Download project files

How do I verify a download?


110 of 60 releases

2.1.29 release from the 2.1 series released 2018-07-24

Release information
Release notes:

2.1.29 (24-Jul-2018)

  Bug Fixes

    - Fixed the listinfo and admin overview pages that were broken by
      LP: #1780874. (LP: #1783417)

2.1.28 (23-Jul-2018)

  Security

    - A content spoofing vulnerability with invalid list name messages in
      the web UI has been fixed. CVE-2018-13796 (LP: #1780874)

  New Features

    - It is now possible to edit HTML and text templates via the web admin
      UI in a supported language other than the list's preferred_language.
      Thanks to Yasuhito FUTATSUKI.

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ralf Hildebrandt.

    - The Esperanto translation has been updated by Rub�n Fern�ndez Asensio.

  Bug fixes and other patches

    - The BLOCK_SPAM...

File Description Downloads
download icon mailman-2.1.29.tgz (md5, sig) Mailman 2.1.29 release 745
last downloaded today
Total downloads: 745

2.1.28 release from the 2.1 series released 2018-07-23

Release information
Release notes:

2.1.28 (23-Jul-2018)

  Security

    - A content spoofing vulnerability with invalid list name messages in
      the web UI has been fixed. CVE-2018-13796 (LP: #1780874)

  New Features

    - It is now possible to edit HTML and text templates via the web admin
      UI in a supported language other than the list's preferred_language.
      Thanks to Yasuhito FUTATSUKI.

  i18n

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

    - The German translation has been updated by Ralf Hildebrandt.

    - The Esperanto translation has been updated by Rub�n Fern�ndez Asensio.

  Bug fixes and other patches

    - The BLOCK_SPAMHAUS_LISTED_DBL_SUBSCRIBE feature added in 2.1.27 was
      not working. This is fixed. (LP: #1779774)

    - Escaping of HTML entities for ...

File Description Downloads
download icon mailman-2.1.28.tgz (md5, sig) Mailman 2.1.28 release 29
last downloaded 2 weeks ago
Total downloads: 29

2.1.27 release from the 2.1 series released 2018-06-22

Release information
Release notes:

2.1.27 (22-Jun-2018)

  Security

    - Existing protections against malicious listowners injecting evil
      scripts into listinfo pages have had a few more checks added.
      JVN#00846677/JPCERT#97432283

    - A few more error messages have had their values HTML escaped.
      JVN#00846677/JPCERT#97432283

    - The hash generated when SUBSCRIBE_FORM_SECRET is set could have been
      the same as one generated at the same time for a different list and
      IP address. While this is not thought to be exploitable in any way,
      the generation has been changed to avoid this. Thanks to Ralf Jung.

  New Features

    - An option has been added to bin/add_members to issue invitations
      instead of immediately adding members. (LP: #1773064)

    - A new BLOCK_SPAMHAUS_LISTED_I...

Changelog:

  Bug fixes and other patches

    - Some messages from bin/arch were not issued in the charset of the system
      locale when DISABLE_COMMAND_LOCALE_CSET is No. Thanks to Yasuhito
      FUTATSUKI this is now fixed. (LP: #1768892)

    - The message displayed in the browser when accessing a Mailman CGI when
      mm_cfg.py can't be imported due to some exception other than ImportError
      has been improved. (LP: #1760506)

    - The reimplementation of DELIVERY_RETRY_WAIT in 2.1.26 could cause extra
      dequeueing and requeueing in the out queue by OutgoingRunner. This is
      fixed. (LP: #1762871)

    - A Python 2.7 dependency introduced in the ToDigests handler in Mailman
      2.1.24 has been removed. (LP: #1755317)

    - Bad values in a list's topics will no longer break everything that
      might instantiate the list. (LP: #1754516)

    - A Python 2.7 dependency introduced with the reCAPTCHA feature in 2.1.26
      has been removed. (LP: #1752658)

    - The reCAPTCHA feature requires JavaScript. If JavaScript is not enabled,
      a message will be displayed on the subscribe form that JavaScript is
      required. (LP: #1769374)

    - Quoting in the mailman-config command has been changed from double to
      single quotes to allow double-quoted parameters. (LP: #1774986)

    - Approving a held subscription for a user with a 'different' preferred
      language no longer corrupts the results page. (LP: #1777222)

    - An issue with garbled descriptions on listinfo and admin overview pages
      and the heading of a list's listinfo page due to incompatible character
      sets has been fixed thanks to Yasuhito FUTATSUKI.

