Muerer Erik Myllymaki Balazs Nagy Moritz Naumann Dale Newfield Hrvoje Niksic Les Niles Mike Noyes David B. O'Donnell Timothy O'Malley "office" Dan Ohnesorg Gerald Oskoboiny Eva Österlind Toni Panadès Jon Parise Chris Pepper Tim Peters Joe Peterson PieterB Rodolfo Pilas Skye Poier Martin Pool Don Porter Francesco Potortì Bob Puff Michael Ranner John Read Sean Reifschneider Christian Reis Ademar de Souza Reis, Jr. Bernhard Reiter Stephan Richter Tristan Roddis Heiko Rommel Luigi Rosa Guido van Rossum Nicholas Russo Chris Ryan Cabel Sasser Bartosz Sawicki Kai Schaetzl Karoly Segesdi Gleydson Mazioli da Silva Pasi Sjöholm Chris Snell Mikhail Sobolev Greg Stein Dale Stimson Students of HIT Szabolcs Szigeti Vizi Szilard David T-G Owen Taylor Danny Terweij Jim Tittsler Todd (Freedom Lover) Roger Tsang Chuq Von Rospach Jens Vagelpohl Valia V. Vaneeva Anti Veeranna Todd Vierling Bill Wagner Greg Ward Mark Weaver Kathleen Webb Florian Weimer Ousmane Wilane Dan Wilder Seb Wills Dai Xiaoguang Ping Yeh YASUDA Yukihiro Michael Yount Blair Zajac Mikhail Zabaluev Noam Zeilberger Daniel Zeiss Todd Zullinger And everyone else on mailman-developers@python.org and mailman-users@python.org! Thank you, all. Local Variables: mode: indented-text indent-tabs-mode: nil End: mailman-2.1.20/BUGS0000644000000000000000000000066612506553655012047 0ustar 00000000000000Mailman - The GNU Mailing List Management System Copyright (C) 1998,1999,2000,2001,2002 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA The Mailman project is being managed on Launchpad at https://launchpad.net/mailman You should submit bugs to the Launchpad bug manager at https://bugs.launchpad.net/mailman If you have a suggested fix, please attach it to your bug report. mailman-2.1.20/FAQ0000644000000000000000000003531612506553655011716 0ustar 00000000000000Mailman - The GNU Mailing List Management System Copyright (C) 1998-2005 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Note: We've migrated the FAQ to the wiki at http://wiki.list.org/ To see the Mailman FAQ go to http://wiki.list.org/x/AgA3 FREQUENTLY ASKED QUESTIONS Q. How do you spell this program? A. You spell it "Mailman", with a leading capital "M" and a lowercase second "m". It is incorrect to spell it "MailMan" (i.e. you should not use StudlyCaps). Q. I'm getting really terrible performance for outgoing messages. It seems that if the MTA has trouble resolving DNS for any recipients, qrunner just gets really slow clearing the queue. Any ideas? A. What's likely happening is that your MTA is doing DNS resolution on recipients for messages delivered locally (i.e. from Mailman to your MTA via SMTPDirect.py). This is a Bad Thing. You need to turn off synchronous DNS resolution for messages originating from the local host. In Exim, the value to edit is receiver_verify_hosts. Consult the Mailman Installation Manual for details. Other MTAs have (of course) different parameters and defaults that control this. First check the README file for your MTA and then consult your MTA's own documentation. Q. My list members are complaining about Mailman's List-* headers! What can I do about this? A. These headers are described in RFC 2369 and are added by Mailman for the long-term benefit of end-users. While discouraged, the list admin can disable these via the General Options page. See also README.USERAGENT for more information. Q. Can I put the user's address in the footer that Mailman adds to each message? A. Yes, in Mailman 2.1. The site admin needs to enable personalization by setting the following variable in the mm_cfg.py file: OWNERS_CAN_ENABLE_PERSONALIZATION = Yes Once this is done, list admins can enable personalization for regular delivery members (digest deliveries can't be personalized currently). A personalized list can include the user's address in the footer. Q. My users hate HTML in their email and for security reasons, I want to strip out all MIME attachments. How can I do this? A. Mailman 2.1 has this feature built-in. See the Content Filtering Options page in the admin interface. Q. What if I get "document contains no data" from the web server, or mail isn't getting delivered, or I see "Premature end of script headers" or "Mailman CGI error!!!" A. The most likely cause of this is that the GID that is compiled into the C wrappers does not match the GID that your Web server invokes CGI scripts with. Note that a similar error could occur if your mail system invokes filter programs under a GID that does not match the one