Riccardo Veraldi | 1 Feb 15:59 2011
Picon
Picon

Re: create list restrictions

thank you very much it really works I copied as you suggested me the 
scenario from topics_visibility.identified

and I Called it create_list.identified and I modified it accordingly

title.gettext conceal unless user is logged in

!equal([sender],'nobody')      smtp,dkim,smime,md5 -> do_it
true()                         smtp,dkim,md5,smime -> 
reject(reason='create_list_identified')

then I put it in /home/sympa/etc/scenari/

thanks again

Riccardo

On 1/3/11 12:03 PM, Serge Aumont wrote:
>  Le 31/12/10 19:45, Riccardo Veraldi a écrit :
>> Hello,
>> the default scenarios for create list button in the wwsympa  page is 
>> create_list.listmaster and create_list.public_listmaster
>>
>> I would like that create list button could appear only for 
>> authenticated users.
>>
>> Normally it appears for everyone using the public_listmaster scenario 
>> or appears only for listmaster
>>
>> is there a scenario ready to use for my purpouse ?
(Continue reading)

Riccardo Veraldi | 2 Feb 12:05 2011
Picon
Picon

protect public archives

Hello I am running sympa 6.1.3.
I have many many users subscribed to different mailing lists on 
different virtual hosts.

My problem is that I cannot afford that every user has a X509 
certificate and also
I cannot manage hundreds and hundreds of user passwords.

I would like normal subscribers (they do not need to authenticate to 
sympa they only need to read archives)
to be able to read Web archives, but I need Web archives not to be 
public visible by everyone.

Is there a way or an option to protect a public web archive with a 
global password ??
Even if sympa is a cgi program, can I protect archives with a 
user/password apache .htaccess style ?

thank you

Riccardo

Riccardo Veraldi | 2 Feb 15:35 2011
Picon
Picon

virtual host bug ?


Hello,
sympa 6.1.3 here.

I have a particulare configuration which leads an error.

I have the main robot

lists.domain.it

and a virtual host

lists.sub.domain.it

I have a mailing list

test@...

and I am the privileged owner Riccardo.Veraldi@...

I also have a mailing list on the other wirtual host

test@...

and I am still the privileged owner Riccardo.Veraldi@...

Here is the problem, the list test@... goes in error config

Feb  2 15:28:12 lists sympa[3333]: err List::add_admin_user() Unable to 
execute SQL statement "INSERT INTO admin_table (user_admin, 
(Continue reading)

Jeff Abbott | 2 Feb 21:26 2011

List of Lists Visibility

Sympa community,

We've had a couple instances in the past here at Duke, where third 
parties have scraped our publicly visible list of lists 
(https://lists.duke.edu/sympa/lists) and then gone through and used 
automated tools to attempt to subscribe themselves to each list there (a 
lot of which do allow open subscription).  It's easy enough to identify 
the offending address -- this past weekend, there was a Gmail address 
that subscribed itself to 983 lists before it was brought to my 
attention -- but it understandably causes some alarm among list owners.

I was looking at the documentation and the code, and it doesn't appear 
that the do_lists action within wwsympa is protected by any scenario, 
but I wanted to find out if I overlooked something.  I'm also open to 
other ideas and suggestions.

Thanks,
Jeff
Systems Developer, Duke University Office of Information Technology

micah anderson | 2 Feb 23:02 2011
Picon

Re: List of Lists Visibility

On Wed, 2 Feb 2011 15:26:45 -0500, Jeff Abbott <jeff.abbott@...> wrote:
> Sympa community,
> 
> We've had a couple instances in the past here at Duke, where third 
> parties have scraped our publicly visible list of lists 
> (https://lists.duke.edu/sympa/lists) and then gone through and used 
> automated tools to attempt to subscribe themselves to each list there (a 
> lot of which do allow open subscription).  It's easy enough to identify 
> the offending address -- this past weekend, there was a Gmail address 
> that subscribed itself to 983 lists before it was brought to my 
> attention -- but it understandably causes some alarm among list owners.

Interesting, that could be pretty annoying.

I wonder if it would be worth considering a parameter that notified the
administrator if a particular address was subscribed to a certain
percentage of the lists?