File Description Downloads
download icon mailman-2.1.27.tgz (md5, sig) Mailman 2.1.27 release 253
last downloaded 24 hours ago
Total downloads: 253

2.1.26 release from the 2.1 series released 2018-02-04

Release information
Release notes:

2.1.26 (04-Feb-2018)

  Security

    - An XSS vulnerability in the user options CGI could allow a crafted URL
      to execute arbitrary javascript in a user's browser. A related issue
      could expose information on a user's options page without requiring
      login. These are fixed. Thanks to Calum Hutton for the report.
      CVE-2018-5950 (LP: #1747209)

  New Features

    - Thanks to David Siebörger who adapted an existing patch by Andrea
      Veri to use Google reCAPTCHA v2 there is now the ability to add
      reCAPTCHA to the listinfo subscribe form. There are two new mm_cfg.py
      settings for RECAPTCHA_SITE_KEY and RECAPTCHA_SECRET_KEY, the values
      for which you obtain for your domain(s) from Google at
      <https://www.google.com/recaptcha/admin>.

    - Th...

Changelog:

  Bug fixes and other patches

    - Fixed an i18n bug in the reCAPTCHA feature. (LP: #1746189)

    - Added a few more environment variables to the list of those passed
      to CGIs to support an nginx/uwsgi configuration. (LP #1744739)

    - Mailman 2.1.22 introduced a Python 2.7 dependency that could affect
      bin/arch processing a message without a valid Date: header. The
      dependency has been removed. (LP: #1740543)

    - Messages held for header_filter_rules now show the matched regexp in
      the hold reason. (LP: #1737371)

    - When updating the group and mode of a .db file with Mailman's Postfix
      integration, a missing file is ignored. (LP: #1734162)

    - The DELIVERY_RETRY_WAIT setting is now effective. (LP: #1729472)

File Description Downloads
download icon mailman-2.1.26.tgz (md5, sig) Mailman 2.1.26 release 1,182
last downloaded today
Total downloads: 1,182

2.1.25 release from the 2.1 series released 2017-10-26

Release information
Release notes:

This is a routine bug fix release with a minor new feature and some
accessibility improvements for screen readers.

See the change log for details.

Changelog:

2.1.25 (26-Oct-2017)

  New Features

    - The admindb held subscriptions listing now includes the date of the
      most recent request from the address. (LP: #1697097)

  Accessibility

    - The admin Membership List now includes text for screen readers which
      identifies the function of each checkbox. CSS is added to the page to
      visually hide the text but still allow screen readers to read it.
      Similar text has been added to some radio buttons on the admindb pages.

  i18n

    - The Russian translation has been updated by Sergey Matveev.
      (LP:#1708016)

  Bug fixes and other patches

    - Thanks to Jim Popovitch, certain failures in DNS lookups of DMARC policy
      will now result in mitigations being applied. (LP: #1722013)

    - The default DMARC reject reason now properly replaces %(listowner)s.
      (LP: #1718962)

    - The web roster page now shows case preserved email addresses.
      (LP: #1707447)

    - Changed the SETGID wrappers to only pass those items in the environment
      that are needed by the called scripts. (LP: #1705736)

    - Fixed MTA/Postfix.py to ensure that created aliases(.db) and
      virtual-mailman(.db) files are readable by Postfix and the .db files are
      owned by the Mailman user. (LP: #1696066)

    - Defended against certain web attacks that cause exceptions and "we hit
      a bug" responses when POST data or query fragments contain multiple
      values for the same parameter. (LP: #1695667)

    - The fix for LP: #1614841 caused a regression in the options CGI. This
      has been fixed. (LP: #1602608)

    - Added a -a option to the (e)grep commands in contrib/mmdsr to account
      for logs that may have non-ascii and be seen as binary.