compiled into the C mail wrapper. To fix this you will need to re-configure Mailman using the --with-cgi-gid and --with-mail-gid options. See the INSTALL file for details. These errors are logged to syslog and they do not show up in the Mailman log files. Problems with the CGI wrapper do get reported in the web browser though (unless STEALTH_MODE is enabled), and include the expected GID, so that should help a lot. You may want to have syslog running and configured to log the mail.error log class somewhere; on Solaris systems, the line mail.debug /var/log/syslog causes the messages to go to them in /var/log/syslog, for example. (The distributed syslog.conf forwards the message to the loghost, when present. See the syslog man page for more details.) If your system is set up like this, and you get a failure trying to visit the mailman/listinfo web page, and it's due to a UID or GID mismatch, then you should get an entry at the end of /var/log/syslog identifying the expected and received values. If you are not getting any log messages in syslog, or in Mailman's own log files, but messages are still not being delivered, then it is likely that qrunner is not running (qrunner is the process that handles all mail in the system). In Mailman 2.0, qrunner was invoked from cron so make sure your crontab entries for the `mailman' user have been installed. In Mailman 2.1, qrunner is started with the bin/mailmanctl script, which can be invoked manually, or merged with your OS's init scripts. Q. What should I check periodically? A. Many of the scripts have their standard error logged to $prefix/logs/error, and some of the modules write caught errors there, as well, so you should check there at least occasionally to look for bugs in the code and problems in your setup. You may want to periodically check the other log files in the logs/ directory, perhaps occasionally rotating them with something like the Linux logrotate script. Q. I can't access the public archives. Why? A. If you are using Apache, you must make sure that FollowSymLinks is enabled for the path to the public archives. Note that the actual archives always reside in the private tree, and only when archives are public, is the symlink followed. See this archive message for more details: http://mail.python.org/pipermail/mailman-users/1998-November/000150.html Q. Still having problems? Running QMail? A. Make sure that you are using "preline" before calling the "mailman" wrapper: |preline /home/mailman/mail/mailman post listname "preline" adds a Unix-style "From " header which the archiver requires. You can fix the archive mbox files by adding: From somebody Mon Oct 9 12:27:34 MDT 2000 before every message and re-running the archive command "bin/arch listname". The archives should now exist. Q. I want to get rid of some messages in my archive. How do I do this? A. David Rocher posts the following recipe: * remove $prefix/archives/private/ * edit $prefix/archives/private/.mbox/.mbox [optional] * run $prefix/bin/arch Q. How secure are the authentication mechanisms used in Mailman's web interface? A. If your Mailman installation run on an SSL-enabled web server (i.e. you access the Mailman web pages with "https://..." URLs), you should be as safe as SSL itself is. However, most Mailman installation run under standard, encryption-unaware servers. There's nothing wrong with that for most applications, but a sufficiently determined cracker *could* get unauthorized access by: * Packet sniffing: The password used to do the initial authentication for any non-public Mailman page is sent as clear text over the net. If you consider this to be a big problem, you really should use an SSL-enabled server. * Stealing a valid cookie: After successful password authentication, Mailman sends a "cookie" back to the user's browser. This cookie will be used for "automatic" authentication when browsing further within the list's protected pages. Mailman employs "session cookies" which are set until you quit your browser or explicitly log out. Gaining access to the user's cookie (e.g. by being able to read the user's browser cookie database, or by means of packet sniffing, or maybe even by some broken browser offering all it's cookies to any and all sites the user accesses), and at the same time being able to fulfill the other criteria for using the cookie could result in unauthorized access. Note that this problem is more easily exploited when users browse the web via proxies -- in that case, the cookie would be valid