That might not work out so well in installations where there are two
lists and everyone is subscribed to all of them, but it could be
configurable? 

micah
David Ayre | 2 Feb 23:55 2011
Picon

Re: List of Lists Visibility

Most likely that subscriber was coming from the same IP.   We use a tool called fail2ban for adding offending IP's to hosts.deny for brute force login FTP attempts, not sure if this tool could also be used to look at sympa logs and operate on those.  you may want to have a look:


On 2-Feb-11, at 2:02 PM, micah anderson wrote:

On Wed, 2 Feb 2011 15:26:45 -0500, Jeff Abbott <jeff.abbott-4+jYJfmkT58@public.gmane.org> wrote:
Sympa community,

We've had a couple instances in the past here at Duke, where third
parties have scraped our publicly visible list of lists
(https://lists.duke.edu/sympa/lists) and then gone through and used
automated tools to attempt to subscribe themselves to each list there (a
lot of which do allow open subscription).  It's easy enough to identify
the offending address -- this past weekend, there was a Gmail address
that subscribed itself to 983 lists before it was brought to my
attention -- but it understandably causes some alarm among list owners.

Interesting, that could be pretty annoying.

I wonder if it would be worth considering a parameter that notified the
administrator if a particular address was subscribed to a certain
percentage of the lists?

That might not work out so well in installations where there are two
lists and everyone is subscribed to all of them, but it could be
configurable?

micah


David Ayre
   coordinator of information applications, information technology services  |  tel 604 844 3875 
emily carr university of art + design  |  1399 Johnston Street, Vancouver  BC  V6H 3R9

Adam Bernstein | 3 Feb 00:14 2011
Picon

Re: List of Lists Visibility

> We've had a couple instances in the past here at Duke, where third
> parties have scraped our publicly visible list of lists
> (https://lists.duke.edu/sympa/lists) and then gone through and used
> automated tools to attempt to subscribe themselves to each list there (a
> lot of which do allow open subscription).

This may not be the answer you're looking for, but IMHO you should solve 
this problem and various others by simply disallowing any open (ie. no 
auth/confirmation required) subscriptions.  All unauthenticated 
subscribe requests should require subsequent confirmation by the user 
anyway, to avoid spurious subscriptions resulting from spam, viruses, 
errors, malicious activity, etc.  You'll have to either change the 
setting on existing lists with open subscriptions or "override" it by 
linking the subscribe.open scenario file to, say, the subscribe.auth 
file instead, but neither one is very difficult.

That's my 2 centimes.  Or did I misunderstand something?

      adam

evili.del.rio | 4 Feb 14:34 2011
Picon

Scenari includes not working


Hello,

I have some lists that should have the same scenario rules, so I tryied an
"include" on a custom scenari, for example:

etc/scenari/send.intranetorprivte2:

title.gettext restricted to local domain and subscribers 2

include allowdomain
is_subscriber([listname],[sender]) smtp,dkim,smime,md5    -> do_it
is_editor([listname],[sender])     smtp,dkim,smime,md5    -> do_it
is_owner([listname],[sender])      smtp,dkim,smime,md5    -> do_it
match([sender],/[conf->host]$/)    smtp,dkim,smime,md5    -> do_it
true()                             smtp,dkim,smime,md5    ->
reject(reason='send_local_user_sub')

, and then in etc/scenari/include.allowdomain:

match([sender], /my\.domain\.org$/)     smtp,dkim,smime,md5    -> do_it

the include rule (or rules) are always ignored but they work if I write them
down directly in the send.  scenario file. Even if I put the following rule in
the include it gets silently ignored:

true() -> do_it

Has anybody suffered the same bug? Are includes really working?

TIA,

  Evili

Dan Pritts | 4 Feb 19:25 2011

Re: Scenari includes not working



Has anybody suffered the same bug? Are includes really working?


includes work for me on 6.0b4

danno
--
Dan Pritts, Sr. Systems Engineer
Internet2
office: +1-734-352-4953 | mobile: +1-734-834-7224

dtenenba | 4 Feb 22:19 2011

Can non-subscribers post to public lists via the web interface?

Hi,
I'm wondering if I can configure a list so that a non-subscriber can post to
it using a web interface (with a captcha or some other mechanism to make sure
they are human).

I'd like people to be able to post questions to the list and read the answers
in the web archive (and possibly reply to them the same way) without having to
subscribe.

Does Sympa support that?

Thanks
Dan


Gmane