    - Fixed the -V option to bin/list_lists to not show lists whose host is a
      subdomain of the given domain. (LP: #1695610)

File Description Downloads
download icon mailman-2.1.25.tgz (md5, sig) Mailman 2.1.25 final 964
last downloaded 3 days ago
Total downloads: 964

2.1.24 release from the 2.1 series released 2017-06-02

Release information
Release notes:

This release is primarily a bug fix release with a few minor feature additions and a fix for a probably non-exploitable security issue. See the changelog for details.

Changelog:

2.1.24 (02-Jun-2017)

  Security

    - A most likely unexploitable XSS attach that relies on the Mailman web
      server passing a crafted Host: header to the CGI environment has been
      fixed. Apache for one is not vulnerable. Thanks to Alqnas Eslam.

  New Features

    - There is a new RCPT_BASE64_HEADER_NAME setting. If this is set to a
      non-empty string, that string is the name of a header that will be added
      to personalized and VERPed deliveries with value equal to the base64
      encoding of the recipient's email address. This is intended to enable
      identification of the recipient otherwise redacted from "spam report"
      feedback loop messages.

    - cron/senddigests has a new -e/--exceptlist option to send pending
      digests for all but a named list. (LP: #1619770)

    - The values for DEFAULT_DIGEST_FOOTER and DEFAULT_MSG_FOOTER have been
      changed to use a standard signature separator for DEFAULT_MSG_FOOTER
      and to remove the unneded line of underscores from DEFAULT_DIGEST_FOOTER.
      (LP: #266269)

  i18n

    - The Polish html templates have been recoded to use html entities
      instead of non-ascii characters.

    - The Basque (Euskara) translation has been updated by Gari Araolaza.

    - The German "details for personalize" page has been updated by
      Christian F Buser.

    - The Japanese translation has been updated by Yasuhito FUTATSUKI.

  Bug fixes and other patches

    - The <email address hidden> addresses are now added to virtual-mailman
      as they are exposed in 'list created' emails. (LP: 1694384)

    - The 'list run by' addresses in web page footers are now just the
      list-owner address. (LP: #1694384)

    - Changed member_verbosity_threshold from a >= test to a strictly > test
      to avoid the issue of moderating every post when the threshold = 1.
      (LP: #1693366)

    - Subject prefixing has been improved to always have a space between
      the prefix and the subject even with non-ascii in the prefix. This
      will sometimes result in two spaces when the prefix is non-ascii but
      the subject is ascii, but this is the lesser evil. (LP: #1525954)

    - Treat message and digest headers and footers as empty if they contain
      only whitespace. (LP: #1673307)

    - Ensured that added message and digest headers and footers always have
      a terminating new-line. (LP: #1670033)

    - Fixed an uncaught TypeError in the subscribe CGI. (LP: #1667215)

    - Added recognition for a newly seen mailEnable bounce.

    - Fixed an uncaught NotAMemberError when a member is removed before a
      probe bounce for the member is returned. (LP: #1664729)

    - Fixed a TypeError thrown in the roster CGI when called with a listname
      containing a % character. (LP: #1661810)

    - Fixed a NameError issue in bin/add_members with
      DISABLE_COMMAND_LOCALE_CSET = yes. (LP: #1647450)

    - The CleanseDKIM handler has been removed from OWNER_PIPELINE. It isn't
      needed there and has adverse DMARC implications for messages to -owner
      of an anonymous list. (LP: #1645901)

    - Fixed an issue with properly RFC 2047 encoding the display name in the
      From: header for messages with DMARC mitigations. (LP: #1643210)

    - Fixed an issue causing UnicodeError in sending digests following a
      change of a list's preferred_language. (LP: #1644356)

    - Enhanced the fix for race conditions in MailList().Load(). (LP: #266464)

    - Fixed a typo in Utils.py that could have resulted in a NameError in
      logging an unlikely occurrence. (LP: #1637745)

    - Fixed a bug which created incorrect "view more members" links at the
      bottom of the admin Membership List pages. (LP: #1637061)

    - The 2.1.23 fix for LP: #1604544 only fixed the letter links at the top
      of the Membership List. The links at the bottom have now been fixed.

