Mail server login broken

older
syntax highlighting: pandoc uses...

Hans Åberg

29 Sep 2024 29 Sep '24

3:57 p.m.

Nothing seems to be working on the NTG ConTeXt server login page below, so I can't change my email address. https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl/

Show replies by date

Henning Hraban Ramm

29 Sep 29 Sep

6:56 p.m.

Am 29.09.24 um 17:57 schrieb Hans Åberg via ntg-context:

...

Nothing seems to be working on the NTG ConTeXt server login page below, so I can't change my email address.

https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl/

Try https://lists.contextgarden.net/mailman3/ the footer is apparently wrong. Hraban

Hans Åberg

7:31 p.m.

...

On 29 Sep 2024, at 20:56, Henning Hraban Ramm wrote:

Am 29.09.24 um 17:57 schrieb Hans Åberg via ntg-context:

...
Nothing seems to be working on the NTG ConTeXt server login page below, so I can't change my email address. https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl/

Try https://lists.contextgarden.net/mailman3/ the footer is apparently wrong.

It then says that the email address and/or password are not correct, despite being from my saved passport file. If I try to sign up, a get to a page that says signup is closed: https://lists.contextgarden.net/accounts/signup/?next=%2Fmailman3%2F

Taco Hoekwater

30 Sep 30 Sep

7:06 a.m.

Hi,

...

On 29 Sep 2024, at 21:31, Hans Åberg via ntg-context wrote:

...
On 29 Sep 2024, at 20:56, Henning Hraban Ramm wrote:

Am 29.09.24 um 17:57 schrieb Hans Åberg via ntg-context:

...
Nothing seems to be working on the NTG ConTeXt server login page below, so I can't change my email address. https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl/

The situation with the mailing list server: mailman3 is confused about all the accounts that have been imported from the old mailman2 installation: the front end assumes these accounts have a postorius login attached to it because that is how it works for new subscribers, but those imported accounts do not have such an account. There is no easy fix for that that I can apply as an administrator, unfortunately. The most straightforward solution would be to create a new subscriber account using the web interface, and then use the old-fashioned email method to unsubscribe the old account (or send me a message personally). However, a secondary problem is that the mailman web forms are used by spammers so often that I have registration/signup turned off. The continuous barrage of invalid password reset requests was negatively affecting the reputation of the mail server so much that even delivery of proper emails became a problem. This is another issue that cannot be easily fixed as administrator, because there is not a lot of detailed control possible on what messages mailman does and does not send out. Either it sends out no messages to unknown email addresses, or it always sends out such messages. I will try turning signs ups on again for a while, but I probably cannot keep it open. This situation will likely endure until some future update to mailman3 gives administrators more control, or until someone knowledgeable in python can help me patch mailman so that it blocks only the “password reset” functionality, but not the “sign up” (help?). TL;DR: if you have a problem, email me personally with old and new addresses, and I will fix your account.

...

...
Try https://lists.contextgarden.net/mailman3/ the footer is apparently wrong.

FWIW the footer is actually correct. It just does not help that much. — Taco Hoekwater E: taco@bittext.nl genderfluid (all pronouns)

Hans Åberg

7:15 a.m.

...

On 30 Sep 2024, at 09:06, Taco Hoekwater wrote:

Hi,

...
On 29 Sep 2024, at 21:31, Hans Åberg via ntg-context wrote:

...
On 29 Sep 2024, at 20:56, Henning Hraban Ramm wrote:

Am 29.09.24 um 17:57 schrieb Hans Åberg via ntg-context:

...
Nothing seems to be working on the NTG ConTeXt server login page below, so I can't change my email address. https://mailman.ntg.nl/mailman3/lists/ntg-context.ntg.nl/

The situation with the mailing list server: mailman3 is confused about all the accounts that have been imported from the old mailman2 installation: the front end assumes these accounts have a postorius login attached to it because that is how it works for new subscribers, but those imported accounts do not have such an account. There is no easy fix for that that I can apply as an administrator, unfortunately. The most straightforward solution would be to create a new subscriber account using the web interface, and then use the old-fashioned email method to unsubscribe the old account (or send me a message personally).

However, a secondary problem is that the mailman web forms are used by spammers so often that I have registration/signup turned off. The continuous barrage of invalid password reset requests was negatively affecting the reputation of the mail server so much that even delivery of proper emails became a problem. This is another issue that cannot be easily fixed as administrator, because there is not a lot of detailed control possible on what messages mailman does and does not send out. Either it sends out no messages to unknown email addresses, or it always sends out such messages.

I will try turning signs ups on again for a while, but I probably cannot keep it open. This situation will likely endure until some future update to mailman3 gives administrators more control, or until someone knowledgeable in python can help me patch mailman so that it blocks only the “password reset” functionality, but not the “sign up” (help?).

An anti-spam measure is requiring email confirmation, typically an email sent to the address to be registered with an HTML link that must be opened and confirmed by clicking on a button.

Taco Hoekwater

7:27 a.m.

...

On 30 Sep 2024, at 09:15, Hans Åberg wrote:

An anti-spam measure is requiring email confirmation, typically an email sent to the address to be registered with an HTML link that must be opened and confirmed by clicking on a button.

What happens is that a malicious script is submitting a "password reset" form with a valid but unknown to mailman email address. Mailman3 should not respond to those, but it does. The receivers of such password reset reminders get righteously annoyed. Best wishes, Taco — Taco Hoekwater E: taco@bittext.nl genderfluid (all pronouns)

Hans Åberg

8:11 a.m.

...

On 30 Sep 2024, at 09:27, Taco Hoekwater wrote:

...
On 30 Sep 2024, at 09:15, Hans Åberg wrote:

An anti-spam measure is requiring email confirmation, typically an email sent to the address to be registered with an HTML link that must be opened and confirmed by clicking on a button.

What happens is that a malicious script is submitting a "password reset" form with a valid but unknown to mailman email address. Mailman3 should not respond to those, but it does. The receivers of such password reset reminders get righteously annoyed.

So it seems to be a bug that should be fixed. I have also changed GNU lists, so the question is what they do, or perhaps they have not experienced the problem yet.

Taco Hoekwater

2:26 p.m.

Hi all,

...

I will try turning signs ups on again for a while, but I probably cannot keep it open. This situation will likely endure until some future update to mailman3 gives administrators more control, or until someone knowledgeable in python can help me patch mailman so that it blocks only the “password reset” functionality, but not the “sign up” (help?).

With much needed help from Max Chernoff, the mailing list webforms now all have a reCaptcha. This means that both signup and “password forgotten” features could be enabled again. Thank you, Max! Best wishes, Taco — Taco Hoekwater E: taco@bittext.nl genderfluid (all pronouns)

Age (days ago)

Last active (days ago)

List overview

Download

7 comments

4 participants

participants (4)

Hans Åberg
Hans Åberg
Henning Hraban Ramm
Taco Hoekwater

Mail server login broken

tags

participants (4)