for any connections made through that proxy, and not just for connections made from the particular machine the user happens to be accessing the proxy from. * Getting access to the user's terminal: This is really just another kind of cookie stealing. The short cookie expiration time is supposed to help defeat this problem. It can be considered the price to pay for the convenience of not having to type the password in every time. Q. I want to backup my lists. What do I need to save? A. See this FAQ entry: http://wiki.list.org/x/5oA9 Q. How do I rename a list? A. Renaming a list is currently a bit of a pain to do completely correctly, especially if you want to make sure that the old list contacts are automatically forwarded to the new list. This ought to be easier. :( The biggest problem you have is how to stop mail and web traffic to your list during the transition, and what to do about any mail undelivered to the old list after the move. I don't think there are any foolproof steps, but here's how you can reduce the risk: - Temporarily disable qrunner. To do this, you need to edit the user `mailman's crontab entry. Execute the following command, commenting out the qrunner line when you're dropped into your editor. Then save the file and quit the editor. % crontab -u mailman -e - Turn off your mail server. This is mostly harmless since remote MTAs will just keep retrying until you turn it back on, and it's not going to be off for very long. - Next turn off your web server if possible. This of course means your entire site will be off-line while you make the switch and this may not be acceptable to you. The next best suggestion is to set up your permanent redirects now for the list you're moving. This means that anybody looking for the list under its old name will be redirected to the new name, but they'll get errors until you've completed the move. Let's say the old name is "oldname" and the new name is "newname". Here are some Apache directives that will do the trick, though YMMV: RedirectMatch permanent /mailman/(.*)/oldname(.*) http://www.dom.ain/mailman/$1/newname$2 RedirectMatch permanent /pipermail/oldname(.*) http://www.dom.ain/pipermail/newname$1 Add these to your httpd.conf file and restart Apache. - Now cd to the directory where you've installed Mailman. Let's say it's /usr/local/mailman: % cd /usr/local/mailman and cd to the `lists' subdirectory: % cd lists You should now see the directory `oldname'. Move this to `newname': % mv oldname newname - Now cd to the private archives directory: % cd ../archives/private You will need to move the oldname's .mbox directory, and the .mbox file within that directory. Don't worry about the public archives; the next few steps will take care of them without requiring you to fiddle around in the file system: % mv oldname.mbox newname.mbox % mv newname.mbox/oldname.mbox newname.mbox/newname.mbox - You now need to run the `bin/move_list' script to update some of the internal archiver paths. IMPORTANT: Skip this step if you are using Mailman 2.1! % cd ../.. % bin/move_list newname - You should now regenerate the public archives: % bin/arch newname - You'll likely need to change some of your list's configuration options, especially if you want to accept postings addressed to the old list on the new list. Visit the admin interface for your new list: o Go to the General options o Change the "real_name" option to reflect the new list's name, e.g. "Newname" o Change the subject prefix to reflect the new list's name, e.g. "[Newname] " (yes, that's a trailing space character). o Optionally, update other configuration fields like info, description, or welcome_msg. YMMV. o Save your changes o Go to the Privacy options o Add the old list's address to acceptable_aliases. E.g. "oldname@dom.ain". This way, (after the /etc/aliases changes described below) messages posted to the old list will not be held by the new list for "implicit destination" approval. o Save your changes - Now you want to update your /etc/aliases file to include the aliases for the new list, and forwards for the old list to the new list. Note that these instructions are for Sendmail style alias files, adjust to the specifics of how your MTA is set up. o Find the lines defining the aliases for your old list's name o Copy and paste them just below the originals. o Change all the references of "oldname" to "newname" in the pasted stanza. o Now change the targets of the original aliases to forward to the new aliases. When you're done, you