    - paths.py now adds dist-packages as well as site-packages to sys.path.
      (LP: #1621172)

    - INIT INFO has been added to the sample init.d script. (LP: #1620121)

File Description Downloads
download icon mailman-2.1.24.tgz (md5, sig) Mailman 2.1.24 final 1,143
last downloaded 6 weeks ago
Total downloads: 1,143

2.1.23 release from the 2.1 series released 2016-08-27

Release information
Release notes:

This release contains a security fix for CVE-2016-6893, some new features and bug fixes. See the Changelog for details.

Changelog:

2.1.23 (27-Aug-2016)

  Security

    - CSRF protection has been extended to the user options page. This was
      actually fixed by Tokio Kikuchi as part of the fix for LP: #775294 and
      intended for Mailman 2.1.15, but that fix wasn't completely merged at the
      time. The full fix also addresses the admindb, and edithtml pages as
      well as the user options page and the previously fixed admin pages.
      Thanks to Nishant Agarwala for reporting the issue. CVE-2016-6893
      (LP: #1614841)

  New Features

    - For header_filter_rules matching, RFC 2047 encoded headers, non-encoded
      headers and header_filter_rules patterns are now all decoded to unicode.
      Both XML character references of the form &#nnnn; and unicode escapes
      of the form \Uxxxx in patterns are converted to unicodes as well. Both
      headers and patterns are normalized to 'NFKC' normal form before
      matching, but the normalization form can be set via a new NORMALIZE_FORM
      mm_cfg setting. Also, the web UI has been updated to encode characters
      in text fields that are invalid in the character set of the page's
      language as XML character references instead of '?'. This should help
      with entering header_filter_rules patterns to match 'odd' characters.
      This feature is experimental and is problematic for some cases where it
      is desired to have a header_filter_rules pattern with characters not in
      the character set of the list's preferred language. For patterns
      without such characters, the only change in behavior should be because
      of unicode normalization which should improve matching. For other
      situations such as trying to match a Subject: with CJK characters (range
      U+4E00..U+9FFF) on an English language (ascii) list, one can enter a
      pattern like '^subject:.*[&#19968;-&#40959;]' or
      '^subject:.*[\u4e00;-\u9fff;]' to match a Subject with any character in
      the range, and it will work, but depending on the actual characters and
      the browser, submitting another, even unrelated change can garble the
      original entry although this usually occurs only with ascii pages and
      characters in the range \u0080-\u00ff. The \Uxxxx unicode escapes must
      have exactly 4 hex digits, but they are case insensitive. (LP: #558155)

    - Thanks to Jim Popovitch REMOVE_DKIM_HEADERS can now be set to 3 to
      preserve the original headers as X-Mailman-Original-... before removing
      them.

    - Several additional templates have been added to those that can be edited
      via the web admin GUI. (LP: #1583387)

    - SMTPDirect.py can now do SASL authentication and STARTTLS security when
      connecting to the outgoiung MTA. Associated with this are new
      Defaults.py/mm_cfg.py settings SMTP_AUTH, SMTP_USER, SMTP_PASSWD and
      SMTP_USE_TLS. (LP: #558281)

    - There is a new Defaults.py/mm_cfg.py setting SMTPLIB_DEBUG_LEVEL which
      can be set to 1 to enable verbose smtplib debugging to Mailman's error
      log to help with debugging 'low level smtp failures'. (LP: #1573074)

    - A list's nonmember_rejection_notice attribute will now be the default
      rejection reason for a held non-member post in addition to it's prior
      role as the reson for an automatically rejected non-member post.
      (LP: #1572330)

  i18n

    - The French translation of 'Dutch' is changed from 'Hollandais' to
      'Néerlandais' per Francis Jorissen.

    - Some German language templates that were incorrectly utf-8 encoded have
      been recoded as iso-8859-1. (LP: #1602779)

    - Japanese translation and documentation in messages/ja has been updated by
      Yasuhito FUTATSUKI.

  Bug fixes and other patches

    - The admin Membership List letter links could be incorrectly rendered as
      Unicode strings following a search. (LP: #1604544)

    - We no longer throw an uncaught TypeError with certain defective crafted
      POST requests to Mailman's CGIs. (LP: #1602608)

    - Scrubber links in archives are now in the list's preferred_language
      rather than the poster's language. (LP: #1586505)

    - Improved logging of banned subscription and address change attempts.
      (LP: #1582856)

    - In rare circumstances a list can be removed while the admin or listinfo
      CGI or bin/list_lists is running causing an uncaught MMUnknownListError
      to be thrown. The exception is now caught and handled. (LP: #1582532)

    - Set the Date: header in the wrapper message when from_is_list or
      dmarc_moderation_action is Wrap Message. (LP: #1581215)

    - A site can now set DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL to None or the
      null string if it wants to avoid using this. (LP: #1578450)

    - The white space to the left of the admindb Logout link is no longer
      part of the link. (LP: #1573623)

File Description Downloads
download icon mailman-2.1.23.tgz (md5, sig) Mailman 2.1.23 final 6,941
last downloaded 13 days ago
Total downloads: 6,941

2.1.22 release from the 2.1 series released 2016-04-17

Release information
Release notes:

This release contains no new features. It includes some i18n updates and a few bug fixes. See the Changelog for details.

Changelog:

  i18n

    - Fixed a typo in the German options.html template. (LP: #1562408)

    - An error in the Brazilian Portugese translation of Quarterly has been
      fixed thanks to Kleber A. Benatti.

    - The Brazilian Portugese translation has been updated by Emerson Ribeiro
      de Mello.

  Bug fixes and other patches

    - All addresses in data/virtual-mailman are now properly appended with
      VIRTUAL_MAILMAN_LOCAL_DOMAIN and duplicates are not generated if the
      site list is in a virtual domain. (LP: #1570630)

    - DMARC mitigations will now find the From: domain to the right of the
      rightmost '@' rather than the leftmost '@'. (LP: #1568445)

    - DMARC mitigations for a sub-domain of an organizational domain will now
      use the organizational domain's sp= policy if any. (LP: #1568398)

    - Modified NewsRunner.py to ensure that messages gated to Usenet have a
      non-blank Subject: header and when munging the Message-ID to add the
      original to References: to help with threading. (LP: #557955)

    - Fixed the pipermail archiver to do a better job of figuring the date of
      a post when its Date: header is missing, unparseable or has an obviously
      out of range date. This should only affect bin/arch as ArchRunner has
      code to fix dates at least if ARCHIVER_CLOBBER_DATE_POLICY has not been
      set to 0 in mm_cfg.py. If posts have been added in the past to a list's
      archive using bin/arch and an imported mbox, running bin/arch again could
      result is some of those posts being archived with a different date.
      (LP: #1555798)

    - Fixed an issue with CommandRunner shunting a malformed message with a
      null byte in the body. (LP: #1553888)

    - Don't collapse multipart with a single sub-part inside multipart/signed
      parts. (LP: #1551075)

File Description Downloads
download icon mailman-2.1.22.tgz (md5, sig) Mailman 2.1.22 final 1,510
last downloaded 4 weeks ago
Total downloads: 1,510

2.1.21 release from the 2.1 series released 2016-02-28

Release information
Release notes:

  New Features

    - There is a new dmarc_none_moderation_action list setting and a
      DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
      apply Munge From or Wrap Message actions to posts From: domains that
      publish DMARC p=none. The intent is to eliminate failure reports to
      the domain owner for messages that would be munged or wrapped if the
      domain published a stronger DMARC policy. See the descriptions in
      Defaults.py, the web UI and the bug report for more. (LP: #1539384)

    - Thanks to Jim Popovitch there is now a feature to automatically turn
      on moderation for a malicious list member who attempts to flood a list
      with spam. See the details for the Privacy options ... -> Sender
      filters -> member_verbosity_thres...

Changelog:

  Bug fixes and other patches

    - If DMARC lookup fails to find a policy, also try the Organizational
      Domain. Associated with this is a new mm_cfg.py setting
      DMARC_ORGANIZATIONAL_DOMAIN_DATA_URL which sets the URL used to
      retrieve the data for the algorithm that computes the Organizational
      Domain. See https://publicsuffix.org/list/ for info. (LP: #1549420)

    - Modified contrib/mmdsr to correctly report No such list names that
      contain ".

    - User's "Acknowledge" option will now be honored for posts to anonymous
      lists. (LP: #1546679)

    - Fixed a typo in the Non-digest options regular_exclude_ignore
      description thanks to Yasuhito FUTATSUKI.