will end up with /etc/aliases entries like the following (YMMV): XXX This needs updating for MM2.1! # Forward the oldname list to the newname list oldname: newname@dom.ain oldname-request: newname-request@dom.ain oldname-admin: newname-admin@dom.ain oldname-owner: newname-owner@dom.ain newname: "|/usr/local/mailman/mail/mailman post newname" newname-admin: "|/usr/local/mailman/mail/mailman mailowner newname" newname-request: "|/usr/local/mailman/mail/mailman mailcmd newname" newname-owner: newname-admin o Run newaliases - Before you restart everything, you want to make one last check. You're looking for files in the qfiles/ directory that may have been addressed to the old list but weren't delivered before you renamed the list. Do something like the following: % cd /usr/local/mailman/qfiles % grep oldname *.msg If you get no hits, skip to the next step, you've got nothing to worry about. If you did get hits, then things get complicated. I warn you that the rest of this step is untested. :( For each of the .msg files that were destined for the old list, you need to change the corresponding .db file. Unfortunately there's no easy way to do this. Anyway... Save the following Python code in a file called 'hackdb.py': -------------------------hackdb.py import sys import marshal fp = open(sys.argv[1]) d = marshal.load(fp) fp.close() d['listname'] = sys.argv[2] fp = open(sys.argv[1], 'w') marshal.dump(d, fp) fp.close() ------------------------- And then for each file that matched your grep above, do the following: % python hackdb.py reallylonghexfilenamematch1.db newname - It's now safe to turn your MTA back on. - Turn your qrunner back on by running % crontab -u mailman -e again and this time uncommenting the qrunner line. Save the file and quit your editor. - Rejoice, you're done. Send $100,000 in shiny new pennies to the Mailman cabal as your downpayment toward making this easier for the next list you have to rename. :) Local Variables: mode: text indent-tabs-mode: nil End: mailman-2.1.20/INSTALL0000644000000000000000000000144612506553655012412 0ustar 00000000000000Mailman - The GNU Mailing List Management System Copyright (C) 1998-2005 Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA The installation and upgrading instructions are now completely contained in the Mailman Installation Guide. Web, PostScript, PDF, and plaintext formats for this guide are available both within this source distribution and online. All manuals within this source distribution are provided in the doc/ directory: HTML : doc/mailman-install/index.html PostScript : doc/mailman-install.ps PDF : doc/mailman-install.pdf plain text : doc/mailman-install.txt Or go online at http://www.list.org/site.html to find the online installation guide. Local Variables: mode: indented-text indent-tabs-mode: nil End: mailman-2.1.20/Mailman/0000755000000000000000000000000012506553655012732 5ustar 00000000000000mailman-2.1.20/Makefile.in0000644000000000000000000001014112506553655013416 0ustar 00000000000000# Copyright (C) 1998-2003 by the Free Software Foundation, Inc. # # This program is free software; you can redistribute it and/or # modify it under the terms of the GNU General Public License # as published by the Free Software Foundation; either version 2 # of the License, or (at your option) any later version. # # This program is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU General Public License for more details. # # You should have received a copy of the GNU General Public License # along with this program; if not, write to the Free Software # Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. # NOTE: Makefile.in is converted into Makefile by the configure script # in the parent directory. Once configure has run, you can recreate # the Makefile by running just config.status. # Variables set by configure SHELL= /bin/sh VPATH= @srcdir@ srcdir= @srcdir@ bindir= @bindir@ prefix= @prefix@ exec_prefix= @exec_prefix@ var_prefix= @VAR_PREFIX@ DESTDIR= CC= @CC@ INSTALL= @INSTALL@ PYTHON= @PYTHON@ DEFS= @DEFS@ # Customizable but not set by configure OPT= @OPT@ CFLAGS= @CFLAGS@ $(OPT) $(DEFS) VAR_DIRS= \ logs archives lists locks data spam qfiles \ archives/private archives/public ARCH_INDEP_DIRS= \ bin templates scripts cron pythonlib \ Mailman Mailman/Cgi Mailman/Logging Mailman/Archiver \ Mailman/Handlers Mailman/Queue Mailman/Bouncers \ Mailman/MTA Mailman/Gui Mailman/Commands messages icons \ tests tests/bounces tests/msgs ARCH_DEP_DIRS= cgi-bin mail # Directories