    - DEFAULT_PASS_MIME_TYPES has been changed to accept text/plain sub-parts
      from message/rfc822 parts and multipart parts other than mixed and
      alternative and also accept pgp signatures. This only applies to newly
      created lists and other than pgp signatures, still only accepts
      text/plain. (LP: #1517446)

    - Modified contrib/mmdsr to report held and banned subscriptions and DMARC
      lookups in their own categories.

    - Fixed a bug that could create a garbled From: header with certain DMARC
      mitigation actions. (LP: #1536816)

    - Treat a poster's address which matches an equivalent_domains address as
      a list member for the regular_exclude_ignore check. (LP: #1526550)

    - Fixed an issue that sometimes left no white space following
      subject_prefix. (LP: #1525954)

    - Vette log entries for banned subscriptions now include the source of
      the request if available. (LP: #1525733)

    - Submitting the user options form for a user who was asynchronously
      unsubscribed would throw an uncaught NotAMemberError. (LP: #1523273)

    - It was possible under some circumstances for a message to be shunted
      after a handler rejected or discarded it, and the handler would be
      skipped upon unshunting and the message accepted. (LP: #1519062)

    - Posts gated to usenet will no longer have other than the target group
      in the Newsgroups: header. (LP: #1512866)

    - Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
      ban_list are now logged. (LP: #1507241)

    - Refactored the GetPattern list method to simplify extending @listname
      syntax to new attributes in the future. Changed Moderate.py to use the
      GetPattern method to process the *_these_nonmembers lists.

    - Changed CookHeaders to default to using space rather than tab as
      continuation_ws when folding headers. (LP: #1505878)

    - Fixed the 'pidfile' path in the sample init.d script. (LP: # 1503422)

    - Subject prefixing could fail to collapse multiple 'Re:' in an incomming
      message if they all came after the list's subject_prefix. This is now
      fixed. (LP: #1496620)

    - Defended against a user submitting URLs with query fragments or POST
      data containing multiple occurrences of the same variable.
      (LP: #1496632)

    - Fixed bin/mailmanctl to check its effective rather than real uid.
      (LP: #1491187)

    - Fixed cron/gate_news to catch EOFError on opening the newsgroup.
      (LP: #1486263)

    - Fixed a bug where a delayed probe bounce can throw an AttributeError.
      (LP: #1482940)

    - If a list is not digestable an the user is not currently set to
      receive digests, the digest options will not be shown on the user's
      options page. (LP: #1476298)

    - Improved identification of remote clients for logging and subscribe
      form checking in cases where access is via a proxy server. Thanks to
      Jim Popovitch. Also updated contrib/mmdsr for log change.

    - Fixed an issue with shunted messages on a list where the charset for
      the list's preferred_language had been changed from iso-8859-1 to
      utf-8 without recoding the list's description. (LP: #1462755)

    - Mailman-Postfix integration will now add mailman@domain entries in
      data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
      which is a host_name of a list. This is so the addresses which are
      exposed on admin and listinfo overview pages of virtual domains will
      be deliverable. (LP: #1459236)

    - The vette log entry for DMARC policy hits now contains the list name.
      (LP: #1450826)

    - If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
      balancer or similar in use the POSTing IP might not exactly match the
      GETting IP. This is now accounted for by not requiring the last
      octet (16 bits for ipV6) to match. (LP: #1447445)

    - DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
      headers are now removed by default from posts to anonymous lists.
      (LP: #1444673)

    - The list admin web UI Mambership List search function often doesn't
      return correct results for search strings (regexps) that contain
      non-ascii characters. This is partially fixed. (LP: #1442298)

File Description Downloads
download icon mailman-2.1.21.tgz (md5, sig) Mailman 2.1.21 final 740
last downloaded 3 weeks ago
Total downloads: 740

2.1.21rc2 release from the 2.1 series released 2016-02-05

Release information
Release notes:

2.1.21rc2 (05-Feb-2016)

  New Features

    - There is a new dmarc_none_moderation_action list setting and a
      DEFAULT_DMARC_NONE_MODERATION_ACTION mm_cfg.py setting to optionally
      apply Munge From or Wrap Message actions to posts From: domains that
      publish DMARC p=none. The intent is to eliminate failure reports to
      the domain owner for messages that would be munged or wrapped if the
      domain published a stronger DMARC policy. See the descriptions in
      Defaults.py, the web UI and the bug report for more. (LP: #1539384)

    - Thanks to Jim Popovitch there is now a feature to automatically turn
      on moderation for a malicious list member who attempts to flood a list
      with spam. See the details for the Privacy options ... -> Sender
      filters ...

Changelog:

  Bug fixes and other patches

    - Modified contrib/mmdsr to report held and banned subscriptions and DMARC
      lookups in their own categories.

    - Fixed a bug that could create a garbled From: header with certain DMARC
      mitigation actions. (LP: #1536816)

    - Treat a poster's address which matches an equivalent_domains address as
      a list member for the regular_exclude_ignore check. (LP: #1526550)

    - Fixed an issue that sometimes left no white space following
      subject_prefix. (LP: #1525954)

    - Vette log entries for banned subscriptions now include the source of
      the request if available. (LP: #1525733)

    - Submitting the user options form for a user who was asynchronously
      unsubscribed would throw an uncaught NotAMemberError. (LP: #1523273)

    - It was possible under some circumstances for a message to be shunted
      after a handler rejected or discarded it, and the handler would be
      skipped upon unshunting and the message accepted. (LP: #1519062)

    - Posts gated to usenet will no longer have other than the target group
      in the Newsgroups: header. (LP: #1512866)

    - Invalid regexps in *_these_nonmembers, subscribe_auto_approval and
      ban_list are now logged. (LP: #1507241)

    - Refactored the GetPattern list method to simplify extending @listname
      syntax to new attributes in the future. Changed Moderate.py to use the
      GetPattern method to process the *_these_nonmembers lists.

    - Changed CookHeaders to default to using space rather than tab as
      continuation_ws when folding headers. (LP: #1505878)

    - Fixed the 'pidfile' path in the sample init.d script. (LP: # 1503422)

    - Subject prefixing could fail to collapse multiple 'Re:' in an incomming
      message if they all came after the list's subject_prefix. This is now
      fixed. (LP: #1496620)

    - Defended against a user submitting URLs with query fragments or POST
      data containing multiple occurrences of the same variable.
      (LP: #1496632)

    - Fixed bin/mailmanctl to check its effective rather than real uid.
      (LP: #1491187)

    - Fixed cron/gate_news to catch EOFError on opening the newsgroup.
      (LP: #1486263)

    - Fixed a bug where a delayed probe bounce can throw an AttributeError.
      (LP: #1482940)

    - If a list is not digestable an the user is not currently set to
      receive digests, the digest options will not be shown on the user's
      options page. (LP: #1476298)

    - Improved identification of remote clients for logging and subscribe
      form checking in cases where access is via a proxy server. Thanks to
      Jim Popovitch. Also updated contrib/mmdsr for log change.

    - Fixed an issue with shunted messages on a list where the charset for
      the list's preferred_language had been changed from iso-8859-1 to
      utf-8 without recoding the list's description. (LP: #1462755)

    - Mailman-Postfix integration will now add mailman@domain entries in
      data/virtual-mailman for each domain in POSTFIX_STYLE_VIRTUAL_DOMAINS
      which is a host_name of a list. This is so the addresses which are
      exposed on admin and listinfo overview pages of virtual domains will
      be deliverable. (LP: #1459236)

    - The vette log entry for DMARC policy hits now contains the list name.
      (LP: #1450826)

    - If SUBSCRIBE_FORM_SECRET is enabled and a user's network has a load
      balancer or similar in use the POSTing IP might not exactly match the
      GETting IP. This is now accounted for by not requiring the last
      octet (16 bits for ipV6) to match. (LP: #1447445)

    - DKIM-Signature:, DomainKey-Signature: and Authentication-Results:
      headers are now removed by default from posts to anonymous lists.
      (LP: #1444673)

    - The list admin web UI Mambership List search function often doesn't
      return correct results for search strings (regexps) that contain
      non-ascii characters. This is partially fixed. (LP: #1442298)

File Description Downloads
download icon mailman-2.1.21rc2.tgz (md5, sig) Mailman 2.1.21 release candidate 2 290
last downloaded 3 weeks ago
Total downloads: 290

110 of 60 releases