make should decend into SUBDIRS= bin cron misc Mailman scripts src templates messages tests # Modes for directories and executables created by the install # process. Default to group-writable directories but # user-only-writable for executables. DIRMODE= 775 EXEMODE= 755 FILEMODE= 644 INSTALL_PROGRAM=$(INSTALL) -m $(EXEMODE) DIRSETGID= chmod g+s DATE = $(shell python -c 'import time; print time.strftime("%d-%b-%Y"),') LANGPACK = README-I18N.en templates messages EXCLUDES = --exclude=CVS --exclude=.cvsignore --exclude=Makefile* --exclude=*.files --exclude=*.old # Rules all: subdirs subdirs: $(SUBDIRS) for d in $(SUBDIRS); \ do \ (cd $$d; $(MAKE)); \ done install: doinstall update doinstall: $(SUBDIRS) @echo "Creating architecture independent directories..." @for d in $(VAR_DIRS); \ do \ dir=$(DESTDIR)$(var_prefix)/$$d; \ if test ! -d $$dir; then \ echo "Creating directory hierarchy $$dir"; \ $(srcdir)/mkinstalldirs $$dir; \ chmod $(DIRMODE) $$dir; \ $(DIRSETGID) $$dir; \ else true; \ fi; \ done chmod o-r $(DESTDIR)$(var_prefix)/archives/private @for d in $(ARCH_INDEP_DIRS); \ do \ dir=$(DESTDIR)$(prefix)/$$d; \ if test ! -d $$dir; then \ echo "Creating directory hierarchy $$dir"; \ $(srcdir)/mkinstalldirs $$dir; \ chmod $(DIRMODE) $$dir; \ $(DIRSETGID) $$dir; \ else true; \ fi; \ done @echo "Creating architecture dependent directories..." @for d in $(ARCH_DEP_DIRS); \ do \ dir=$(DESTDIR)$(exec_prefix)/$$d; \ if test ! -d $$dir; then \ echo "Creating directory hierarchy $$dir"; \ $(srcdir)/mkinstalldirs $$dir; \ chmod $(DIRMODE) $$dir; \ $(DIRSETGID) $$dir; \ else true; \ fi; \ done @for d in $(SUBDIRS); \ do \ (cd $$d; $(MAKE) DESTDIR=$(DESTDIR) install); \ done $(PYTHON) -c 'from compileall import *; compile_dir("$(DESTDIR)$(prefix)/Mailman", ddir="$(prefix)/Mailman")' # Only run bin/update if we aren't installing in DESTDIR, as this # means there are probably no lists to deal with, and it wouldn't # work anyway (because of import paths.) update: @(cd $(DESTDIR)$(prefix) ; test -n "$(DESTDIR)" || bin/update) clean: $(SUBDIRS) @for d in $(SUBDIRS); \ do \ (cd $$d; $(MAKE) clean); \ done -rm -f update.log distclean: $(SUBDIRS) @for d in $(SUBDIRS); \ do \ (cd $$d; $(MAKE) distclean); \ done -rm -f config.cache config.log config.status Makefile -rm -rf build langpack: tar zcvf langpack-$(DATE).tgz $(EXCLUDES) $(LANGPACK) mailman-2.1.20/NEWS0000755000000000000000000053126112506553655012066 0ustar 00000000000000-*- coding: iso-8859-1 -*- Mailman - The GNU Mailing List Management System Copyright (C) 1998-2015 by the Free Software Foundation, Inc. 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA Here is a history of user visible changes to Mailman. 2.1.20 (31-Mar-2015) Security - A path traversal vulnerability has been discovered and fixed. This vulnerability is only exploitable by a local user on a Mailman server where the suggested Exim transport, the Postfix postfix_to_mailman.py transport or some other programmatic MTA delivery not using aliases is employed. CVE-2015-2775 (LP: #1437145) New Features - There is a new Address Change sub-section in the web admin Membership Management section to allow a list admin to change a list member's address in one step rather than adding the new address, copying settings and deleting the old address. (LP: #266809) i18n - The Russian translation has been updated by Danil Smirnov. - The Polish translation has been updated by Stefan Plewako. Bug fixes and other patches - A LookupError in SpamDetect on a message with RFC 2047 encoded headers in an unknown character set is fixed. (LP: #1427389) - Fixed a bug in CommandRunner that could process the second word of a body line as a command word and a case sensitivity in commands in Subject: with an Re: prefix. (LP: #1426829) - Fixed a bug in CommandRunner that threw an uncaught KeyError if the input to the list-request address contained a command word terminated by a period. (LP: #1426825) 2.2 Branch Backports (released in conjunction with 2.1.19) The following New Features and Bug Fixes have been in an "unofficial, never to be released" Mailman 2.2 branch for several years. Until now, they were never implemented on the official 2.1 branch because of their i18n impacts. Given that there have been a number of i18n impacting changes due to DMARC mitigations in the last few releases, it has been decided to backport these as well. All of these changes have been running in production on several lists for years without problems other than untranslated strings, so they should be reasonably "bug free". New Features - There is a new list attribute 'subscribe_auto_approval' which is a list of email addresses and regular expressions matching email addresses whose subscriptions are exempt from admin approval. (LP: #266609) - Confirmed member change of address is logged in the 'subscribe' log, and if admin_notify_mchanges is true, a notice is sent to the list owner using a new adminaddrchgack.txt template. - Added an 'automate' option to bin/newlist to send the notice to the admin without the prompt. - The processing of Topics regular expressions has changed. Previously the Topics regexp was compiled in verbose mode but not documented as such which caused some confusion. Also, the documentation indicated that topic keywords could be entered one per line, but these entries were not handled properly. Topics regexps are now compiled in non-verbose mode and multi-line entries are 'ored'. Existing Topics regexps will be converted when the list is updated so they will continue to work. - Added real name display to the web roster. (LP: #266754) Bug fixes and other patches - Changed the response to an invalid confirmation to be more generic. Not all confirmations are subscription requests. - Changed the default nonmember_rejection_notice to be more user friendly. (LP: #418728) - Added "If you are a list member" qualification to some messages from the options login page. (LP: #266442) - Changed the 'Approve' wording in the admindbdetails.html template to 'Accept/Approve' for better agreement with the button labels. - Added '(by thread)' to the previous and next message links in the archive to emphasize that even if you got to the message from a subject, date or author index, previous and next are still by thread. 2.1.19 (28-Feb-2015) New Features - The subscribe_auto_approval feature backported from the 2.2 branch and described above has been enhanced to accept entries of the form @listname to auto approve members of another list. (LP: #1417093) - There is a new list attribute dmarc_wrapped_message_text and a DEFAULT_DMARC_WRAPPED_MESSAGE_TEXT setting to set the default for new lists. This text is added to a message which is wrapped because of dmarc_moderation_action in a separate text/plain part that precedes the message/rfc822 part containing the original message. It can be used to provide an explanation of why the message was wrapped or similar info. - There is a new list attribute equivalent_domains and a DEFAULT_EQUIVALENT_DOMAINS setting to set the default for new lists which in turn defaults to the empty string. This provides a way to specify one or more groups of domains, e.g., mac.com, me.com, icloud.com, which are considered equivalent for validating list membership for posting and moderation purposes. - There is a new WEB_HEAD_ADD setting to specify text to be added to the section of Mailman's internally generated web pages. This doesn't apply to pages built from templates, but in those cases, custom templates can be created. (LP: #1409396) - There is a new DEFAULT_SUBSCRIBE_OR_INVITE setting. Set this to Yes to make the default selection on the admin Mass Subscriptions page Invite rather than Subscribe. (LP: #1404511) - There is a new list attribute in the Bounce processing section. bounce_notify_owner_on_bounce_increment if set to Yes will cause Mailman to notify the list owner on every bounce that increments a list member's score but doesn't result in a probe or disable. There is a new configuration setting setting DEFAULT_BOUNCE_NOTIFY_OWNER_ON_BOUNCE_INCREMENT to set the default for new lists. This in turn defaults to No. (LP: #1382150) Changed behavior - Mailman's log files, request.pck files and heldmsg-* files are no longer created world readable to protect against access by untrusted local users. Note that permissions on existing log files won't be changed so if you are concerned about this and don't rotate logs or have a logrotate process that creates new log files instead of letting Mailman create them, you will need to address that. (LP: #1327404) Other changes - The Python Powered logo image has been replaced in the misc/ directory in the source distribution. Depending on how you've installed these images, you may need to copy PythonPowered.png from the misc/ directory in the source or from the $prefix/icons/ installed directory to another location for your web server. (LP: #1408575) i18n - The Polish translation has been updated by Stefan Plewako. - The Interlingua translation has been updated by Martijn Dekker. - The Japanese message catalog has been updated by SATOH Fumiyasu. - Mailman's character set for Romanian has been changed from iso-8859-2 to utf-8 and the templates and messages recoded. This change will require running 'bin/arch --wipe' on any existing Romanian language lists in order to recode the list's archives, and will require recoding any edited templates in lists/LISTNAME/ro/*, templates/DOMAIN/ro/* and templates/site/ro/*. It may also require recoding any existing iso-8859-2 text in list attributes. (LP: #1418735) - Mailman's character set for Russian has been changed from koi8-r to utf-8 and the templates and messages recoded. This change will require running 'bin/arch --wipe' on any existing Russian language lists in order to recode the list's archives, and will require recoding any edited templates in lists/LISTNAME/ru/*, templates/DOMAIN/ru/* and templates/site/ru/*. It may also require recoding any existing koi8-r text in list attributes. (LP: #1418448) - Mailman's versions.py has been augmented to help with the above two character set changes. The first time a list with preferred_language of Romanian or Russian is accessed or upon upgrade to this release, any list attributes which have string values such as description, info, welcome_msg, etc. that appear to be in the old character set will be converted to utf-8. This is done recursively for the values (but not the keys) of dictionary attributes and the elements of list and tuple attributes. - The Russian message catalog and templates have been further updated by Danil Smirnov. - The Romanian message catalog has been updated. (LP: #1415489) - The Russian templates have been updated by Danil Smirnov. (LP: #1403462) - The Japanese translation has been updated by SATOH Fumiyasu. (LP: #1402989) - A minor change in the French translation of a listinfo subscribe form message has been made. (LP: #1331194) Bug fixes and other patches - Because of privacy concerns with the 2.2 backport adding real name to list rosters, this is controlled by a new ROSTER_DISPLAY_REALNAME setting that defaults to No. You may wish to set this to Yes in mm_cfg.py. - Organization: headers are now unconditionally removed from posts to anonymous lists. Regexps in ANONYMOUS_LIST_KEEP_HEADERS weren't kept if the regexp included the trailing ':'. This is fixed too. (LP: #1419132) - The admindb interface has been fixed so the the detail message body display doesn't lose part of a multi-byte character, and characters which are invalid in the message's charset are replaced rather than the whole body not being converted to the display charset. (LP: #1415406) - Fixed a bug in bin/rmlist that would throw an exception or just fail to remove held message files for a list with regexp special characters in its name. (LP:#1414864) - When applying DMARC mitigations, CookHeaders now adds the original From: to Cc: rather than Reply-To: in some cases to make MUA 'reply' and 'reply all' more consistent with the non-DMARC cases. (LP: #1407098) - The Subject: of the list welcome message wasn't always in the user's preferred language. Fixed. (LP: #1400988) - Accept email command in Subject: prefixed with Re: or similar with no intervening space. (LP: #1400200) - Fixed a UnicodeDecodeError that could occur in the web admin interface if 'text' valued attributes have unicode values. (LP: #1397170) - We now catch the NotAMemberError exception thrown if an authenticated unsubscribe is submitted from the user options page for a nonmember. (LP: #1390653) - Fixed an archiving bug that would cause messages with 'Subject: Re:' only to be indexed in the archives without a link to the message. (LP: #1388614) - The vette log entry for a message discarded by a handler now includes the list name and the name of the handler. (LP: #558096) - The options CGI now rejects all but HTTP GET and POST requests. (LP: #1372199) - A list's poster password will now be accepted on an Urgent: header. (LP: #1371678) - Fixed a bug which caused a setting of 2 for REMOVE_DKIM_HEADERS to be ignored. (LP: #1363278) - Renamed messages/sr/readme.sr to README.sr. (LP: #1360616) - Moved the dmarc_moderation_action checks from the Moderate handler to the SpamDetect handler so that the Reject and Discard actions will be done before the message might be held by header_filter_rules, and the Wrap Message and Munge From actions will be done on messages held by header_filter_rules if the message is approved. (LP: #1334450) -